diff --git a/ui/app/components/role-aws-edit.js b/ui/app/components/role-aws-edit.js index 0b5fb5ec6960..23e6f6ae5951 100644 --- a/ui/app/components/role-aws-edit.js +++ b/ui/app/components/role-aws-edit.js @@ -5,13 +5,8 @@ const { get, set } = Ember; const SHOW_ROUTE = 'vault.cluster.secrets.backend.show'; export default RoleEdit.extend({ - useARN: false, init() { this._super(...arguments); - const arn = get(this, 'model.arn'); - if (arn) { - set(this, 'useARN', true); - } }, actions: { @@ -24,11 +19,22 @@ export default RoleEdit.extend({ if (type === 'create' && Ember.isBlank(modelId)) { return; } - // clear the policy or arn before save depending on "useARN" - if (get(this, 'useARN')) { - set(this, 'model.policy', ''); - } else { - set(this, 'model.arn', ''); + + var credential_type = get(this, 'model.credential_type'); + if (credential_type == "iam_user") { + set(this, 'model.role_arns', []); + } + if (credential_type == "assumed_role") { + set(this, 'model.policy_arns', []); + } + if (credential_type == "federation_token") { + set(this, 'model.role_arns', []); + set(this, 'model.policy_arns', []); + } + + var policy_document = get(this, 'model.policy_document'); + if (policy_document == '{}') { + set(this, 'model.policy_document', ''); } this.persist('save', () => { diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js index b90d5e842314..fb54d7add1ec 100644 --- a/ui/app/models/role-aws.js +++ b/ui/app/models/role-aws.js @@ -6,7 +6,7 @@ import { expandAttributeMeta } from 'vault/utils/field-to-attrs'; const { attr } = DS; const { computed } = Ember; -const CREATE_FIELDS = ['name', 'policy', 'arn']; +const CREATE_FIELDS = ['name', 'credential_type', 'credential_types', 'role_arns', 'policy_arns', 'policy_document']; export default DS.Model.extend({ backend: attr('string', { readOnly: true, @@ -16,13 +16,30 @@ export default DS.Model.extend({ fieldValue: 'id', readOnly: true, }), - arn: attr('string', { + credential_type: attr('string', { + defaultValue: "iam_user", + }), + credential_types: attr({ + label: 'Credential Types', + readOnly: true, + }), + role_arns: attr({ + editType: 'stringArray', + label: 'Role ARNs', + }), + policy_arns: attr({ + editType: 'stringArray', + }), + policy_document: attr('string', { + widget: 'json', + }), + /*arn: attr('string', { helpText: '', }), policy: attr('string', { helpText: '', widget: 'json', - }), + }),*/ attrs: computed(function() { let keys = CREATE_FIELDS.slice(0); return expandAttributeMeta(this, keys); diff --git a/ui/app/templates/partials/role-aws/form.hbs b/ui/app/templates/partials/role-aws/form.hbs index 18dbbc493d1e..16a0bd8388d4 100644 --- a/ui/app/templates/partials/role-aws/form.hbs +++ b/ui/app/templates/partials/role-aws/form.hbs @@ -13,42 +13,56 @@ {{/if}}
-
-
- {{#if useARN}} - - {{else}} - - {{/if}} + +
+
+
-
-
- {{input - data-test-aws-toggle-use-arn=true - id="use-arn" - type="checkbox" - name="use-arn" - class="switch is-rounded is-success is-small" - checked=useARN - }} - -
+
+
+ {{#if (eq model.credential_type "assumed_role") }} + {{string-list + label="Role ARNs" + inputValue=model.role_arns + attr=model.role_arns + }} + {{/if}} + {{#if (eq model.credential_type "iam_user") }} +
+ +
+ {{input id="policy_arns" value=model.policy_arns class="input" data-test-input="policy_arns"}}
-
- {{#if useARN}} - {{input id="arn" value=model.arn class="input" data-test-input="arn"}} - {{else}} + {{/if}} +
+
+ +
{{json-editor - value=(if model.policy (stringify (jsonify model.policy)) emptyData) - valueUpdated=(action "codemirrorUpdated" "policy") - }} - {{/if}} -
+ value=(if model.policy_document (stringify (jsonify model.policy_document)) emptyData) + valueUpdated=(action "codemirrorUpdated" "policy_document") + }}
diff --git a/ui/app/templates/partials/role-aws/show.hbs b/ui/app/templates/partials/role-aws/show.hbs index 9f396d59b35f..1f552ccfc259 100644 --- a/ui/app/templates/partials/role-aws/show.hbs +++ b/ui/app/templates/partials/role-aws/show.hbs @@ -1,11 +1,13 @@
{{#each model.attrs as |attr|}} - {{#if (eq attr.name "policy")}} + {{#if (eq attr.name "policy_document")}} {{#info-table-row label=(capitalize (or attr.options.label (humanize (dasherize attr.name)))) value=model.policy}}
{{stringify (jsonify model.policy)}}
{{/info-table-row}} {{else}} - {{info-table-row label=(capitalize (or attr.options.label (humanize (dasherize attr.name)))) value=(get model attr.name)}} + {{#unless (eq attr.name "credential_type")}} + {{info-table-row label=(capitalize (or attr.options.label (humanize (dasherize attr.name)))) value=(get model attr.name)}} + {{/unless}} {{/if}} {{/each}}