mirror of https://github.com/hashicorp/consul
175 lines
4.9 KiB
JavaScript
175 lines
4.9 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*/
|
|
|
|
import Adapter from './application';
|
|
import { inject as service } from '@ember/service';
|
|
import { SLUG_KEY } from 'consul-ui/models/token';
|
|
|
|
export default class TokenAdapter extends Adapter {
|
|
@service('store') store;
|
|
|
|
requestForQuery(request, { dc, ns, partition, index, role, policy }) {
|
|
return request`
|
|
GET /v1/acl/tokens?${{ role, policy, dc }}
|
|
|
|
${{
|
|
ns,
|
|
partition,
|
|
index,
|
|
}}
|
|
`;
|
|
}
|
|
|
|
async requestForQueryRecord(request, { dc, ns, partition, index, id }) {
|
|
if (typeof id === 'undefined') {
|
|
throw new Error('You must specify an id');
|
|
}
|
|
const respond = await request`
|
|
GET /v1/acl/token/${id}?${{ dc }}
|
|
Cache-Control: no-store
|
|
|
|
${{
|
|
ns,
|
|
partition,
|
|
index,
|
|
}}
|
|
`;
|
|
respond((headers, body) => delete headers['x-consul-index']);
|
|
return respond;
|
|
}
|
|
|
|
requestForCreateRecord(request, serialized, data) {
|
|
const params = {
|
|
...this.formatDatacenter(data.Datacenter),
|
|
ns: data.Namespace,
|
|
partition: data.Partition,
|
|
};
|
|
return request`
|
|
PUT /v1/acl/token?${params}
|
|
|
|
${{
|
|
Description: serialized.Description,
|
|
Policies: serialized.Policies,
|
|
Roles: serialized.Roles,
|
|
ServiceIdentities: serialized.ServiceIdentities,
|
|
NodeIdentities: serialized.NodeIdentities,
|
|
Local: serialized.Local,
|
|
}}
|
|
`;
|
|
}
|
|
|
|
requestForUpdateRecord(request, serialized, data) {
|
|
// TODO: here we check data['Rules'] not serialized['Rules'] data.Rules is
|
|
// not undefined, and serialized.Rules is not null revisit this at some
|
|
// point we should probably use serialized here
|
|
|
|
// If a token has Rules, use the old API
|
|
if (typeof data['Rules'] !== 'undefined') {
|
|
// https://www.consul.io/api/acl/legacy.html#update-acl-token
|
|
// as we are using the old API we don't need to specify a nspace
|
|
return request`
|
|
PUT /v1/acl/update?${this.formatDatacenter(data.Datacenter)}
|
|
|
|
${serialized}
|
|
`;
|
|
}
|
|
const params = {
|
|
...this.formatDatacenter(data.Datacenter),
|
|
ns: data.Namespace,
|
|
partition: data.Partition,
|
|
};
|
|
return request`
|
|
PUT /v1/acl/token/${data[SLUG_KEY]}?${params}
|
|
|
|
${{
|
|
Description: serialized.Description,
|
|
AccessorID: serialized.AccessorID,
|
|
Policies: serialized.Policies,
|
|
Roles: serialized.Roles,
|
|
ServiceIdentities: serialized.ServiceIdentities,
|
|
NodeIdentities: serialized.NodeIdentities,
|
|
Local: serialized.Local,
|
|
}}
|
|
`;
|
|
}
|
|
|
|
requestForDeleteRecord(request, serialized, data) {
|
|
const params = {
|
|
dc: data.Datacenter,
|
|
ns: data.Namespace,
|
|
partition: data.Partition,
|
|
};
|
|
return request`
|
|
DELETE /v1/acl/token/${data[SLUG_KEY]}?${params}
|
|
`;
|
|
}
|
|
|
|
requestForSelf(request, serialized, { dc, index, secret }) {
|
|
// TODO: Change here and elsewhere to use Authorization Bearer Token
|
|
// https://github.com/hashicorp/consul/pull/4502
|
|
return request`
|
|
GET /v1/acl/token/self?${{ dc }}
|
|
X-Consul-Token: ${secret}
|
|
Cache-Control: no-store
|
|
|
|
${{ index }}
|
|
`;
|
|
}
|
|
|
|
requestForCloneRecord(request, serialized, data) {
|
|
// this uses snapshots
|
|
const id = data[SLUG_KEY];
|
|
if (typeof id === 'undefined') {
|
|
throw new Error('You must specify an id');
|
|
}
|
|
const params = {
|
|
dc: data.Datacenter,
|
|
ns: data.Namespace,
|
|
partition: data.Partition,
|
|
};
|
|
return request`
|
|
PUT /v1/acl/token/${id}/clone?${params}
|
|
`;
|
|
}
|
|
|
|
// TODO: self doesn't get passed a snapshot right now ideally it would just
|
|
// for consistency thing is its probably not the same shape as a
|
|
// 'Token', plus we can't create Snapshots as they are private, see
|
|
// services/store.js
|
|
self(store, type, id, unserialized) {
|
|
return this.rpc(
|
|
function (adapter, request, serialized, data) {
|
|
return adapter.requestForSelf(request, serialized, data);
|
|
},
|
|
function (serializer, respond, serialized, data) {
|
|
return serializer.respondForSelf(respond, serialized, data);
|
|
},
|
|
unserialized,
|
|
type.modelName
|
|
);
|
|
}
|
|
|
|
clone(store, type, id, snapshot) {
|
|
return this.rpc(
|
|
function (adapter, request, serialized, data) {
|
|
return adapter.requestForCloneRecord(request, serialized, data);
|
|
},
|
|
(serializer, respond, serialized, data) => {
|
|
// here we just have to pass through the dc (like when querying)
|
|
// eventually the id is created with this dc value and the id taken from the
|
|
// json response of `acls/token/*/clone`
|
|
const params = {
|
|
dc: data.Datacenter,
|
|
ns: data.Namespace,
|
|
partition: data.Partition,
|
|
};
|
|
return serializer.respondForQueryRecord(respond, params);
|
|
},
|
|
snapshot,
|
|
type.modelName
|
|
);
|
|
}
|
|
}
|