2023-03-14 14:18:55 +01:00
|
|
|
/**
|
|
|
|
* Copyright (c) HashiCorp, Inc.
|
2023-08-11 09:12:13 -04:00
|
|
|
* SPDX-License-Identifier: BUSL-1.1
|
2023-03-14 14:18:55 +01:00
|
|
|
*/
|
|
|
|
|
2021-02-19 16:42:16 +00:00
|
|
|
import Adapter from './application';
|
|
|
|
import { inject as service } from '@ember/service';
|
|
|
|
|
|
|
|
export default class PermissionAdapter extends Adapter {
|
|
|
|
@service('env') env;
|
2021-11-11 12:02:29 +00:00
|
|
|
@service('settings') settings;
|
2021-02-19 16:42:16 +00:00
|
|
|
|
ui: Adds Partitions to the HTTP layer (#10447)
This PR mainly adds partition to our HTTP adapter. Additionally and perhaps most importantly, we've also taken the opportunity to move our 'conditional namespaces' deeper into the app.
The reason for doing this was, we like that namespaces should be thought of as required instead of conditional, 'special' things and would like the same thinking to be applied to partitions.
Now, instead of using code throughout the app throughout the adapters to add/remove namespaces or partitions depending on whether they are enabled or not. As a UI engineer you just pretend that namespaces and partitions are always enabled, and we remove them for you deeper in the app, out of the way of you forgetting to treat these properties as a special case.
Notes:
Added a PartitionAbility while we were there (not used as yet)
Started to remove the CONSTANT variables we had just for property names. I prefer that our adapters are as readable and straightforwards as possible, it just looks like HTTP.
We'll probably remove our formatDatacenter method we use also at some point, it was mainly too make it look the same as our previous formatNspace, but now we don't have that, it instead now looks different!
We enable parsing of partition in the UIs URL, but this is feature flagged so still does nothing just yet.
All of the test changes were related to the fact that we were treating client.url as a function rather than a method, and now that we reference this in client.url (etc) it needs binding to client.
2021-09-15 18:09:55 +01:00
|
|
|
requestForAuthorize(request, { dc, ns, partition, resources = [], index }) {
|
2021-02-19 16:42:16 +00:00
|
|
|
// the authorize endpoint is slightly different to all others in that it
|
|
|
|
// ignores an ns parameter, but accepts a Namespace property on each
|
2021-07-15 12:19:07 +01:00
|
|
|
// resource. Here we hide this difference from the rest of the app as
|
2021-02-23 08:56:42 +00:00
|
|
|
// currently we never need to ask for permissions/resources for multiple
|
2021-02-19 16:42:16 +00:00
|
|
|
// different namespaces in one call so here we use the ns param and add
|
|
|
|
// this to the resources instead of passing through on the queryParameter
|
ui: Adds Partitions to the HTTP layer (#10447)
This PR mainly adds partition to our HTTP adapter. Additionally and perhaps most importantly, we've also taken the opportunity to move our 'conditional namespaces' deeper into the app.
The reason for doing this was, we like that namespaces should be thought of as required instead of conditional, 'special' things and would like the same thinking to be applied to partitions.
Now, instead of using code throughout the app throughout the adapters to add/remove namespaces or partitions depending on whether they are enabled or not. As a UI engineer you just pretend that namespaces and partitions are always enabled, and we remove them for you deeper in the app, out of the way of you forgetting to treat these properties as a special case.
Notes:
Added a PartitionAbility while we were there (not used as yet)
Started to remove the CONSTANT variables we had just for property names. I prefer that our adapters are as readable and straightforwards as possible, it just looks like HTTP.
We'll probably remove our formatDatacenter method we use also at some point, it was mainly too make it look the same as our previous formatNspace, but now we don't have that, it instead now looks different!
We enable parsing of partition in the UIs URL, but this is feature flagged so still does nothing just yet.
All of the test changes were related to the fact that we were treating client.url as a function rather than a method, and now that we reference this in client.url (etc) it needs binding to client.
2021-09-15 18:09:55 +01:00
|
|
|
//
|
|
|
|
// ^ same goes for Partitions
|
|
|
|
|
2021-02-19 16:42:16 +00:00
|
|
|
if (this.env.var('CONSUL_NSPACES_ENABLED')) {
|
2022-09-15 10:43:17 +02:00
|
|
|
resources = resources.map((item) => ({ ...item, Namespace: ns }));
|
2021-02-19 16:42:16 +00:00
|
|
|
}
|
ui: Adds Partitions to the HTTP layer (#10447)
This PR mainly adds partition to our HTTP adapter. Additionally and perhaps most importantly, we've also taken the opportunity to move our 'conditional namespaces' deeper into the app.
The reason for doing this was, we like that namespaces should be thought of as required instead of conditional, 'special' things and would like the same thinking to be applied to partitions.
Now, instead of using code throughout the app throughout the adapters to add/remove namespaces or partitions depending on whether they are enabled or not. As a UI engineer you just pretend that namespaces and partitions are always enabled, and we remove them for you deeper in the app, out of the way of you forgetting to treat these properties as a special case.
Notes:
Added a PartitionAbility while we were there (not used as yet)
Started to remove the CONSTANT variables we had just for property names. I prefer that our adapters are as readable and straightforwards as possible, it just looks like HTTP.
We'll probably remove our formatDatacenter method we use also at some point, it was mainly too make it look the same as our previous formatNspace, but now we don't have that, it instead now looks different!
We enable parsing of partition in the UIs URL, but this is feature flagged so still does nothing just yet.
All of the test changes were related to the fact that we were treating client.url as a function rather than a method, and now that we reference this in client.url (etc) it needs binding to client.
2021-09-15 18:09:55 +01:00
|
|
|
if (this.env.var('CONSUL_PARTITIONS_ENABLED')) {
|
2022-09-15 10:43:17 +02:00
|
|
|
resources = resources.map((item) => ({ ...item, Partition: partition }));
|
ui: Adds Partitions to the HTTP layer (#10447)
This PR mainly adds partition to our HTTP adapter. Additionally and perhaps most importantly, we've also taken the opportunity to move our 'conditional namespaces' deeper into the app.
The reason for doing this was, we like that namespaces should be thought of as required instead of conditional, 'special' things and would like the same thinking to be applied to partitions.
Now, instead of using code throughout the app throughout the adapters to add/remove namespaces or partitions depending on whether they are enabled or not. As a UI engineer you just pretend that namespaces and partitions are always enabled, and we remove them for you deeper in the app, out of the way of you forgetting to treat these properties as a special case.
Notes:
Added a PartitionAbility while we were there (not used as yet)
Started to remove the CONSTANT variables we had just for property names. I prefer that our adapters are as readable and straightforwards as possible, it just looks like HTTP.
We'll probably remove our formatDatacenter method we use also at some point, it was mainly too make it look the same as our previous formatNspace, but now we don't have that, it instead now looks different!
We enable parsing of partition in the UIs URL, but this is feature flagged so still does nothing just yet.
All of the test changes were related to the fact that we were treating client.url as a function rather than a method, and now that we reference this in client.url (etc) it needs binding to client.
2021-09-15 18:09:55 +01:00
|
|
|
}
|
2021-02-19 16:42:16 +00:00
|
|
|
return request`
|
2021-09-15 19:50:11 +01:00
|
|
|
POST /v1/internal/acl/authorize?${{ dc }}
|
2021-02-19 16:42:16 +00:00
|
|
|
|
2021-02-23 08:56:42 +00:00
|
|
|
${resources}
|
2021-02-19 16:42:16 +00:00
|
|
|
`;
|
|
|
|
}
|
|
|
|
|
|
|
|
authorize(store, type, id, snapshot) {
|
|
|
|
return this.rpc(
|
2021-11-11 12:02:29 +00:00
|
|
|
async (adapter, request, serialized, unserialized) => {
|
|
|
|
// the authorize endpoint does not automatically take into account the
|
|
|
|
// default namespace of the token on the backend. This means that we
|
|
|
|
// need to add the default namespace of the token on the frontend
|
|
|
|
// instead. Decided this is the best place for it as its almost hidden
|
|
|
|
// from the rest of the app so from an app eng point of view it almost
|
|
|
|
// feels like it does happen on the backend.
|
|
|
|
// Same goes ^ for partitions
|
|
|
|
const nspacesEnabled = this.env.var('CONSUL_NSPACES_ENABLED');
|
|
|
|
const partitionsEnabled = this.env.var('CONSUL_PARTITIONS_ENABLED');
|
2022-09-15 10:43:17 +02:00
|
|
|
if (nspacesEnabled || partitionsEnabled) {
|
2021-11-11 12:02:29 +00:00
|
|
|
const token = await this.settings.findBySlug('token');
|
2022-09-15 10:43:17 +02:00
|
|
|
if (nspacesEnabled) {
|
|
|
|
if (typeof serialized.ns === 'undefined' || serialized.ns.length === 0) {
|
2021-11-11 12:02:29 +00:00
|
|
|
serialized.ns = token.Namespace;
|
|
|
|
}
|
|
|
|
}
|
2022-09-15 10:43:17 +02:00
|
|
|
if (partitionsEnabled) {
|
|
|
|
if (typeof serialized.partition === 'undefined' || serialized.partition.length === 0) {
|
2021-11-11 12:02:29 +00:00
|
|
|
serialized.partition = token.Partition;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return adapter.requestForAuthorize(request, serialized);
|
2021-02-19 16:42:16 +00:00
|
|
|
},
|
2022-09-15 10:43:17 +02:00
|
|
|
function (serializer, respond, serialized, unserialized) {
|
2021-02-19 16:42:16 +00:00
|
|
|
// Completely skip the serializer here
|
2022-09-15 10:43:17 +02:00
|
|
|
return respond(function (headers, body) {
|
2021-02-19 16:42:16 +00:00
|
|
|
return body;
|
|
|
|
});
|
|
|
|
},
|
|
|
|
snapshot,
|
|
|
|
type.modelName
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|