test('version 2 with restricted policy still allows edit', async function(assert) {
let backend = 'kv-v2';
const V2_POLICY = `
path "kv-v2/metadata/*" {
capabilities = ["list"]
}
path "kv-v2/data/secret" {
capabilities = ["create", "read", "update"]
}
`;
await consoleComponent.runCommands([
`write sys/mounts/${backend} type=kv options=version=2`,
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
// delete any kv previously written here so that tests can be re-run
'delete kv-v2/metadata/secret',
'write -field=client_token auth/token/create policies=kv-v2-degrade',
]);
let userToken = consoleComponent.lastLogOutput;
await writeSecret(backend, 'secret', 'foo', 'bar');
await logout.visit();
await authPage.login(userToken);
await editPage.visitEdit({ backend, id: 'secret' });
assert.notOk(editPage.hasMetadataFields, 'hides the metadata form');
await editPage.editSecret('bar', 'baz');
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
assert.ok(showPage.editIsPresent, 'shows the edit button');
await logout.visit();
});
hooks.beforeEach(function() {
this.clock = sinon.useFakeTimers({
now: Date.now(),
shouldAdvanceTime: true,
});
this.server = apiStub({ usePassthrough: true });
return logout.visit();
});
test('write without read: version 1', async function(assert) {
let backend = 'kv-v1';
let userToken = await setupNoRead(backend);
await writeSecret(backend, 'secret', 'foo', 'bar');
await logout.visit();
await authPage.login(userToken);
await showPage.visit({ backend, id: 'secret' });
assert.ok(showPage.noReadIsPresent, 'shows no read empty state');
assert.ok(showPage.editIsPresent, 'shows the edit button');
await editPage.visitEdit({ backend, id: 'secret' });
assert.ok(editPage.showsV1WriteWarning, 'shows v1 warning');
await editPage.editSecret('bar', 'baz');
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
await logout.visit();
});
test('it shows the token warning beacon on the menu', async function(assert) {
let authService = this.owner.lookup('service:auth');
await authPage.login();
await consoleComponent.runCommands([
'write -field=client_token auth/token/create policies=default ttl=1h',
]);
let token = consoleComponent.lastTextOutput;
await logout.visit();
await authPage.login(token);
this.clock.tick(authService.IDLE_TIMEOUT);
authService.shouldRenew();
await settled();
assert.dom('[data-test-allow-expiration="true"]').exists('shows expiration beacon');
await visit('/vault/access');
assert.dom('[data-test-allow-expiration="true"]').doesNotExist('hides beacon when the api is used again');
});
hooks.beforeEach(async function() {
this.server = apiStub({ usePassthrough: true });
await logout.visit();
return authPage.login();
});
hooks.afterEach(function() {
return logout.visit();
});
hooks.afterEach(function() {
this.clock.restore();
this.server.shutdown();
return logout.visit();
});
hooks.afterEach(function() {
Ember.Test.adapter.exception = adapterException;
Ember.Logger.error = loggerError;
return logout.visit();
});