Merge branch 'main' into patch-4

hashicorp · Sep 23, 2024 · ea0455b · ea0455b
2 parents 08db16f + fc5ed22
commit ea0455b
Show file tree

Hide file tree

Showing 32 changed files with 596 additions and 333 deletions.
diff --git a/changelog/27927.txt b/changelog/27927.txt
@@ -0,0 +1,6 @@
+```release-note:improvement
+storage/s3: Pass context to AWS SDK calls
+```
+```release-note:improvement
+storage/dynamodb: Pass context to AWS SDK calls
+```
diff --git a/physical/dynamodb/dynamodb.go b/physical/dynamodb/dynamodb.go
@@ -294,7 +294,7 @@ func (d *DynamoDBBackend) Put(ctx context.Context, entry *physical.Entry) error
 		})
 	}
 
-	return d.batchWriteRequests(requests)
+	return d.batchWriteRequests(ctx, requests)
 }
 
 // Get is used to fetch an entry
@@ -304,7 +304,7 @@ func (d *DynamoDBBackend) Get(ctx context.Context, key string) (*physical.Entry,
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	resp, err := d.client.GetItem(&dynamodb.GetItemInput{
+	resp, err := d.client.GetItemWithContext(ctx, &dynamodb.GetItemInput{
 		TableName:      aws.String(d.table),
 		ConsistentRead: aws.Bool(true),
 		Key: map[string]*dynamodb.AttributeValue{
@@ -363,7 +363,7 @@ func (d *DynamoDBBackend) Delete(ctx context.Context, key string) error {
 			excluded = append(excluded, recordKeyForVaultKey(prefixes[index-1]))
 		}
 
-		hasChildren, err := d.hasChildren(prefix, excluded)
+		hasChildren, err := d.hasChildren(ctx, prefix, excluded)
 		if err != nil {
 			return err
 		}
@@ -387,7 +387,7 @@ func (d *DynamoDBBackend) Delete(ctx context.Context, key string) error {
 		}
 	}
 
-	return d.batchWriteRequests(requests)
+	return d.batchWriteRequests(ctx, requests)
 }
 
 // List is used to list all the keys under a given
@@ -420,7 +420,7 @@ func (d *DynamoDBBackend) List(ctx context.Context, prefix string) ([]string, er
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	err := d.client.QueryPages(queryInput, func(out *dynamodb.QueryOutput, lastPage bool) bool {
+	err := d.client.QueryPagesWithContext(ctx, queryInput, func(out *dynamodb.QueryOutput, lastPage bool) bool {
 		var record DynamoDBRecord
 		for _, item := range out.Items {
 			dynamodbattribute.UnmarshalMap(item, &record)
@@ -443,7 +443,7 @@ func (d *DynamoDBBackend) List(ctx context.Context, prefix string) ([]string, er
 // before any deletes take place. To account for that hasChildren accepts a slice of
 // strings representing values we expect to find that should NOT be counted as children
 // because they are going to be deleted.
-func (d *DynamoDBBackend) hasChildren(prefix string, exclude []string) (bool, error) {
+func (d *DynamoDBBackend) hasChildren(ctx context.Context, prefix string, exclude []string) (bool, error) {
 	prefix = strings.TrimSuffix(prefix, "/")
 	prefix = escapeEmptyPath(prefix)
 
@@ -473,7 +473,7 @@ func (d *DynamoDBBackend) hasChildren(prefix string, exclude []string) (bool, er
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	out, err := d.client.Query(queryInput)
+	out, err := d.client.QueryWithContext(ctx, queryInput)
 	if err != nil {
 		return false, err
 	}
@@ -519,7 +519,7 @@ func (d *DynamoDBBackend) HAEnabled() bool {
 
 // batchWriteRequests takes a list of write requests and executes them in badges
 // with a maximum size of 25 (which is the limit of BatchWriteItem requests).
-func (d *DynamoDBBackend) batchWriteRequests(requests []*dynamodb.WriteRequest) error {
+func (d *DynamoDBBackend) batchWriteRequests(ctx context.Context, requests []*dynamodb.WriteRequest) error {
 	for len(requests) > 0 {
 		batchSize := int(math.Min(float64(len(requests)), 25))
 		batch := map[string][]*dynamodb.WriteRequest{d.table: requests[:batchSize]}
@@ -534,7 +534,7 @@ func (d *DynamoDBBackend) batchWriteRequests(requests []*dynamodb.WriteRequest)
 
 		for len(batch) > 0 {
 			var output *dynamodb.BatchWriteItemOutput
-			output, err = d.client.BatchWriteItem(&dynamodb.BatchWriteItemInput{
+			output, err = d.client.BatchWriteItemWithContext(ctx, &dynamodb.BatchWriteItemInput{
 				RequestItems: batch,
 			})
 			if err != nil {

diff --git a/physical/s3/s3.go b/physical/s3/s3.go
@@ -183,7 +183,7 @@ func (s *S3Backend) Put(ctx context.Context, entry *physical.Entry) error {
 		putObjectInput.SSEKMSKeyId = aws.String(s.kmsKeyId)
 	}
 
-	_, err := s.client.PutObject(putObjectInput)
+	_, err := s.client.PutObjectWithContext(ctx, putObjectInput)
 	if err != nil {
 		return err
 	}
@@ -201,7 +201,7 @@ func (s *S3Backend) Get(ctx context.Context, key string) (*physical.Entry, error
 	// Setup key
 	key = path.Join(s.path, key)
 
-	resp, err := s.client.GetObject(&s3.GetObjectInput{
+	resp, err := s.client.GetObjectWithContext(ctx, &s3.GetObjectInput{
 		Bucket: aws.String(s.bucket),
 		Key:    aws.String(key),
 	})
@@ -254,7 +254,7 @@ func (s *S3Backend) Delete(ctx context.Context, key string) error {
 	// Setup key
 	key = path.Join(s.path, key)
 
-	_, err := s.client.DeleteObject(&s3.DeleteObjectInput{
+	_, err := s.client.DeleteObjectWithContext(ctx, &s3.DeleteObjectInput{
 		Bucket: aws.String(s.bucket),
 		Key:    aws.String(key),
 	})
@@ -289,7 +289,7 @@ func (s *S3Backend) List(ctx context.Context, prefix string) ([]string, error) {
 
 	keys := []string{}
 
-	err := s.client.ListObjectsV2Pages(params,
+	err := s.client.ListObjectsV2PagesWithContext(ctx, params,
 		func(page *s3.ListObjectsV2Output, lastPage bool) bool {
 			if page != nil {
 				// Add truncated 'folder' paths

diff --git a/ui/app/adapters/kmip/role.js b/ui/app/adapters/kmip/role.js
@@ -6,10 +6,11 @@
 import BaseAdapter from './base';
 import { decamelize } from '@ember/string';
 import { getProperties } from '@ember/object';
+import { nonOperationFields } from 'vault/utils/kmip-role-fields';
 
 export default BaseAdapter.extend({
   createRecord(store, type, snapshot) {
-    const name = snapshot.id || snapshot.attr('name');
+    const name = snapshot.id || snapshot.record.role;
     const url = this._url(
       type.modelName,
       {
@@ -18,18 +19,20 @@ export default BaseAdapter.extend({
       },
       name
     );
-    return this.ajax(url, 'POST', { data: this.serialize(snapshot) }).then(() => {
+    const data = this.serialize(snapshot);
+    return this.ajax(url, 'POST', { data }).then(() => {
       return {
         id: name,
-        name,
+        role: name,
         backend: snapshot.record.backend,
         scope: snapshot.record.scope,
       };
     });
   },
 
   deleteRecord(store, type, snapshot) {
-    const name = snapshot.id || snapshot.attr('name');
+    // records must always have IDs
+    const name = snapshot.id;
     const url = this._url(
       type.modelName,
       {
@@ -41,35 +44,35 @@ export default BaseAdapter.extend({
     return this.ajax(url, 'DELETE');
   },
 
+  updateRecord() {
+    return this.createRecord(...arguments);
+  },
+
   serialize(snapshot) {
     // the endpoint here won't allow sending `operation_all` and `operation_none` at the same time or with
     // other operation_ values, so we manually check for them and send an abbreviated object
     const json = snapshot.serialize();
-    const keys = snapshot.record.nonOperationFields.map(decamelize);
-    const nonOperationFields = getProperties(json, keys);
-    for (const field in nonOperationFields) {
-      if (nonOperationFields[field] == null) {
-        delete nonOperationFields[field];
+    const keys = nonOperationFields(snapshot.record.editableFields).map(decamelize);
+    const nonOp = getProperties(json, keys);
+    for (const field in nonOp) {
+      if (nonOp[field] == null) {
+        delete nonOp[field];
       }
     }
     if (json.operation_all) {
       return {
         operation_all: true,
-        ...nonOperationFields,
+        ...nonOp,
       };
     }
     if (json.operation_none) {
       return {
         operation_none: true,
-        ...nonOperationFields,
+        ...nonOp,
       };
     }
     delete json.operation_none;
     delete json.operation_all;
     return json;
   },
-
-  updateRecord() {
-    return this.createRecord(...arguments);
-  },
 });
diff --git a/ui/app/models/kmip/role.js b/ui/app/models/kmip/role.js
@@ -4,52 +4,35 @@
  */
 
 import Model, { attr } from '@ember-data/model';
-import { computed } from '@ember/object';
-import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 import apiPath from 'vault/utils/api-path';
 import lazyCapabilities from 'vault/macros/lazy-capabilities';
+import { withExpandedAttributes } from 'vault/decorators/model-expanded-attributes';
+import { operationFields, operationFieldsWithoutSpecial, tlsFields } from 'vault/utils/kmip-role-fields';
 import { removeManyFromArray } from 'vault/helpers/remove-from-array';
 
-const COMPUTEDS = {
-  operationFields: computed('newFields', function () {
-    return this.newFields.filter((key) => key.startsWith('operation'));
-  }),
+@withExpandedAttributes()
+export default class KmipRoleModel extends Model {
+  @attr({ readOnly: true }) backend;
+  @attr({ readOnly: true }) scope;
 
-  operationFieldsWithoutSpecial: computed('operationFields', function () {
-    return removeManyFromArray(this.operationFields, ['operationAll', 'operationNone']);
-  }),
+  get editableFields() {
+    return Object.keys(this.allByKey).filter((k) => !['backend', 'scope', 'role'].includes(k));
+  }
 
-  tlsFields: computed(function () {
-    return ['tlsClientKeyBits', 'tlsClientKeyType', 'tlsClientTtl'];
-  }),
-
-  // For rendering on the create/edit pages
-  defaultFields: computed('newFields', 'operationFields', 'tlsFields', function () {
-    const excludeFields = ['role'].concat(this.operationFields, this.tlsFields);
-    return removeManyFromArray(this.newFields, excludeFields);
-  }),
-
-  // For adapter/serializer
-  nonOperationFields: computed('newFields', 'operationFields', function () {
-    return removeManyFromArray(this.newFields, this.operationFields);
-  }),
-};
-
-export default Model.extend(COMPUTEDS, {
-  backend: attr({ readOnly: true }),
-  scope: attr({ readOnly: true }),
-  name: attr({ readOnly: true }),
-
-  fieldGroups: computed('fields', 'defaultFields.length', 'tlsFields', function () {
-    const groups = [{ TLS: this.tlsFields }];
-    if (this.defaultFields.length) {
-      groups.unshift({ default: this.defaultFields });
+  get fieldGroups() {
+    const tls = tlsFields();
+    const groups = [{ TLS: tls }];
+    // op fields are shown in OperationFieldDisplay
+    const opFields = operationFields(this.editableFields);
+    // not op fields, tls fields, or role/backend/scope
+    const defaultFields = this.editableFields.filter((f) => ![...opFields, ...tls].includes(f));
+    if (defaultFields.length) {
+      groups.unshift({ default: defaultFields });
     }
-    const ret = fieldToAttrs(this, groups);
-    return ret;
-  }),
+    return this._expandGroups(groups);
+  }
 
-  operationFormFields: computed('operationFieldsWithoutSpecial', function () {
+  get operationFormFields() {
     const objects = [
       'operationCreate',
       'operationActivate',
@@ -62,7 +45,7 @@ export default Model.extend(COMPUTEDS, {
 
     const attributes = ['operationAddAttribute', 'operationGetAttributes'];
     const server = ['operationDiscoverVersions'];
-    const others = removeManyFromArray(this.operationFieldsWithoutSpecial, [
+    const others = removeManyFromArray(operationFieldsWithoutSpecial(this.editableFields), [
       ...objects,
       ...attributes,
       ...server,
@@ -77,14 +60,8 @@ export default Model.extend(COMPUTEDS, {
         Other: others,
       });
     }
-    return fieldToAttrs(this, groups);
-  }),
-  tlsFormFields: computed('tlsFields', function () {
-    return expandAttributeMeta(this, this.tlsFields);
-  }),
-  fields: computed('defaultFields', function () {
-    return expandAttributeMeta(this, this.defaultFields);
-  }),
+    return this._expandGroups(groups);
+  }
 
-  updatePath: lazyCapabilities(apiPath`${'backend'}/scope/${'scope'}/role/${'id'}`, 'backend', 'scope', 'id'),
-});
+  @lazyCapabilities(apiPath`${'backend'}/scope/${'scope'}/role/${'id'}`, 'backend', 'scope', 'id') updatePath;
+}
diff --git a/ui/app/styles/components/kmip-role-edit.scss b/ui/app/styles/components/kmip-role-edit.scss
@@ -3,11 +3,14 @@
  * SPDX-License-Identifier: BUSL-1.1
  */
 
+.kmip-role-operations {
+  column-count: 2;
+}
 .kmip-role-allowed-operations {
   @extend .box;
   flex: 1 1 auto;
   box-shadow: none;
-  padding: 0;
+  padding: $spacing-4 0;
 }
 .kmip-role-allowed-operations .field {
   margin-bottom: $spacing-4;

diff --git a/ui/app/utils/kmip-role-fields.js b/ui/app/utils/kmip-role-fields.js
@@ -0,0 +1,27 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import { removeManyFromArray } from 'vault/helpers/remove-from-array';
+
+export const operationFields = (fieldNames) => {
+  if (!Array.isArray(fieldNames)) {
+    throw new Error('fieldNames must be an array');
+  }
+  return fieldNames.filter((key) => key.startsWith('operation'));
+};
+
+export const operationFieldsWithoutSpecial = (fieldNames) => {
+  const opFields = operationFields(fieldNames);
+  return removeManyFromArray(opFields, ['operationAll', 'operationNone']);
+};
+
+export const nonOperationFields = (fieldNames) => {
+  const opFields = operationFields(fieldNames);
+  return removeManyFromArray(fieldNames, opFields);
+};
+
+export const tlsFields = () => {
+  return ['tlsClientKeyBits', 'tlsClientKeyType', 'tlsClientTtl'];
+};