conjur-asset-ui 1.3.0

data/public/js/models/variableList.js

@@ -0,0 +1,16 @@
+(function(conjur) {
+    'use strict';
+
+    conjur.models.VariableList = function() {
+        var options = {
+            filter: function(member) {
+                var idTokens = member.id.split(':');
+                var id = idTokens[idTokens.length-1];
+                return id.split('/').length > 1;
+            }
+        };
+
+        return conjur.models.ResourceList('variable', options);
+    };
+
+})(conjur);

data/public/js/models/variableRecord.js

@@ -0,0 +1,73 @@
+(function(conjur, $, async, errback) {
+    'use strict';
+
+    var Generic = this.Generic;
+
+    var Variable = this.Variable = function(args) {
+        if (!(this instanceof Variable)) {
+            return new Variable(args);
+        }
+
+        var superArguments = Array.prototype.slice.call(arguments);
+        superArguments.unshift('variable');
+        Generic.apply(this, superArguments);
+
+        return undefined;
+    };
+
+    Variable.prototype = Object.create(Generic.prototype);
+    Variable.prototype.constructor = Variable;
+
+    Variable.prototype.fetch = function(callback, custom_errback) {
+        var self = this,
+            id = this.id;
+
+        if (typeof(custom_errback) === 'undefined') {
+            custom_errback = errback; // reset to default
+        }
+
+        function members(privilege) {
+            return function(cb) {
+                $.ajax({
+                    url: '/api/authz/'
+                        + conjur.app.configuration.account
+                        + '/roles/allowed_to/'
+                        + privilege
+                        + '/variable/'
+                        + window.encodeURIComponent(id),
+                    success: function(result) {
+                        cb(null, result);
+                    },
+                    error: cb
+                });
+            };
+        }
+
+        async.parallel([
+            this.attributes.bind(this),
+            members('execute'),
+            members('update'),
+            this.resource.bind(this)
+        ], function(err, results) {
+            if (err) {
+                return custom_errback(err.status);
+            }
+
+            callback({
+                variable: results[0],
+                fetchers: results[1],
+                updaters: results[2],
+                annotations: results[3].annotations
+            });
+
+            return undefined;
+        });
+    };
+
+}).bind(conjur.models.Record)
+(
+    conjur,
+    jQuery,
+    async,
+    conjur.utils.errback
+);

data/public/js/routers.js

@@ -0,0 +1,205 @@
+/** @jsx React.DOM */
+
+(function(conjur, $, _, Backbone, React, SearchResults) {
+    'use strict';
+
+    var GroupBox = conjur.views.GroupBox,
+        LayerBox = conjur.views.LayerBox,
+        PolicyBox = conjur.views.PolicyBox,
+        VariableBox = conjur.views.VariableBox,
+        HostBox = conjur.views.HostBox,
+        UserBox = conjur.views.UserBox;
+
+    conjur.Workspace = Backbone.Router.extend({
+        routes: {
+            '': 'dashboard',
+            'ui': 'dashboard',
+            'ui/users': 'users',
+            'ui/users/:user': 'user',
+            'ui/groups': 'groups',
+            'ui/groups/:group': 'group',
+            'ui/hosts': 'hosts',
+            'ui/hosts/:host': 'host',
+            'ui/layers': 'layers',
+            'ui/layers/:layer': 'layer',
+            'ui/variables': 'variables',
+            'ui/variables/:variable': 'variable',
+            'ui/policies': 'policies',
+            'ui/policies/:policy': 'policy',
+            'ui/audit': 'audit',
+            'ui/search/:search': 'search'
+        },
+
+        activateList: function(componentFunction) {
+            /* console.log('List', kind); */
+            this.setActiveNav(conjur.app.kind);
+            conjur.app.namespace.currentNamespace = '';
+
+            conjur.app.lists[conjur.app.kind].fetch(function(list) {
+                var component = componentFunction(list);
+                // doesn't make much sense due to http://stackoverflow.com/questions/24889934/componentinstance-setstate-undefined-in-0-11-0
+                //components[kind] = component;
+
+                React.renderComponent(
+                    component,
+                    document.getElementById('content')
+                );
+
+                // state reset won't work anymore in react v11, plus I am not sure how it is supposed to work, if namespace was just reset to zero
+                // component.setState({currentNamespace: namespace.currentNamespace, members: list.members(namespace.currentNamespace)});
+            });
+        },
+
+        activateRecord: function(k, id, componentFunction) {
+            /* console.log('Record', k, ' :', id); */
+
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = conjur.utils.pluralize(k);
+            this.setActiveNav(conjur.app.kind);
+
+            var model;
+            var Record = conjur.models.Record;
+
+            if (Record[_.capitalize(k)]) {
+                model = new Record[_.capitalize(k)](id);
+            } else {
+                model = new Record.Generic(conjur.app.kind, id);
+            }
+
+            model.fetch(function(record) {
+                var component = componentFunction(record);
+
+                React.renderComponent(
+                    component,
+                    document.getElementById('content')
+                );
+            }, function(status, text, xhr) {
+                if (status == 403) {
+                    conjur.app.flash = 'You are not authorized to view ' + conjur.app.kind + ':' + id + '.';
+                    window.history.back();
+                } else {
+                    console.error('HTTP error: ', status, text);
+                }
+            });
+        },
+
+        setActiveNav: function(name) {
+            $('.nav-item').removeClass('active');
+            $('#nav-' + name).addClass('active');
+        },
+
+        dashboard: function() {
+            $('#inlineSearchContainer').hide();
+            React.renderComponent(
+                <Dashboard />,
+                document.getElementById('content')
+            );
+        },
+
+        user: function(user) {
+            this.activateRecord('user', user, function(record) {
+                return <User data={record}/>;
+            });
+        },
+
+        users: function() {
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = 'users';
+
+            this.activateList(function(list) {
+                return <UserBox data={{namespaces: list.namespaces, members: list.members('')}} />;
+            });
+        },
+
+        group: function(group) {
+            this.activateRecord('group', group, function(record) {
+                return <Group data={record} />;
+            });
+        },
+
+        groups: function() {
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = 'groups';
+
+            this.activateList(function(list) {
+                return <GroupBox data={{namespaces: list.namespaces, members: list.members('')}} />;
+            });
+        },
+
+        host: function(host){
+            this.activateRecord('host', host, function(record) {
+                return <Host data={record}/>;
+            });
+        },
+
+        hosts: function() {
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = 'hosts';
+            var HostBox = conjur.views.HostBox;
+
+            this.activateList(function(list) {
+                return <HostBox data={{namespaces: list.namespaces, members: list.members('')}} />;
+            });
+        },
+
+        layer: function(layer) {
+            this.activateRecord('layer', layer, function(record) {
+                return <Layer data={record} />;
+            });
+        },
+
+        layers: function() {
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = 'layers';
+
+            this.activateList(function(list) {
+                return <LayerBox data={{namespaces: list.namespaces, members: list.members('')}} />;
+            });
+        },
+
+        variable: function(variable) {
+            this.activateRecord('variable', variable, function(record) {
+                return <Variable data={record} />;
+            });
+        },
+
+        variables: function() {
+            $('#inlineSearchContainer').show();
+            conjur.app.kind = 'variables';
+
+            this.activateList(function(list) {
+                return <VariableBox data={{namespaces: list.namespaces, members: list.members('')}} />;
+            });
+        },
+
+        policies: function() {
+            conjur.app.kind = 'policies';
+
+            this.activateList(function(list) {
+                return <PolicyBox data={{members: list.members('')}} />;
+            });
+        },
+
+        policy: function(policy) {
+            this.activateRecord('policy', policy, function(record) {
+                return <Policy data={record} />;
+            });
+        },
+
+        audit: function(){
+            $('#inlineSearchContainer').show();
+            this.setActiveNav('audit');
+
+            React.renderComponent(
+                <GlobalAudit/>,
+                document.getElementById('content')
+            );
+        },
+
+        search: function(search){
+            $('#inlineSearchContainer').show();
+            SearchResults.search(search);
+        }
+    });
+
+})(conjur, jQuery, _, Backbone, React, SearchResults);

data/public/js/views/annotations.js

@@ -0,0 +1,36 @@
+/** @jsx React.DOM */
+
+var AnnotationsBox = React.createClass({
+  render: function() {
+    
+     if (!this.props.annotations || !this.props.annotations.length>0 ) {
+        return <div>
+                <span>None</span>   
+               </div>;
+     }
+
+    // TODO: sort by date (optionally)
+    // TODO: table view
+   var annotations_list = [];
+   this.props.annotations.sort(function(a,b) {
+                            return a.name.toLowerCase().localeCompare(b.name.toLowerCase());
+                         }).forEach(function(item){
+                            var itemname = item.name;
+                            var itemvalue = item.value;
+
+                            var dt_key = "annotation_"+itemname+"_key";
+                            var dd_key = "annotation_"+itemname+"_value";
+                            
+                            annotations_list.push(<dt key={dt_key}>{itemname}</dt>);
+                            annotations_list.push(<dd key={dd_key}>{itemvalue}</dd>);
+                            });
+
+
+    return <div> 
+                <dl className="annotations dl-horizontal">
+                    {annotations_list}
+                </dl>
+           </div>;
+  }
+ }
+);

data/public/js/views/audit.js

@@ -0,0 +1,363 @@
+/**@jsx React.DOM*/
+
+// Generated by LiveScript 1.2.0
+(function(){
+  var ref$, em, strong, table, div, th, tr, td, thead, tbody, section, h3, time, map, each, unique, isType, join, compact_fields, extended_fields, FieldsMixin, AuditTableHeader, Timestamp, wrapArray, AuditEntry, newEventSet, AuditTable, GlobalAudit, urlOfRole, urlOfResource, AuditBox, out$ = typeof exports != 'undefined' && exports || this, slice$ = [].slice;
+  ref$ = React.DOM, em = ref$.em, strong = ref$.strong, table = ref$.table, div = ref$.div, th = ref$.th, tr = ref$.tr, td = ref$.td, thead = ref$.thead, tbody = ref$.tbody, section = ref$.section, h3 = ref$.h3, time = ref$.time;
+  ref$ = require('prelude-ls'), map = ref$.map, each = ref$.each, unique = ref$.unique, isType = ref$.isType, join = ref$.join;
+  compact_fields = ['auditview_user', 'auditview_action'];
+  //extended_fields = ['timestamp', 'user', 'acting_as', 'action', 'entities', 'privilege','human'];    
+  extended_fields = ['timestamp','auditview_user','auditview_action'];
+  known_rolsource_types = [ 'user','group','host','layer','policy']; // what if somebody explicitly will create the role of such type?
+  FieldsMixin = {
+    fields: function(){
+      if (this.props.compact) {
+        return compact_fields;
+      } else {
+        return extended_fields;
+      }
+    }
+  };
+  AuditTableHeader = React.createClass({
+    mixins: [FieldsMixin],
+    displayName: 'AuditTableHeader',
+    render: function(){
+      return thead({}, tr({}, map(function(it){
+        return th({
+          key: it
+        }, it.replace('auditview_','').replace('_', ' '));
+      })(
+      this.fields())));
+    }
+  });
+  Timestamp = React.createClass({
+    displayName: 'Timestamp',
+    render: function(){
+      var ts;
+      ts = moment(this.props.time); /*.format('YYYY-MM-DD hh:mm:ss');
+      return <div className="timestamp">{ts}</div>;
+      */
+      return time({
+        className: "timestamp",
+        dateTime: ts.format(),
+        title: ts.calendar()
+      }, [ts.fromNow()]);
+    }
+  });
+  wrapArray = function(it){
+    if (isType('Array', it)) {
+      return it;
+    } else {
+      return [it];
+    }
+  };
+  out$.AuditEntry = AuditEntry = React.createClass({
+    mixins: [FieldsMixin],
+    displayName: 'AuditEntry',
+    // TODO: make message a separate React Class
+    humanizeEvent: function(e) {
+      // copy of SHORT_FORMATS logic from cli-ruby:lib/conjur/command/audit.rb
+      var msg="";
+
+      if ((e.kind=='resource') && (e.action=='check')) {
+      	msg = [ ]
+      	if ( e.allowed ) {
+	        msg.push("performed ");
+	        msg.push(em({}, e.privilege));
+	        msg.push(" on ");
+	        msg.push(ResourceLink({id: e.resource, noIcon: true}));
+      	}
+      	else {
+	        msg.push("was ");
+	        msg.push(strong({}, "denied permission"));
+	        msg.push(" to ");
+	        msg.push(em({}, e.privilege));
+	        msg.push(" ");
+	        msg.push(ResourceLink({id: e.resource, noIcon: true}));
+      	}
+      } else if ((e.kind=="resource") && (e.action=="create")) {
+        msg = [ " created ", ResourceLink({id: e.resource, noIcon: true}), " owned by ", RoleLink({id: e.owner, noIcon: true}) ];
+      } else if ((e.kind=="resource") && (e.action=="update")) { // this is suspicious, but CLI audit does this
+        msg = [ " gave ", ResourceLink({id: e.resource, noIcon: true}), " to ", RoleLink({id: e.owner, noIcon: true}) ];
+      } else if ((e.kind=="resource") && (e.action=="destroy")) {
+        msg = [ " deleted ", ResourceLink({id: e.resource, noIcon: true}) ];
+      } else if ((e.kind=="resource") && (e.action=="permit")) {
+      	msg = [ " permitted ", RoleLink({id: e.grantee, noIcon: true}), " to ", em({}, e.privilege), " ", ResourceLink({id: e.resource, noIcon: true}) ]
+        if ( e.grant_option )
+        	msg.push(" with grant option"); 
+      } else if ((e.kind=="resource") && (e.action=="deny")) {
+        msg = [ " denied ", em({}, e.privilege), " from ", RoleLink({id: e.grantee, noIcon: true}), " on ", ResourceLink({id: e.resource, noIcon: true}) ];
+      } else if ((e.kind=="resource") && (e.action=="permitted_roles")) {
+    		msg = [ " listed roles permitted to ", em({}, e.privilege), " on ", ResourceLink({id: e.resource, noIcon: true}) ];
+      } else if ((e.kind=="role") && (e.action=="check")) {
+      	msg = [ ]
+      	if ( e.allowed ) {
+	        msg.push(RoleLink({id: e.role, noIcon: true}))
+	        msg.push(" performed ");
+	        msg.push(em({}, e.privilege));
+	        msg.push(" on ");
+	        msg.push(ResourceLink({id: e.resource, noIcon: true}));
+      	}
+      	else {
+	        msg.push(RoleLink({id: e.role, noIcon: true}))
+	        msg.push(" was ");
+	        msg.push(strong({}, "denied permission"));
+	        msg.push(" to ");
+	        msg.push(em({}, e.privilege));
+	        msg.push(" on ");
+	        msg.push(ResourceLink({id: e.resource, noIcon: true}));
+      	}
+      } else if ((e.kind=="role") && (e.action=="grant")) {
+      	/* what was the point of commenting this out? */
+      	msg = [ " granted role ", RoleLink({id: e.role, noIcon: true}), " to ", RoleLink({id: e.member, noIcon: true}) ];
+        if (e.admin_option) {
+            msg.push(" with admin permission");
+        } else {
+            msg.push(" without admin permission");
+        }
+      } else if ((e.kind=="role") && (e.action=="revoke")) {
+      	msg = [ " revoked role ", RoleLink({id: e.role, noIcon: true}), " from ", RoleLink({id: e.member, noIcon: true}) ];
+      } else if ((e.kind=="role") && (e.action=="create")) {
+      	msg = [ " created role ", RoleLink({id: e.role, noIcon: true}) ];
+      } else if ((e.kind=="annotation") && (e.action=="update")) {
+        msg = [ " updated annotation on ", ResourceLink({id: e.resource, noIcon: true}) ];
+      } else if (e.kind=="audit") {
+        var action_part = _.compact([e.facility, e.action]).join(":");
+        var parts = [action_part];
+        if (e.role!=null) {
+        	parts.push(" by ");
+        	parts.push(RoleLink({id: e.role, noIcon: true})); 
+        }
+        if (e.resource_id!=null) { 
+        	parts.push(" on");
+        	parts.push(ResourceLink({id: e.resource_id, noIcon: true})); 
+        }
+        if (e.allowed!=null) { 
+        	parts.push(" (allowed: "+e.allowed+")"); 
+        }
+        var statement = parts.join(" ");
+        msg = [" reported ", parts ];
+        if (e.audit_message!=null) { 
+            msg.push("; message: ");
+            msg.push(e.audit_message);
+        }
+      } else {
+        msg+=" unknown event: "+e.kind+":"+e.action+"!";
+      } 
+
+      if (e.error!=null) {
+        msg+=" (failed with "+e.error+")";
+      }
+
+      return msg;
+    },
+    transformField: function(key, value){
+      var that;
+      switch (key) {
+      case 'entities':
+        return [
+          (that = this.props.resource) != null ? ResourceLink({
+            data: that
+          }) : void 8, (that = this.props.role) != null ? RoleLink({
+            id: that
+          }) : void 8
+        ];
+      case 'user':
+        if (value != null)  {
+          return RoleLink({
+            id: value
+          });
+        }
+        break;
+      case 'acting_as':
+        that = this.props.user;
+        if ((value != null) && ( value != that )) {
+          return RoleLink({
+            id: value
+          });
+        }
+        break;
+      case 'auditview_user': //virtual field
+        var acting_user =this.props.user;
+        var acting_role = this.props.acting_as;      
+        msg = [ RoleLink({id: acting_user}) ];
+        if ((acting_role!=null) && (acting_role != acting_user)) {
+            msg.push([" as ", RoleLink({id: acting_role})]);
+        }
+        return msg;
+      case 'timestamp':
+        if (value != null) {
+          return Timestamp({
+            time: value
+          });
+        }
+        break;
+      case 'auditview_action': 
+        return this.humanizeEvent(this.props);
+      default:
+        return value;
+      }
+    },
+    render: function(){
+      var this$ = this;
+      return tr({
+        className: this.props.action
+      },  map(function(it){
+        return td.apply(null, [{
+          key: it
+        }].concat(slice$.call(wrapArray(this$.transformField(it, this$.props[it])))));
+      })(
+      this.fields()));
+    }
+  });
+  newEventSet = function(){
+    var evts;
+    evts = new SortedSet({
+      comparator: function(a, b){
+        return a && b && b.id - a.id;
+      }
+    });
+    evts.containsLike = function(item){
+      var existing;
+      existing = this.findIterator(item).value();
+      if (existing != null) {
+        return this.priv.comparator(existing, item) === 0;
+      }
+    };
+    return evts;
+  };
+  out$.AuditTable = AuditTable = React.createClass({
+    displayName: 'AuditTable',
+    getInitialState: function(){
+      return {
+        events: newEventSet()
+      };
+    },
+    knownRolsourceTypes: function() { 
+      return  ;
+    },
+    render: function(){
+      var compact;
+      compact = this.props.compact;
+      return section({
+        className: 'audit'
+      }, [
+        h3({}, this.props.caption), table({
+          className: 'audit-table'
+        }, [
+          AuditTableHeader({
+            key: 'thead',
+            compact: compact
+          }), tbody({
+            key: 'tbody'
+          }, this.state.events.filter(function(ev){ 
+               // remove internal resources creation
+               if ((ev.role!=null) && (ev.role.split(':')[1] == '@')) {
+                 return false;
+               }
+               if ((ev.resource!=null) && (ev.resource.split(':')[1] == '@')) {
+                 return false;
+               }
+               if ((ev.resource!=null) && (ev.resource.split(':')[1] == 'secret')) {
+                 return false;
+               }
+               if ((ev.grantee!=null) && (ev.grantee.split(':')[1] == '@')) {
+                 return false;
+               }
+
+               // hide automated creation of roles corresponding to resources of known type
+               if ((ev.kind=="role") && (ev.action=="create")) {
+                 var rolekind = ev.role.split(':')[1];
+                 if (_.contains(known_rolsource_types, rolekind)) {
+                    return false;
+                 } 
+               } 
+               return true;
+            }).map(function(it){
+                // new way to clone objects, custom clone$ does not work no more as expected
+                var ref$ = React.addons.update(it, {$merge: {key: it.id, compact: compact} }); 
+                return new AuditEntry(ref$);
+          }))
+        ])
+      ]);
+    },
+    componentDidMount: function(){
+      return each(this.addSource)(
+      wrapArray(
+      this.props.src));
+    },
+    componentWillUnmount: function(){
+      return each(function(it){
+        console.log("closing event source ", it);
+        return it.close();
+      })(
+      this.sources);
+    },
+    addEvent: function(arg$){
+      var data, event;
+      data = arg$.data;
+      event = JSON.parse(data);
+      if (event.action === "check" && event.privilege === "read" && event.allowed) {
+        return true;
+      } else {
+        if (!this.state.events.containsLike(event)) {
+          this.state.events.insert(event);
+          return this.forceUpdate();
+        }
+      }
+    },
+    addSource: function(url){
+      var evtSrc;
+      console.log("opening eventsource to " + url);
+      evtSrc = new EventSource(url);
+      console.log(evtSrc);
+      evtSrc.onmessage = this.addEvent;
+      evtSrc.onerror = function(a, b, c, d){
+        return console.log(a, b, c, d);
+      };
+      return (this.sources || (this.sources = [])).push(evtSrc);
+    }
+  });
+  out$.GlobalAudit = GlobalAudit = React.createClass({
+    displayName: 'GlobalAudit',
+    render: function(){
+      return AuditTable({
+        src: '/api/audit/all',
+        caption: 'All recent audit events'
+      });
+    }
+  });
+  urlOfRole = function(role){
+    return "/api/audit/roles/" + encodeURIComponent(role);
+  };
+  urlOfResource = function(resource){
+    return "/api/audit/resources/" + encodeURIComponent(resource);
+  };
+  out$.AuditBox = AuditBox = React.createClass({
+    displayName: 'AuditBox',
+    render: function(){
+      var roles, resources, roleSrcs, resSrcs, things;
+      roles = this.props.roles || [];
+      resources = this.props.resources || [];
+      roleSrcs = map(urlOfRole)(
+      roles);
+      resSrcs = map(urlOfResource)(
+      resources);
+      things = join(', ')(
+      unique(
+      roles.concat(resources))); 
+
+      var options= { src: roleSrcs.concat(resSrcs) };
+      if (this.props.tabview==null) {
+        options=_.extend(options, {caption: "Recent Activity"});
+      }
+      return AuditTable(options);
+    }
+  });
+  /* it does not work as expected with new react any more (prototype fields are squashed within react)
+  function clone$(it){
+    function fun(){} fun.prototype = it;
+    return new fun;
+  }
+  */
+}).call(this);