- Add namespace support

- Fix issue with Identifies - Remove dashboard coming soon language

Author: jcrowthe

app/elements/dash-board.html

@@ -47,12 +47,6 @@
 <div class="center">
 <div class="vertical center">
 <iron-icon id="dashboard" icon="dashboard"></iron-icon>
-<div>
-<div class="shaded">Dashboard</div>
-</div>
-<div>
-<div class="shaded">Coming Soon!</div>
-</div>
 </div>
 </div>
 </div>

app/elements/elements.html

@@ -13,6 +13,7 @@
 -->
 
 <!-- Iron Elements -->
+<link rel="import" href="../bower_components/iron-collapse/iron-collapse.html">
 <link rel="import" href="../bower_components/iron-flex-layout/iron-flex-layout.html">
 <link rel="import" href="../bower_components/iron-icons/iron-icons.html">
 <link rel="import" href="../bower_components/iron-icons/communication-icons.html">

app/elements/login-form.html

@@ -73,6 +73,16 @@
 paper-progress.bottombar {
 --paper-progress-container-color: rgba(#ffffff, 0);
 }
+#collapse {
+padding: 0em;
+background-color: #d3d3d36e;
+margin: 1em;
+border-radius: 5px;
+}
+#optionalCollapsible {
+margin: 0 2em;
+padding-bottom: 1em;
+}
 </style>
 
 <iron-ajax id="authenticateReq"
@@ -94,6 +104,7 @@
 handle-as="json"
 method="POST"
 body="{{oidcBody}}"
+headers="{{header}}"
 content-type="application/json"
 last-response="{{oidcResponse}}"
 last-error={{loginError}}
@@ -167,11 +178,22 @@
 <paper-input id="userfield" value="{{username}}" label="Username" disabled="{{loading}}"></paper-input>
 <paper-input id="passfield" value="{{password}}" label="Password" type="password" disabled="{{loading}}"></paper-input>
 </div>
-<div>
-<iron-a11y-keys target="[[targetrole]]" keys="enter" on-keys-pressed="_login"></iron-a11y-keys>
-<paper-input id="rolefield" value="{{role}}" label="Role (optional)" disabled="{{loading}}"></paper-input>
-</div>
 </iron-pages>
+<div id="trigger" on-tap="_toggleOptional" style="padding: 0 15px;">
+<iron-icon icon="{{optionalIcon}}" hidden$="[[noIcons]]"></iron-icon>
+More Options
+</div>
+<iron-collapse id="collapse" opened="{{optionalOpen}}">
+<div id="optionalCollapsible">
+<div>
+<paper-input id="namespacefield" value="{{namespace}}" label="Namespace" disabled="{{loading}}"></paper-input>
+</div>
+<template is="dom-if" if="{{roleVisible}}">
+<iron-a11y-keys target="[[targetrole]]" keys="enter" on-keys-pressed="_login"></iron-a11y-keys>
+<paper-input id="rolefield" value="{{role}}" label="Role" disabled="{{loading}}"></paper-input>
+</template>
+</div>
+</iron-collapse>
 <div class="buttons">
 <paper-button on-tap="_login" autofocus disabled="{{loading}}">Login</paper-button>
 </div>
@@ -181,6 +203,8 @@
 <app-localstorage-document key="page" data="{{page}}"></app-localstorage-document>
 <app-localstorage-document key="urls" data="{{urls}}"></app-localstorage-document>
 <app-localstorage-document key="username" data="{{username}}"></app-localstorage-document>
+<app-localstorage-document key="namespace" data="{{namespace}}"></app-localstorage-document>
+<app-localstorage-document key="optionalOpen" data="{{optionalOpen}}"></app-localstorage-document>
 
 <paper-toast id="errortoast" class="fit-bottom error" duration="5000">
 <iron-icon prefix icon="error-outline" style="padding-right: 7px;"></iron-icon>
@@ -242,6 +266,10 @@
 type: String,
 value: ''
 },
+roleVisible: {
+type: Boolean,
+value: false
+},
 backends: {
 type: Array,
 value: [],
@@ -281,6 +309,25 @@
 type: Object,
 notify: true
 },
+namespace: {
+type: String,
+value: '',
+observer: '_watchNamespace'
+},
+namespaceLabel: {
+type: String,
+value: 'None',
+notify: true,
+},
+optionalOpen: {
+type: Boolean,
+value: false,
+observer: '_watchOptionalIcon'
+},
+optionalIcon: {
+type: String,
+value: 'expand-more'
+},
 page: {
 type: Number,
 value: 0,
@@ -327,14 +374,15 @@
 _autofocus: function() {
 // Close OIDC alert on all pages. Open selectively as needed.
 this.$.oidctoast.close();
+this.roleVisible = false;
 
 // Set cursor autofocus for login/password fields
 // TODO: autofocus on username field first if unset
 if (this.page === 1) this.$.tokenfield.autofocus = true;
 else if (this.page === 0) this.$.passfieldldap.autofocus = true;
 else if (this.page === 2) this.$.passfield.autofocus = true;
 else if (this.page === 3) {
-this.$.rolefield.autofocus = true;
+this.roleVisible = true;
 if (!(this.oidcStarted)) this.$.oidctoast.open();
 }
 },
@@ -354,6 +402,7 @@
 return;
 }
 this.authMethod = 'POST';
+this.header = {"X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace};
 this.authURL = this.url + 'v1/auth/ldap/login/' + this.username;
 this.body = {"password": this.password };
 } else if (this.page == 1) {
@@ -365,7 +414,7 @@
 }
 this.authMethod = 'GET';
 this.authURL = this.url + 'v1/auth/token/lookup-self';
-this.header = {"X-Vault-Token": this.token, "X-Cryptr-Version": app.cryptrVersion };
+this.header = {"X-Vault-Token": this.token, "X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace };
 this.body = '';
 } else if (this.page == 2) {
 if (!this.username && !this.password) { //Check fields have content
@@ -376,11 +425,13 @@
 }
 this.authMethod = 'POST';
 this.authURL = this.url + 'v1/auth/userpass/login/' + this.username;
+this.header = {"X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace};
 this.body = {"password": this.password };
 } else if (this.page == 3) {
 if (this.oidcStarted) {
-this.oidcURL = this.url + 'v1/auth/oidc/oidc/auth_url'
+this.oidcURL = this.url + 'v1/auth/oidc/oidc/auth_url';
 this.oidcBody = {"redirect_uri": "http://localhost:8250/oidc/callback", "role": this.role}
+this.header = {"X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace};
 this.loading = true;
 this.$.oidcReq.generateRequest();
 } else {
@@ -399,7 +450,7 @@
 // UserPass / LDAP
 if (this.loginResponse.auth && this.loginResponse.auth.client_token) {
 this.loginResponse = this.loginResponse.auth;
-this.header = {"X-Vault-Token": this.loginResponse.client_token, "X-Cryptr-Version": app.cryptrVersion };
+this.header = {"X-Vault-Token": this.loginResponse.client_token, "X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace };
 // Token Auth
 } else if (this.loginResponse.data) {
 this.loginResponse = this.loginResponse.data;
@@ -536,7 +587,7 @@
 this.authMethod = 'GET';
 this.authURL = this.url + 'v1/auth/oidc/oidc/callback?code=' + data.code + '&state=' + data.state;
 this.body = '';
-this.header = '';
+this.header = {"X-Cryptr-Version": app.cryptrVersion, "X-Vault-Namespace": this.namespace};
 this.push('authRequests', this.$.testReq.generateRequest());
 },
 _oidcAuthError: function(data) {
@@ -558,6 +609,19 @@
 this.$.authenticateReq.generateRequest();
 this.authRequests = [];
 }
+},
+_appendNamespace: function() {
+if (this.namespace != "") return '?namespace=' + this.namespace
+else return ""
+},
+_toggleOptional: function() {
+this.optionalOpen = !this.optionalOpen;
+},
+_watchOptionalIcon: function() {
+this.optionalIcon = (this.optionalOpen) ? 'expand-more' : 'chevron-right';
+},
+_watchNamespace: function() {
+this.namespaceLabel = (this.namespace) ? this.namespace : 'None'
 }
 });
 })();

app/elements/secrets-init.html

@@ -98,7 +98,7 @@
 _listSecrets: function(key) {
 // Todo: Check for list permissions on folder before executing
 // Execute list on a folder
-if (!key.startsWith('sys') && !key.startsWith('cubbyhole')) {
+if (!key.startsWith('sys') && !key.startsWith('cubbyhole') && !key.startsWith('identity')) {
 // Track completed requests
 this.push('completedRequests', key);
 
@@ -160,7 +160,7 @@
 },
 _addSecret: function(location) {
 var parts = location.split('/');
-if (!['sys', 'auth', 'cubbyhole'].includes(parts[0])) {
+if (!['sys', 'auth', 'cubbyhole', 'identity'].includes(parts[0])) {
 var type = location.endsWith('/') ? 'folder' : 'secret';
 var permissions = [];
 var keys = Object.keys(this.secretAccess).sort(function(a, b){ return b.length > a.length;}); //Sort by longest key to prioritize individual secret policies rather than wildcards
@@ -231,8 +231,8 @@
 var folderFound = false;
 for (var key in this.access) {
 var parts = key.split('/');
-if (!['sys', 'auth', 'cubbyhole'].includes(parts[0])) this.secretAccess[key] = this.access[key];
-if (this.access[key].capabilities.indexOf('deny') < 0) {
+if (!['sys', 'auth', 'cubbyhole', 'identity'].includes(parts[0])) this.secretAccess[key] = this.access[key];
+if ('capabilities' in this.access[key] && this.access[key].capabilities.indexOf('deny') < 0) {
 if (key.endsWith('/*') || key.endsWith('/')) {
 if (!['data', 'delete', 'destroy', 'undelete'].includes(parts[1])) {
 folderFound = true;
@@ -248,8 +248,13 @@
 }
 this._listSecrets(key);
 }
-}
-else this._addSecret(key);
+} else if (key == '*') { //Support root access, including root Namespace users
+folderFound = true;
+for (var i in this.backends) {
+if (this.backends[i].type === '2') this._listSecrets(this.backends[i].name + '/metadata/');
+else this._listSecrets(this.backends[i].name);
+}
+} else this._addSecret(key);
 }
 }
 if (!folderFound) this.loading = false;

app/elements/user-info.html

@@ -20,13 +20,12 @@
 }
 </style>
 <template>
-
- <paper-item>
+ <paper-item>
 <paper-icon-button icon="refresh" on-click="_refreshKeys" style="margin-right: 20px"></paper-icon-button>
-  <iron-icon icon="account-circle" style="color: #888"></iron-icon>
-  <span class="noselect name">{{upperUser}}</span>
-  <paper-button raised on-click="logout">Logout</paper-button>
-  </paper-item>
+ <iron-icon icon="account-circle" style="color: #888"></iron-icon>
+ <span class="noselect name">{{upperUser}}</span>
+ <paper-button raised on-click="logout">Logout</paper-button>
+ </paper-item>
 </template>
 
 <script>

app/index.html

@@ -31,7 +31,7 @@
 <body unresolved>
 <template is="dom-bind" id="app">
 <div id="blocker"></div> <!-- blocker: an element to obscure background-loading content at load time. -->
-<login-form status="{{status}}" username="{{u}}" url="{{url}}" header="{{header}}" login-response="{{loginResponse}}" loading="{{loading}}" backends="{{backends}}"></login-form>
+<login-form status="{{status}}" username="{{u}}" url="{{url}}" header="{{header}}" login-response="{{loginResponse}}" loading="{{loading}}" backends="{{backends}}" namespace-label="{{namespaceLabel}}"></login-form>
 <login-status id="login-status" status="{{status}}" url="{{url}}" header="{{header}}"></login-status>
 <secrets-init status="{{status}}" header="{{header}}" deferred-requests="{{deferredRequests}}" completed-requests="{{completedRequests}}" folder-route="{{folderRoute}}" login-response="{{loginResponse}}" secrets="{{secrets}}" access="{{access}}" loading="{{loading}}" backends="{{backends}}" index-all-secrets="{{indexAllSecrets}}"></secrets-init>
 
@@ -46,7 +46,7 @@
 <span class="menu-name noselect">Cryptr</span>
 </paper-toolbar>
 
-<div style="height: calc(100vh - 100px); overflow: scroll; padding-left: 10px;">
+<div style="height: calc(100vh - 128px); overflow: scroll; padding-left: 10px;">
 <span id="drawerMenuText" class="noselect">HOME</span>
 <paper-menu attr-for-selected="data-route" selected="{{route}}">
 <a data-route="home" href="{{baseUrl}}" class="noselect">
@@ -85,9 +85,12 @@
 
 </div>
 
-<!-- <div class="bottom-corner" style="color: #737373;">
-<paper-icon-button icon="settings"></paper-icon-button>
-</div> -->
+<div id="namespaceBar" class="noselect" style="width: {{drawerWidth}}">
+<paper-item>
+<iron-icon prefix icon="tab-unselected" style="min-width: 24px; padding-right: 7px;"></iron-icon>
+<b style="padding-right: 5px;">Namespace:</b> {{namespaceLabel}}
+</paper-item>
+</div>
 </paper-scroll-header-panel>
 
 <!-- Main Area -->

app/package.json

@@ -1,7 +1,7 @@
 {
  "name": "cryptr",
  "author": "Jacob Crowther <crowther@adobe.com>",
- "version": "0.5.0",
+ "version": "0.6.0",
  "description": "A GUI for Vault",
  "repository": {
  "url": "https://github.com/jcrowthe/cryptr.git"

app/scripts/app.js

@@ -18,7 +18,7 @@ app.baseUrl = '/';
 app.url = 'start';
 app.secretRoute = '';
 app.folderRoute = '';
-app.cryptrVersion = "0.2.0";
+app.cryptrVersion = "0.6.0";
 
 // Index filtering and sorting
 app.filterFolders = function(item) {

app/styles/app-theme.html

@@ -117,6 +117,13 @@
 
 
 /* General styles */
+
+#namespaceBar {
+height: 48px;
+ background-color: #353d4a;
+ color: #c0c1c3;
+}
+
 .bottombar {
 position: fixed;
 left: 0;
@@ -142,6 +149,7 @@
 color: var(--secondary-text-color);
 background-color: var(--drawer-menu-color);
 border-bottom: none;
+height: 80px;
 }
 
 .menu-name {

package.json

@@ -1,7 +1,7 @@
 {
  "name": "cryptr",
  "author": "Jacob Crowther <crowther@adobe.com>",
- "version": "0.5.0",
+ "version": "0.6.0",
  "description": "A GUI for Vault",
  "main": "app/index.js",
  "repository": {