{
const errors = {}
errors.userGroupPermissions = {}
- errors.iamRolePermissions = {}
+ errors.iamPrincipalPermissions = {}
errors.foo = {}
// Validate the Name field
@@ -37,7 +37,7 @@ const validate = values => {
}
if (values.userGroupPermissions) {
- values.iamRolePermissions.map((permission, index) => { validateIamRolePermissions(permission, index, errors) })
+ values.iamPrincipalPermissions.map((permission, index) => { validateIamPrincipalPermissions(permission, index, errors) })
}
log.debug('Completed validation returning Error:\n' + JSON.stringify(errors, null, 2))
@@ -55,17 +55,17 @@ const validateUserGroupPermissions = (permission, index, errors) => {
}
}
-const validateIamRolePermissions = (permission, index, errors) => {
- errors.iamRolePermissions[`${index}`] = {}
+const validateIamPrincipalPermissions = (permission, index, errors) => {
+ errors.iamPrincipalPermissions[`${index}`] = {}
if (! permission.iamPrincipalArn) {
- errors.iamRolePermissions[`${index}`].iamPrincipalArn = 'You must enter a IAM principal ARN for this permission'
+ errors.iamPrincipalPermissions[`${index}`].iamPrincipalArn = 'You must enter a IAM principal ARN for this permission'
} else if (! /^arn:aws:(iam|sts)::.+$/.test(permission.iamPrincipalArn)) {
- errors.iamRolePermissions[`${index}`].iamPrincipalArn = 'Invalid ARN'
+ errors.iamPrincipalPermissions[`${index}`].iamPrincipalArn = 'Invalid ARN'
}
if (! permission.roleId) {
- errors.iamRolePermissions[`${index}`].roleId = 'Required'
+ errors.iamPrincipalPermissions[`${index}`].roleId = 'Required'
}
}
diff --git a/app/components/EditSDBoxForm/EditSDBoxForm.js b/app/components/EditSDBoxForm/EditSDBoxForm.js
index 9b287ee..59d4c7b 100644
--- a/app/components/EditSDBoxForm/EditSDBoxForm.js
+++ b/app/components/EditSDBoxForm/EditSDBoxForm.js
@@ -5,7 +5,7 @@ import { reduxForm, touch } from 'redux-form'
import GroupsSelect from '../GroupSelect/GroupsSelect'
import UserGroupPermissionsFieldSet from '../UserGroupPermissionsFieldSet/UserGroupPermissionsFieldSet'
-import IamRolePermissionsFieldSet from '../IamRolePermissionsFieldSet/IamRolePermissionsFieldSet'
+import IamPrincipalPermissionsFieldSet from '../IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet'
import SDBDescriptionField from '../SDBDescriptionField/SDBDescriptionField'
import * as modalActions from '../../actions/modalActions'
@@ -24,15 +24,15 @@ export const fields = [
'owner',
'userGroupPermissions[].name',
'userGroupPermissions[].roleId',
- 'iamRolePermissions[].iamPrincipalArn',
- 'iamRolePermissions[].roleId'
+ 'iamPrincipalPermissions[].iamPrincipalArn',
+ 'iamPrincipalPermissions[].roleId'
]
class EditSDBoxForm extends Component {
render() {
- const { fields: { description, owner, userGroupPermissions, iamRolePermissions },
+ const { fields: { description, owner, userGroupPermissions, iamPrincipalPermissions },
vaultToken, sdbId, roles, userGroups, hasDomainDataLoaded, dispatch, handleSubmit, isEditSubmitting } = this.props
// Lets not attempt to render everything until we have the data we need, when the domain data has loaded we can pass this
@@ -67,10 +67,10 @@ class EditSDBoxForm extends Component {
userGroups={userGroups}
roles={roles} />
-
+
{
- const { id, description, owner, userGroupPermissions, iamRolePermissions } = state.manageSafetyDepositBox.data
+ const { id, description, owner, userGroupPermissions, iamPrincipalPermissions } = state.manageSafetyDepositBox.data
return {
vaultToken: state.auth.vaultToken,
@@ -113,7 +113,7 @@ export default connect((state) => {
description: description,
owner: owner,
userGroupPermissions: userGroupPermissions,
- iamRolePermissions: iamRolePermissions
+ iamPrincipalPermissions: iamPrincipalPermissions
}
}
})(form)
\ No newline at end of file
diff --git a/app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.js b/app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.js
similarity index 68%
rename from app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.js
rename to app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.js
index ecee5b7..b2b1edb 100644
--- a/app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.js
+++ b/app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.js
@@ -4,34 +4,34 @@ import RoleSelect from '../RoleSelect/RoleSelect'
import Buttons from '../Buttons/Buttons'
import AddButton from '../AddButton/AddButton'
import { touch } from 'redux-form'
-import './IamRolePermissionsFieldSet.scss'
+import './IamPrincipalPermissionsFieldSet.scss'
/**
* Component for displaying User Group Permissions form field set
- * @prop iamRolePermissions is the Redux form field for the array of IAM role permission objects (Group -> Role)
+ * @prop iamPrincipalPermissions is the Redux form field for the array of IAM role permission objects (Group -> Role)
* @prop dispatch from the store to dispatch touch events for the drop downs
* @prop formName The redux form name for touch events in the drop downs
* @props roles The list of roles that a user can select for the permission
*/
-export default class IamRolePermissionsFieldSet extends Component {
+export default class IamPrincipalPermissionsFieldSet extends Component {
static propTypes = {
- iamRolePermissions: PropTypes.array.isRequired,
+ iamPrincipalPermissions: PropTypes.array.isRequired,
dispatch: PropTypes.func.isRequired,
formName: PropTypes.string.isRequired,
roles: PropTypes.array.isRequired
}
render() {
- const {iamRolePermissions, dispatch, formName, roles} = this.props
+ const {iamPrincipalPermissions, dispatch, formName, roles} = this.props
return (
-
-
IAM Principal Permissions
-
-
- {iamRolePermissions.map((permission, index) =>
+
+
IAM Principal Permissions
+
+
+ {iamPrincipalPermissions.map((permission, index) =>
-
+
@@ -50,14 +50,14 @@ export default class IamRolePermissionsFieldSet extends Component {
}} />
{
- iamRolePermissions.removeField(index)
+ iamPrincipalPermissions.removeField(index)
}} />
)}
-
+
)
}
diff --git a/app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.scss b/app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.scss
similarity index 80%
rename from app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.scss
rename to app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.scss
index ab6d62c..648b0be 100644
--- a/app/components/IamRolePermissionsFieldSet/IamRolePermissionsFieldSet.scss
+++ b/app/components/IamPrincipalPermissionsFieldSet/IamPrincipalPermissionsFieldSet.scss
@@ -1,6 +1,6 @@
@import '../../assets/styles/common.scss';
-.iam-role-permissions {
+.iam-principal-permissions {
margin-top: 15px;
border-style: solid;
border-radius: 2px;
@@ -10,15 +10,15 @@
padding-right: 7px;
padding-bottom: 7px;
- .iam-role-permissions-label {
+ .iam-principal-permissions-label {
padding-top: 5px;
}
- .iam-role-permissions-perms-container {
+ .iam-principal-permissions-perms-container {
margin-top: -7px;
}
- .iam-role-permissions-permission {
+ .iam-principal-permissions-permission {
width: 100%;
padding-top: 10px;
display: flex;
diff --git a/app/components/ManageSDBox/ManageSDBox.js b/app/components/ManageSDBox/ManageSDBox.js
index e6914df..5b796b4 100644
--- a/app/components/ManageSDBox/ManageSDBox.js
+++ b/app/components/ManageSDBox/ManageSDBox.js
@@ -124,7 +124,7 @@ export default class ManageSDBox extends Component {
{ displayPermissions &&
{ readOnlyUserGroupPermissions(sdbData.userGroupPermissions, roles) }
- { readOnlyIamRolePermissions(sdbData.iamRolePermissions, roles) }
+ { readOnlyIamPrincipalPermissions(sdbData.iamPrincipalPermissions, roles) }
}
@@ -171,8 +171,8 @@ const readOnlyUserGroupPermissions = (userGroupPermissions, roles) => {
}
}
-const readOnlyIamRolePermissions = (iamRolePermissions, roles) => {
- if (iamRolePermissions == null || iamRolePermissions.length < 1) {
+const readOnlyIamPrincipalPermissions = (iamPrincipalPermissions, roles) => {
+ if (iamPrincipalPermissions == null || iamPrincipalPermissions.length < 1) {
return(
No IAM Principal Permissions Defined
)
} else {
return(
@@ -184,7 +184,7 @@ const readOnlyIamRolePermissions = (iamRolePermissions, roles) => {
Role |
- {iamRolePermissions.map((perm, index) => {
+ {iamPrincipalPermissions.map((perm, index) => {
return (
| {perm.iamPrincipalArn} |
diff --git a/mocks/API.md b/mocks/API.md
index 21b711f..45882e6 100644
--- a/mocks/API.md
+++ b/mocks/API.md
@@ -24,31 +24,174 @@ This endpoint will take a Users credentials and proxy the request to Vault to ge
+ Body
{
- "status": "mfa_req",
- "client_token": "null",
- "data": {
- "state_token": "jskljdklaj",
- "devices": [
- {
- "id": "123456",
- "name": "Google Authenticator"
- }
- ]
- }
+ "status": "success",
+ "data": {
+ "client_token": {
+ "client_token": "7f6808f1-ede3-2177-aa9d-45f507391310",
+ "policies": [
+ "web",
+ "stage"
+ ],
+ "metadata": {
+ "username": "john.doe@nike.com",
+ "is_admin": "false",
+ "groups": "Lst-CDT.CloudPlatformEngine.FTE,Lst-digital.platform-tools.internal"
+ },
+ "lease_duration": 3600,
+ "renewable": true
+ }
+ }
+ }
+
++ Response 200 (application/json) (MFA Required)
+
+ + Body
+
+ {
+ "status" : "mfa_req",
+ "data" : {
+ "user_id" : "13427265",
+ "username" : "john.doe@nike.com",
+ "state_token" : "5c7d1fd1914ffff5bcc2253b3c38ef85a3125bc1",
+ "devices" : [ {
+ "id" : "111111",
+ "name" : "Google Authenticator"
+ }, {
+ "id" : "22222",
+ "name" : "Google Authenticator"
+ }, {
+ "id" : "33333",
+ "name" : "Google Authenticator"
+ } ],
+ "client_token" : null
+ }
+ }
+
+
+## User MFA Check [/v2/auth/mfa_check]
+
+### Verify MFA token for a user [POST]
+
+This endpoint will take a Users credentials and proxy the request to Vault to get a Vault token for the user with some extra metadata.
+
++ Request (application/json)
+
+ + Body
+
+ {
+ "state_token": "jskljdklaj",
+ "device_id": "123456",
+ "otp_token": "111111"
+ }
+
++ Response 200 (application/json)
+
+ + Body
+
+ {
+ "status": "success",
+ "data": {
+ "client_token": {
+ "client_token": "7f6808f1-ede3-2177-aa9d-45f507391310",
+ "policies": [
+ "web",
+ "stage"
+ ],
+ "metadata": {
+ "username": "john.doe@nike.com",
+ "is_admin": "false",
+ "groups": "Lst-CDT.CloudPlatformEngine.FTE,Lst-digital.platform-tools.internal"
+ },
+ "lease_duration": 3600,
+ "renewable": true
+ }
+ }
}
+## User Refresh Token [/v2/auth/user/refresh]
+
+### Refresh the user's token [GET]
+
+This endpoint allows a user to exchange their current token for a new one with updated policies.
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
++ Response 200 (application/json)
+
+ + Body
+
+ {
+ "status": "success",
+ "data": {
+ "client_token": {
+ "client_token": "234808f1-ede3-2177-aa9d-45f507391310",
+ "policies": [
+ "web",
+ "stage"
+ ],
+ "metadata": {
+ "username": "john.doe@nike.com",
+ "is_admin": "false",
+ "groups": "Lst-CDT.CloudPlatformEngine.FTE,Lst-digital.platform-tools.internal"
+ },
+ "lease_duration": 3600,
+ "renewable": true
+ }
+ }
+ }
+
+## App Login v2 [/v2/auth/iam-principal]
+
+### Authenticate with Cerberus as an App [POST]
+
+This endpoint takes IAM ARN information and generates an base 64 encoded KMS encrypted payload of the below. The ARN if registered with an SDB will have kms decrypt permissions on the KMS key that the payload was enrypted with.
+
++ Request (application/json)
+
+ + Body
+
+ {
+ "iam_principal_arn" : "arn:aws:iam::111111111:role/cerberus-api-tester",
+ "region": "us-west-2"
+ }
+
++ Response 200 (application/json)
+
+ + Body
+
+ {
+ "client_token" : "e5fd901b-bc65-71e7-a214-6066fef1e918",
+ "policies" : [ "foo-bar-read", "lookup-self" ],
+ "metadata" : {
+ "aws_region" : "us-west-2",
+ "iam_principal_arn" : "arn:aws:iam::111111111:role/fake-role"
+ "username" : "arn:aws:iam::111111111:role/fake-role"
+ "is_admin": "false",
+ "groups": "registered-iam-principals"
+ },
+ "lease_duration" : 3600,
+ "renewable" : true
+ }
+
+
## App Login [/v1/auth/iam-role]
### Authenticate with Cerberus as an App [POST]
-This endpoint will take a Users credentials and proxy the request to Vault to get a Vault token for the user with some extra metadata.
+This endpoint takes IAM ARN information and generates an base 64 encoded KMS encrypted payload of the below. The ARN if registered with an SDB will have kms decrypt permissions on the KMS key that the payload was enrypted with.
+ Request (application/json)
+ Body
{
- "iam_role_arn" : "arn:aws:iam::123:role/web"
+ "account_id" : "123",
+ "role_name": "web",
+ "region": "us-west-2"
}
+ Response 200 (application/json)
@@ -56,20 +199,21 @@ This endpoint will take a Users credentials and proxy the request to Vault to ge
+ Body
{
- "auth": {
- "client_token": "9a8b5f0e-b41f-3fc7-1c94-3ed4a8057396",
- "policies": [
- "web"
- ],
- "metadata": {
- "account_id": "123",
- "iam_role_name": "web"
- },
- "lease_duration": 3600,
- "renewable": true
- }
+ "client_token" : "234808f1-ede3-2177-aa9d-45f507391310",
+ "policies" : [ "health-check-bucket-read", "lookup-self" ],
+ "metadata" : {
+ "aws_region" : "us-west-2",
+ "aws_account_id" : "111111111",
+ "aws_iam_role_name" : "fake-role",
+ "username" : "arn:aws:iam::111111111:role/fake-role",
+ "is_admin": "false",
+ "groups": "registered-iam-principals"
+ },
+ "lease_duration" : 3600,
+ "renewable" : true
}
+
## Auth [/v1/auth]
### Logout of Cerberus [DELETE]
@@ -86,7 +230,7 @@ This endpoint will take the users `X-Vault-Token` header and proxy to Vault to r
# Group Safe Deposit Box
-## Get authorized Safe Deposit Box list [/v1/safe-deposit-box]
+## Safe Deposit Box V2 [/v2/safe-deposit-box]
### Get details for each authorized Safe Deposit Box [GET]
@@ -106,13 +250,229 @@ This endpoint will list all the Safe Deposit Box a user is authorized to see.
{
"id": "fb013540-fb5f-11e5-ba72-e899458df21a",
"name": "Web",
- "path": "app/stage/",
+ "path": "app/web",
+ "category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46"
+ },
+ {
+ "id": "06f82494-fb60-11e5-ba72-e899458df21a",
+ "name": "OneLogin",
+ "path": "shared/onelogin",
+ "category_id": "f7ffb890-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+
+### Create a Safe Deposit Box [POST]
+
+This endpoint will create a new Safe Deposit Box
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
+ + Body
+
+ {
+ "name": "Stage",
+ "description": "Sensitive configuration properties for the stage micro-service.",
+ "category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46",
+ "owner": "Lst-digital.platform-tools.internal",
+ "user_group_permissions": [
+ {
+ "name": "Lst-CDT.CloudPlatformEngine.FTE",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ],
+ "iam_principal_permissions": [
+ {
+ "iam_principal_arn": ""arn:aws:iam::1111111111:role/role-name"
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+ }
+
++ Response 201 (application/json)
+
+ + Headers
+
+ X-Refresh-Token: true
+ Location: /v1/safe-deposit-box/a7d703da-faac-11e5-a8a9-7fa3b294cd46
+
+ + Body
+
+ {
+ "id": "a7d703da-faac-11e5-a8a9-7fa3b294cd46",
+ "name": "Stage",
+ "description": "Sensitive configuration properties for the stage micro-service.",
+ "path": "app/stage",
+ "category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46",
+ "owner": "Lst-digital.platform-tools.internal",
+ "user_group_permissions": [
+ {
+ "id": "3fc6455c-faad-11e5-a8a9-7fa3b294cd46",
+ "name": "Lst-CDT.CloudPlatformEngine.FTE",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ],
+ "iam_principal_permissions": [
+ {
+ "id": "d05bf72e-faad-11e5-a8a9-7fa3b294cd46",
+ "iam_principal_arn": "arn:aws:iam::1111111111:role/role-name",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+ }
+
+### Get details for a specific authorized Safe Deposit Box [GET /v2/safe-deposit-box/{id}]
+
+This endpoint returns details on a specific Safe Deposit Box.
+
++ Parameters
+
+ + id (required, string, `a7d703da-faac-11e5-a8a9-7fa3b294cd46`) - The id of the Safe Deposit Box
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
++ Response 200 (application/json)
+
+ + Body
+
+ {
+ "id": "a7d703da-faac-11e5-a8a9-7fa3b294cd46",
+ "name": "Stage",
+ "description": "Sensitive configuration properties for the stage micro-service.",
+ "path": "app/stage",
+ "category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46",
+ "owner": "Lst-digital.platform-tools.internal",
+ "user_group_permissions": [
+ {
+ "id": "3fc6455c-faad-11e5-a8a9-7fa3b294cd46",
+ "name": "Lst-CDT.CloudPlatformEngine.FTE",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ],
+ "iam_principal_permissions": [
+ {
+ "id": "d05bf72e-faad-11e5-a8a9-7fa3b294cd46",
+ "iam_principal_arn": "arn:aws:iam::1111111111:role/role-name",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+ }
+
+
+### Update a specific authorized Safe Deposit Box [PUT]
+
+This endpoint allows a user to update the description, user group, and iam role mappings
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
+ + Body
+
+ {
+ "description": "All configuration properties for the stage micro-service.",
+ "owner": "Lst-Squad.Carebears",
+ "user_group_permissions": [
+ {
+ "name": "Lst-CDT.CloudPlatformEngine.FTE",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ],
+ "iam_principal_permissions": [
+ {
+ "iam_principal_arn": ""arn:aws:iam::1111111111:role/role-name2"
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+ }
+
++ Response 200
+
+ + Headers
+
+ X-Refresh-Token: true
+
+ + Body
+
+ {
+ "id": "a7d703da-faac-11e5-a8a9-7fa3b294cd46",
+ "name": "Stage",
+ "description": "Sensitive configuration properties for the stage micro-service.",
+ "path": "app/stage",
+ "category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46",
+ "owner": "Lst-digital.platform-tools.internal",
+ "user_group_permissions": [
+ {
+ "id": "3fc6455c-faad-11e5-a8a9-7fa3b294cd46",
+ "name": "Lst-CDT.CloudPlatformEngine.FTE",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ],
+ "iam_principal_permissions": [
+ {
+ "id": "d05bf72e-faad-11e5-a8a9-7fa3b294cd46",
+ "iam_principal_arn": "arn:aws:iam::1111111111:role/role-name",
+ "role_id": "f800558e-faaa-11e5-a8a9-7fa3b294cd46"
+ }
+ ]
+ }
+
+### Delete a specific authorized Safe Deposit Box [DELETE]
+
+This endpoint allows a user to delete a safe deposit box that they own
+
++ Parameters
+
+ + id (required, string, `a7d703da-faac-11e5-a8a9-7fa3b294cd46`) - The id of the Safe Deposit Box
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
++ Response 200
+
+ + Headers
+
+ X-Refresh-Token: true
+
+## Safe Deposit Box V1 [/v1/safe-deposit-box]
+
+## Get details for each authorized Safe Deposit Box [GET]
+
+This endpoint will list all the Safe Deposit Box a user is authorized to see.
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
++ Response 200 (application/json)
+
+ + Body
+
+ [
+ {
+ "id": "fb013540-fb5f-11e5-ba72-e899458df21a",
+ "name": "Web",
+ "path": "app/web",
"category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46"
},
{
"id": "06f82494-fb60-11e5-ba72-e899458df21a",
"name": "OneLogin",
- "path": "shared/onelogin/",
+ "path": "shared/onelogin",
"category_id": "f7ffb890-faaa-11e5-a8a9-7fa3b294cd46"
}
]
@@ -153,6 +513,7 @@ This endpoint will create a new Safe Deposit Box
+ Headers
+ X-Refresh-Token: true
Location: /v1/safe-deposit-box/a7d703da-faac-11e5-a8a9-7fa3b294cd46
+ Body
@@ -162,9 +523,7 @@ This endpoint will create a new Safe Deposit Box
}
-## Safe Deposit Box [/v1/safe-deposit-box/{id}]
-
-### Get details for a specific authorized Safe Deposit Box [GET]
+### Get details for a specific authorized Safe Deposit Box [GET /v1/safe-deposit-box/{id}]
This endpoint returns details on a specific Safe Deposit Box.
@@ -186,7 +545,7 @@ This endpoint returns details on a specific Safe Deposit Box.
"id": "a7d703da-faac-11e5-a8a9-7fa3b294cd46",
"name": "Stage",
"description": "Sensitive configuration properties for the stage micro-service.",
- "path": "app/stage/",
+ "path": "app/stage",
"category_id": "f7ff85a0-faaa-11e5-a8a9-7fa3b294cd46",
"owner": "Lst-digital.platform-tools.internal",
"user_group_permissions": [
@@ -238,7 +597,31 @@ This endpoint allows a user to update the description, user group, and iam role
+ Response 204
-# Group role
+ + Headers
+
+ X-Refresh-Token: true
+
+### Delete a specific authorized Safe Deposit Box [DELETE]
+
+This endpoint allows a user to delete a safe deposit box that they own
+
++ Parameters
+
+ + id (required, string, `a7d703da-faac-11e5-a8a9-7fa3b294cd46`) - The id of the Safe Deposit Box
+
++ Request (application/json)
+
+ + Headers
+
+ X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
+
++ Response 200
+
+ + Headers
+
+ X-Refresh-Token: true
+
+# Group Role
## Role List [/v1/role]
@@ -281,7 +664,7 @@ Lists all the roles that can be granted to an IAM Role or User Group on a Safe D
}
]
-# Group category
+# Group Category
## Category List [/v1/category]
@@ -318,77 +701,10 @@ Lists all the possible categories that a safe deposit box can belong to.
}
]
-## User Login [/v2/auth/mfa_check]
-
-### Authenticate with Cerberus as a User [POST]
-
-This endpoint will take a Users credentials and proxy the request to Vault to get a Vault token for the user with some extra metadata.
-
-+ Request (application/json)
-
- + Headers
-
- Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
-
-+ Response 200 (application/json)
-
- + Body
-
- {
- "status": "success",
- "data": {
- "client_token": {
- "client_token": "7f6808f1-ede3-2177-aa9d-45f507391310",
- "policies": [
- "web",
- "stage"
- ],
- "metadata": {
- "username": "john.doe@nike.com",
- "is_admin": "false",
- "groups": "Lst-CDT.CloudPlatformEngine.FTE,Lst-digital.platform-tools.internal"
- },
- "lease_duration": 3600,
- "renewable": true
- }
- }
- }
-
-# Group Stats
-
-## Basic Stats [/v1/stats]
-
-### Get stats [GET]
-Returns basic stats about each safe deposit box (name, owner, last updated ts). Requester must be an admin.
-
-+ Response 200 (application/json)
-
- + Headers
-
- X-Vault-Token: 7f6808f1-ede3-2177-aa9d-45f507391310
-
- + Body
-
- {
- "safe_deposit_box_stats": [
- {
- "name": "Web",
- "owner": "Lst-CDT.CloudPlatformEngine.FTE",
- "last_updated_ts": "2016-05-18T06:51:08Z"
- },
- {
- "name": "OneLogin",
- "owner": "Lst-CDT.CloudPlatformEngine.FTE",
- "last_updated_ts": "2016-05-18T06:35:55Z"
- }
- ],
- "safe_deposit_box_total": 2
- }
-
# Group Metadata
-## SDB Metadata [/v1/metadata]
+## SDB Metadata [/v1/metadata?limit={limit}&offset={offset}]
### Get metadata [GET]
@@ -409,59 +725,12 @@ You can use has_next and next_offset from the response to paginate through all r
{
"has_next": false,
- "next_offset": 10,
+ "next_offset": 0,
"limit": 10,
"offset": 0,
- "sdb_count_in_result": 10,
- "total_sdbcount": 1000,
+ "sdb_count_in_result": 3,
+ "total_sdbcount": 3,
"safe_deposit_box_metadata": [
- {
- "name": "dev demo",
- "path": "app/dev-demo/",
- "category": "Applications",
- "owner": "Lst-Squad.Carebears",
- "description": "test\nasdfasdasdfasd\nasdfasdf\n\nasdfasdf\nasdf",
- "created_ts": "2017-01-04T23:18:40-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:18:40-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {
- "Application.FOO.User": "read",
- "Application.BAR.User": "read"
- },
- "iam_role_permissions": {
- "arn:aws:iam::265866363820:role/asdf": "write",
- "arn:aws:iam::265866363820:role/fasdf": "write"
- }
- },
- {
- "name": "nike dev foo bar",
- "path": "app/nike-dev-foo-bar/",
- "category": "Applications",
- "owner": "Lst-Squad.Carebears",
- "description": "adsfasdfadsfasdf",
- "created_ts": "2017-01-04T23:19:03-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:19:03-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {
- "Lst-FOO-bar": "read"
- },
- "iam_role_permissions": {}
- },
- {
- "name": "IaM W d WASD",
- "path": "shared/iam-w-d-wasd/",
- "category": "Shared",
- "owner": "Lst-Squad.Carebears",
- "description": "CAREBERS",
- "created_ts": "2017-01-04T23:19:19-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:19:19-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {},
- "iam_role_permissions": {}
- },
{
"name": "dev demo",
"path": "app/dev-demo/",
@@ -506,68 +775,6 @@ You can use has_next and next_offset from the response to paginate through all r
"last_updated_by": "justin.field@nike.com",
"user_group_permissions": {},
"iam_role_permissions": {}
- },
- {
- "name": "dev demo",
- "path": "app/dev-demo/",
- "category": "Applications",
- "owner": "Lst-Squad.Carebears",
- "description": "test",
- "created_ts": "2017-01-04T23:18:40-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:18:40-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {
- "Application.FOO.User": "read"
- },
- "iam_role_permissions": {
- "arn:aws:iam::265866363820:role/asdf": "write"
- }
- },
- {
- "name": "nike dev foo bar",
- "path": "app/nike-dev-foo-bar/",
- "category": "Applications",
- "owner": "Lst-Squad.Carebears",
- "description": "adsfasdfadsfasdf",
- "created_ts": "2017-01-04T23:19:03-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:19:03-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {
- "Lst-FOO-bar": "read"
- },
- "iam_role_permissions": {}
- },
- {
- "name": "IaM W d WASD",
- "path": "shared/iam-w-d-wasd/",
- "category": "Shared",
- "owner": "Lst-Squad.Carebears",
- "description": "CAREBERS",
- "created_ts": "2017-01-04T23:19:19-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:19:19-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {},
- "iam_role_permissions": {}
- },
- {
- "name": "dev demo",
- "path": "app/dev-demo/",
- "category": "Applications",
- "owner": "Lst-Squad.Carebears",
- "description": "test",
- "created_ts": "2017-01-04T23:18:40-08:00",
- "created_by": "justin.field@nike.com",
- "last_updated_ts": "2017-01-04T23:18:40-08:00",
- "last_updated_by": "justin.field@nike.com",
- "user_group_permissions": {
- "Application.FOO.User": "read"
- },
- "iam_role_permissions": {
- "arn:aws:iam::265866363820:role/asdf": "write"
- }
- }
+ }
]
- }
\ No newline at end of file
+ }
diff --git a/package.json b/package.json
index fbfb6ed..ad8d3d4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "cerberus-management-dashboard",
- "version": "0.12.0",
+ "version": "1.0.0",
"description": "A management dashboard for Cerberus.",
"main": "index.js",
"repository": {