3keycompany / czertainly-fe-administrator Goto Github PK

Implement new version of attributes based on proposed design:

• update DTOs to reflect changes in attribute definition
• response of API for listing attributes can contain different types of attributes
• attribute value validation based on defined attribute constraints
• 3 types of attributes - Data, Group, Info

Data attributes:

• all actual existing attributes in Czertainly are Data attributes
• rendered and with entered value sent to BE
• content is array of values with structure based on content type
• contains properties for visualization, constraints and callback

Group attributes:

• content is array of attribute definitions
• retrieved by calling defined callback and then rendered same way as attributes returned originally
• change implementation of callback for case of group attributes to handle new retrieved attributes

Info attributes:

• content serves only for information purpose and should be visually different from data attributes
• they are not sent back to BE
• content is array of values with structure based on content type
• contains properties for visualization, but no callback or constraints are defined

NOTE:
Since currently only data attributes are existing in Czertainly platform, goal of this issue is to update DTOs to V2 attributes and functionality to maintain same functionality on top of Data attributes. Implementation of support for group and info attributes will be subject of other issues.

There are more issues related to handling attributes in FE. Forms and its handling needs to be refactored to eliminate existing and probable uncovered bugs that could arise from this issue.

Some of the observed bugs:

• #33
• #34
• #28
• #37
• #38
• #39
• #40
• 3KeyCompany/CZERTAINLY-FE-Operator#39
• 3KeyCompany/CZERTAINLY-FE-Operator#42

When user needs to add some structured custom data to existing object, he can use custom attributes and set its content. Custom attributes allows user to define its own attributes with specified content type, that can be assigned to resources and then provided value for specific objects.

Core API contains endpoint for managing custom attributes and it needs to be integrated.

• Add new menu section Settings, under which will be item Custom attributes
• Create listing table
• Create add/edit form
• Create detail page of custom attribute with assignment of attribute to resources
• Implement other operations - delete, enable/disable, bulk operations

Application is now running on older 14.x Node.js version. This could limit development regarding new features and prevents updating dependencies (for example to fix some vulnerabilities).

Update React application to use newer version of Node.js. - at least to 16.x version, ideally to 18.x version.

Updated app parts:

• Layout
• Router
• Observables
• Styles

Finished sections:

• Homepage & About
• Dashboard
• Certificates
• Discovery
• Connectors
• Access Control / Users
• Access Control / Roles
• Profiles / RA profiles
• Profiles / Compliance profiles
• Inventory / Credentials
• Inventory / Authorities
• Inventory / Certificate Groups
• Inventory / Entities
• Inventory / Locations
• ACME / ACME Accounts
• ACME / ACME Profiles
• Audit Logs

When some operation on the certificate is performed on the Certificate details page, the history data is not automatically refreshed. New records are shown only after refreshing the page with the Certificate details.

The expected behaviour is that it is automatically updated with the correct record.

When navigating to other page in audit logs table, app sends recursively requests to BE.

When credential returned from callback is later used in mapping to callback request, only name (reference) is used as value, not whole NameAndUuidDto object.

List of discovered certificates in detail of discovery contains only static list without possibility to navigate to certificate detail in inventory. Now it is cumbersome to navigate to detail, only by searching certificate in inventory (e.g. by serial number).

Add link to certificate detail from the table of discovered certificates to get more information about discovered certificate in more user friendly way.

Export audit logs button ends with error 404.

1. When I want to create filter based on date (Valid from, Expires at) in Filter Value is displayed text mm / dd / yyyy, but in the field should be entered date in format dd / mm / yyyy.
2. Selecting date from displayed calendar window does not work.

Desktop (please complete the following information):

• Win 11
  -Firefox 108.0.1, Chrome 108.0.5359.125, Edge 108.0.1462.54

Design and implement UI editor for permissions of selected roles.
Required functionality:

• list hierarchically resources and their actions (with options All for resources and also listed actions of resource)
• each resource/action has allow checkbox to reflect that selection in permissions with checkbox selection preselected based on respecting All checkbox selection (inheritance of permissions)
• if resource response DTO contains information about listing endpoint, on this resource is allowed to set also object access permissions => display autocomplete search dropdown with offering specific objects from listing endpoint
• for selected object of that resource, display same list of actions but with 2 checkboxes Allow/Deny, that can override inherited permissions

The validation of the field Name of the objects like Credential or Authority does not allow to use underscored, or spaces.

Authority implements validateAlphaNumeric():

export const validateAlphaNumeric = () =>
  validatePattern(
    /^([a-zA-Z0-9À-ž]+([ '-/][a-zA-Z0-9À-ž]+)*)+$/,
    "Value can only contain numbers or letters eventually separated by a space, dash, apostrophe or slash"
  );

Can we allow more characters, like underscore, etc.?
Also, such combination is not allowed Authority - Internal.

Add custom attributes for resources that support them, that corresponding response DTOs contains list of custom attributes. Integration with custom attributes means:

• add custom attributes to create/edit form in separate section. Supported custom attributes for resource and their definitions can be retrieved from endpoint GET /v1/attributes/custom/resources/{resource} where resource is value from enum.

For example, when creating new Authority, request available custom attributes from above mentioned GET route with resource authorities.

Add support for group attributes to all create/edit forms for different resources. Since attributes are defined by connector, group attributes can be present in process of create/edit of any resource.

Requirements:

• Group attributes should be processed and attributes retrieved by callback visualized in form
• after submitting form, content of group's data attributes content should be included to process and sent to BE.

Refactoring of Administrator FE application to apply chosen project structure, code style, formatting and component organization.

Goal is to achieve better organized project code which leads to better code readability, extensibility and better productivity when implementing new features. Byproduct should be fixing bugs that are difficult to trace, fixing invalid states and reorganize components.

This consists of refactoring following sections of app:

• Clients
• User profile
• Credentials
• Authorities
• ACME
• RA profiles

When approving connectors waiting for approval in the list of connectors, it does not refresh its state. You need to refresh manually to see the state change.

When the attribute contains description, it should be shown on the FE.
For example, when creating new RA Profile, the attributes are dynamically fetched from the connector. Some of attributes contain description, and this description should be shown as part of the generated field as a help text.

See for example: https://getbootstrap.com/docs/4.0/components/forms/#help-text

Implement basic CRUD operation to manage users

Requirements:

• user listing page
• create new user
• edit existing user
• detail page of user
• enable/disable user
• delete user
• user profile
• do not allow edit/delete of system users

When 200 is returned the FE considers it as a successfull auth.

In certificate inventory we cannot select all certificates in one page by one click.

Improve formatting of error messages obtained from server

Since currently used v4.x version is no longer maintained, it needs to be updated to v6.x version. Also, It will provide better compatibility with other tools that already use newer version of Font Awesome.

Administrator interface version: 2.1.1

I have the RA Profile with the EJBCA NG authority provider that has configured Send Notifications to true.
When editing the RA Profile attributes, I can see that the Send Notifications is checked.
However, after saving, the Send Notifications is not set.

It seems that the attributes does not respect the current saved state.

The similar behaviour is when I do not have configured value for the Username Prefix.
When editing the RA Profile, the Username Prefix is not shown as blank, but with the default value, which is not the current saved state.

Add inventory of token profiles and integrate with API endpoints to manage them.

Version: 2.1.1

When editing RA Profile, first time it seems to be ok, but for the consecutive second time, when clicked on the edit button, received the following error:

TypeError: connAttrib.value is not iterable
attributeCombiner
src/utils/commons.ts:56
  53 | ) {
  54 |   let updatedList = [attrib.value];
  55 |   if (connAttrib.value !== undefined) {
> 56 |     for (let i of connAttrib.value) {
     | ^  57 |       if (!updatedList.includes(i)) {
  58 |         updatedList.push(i);
  59 |       }
View compiled
(anonymous function)
src/components/RaProfileForm/index.tsx:161
  158 | useEffect(() => {
  159 |   const raLength = raProfile?.attributes || [];
  160 |   if (raLength.length > 0 && editMode) {
> 161 |     const edtAttributes = attributeCombiner(
      | ^  162 |       raProfile?.attributes || [],
  163 |       profileAttributes
  164 |     );
View compiled
▶ 12 stack frames were collapsed.

When creating new RA Profile, the LIST attributes with the setValue, containing multiple values to select, are not properly handled.

When the attribute is required, and the user does not select anything from the list, the request contains array of all possible values that were initially provided in the attribute definition.

The correct behaviour in this case is that the front end will not send the attribute, when the value is not selected.
Only when the value is selected the front end should send the selected value as part of the attribute in the request.

Group attributes represent a way how to get dynamically additional set of attributes from connector, when attributes returned depends on selected values of other attributes.

To remind, group attributes:

• content is array of attribute definitions
• retrieved by calling defined callback and then rendered same way as attributes returned originally
• change implementation of callback for case of group attributes to handle new retrieved attributes

When on the connector details page in the Administrator interface, attributes of the kind have more information to be shown when user clicks on the Show more....

The attribute details should be shown only for the attribute associated with the button. However, when clicked on any Show more... button, all details are expanded.

Metadata that are sent between core and connectors were represented as JSON object with key-pair values. Updating metadata to attributes definition structure requires to update Metadata widget in detail page of resources with metadata. Currently, Core collects and stores metadata for following resources: discovery, location and certificate.

In addition, MetadataResponseDto groups metadata by connector which is origin of metadata. Each metadata item is represented by extension of ResponseAttributeDto that adds source object reference to the content of metadata.

Requirements:

• visualize metadata content based on attribute content classes
• extend widget with information about connector where metadata originated and related source objects

When purging audit logs, request is already done and returned 204, but spinner is still indicating that operation is pending.

Also, visual style of Audit logs buttons (Export) is not consistent.

• Connectors list - entityProvider function group does not have enum value and is not displayed properly in its badge in
• RA profiles list - column authority should be capital
• Locations list - column 'Multiple entires' typo
• Add location - when you create entity, then go to add location, select entity, does not show keystore type. Refresh fixes that. Reproduction steps: Go to Entity -> Add new, select Keystore, select Basic authentication type -> Go to Location -> add new Location, select location -> there is no keystore type options
• Sync location does not refresh items in certificates table of that location

Add option to assign roles to user by integrating existing endpoints of Core. User roles then should be displayed in user detail.

There are 2 endpoints available:

• PUT to include role one by one
• PATCH to replace all roles of users with roles specified in payload

Add inventory of cryptographic keys and integrate with API endpoints to manage them.

Implement basic CRUD operation to manage roles

Requirements:

• role listing page
• create new role
• edit existing role
• detail page of role
• delete role
• do not allow edit/delete of system roles

There seems to be wrong attributes state handling in the Admin FE.

To reproduce the issue:

1. Login to the Administrator interface
2. Create new SofKeyStore credential
3. Edit SoftKeyStore credential
4. Create new Basic credential
5. Error

The error seems to be associated with wrong attributes state as I see in the request to create new Basic credential correct identification, but the attributes are still attributes from the SoftKeyStore credential. That means that the state was not stored with the new Basic attributes.

When I do the refresh of the Administrator interface, the state seems to be reloaded and I can create new Basic credential. However, after that, the same happens, and I need to refresh the page again.

Based on authenticated user profile, component can allow/disable items in menu.

Requirements:

• map menu items to resource names
• hide items that user does not have list permission for that resource

Implement management of compliance profiles in administrator UI. Integrate it with Core API endpoints.

• Implement UI page to manage Compliance Profiles
• Update RA Profile details to include option for adding Compliance Profile
• Implement UI Section to add RA Profile to Compliance Profile
• In certificate detail page, add Compliance Check section to display Compliance Validation Result
• In certificate detail page, implement button to trigger manual Compliance check

There were 2 changes related to implementation of cryptography provider in other interfaces' endpoints that needs to be updated and reintegrated:

• certificateGroups renaming to groups - it will contain not only certificates but also keys. That means updates in DTOs and mainly in groups endpoints routes
• resourceCallback - general callback that replaced raProfileCallback with different route - /v1/{resource}/{parentObjectUuid}/callback

Certificate parsing is now realized with help of external library. Czertainly platform has new utils microservice that provides endpoint with functionality of parsing certificate.

Integrate with utils microservice to replace functionality in app that are now done with help of external libraries to display properties of certificate or CSR.

Requirements:

• parse and display certificate attributes in upload certificate form
• parse and display CSR subject in issue new certificate when key source is external
• parse and display CSR subject in renew certificate when upload new CSR is selected
• parse and display CSR subject in rekey certificate when key source is external

Info attributes represent a way how to display dynamic read only information that can serve as guide or deeper explanation of attributes which values needs to be provided.

To remind, Info attributes:

• content serves only for information purpose and should be visually different from data attributes
• they are not sent back to BE
• content is array of values with structure based on content type
• contains properties for visualization, but no callback or constraints are defined

Implement widget that can be added to detail page of objects to manage custom attributes.
It should allow user to add, edit and remove custom attributes from object.

With updated DTOs, add also custom attributes to upload certificate form.

Use OpenApi Generator to generate APIs and DTO models based on Core Open API specification.

Generated DTO models should be mapped to currently used models or where needed, code should be refactored to use correct corresponding models.

When creating the SoftKeyStore credential, there are multiple attributes that should be provided. One of them is the Key Store Type that is required attribute of type LIST.

When no value for the Key Store Type is selected, the UI does not complain that it is required attribute and send the request without this attribute to the backend.

The correct behaviour is that the UI validates that attribute is required and provide a message to the user that it must be selected before the form can be submitted.

Probably the similar issue exists in other forms. (in the Operator and Administrator UI)

When the attribute is marked as required, it should be sent even when in default value.
This affects only Web Interfaces.

The bug can be reproduced for example:

Create new Authority
Select MS ADCS Connector
Select ADCS as Kind
Fill in hostname and Credential, leave the default value for HTTP Enable checkbox
Create
Error:
Failed to create authority. Reason: : {"message":"Attribute name 'https' not found."} Error is related to connector name=MS-ADCS-Connector, uuid=6c086333-6dd7-4231-8093-ed21f4e2ff9f. Original response code 400 BAD_REQUEST.

The attribute https was not provided by the Administrator interface and the correct behaviour would be to send https with its default value false as it is required attribute.

Global metadata is a way how to define metadata type that is global fore whole CZERTAINLY platform. All content of that metadata is then united under one definition and represented consistently. Connector then can use it to set property global to true and in Core linked by attribute name.

Core API contains endpoint for managing global metadata and it needs to be integrated.

• Add new menu section Settings, under which will be item Global metadata
• Create listing table
• Create add/edit form
• Create detail page of global metadata
• Implement other operations - delete, bulk delete
• Implement promote functionality to make connector metadata global

Add inventory of cryptographic tokens and integrate with API endpoints to manage them.

ACME Profile has validation of the website URL based on the

export const validateCustomUrl = (value: string) => {
  return new RegExp(
    /^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_.~#?&//=]*)/g
  ).test(value);
};

However, it will not validate for example the following valid URL:
https://demo.czertainly.company