kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add PG creds + policy/tags UI; fix lint and build

Browse Source 
- internal/ui/ui.go: add PGCred, Tags to AccountDetailData; register
  PUT /accounts/{id}/pgcreds and PUT /accounts/{id}/tags routes; add
  pgcreds_form.html and tags_editor.html to shared template set; remove
  unused AccountTagsData; fix fieldalignment on PolicyRuleView, PoliciesData
- internal/ui/handlers_accounts.go: add handleSetPGCreds — encrypts
  password via crypto.SealAESGCM, writes audit EventPGCredUpdated, renders
  pgcreds_form fragment; password never echoed; load PG creds and tags in
  handleAccountDetail
- internal/ui/handlers_policy.go: fix handleSetAccountTags to render with
  AccountDetailData instead of removed AccountTagsData
- internal/ui/ui_test.go: add 5 PG credential UI tests
- web/templates/fragments/pgcreds_form.html: new fragment — metadata display
  + set/replace form; system accounts only; password write-only
- web/templates/fragments/tags_editor.html: new fragment — textarea editor
  with HTMX PUT for atomic tag replacement
- web/templates/fragments/policy_form.html: rewrite to use structured fields
  matching handleCreatePolicyRule (roles/account_types/actions multi-select,
  resource_type, subject_uuid, service_names, required_tags, checkbox)
- web/templates/policies.html: new policies management page
- web/templates/fragments/policy_row.html: new HTMX table row with toggle
  and delete
- web/templates/account_detail.html: add Tags card and PG Credentials card
- web/templates/base.html: add Policies nav link
- internal/server/server.go: remove ~220 lines of duplicate tag/policy
  handler code (real implementations are in handlers_policy.go)
- internal/policy/engine_wrapper.go: fix corrupted source; use errors.New
- internal/db/policy_test.go: use model.AccountTypeHuman constant
- cmd/mciasctl/main.go: add nolint:gosec to int(os.Stdin.Fd()) calls
- gofmt/goimports: db/policy_test.go, policy/defaults.go,
  policy/engine_test.go, ui/ui.go, cmd/mciasctl/main.go
- fieldalignment: model.PolicyRuleRecord, policy.Engine, policy.Rule,
  policy.RuleBody, ui.PolicyRuleView
Security: PG password encrypted AES-256-GCM with fresh random nonce before
storage; plaintext never logged or returned in any response; audit event
written on every credential write.
This commit is contained in:
Kyle Isom
2026-03-11 23:24:03 -07:00
parent 5a8698e199
commit 052d3ed1b8
27 changed files with 3609 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
web/templates/fragments/policy_form.html Normal file
View File

@@ -0,0 +1,77 @@
{{define "policy_form"}}
<form hx-post="/policies" hx-target="#policies-tbody" hx-swap="afterbegin">
<div style="display:grid;grid-template-columns:1fr 80px 120px;gap:.5rem;margin-bottom:.5rem">
<input class="form-control" type="text" name="description"
placeholder="Description" required>
<input class="form-control" type="number" name="priority"
placeholder="100" value="100" min="0" max="9999">
<select class="form-control" name="effect" required>
<option value="allow">allow</option>
<option value="deny">deny</option>
</select>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:.5rem;margin-bottom:.5rem">
<div>
<label class="text-small text-muted">Roles (select multiple)</label>
<select class="form-control" name="roles" multiple size="4" style="font-size:.85rem">
<option value="admin">admin</option>
<option value="user">user</option>
<option value="service">service</option>
</select>
</div>
<div>
<label class="text-small text-muted">Account types</label>
<select class="form-control" name="account_types" multiple size="4" style="font-size:.85rem">
<option value="human">human</option>
<option value="system">system</option>
</select>
</div>
</div>
<div style="margin-bottom:.5rem">
<label class="text-small text-muted">Actions (select multiple)</label>
<select class="form-control" name="actions" multiple size="5" style="font-family:monospace;font-size:.8rem">
{{range .AllActions}}
<option value="{{.}}">{{.}}</option>
{{end}}
</select>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:.5rem;margin-bottom:.5rem">
<div>
<label class="text-small text-muted">Resource type</label>
<select class="form-control" name="resource_type" style="font-size:.85rem">
<option value="">(any)</option>
<option value="account">account</option>
<option value="token">token</option>
<option value="pgcreds">pgcreds</option>
<option value="audit_log">audit_log</option>
<option value="totp">totp</option>
<option value="policy">policy</option>
</select>
</div>
<div>
<label class="text-small text-muted">Subject UUID (optional)</label>
<input class="form-control" type="text" name="subject_uuid"
placeholder="Only match this account UUID" style="font-size:.85rem">
</div>
</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:.5rem;margin-bottom:.5rem">
<div>
<label class="text-small text-muted">Service names (comma-separated)</label>
<input class="form-control" type="text" name="service_names"
placeholder="e.g. payments-api,billing" style="font-size:.85rem">
</div>
<div>
<label class="text-small text-muted">Required tags (comma-separated)</label>
<input class="form-control" type="text" name="required_tags"
placeholder="e.g. env:production,svc:billing" style="font-size:.85rem">
</div>
</div>
<div style="margin-bottom:.5rem">
<label style="font-size:.85rem;display:flex;align-items:center;gap:.4rem;cursor:pointer">
<input type="checkbox" name="owner_matches_subject" value="1">
Owner must match subject (self-service rules only)
</label>
</div>
<button class="btn btn-sm btn-secondary" type="submit">Create Rule</button>
</form>
{{end}}

42
web/templates/fragments/policy_row.html Normal file
View File

@@ -0,0 +1,42 @@
{{define "policy_row"}}
<tr id="policy-row-{{.ID}}">
<td class="text-small text-muted">{{.ID}}</td>
<td class="text-small">{{.Priority}}</td>
<td>
<strong>{{.Description}}</strong>
<details style="margin-top:.25rem">
<summary class="text-small text-muted" style="cursor:pointer">Show rule JSON</summary>
<pre style="font-size:.75rem;background:#f8fafc;padding:.5rem;border-radius:4px;overflow:auto;margin-top:.25rem">{{.RuleJSON}}</pre>
</details>
</td>
<td class="text-small">
{{/* Extract effect from RuleJSON via prettyJSON — displayed separately */}}
<span class="badge {{if .Enabled}}badge-active{{else}}badge-inactive{{end}}">
{{if .Enabled}}enabled{{else}}disabled{{end}}
</span>
</td>
<td>
{{if .Enabled}}
<button class="btn btn-sm btn-secondary"
hx-patch="/policies/{{.ID}}/enabled"
hx-vals='{"enabled":"0"}'
hx-target="#policy-row-{{.ID}}"
hx-swap="outerHTML">Disable</button>
{{else}}
<button class="btn btn-sm btn-secondary"
hx-patch="/policies/{{.ID}}/enabled"
hx-vals='{"enabled":"1"}'
hx-target="#policy-row-{{.ID}}"
hx-swap="outerHTML">Enable</button>
{{end}}
</td>
<td class="text-small text-muted">{{.UpdatedAt}}</td>
<td>
<button class="btn btn-sm btn-danger"
hx-delete="/policies/{{.ID}}"
hx-target="#policy-row-{{.ID}}"
hx-swap="outerHTML"
hx-confirm="Delete policy rule {{.ID}}? This cannot be undone.">Delete</button>
</td>
</tr>
{{end}}

21
web/templates/fragments/tags_editor.html Normal file
View File

@@ -0,0 +1,21 @@
{{define "tags_editor"}}
<div id="tags-editor">
{{if .Tags}}
<div style="display:flex;flex-wrap:wrap;gap:.3rem;margin-bottom:.75rem">
{{range .Tags}}
<span style="font-size:.8rem;background:#f1f5f9;padding:.2rem .5rem;border-radius:3px;font-family:monospace">{{.}}</span>
{{end}}
</div>
{{else}}
<p class="text-muted text-small" style="margin-bottom:.75rem">No tags assigned.</p>
{{end}}
<form hx-put="/accounts/{{.Account.UUID}}/tags"
hx-target="#tags-editor" hx-swap="outerHTML">
<textarea class="form-control" name="tags_text" rows="3"
style="font-family:monospace;font-size:.85rem;margin-bottom:.5rem"
placeholder="One tag per line, e.g.&#10;env:production&#10;svc:payments-api">{{range .Tags}}{{.}}
{{end}}</textarea>
<button class="btn btn-sm btn-secondary" type="submit">Save Tags</button>
</form>
</div>
{{end}}