first round of addressing pr comments, holding off on the issue save …

…flow for error messaging to keep separate

ui/app/components/secret-engine/configure-azure.hbs

@@ -9,17 +9,18 @@
   <MessageError @errorMessage={{this.errorMessage}} />
 
   <div class="box is-fullwidth is-sideless">
-    {{! WIF is an enterprise only feature. We default to Azure access type for community users and display only those related form fields. }}
+    {{! accessType can be "azure" or "wif" - since WIF is an enterprise only feature we default to "azure" for community users and only display those related form fields. }}
     {{#if this.version.isEnterprise}}
       <fieldset class="field form-fieldset" id="protection" data-test-access-type-section>
         <legend class="is-label">Access Type</legend>
         <p class="sub-text" data-test-access-type-subtext>
           {{#if this.disableAccessType}}
             You cannot edit Access Type if you have already saved access credentials.
           {{else}}
-            Choose the way to configure access to Azure. Access can be configured either with Azure account, or using Plugin
-            Workload Identity Federation (WIF).
-          {{/if}}</p>
+            Choose the way to configure access to Azure. Access can be configured either using an Azure account or with the
+            Plugin Workload Identity Federation (WIF).
+          {{/if}}
+        </p>
         <div>
           <RadioButton
             id="access-type-azure"
@@ -64,7 +65,7 @@
     {{/if}}
   </div>
 
-  <div class="control">
+  <Hds::ButtonSet>
     <Hds::Button
       @text="Save"
       @icon={{if this.save.isRunning "loading"}}
@@ -80,7 +81,7 @@
       {{on "click" this.onCancel}}
       data-test-cancel
     />
-  </div>
+  </Hds::ButtonSet>
   {{#if this.invalidFormAlert}}
     <AlertInline data-test-invalid-form-alert class="has-top-padding-s" @type="danger" @message={{this.invalidFormAlert}} />
   {{/if}}

ui/app/components/secret-engine/configure-azure.ts

@@ -19,18 +19,16 @@ import type VersionService from 'vault/services/version';
 import type FlashMessageService from 'vault/services/flash-messages';
 
 /**
- * @module ConfigureAzureComponent is used to configure the Azure secret engine
+ * @module SecretEngineConfigureAzure component is used to configure the Azure secret engine
  * For enterprise users, they will see an additional option to config WIF attributes in place of Azure account attributes.
  * If the user is configuring WIF attributes they will also have the option to update the global issuer config, which is a separate —global— endpoint named identity/oidc/config.
  * @example
- * ```js
  * <SecretEngine::ConfigureAzure
     @model={{this.model.azure-config}}
     @backendPath={{this.model.id}}
     @issuerConfig={{this.model.identity-oidc-config}}
     />
- * ```
- *
+ * 
  * @param {object} model - Azure config model
  * @param {string} backendPath - name of the Azure secret engine, ex: 'azure-123'
  * @param {object} issuerConfigModel - the identity/oidc/config model
@@ -42,31 +40,27 @@ interface Args {
   backendPath: string;
 }
 
-export default class ConfigureAwsComponent extends Component<Args> {
+export default class ConfigureAzureComponent extends Component<Args> {
   @service declare readonly router: Router;
   @service declare readonly store: StoreService;
   @service declare readonly version: VersionService;
   @service declare readonly flashMessages: FlashMessageService;
 
-  @tracked errorMessage: string | null = null;
-  @tracked invalidFormAlert: string | null = null;
   @tracked accessType = 'azure';
+  @tracked errorMessage = '';
+  @tracked invalidFormAlert = '';
   @tracked saveIssuerWarning = '';
 
   disableAccessType = false;
 
   constructor(owner: unknown, args: Args) {
     super(owner, args);
 
-    if (this.version.isCommunity || this.args.model.isNew) return; // the following checks are relevant only to enterprise users and those editing an existing configuration.
-
-    const { identityTokenAudience, identityTokenTtl, clientSecret, rootPasswordTtl } = this.args.model;
-    const wifAttributesSet = !!identityTokenAudience || !!identityTokenTtl;
-    const azureAttributesSet = !!clientSecret || !!rootPasswordTtl;
-    // if any WIF attributes have been set in the model, set accessType to 'wif'
-    this.accessType = wifAttributesSet ? 'wif' : 'azure';
+    if (this.version.isEnterprise && !this.args.model.isNew) return;
+    const { isWifPluginConfigured, isAzureAccountConfigured } = this.args.model;
+    this.accessType = isWifPluginConfigured ? 'wif' : 'azure';
     // if there are either WIF or azure attributes, disable user's ability to change accessType
-    this.disableAccessType = wifAttributesSet || azureAttributesSet;
+    this.disableAccessType = isWifPluginConfigured || isAzureAccountConfigured;
   }
 
   @action continueSubmitForm() {
@@ -114,6 +108,9 @@ export default class ConfigureAwsComponent extends Component<Args> {
       const issuerSaved = issuerAttrChanged ? await this.updateIssuer() : false;
 
       if (modelSaved || issuerSaved) {
+        // transition if either model or issuer are saved
+        // there's a chance they wanted to update the issuer and not the model
+        // if both are saved, the user will see two success messages
         this.transition();
       } else {
         // otherwise there was a failure and we should not transition and exit the function
@@ -148,8 +145,8 @@ export default class ConfigureAwsComponent extends Component<Args> {
 
   resetErrors() {
     this.flashMessages.clearMessages();
-    this.errorMessage = null;
-    this.invalidFormAlert = null;
+    this.errorMessage = '';
+    this.invalidFormAlert = '';
   }
 
   transition() {

ui/app/models/azure/config.js

@@ -75,6 +75,16 @@ export default class AzureConfig extends Model {
     return fieldToAttrs(this, this.formFieldGroups('azure'));
   }
 
+  get isWifPluginConfigured() {
+    return !!this.identityTokenAudience || !!this.identityTokenTtl;
+  }
+
+  get isAzureAccountConfigured() {
+    // clientSecret is not checked here because it's never return by the API
+    // however it is an Azure account field
+    return !!this.rootPasswordTtl;
+  }
+
   formFieldGroups(accessType = 'azure') {
     const formFieldGroups = [];
     formFieldGroups.push({

ui/types/vault/models/azure/config.d.ts

@@ -18,6 +18,8 @@ export default class AzureConfig extends Model {
   rootPasswordTtl: string | undefined;
 
   get displayAttrs(): any;
+  get isWifPluginConfigured(): boolean;
+  get isAzureAccountConfigured(): boolean;
   get fieldGroupsWif(): any;
   get fieldGroupsAzure(): any;
   formFieldGroups(accessType?: string): {