diff --git a/ui/app/components/secret-engine/configure-azure.hbs b/ui/app/components/secret-engine/configure-azure.hbs index 9a94538ba39b..a0f4f153b731 100644 --- a/ui/app/components/secret-engine/configure-azure.hbs +++ b/ui/app/components/secret-engine/configure-azure.hbs @@ -9,7 +9,7 @@
- {{! WIF is an enterprise only feature. We default to Azure access type for community users and display only those related form fields. }} + {{! accessType can be "azure" or "wif" - since WIF is an enterprise only feature we default to "azure" for community users and only display those related form fields. }} {{#if this.version.isEnterprise}}
Access Type @@ -17,9 +17,10 @@ {{#if this.disableAccessType}} You cannot edit Access Type if you have already saved access credentials. {{else}} - Choose the way to configure access to Azure. Access can be configured either with Azure account, or using Plugin - Workload Identity Federation (WIF). - {{/if}}

+ Choose the way to configure access to Azure. Access can be configured either using an Azure account or with the + Plugin Workload Identity Federation (WIF). + {{/if}} +

-
+ -
+ {{#if this.invalidFormAlert}} {{/if}} diff --git a/ui/app/components/secret-engine/configure-azure.ts b/ui/app/components/secret-engine/configure-azure.ts index 8b12074438bd..dde4ae6fe02f 100644 --- a/ui/app/components/secret-engine/configure-azure.ts +++ b/ui/app/components/secret-engine/configure-azure.ts @@ -19,18 +19,16 @@ import type VersionService from 'vault/services/version'; import type FlashMessageService from 'vault/services/flash-messages'; /** - * @module ConfigureAzureComponent is used to configure the Azure secret engine + * @module SecretEngineConfigureAzure component is used to configure the Azure secret engine * For enterprise users, they will see an additional option to config WIF attributes in place of Azure account attributes. * If the user is configuring WIF attributes they will also have the option to update the global issuer config, which is a separate —global— endpoint named identity/oidc/config. * @example - * ```js * - * ``` - * + * * @param {object} model - Azure config model * @param {string} backendPath - name of the Azure secret engine, ex: 'azure-123' * @param {object} issuerConfigModel - the identity/oidc/config model @@ -42,15 +40,15 @@ interface Args { backendPath: string; } -export default class ConfigureAwsComponent extends Component { +export default class ConfigureAzureComponent extends Component { @service declare readonly router: Router; @service declare readonly store: StoreService; @service declare readonly version: VersionService; @service declare readonly flashMessages: FlashMessageService; - @tracked errorMessage: string | null = null; - @tracked invalidFormAlert: string | null = null; @tracked accessType = 'azure'; + @tracked errorMessage = ''; + @tracked invalidFormAlert = ''; @tracked saveIssuerWarning = ''; disableAccessType = false; @@ -58,15 +56,11 @@ export default class ConfigureAwsComponent extends Component { constructor(owner: unknown, args: Args) { super(owner, args); - if (this.version.isCommunity || this.args.model.isNew) return; // the following checks are relevant only to enterprise users and those editing an existing configuration. - - const { identityTokenAudience, identityTokenTtl, clientSecret, rootPasswordTtl } = this.args.model; - const wifAttributesSet = !!identityTokenAudience || !!identityTokenTtl; - const azureAttributesSet = !!clientSecret || !!rootPasswordTtl; - // if any WIF attributes have been set in the model, set accessType to 'wif' - this.accessType = wifAttributesSet ? 'wif' : 'azure'; + if (this.version.isEnterprise && !this.args.model.isNew) return; + const { isWifPluginConfigured, isAzureAccountConfigured } = this.args.model; + this.accessType = isWifPluginConfigured ? 'wif' : 'azure'; // if there are either WIF or azure attributes, disable user's ability to change accessType - this.disableAccessType = wifAttributesSet || azureAttributesSet; + this.disableAccessType = isWifPluginConfigured || isAzureAccountConfigured; } @action continueSubmitForm() { @@ -114,6 +108,9 @@ export default class ConfigureAwsComponent extends Component { const issuerSaved = issuerAttrChanged ? await this.updateIssuer() : false; if (modelSaved || issuerSaved) { + // transition if either model or issuer are saved + // there's a chance they wanted to update the issuer and not the model + // if both are saved, the user will see two success messages this.transition(); } else { // otherwise there was a failure and we should not transition and exit the function @@ -148,8 +145,8 @@ export default class ConfigureAwsComponent extends Component { resetErrors() { this.flashMessages.clearMessages(); - this.errorMessage = null; - this.invalidFormAlert = null; + this.errorMessage = ''; + this.invalidFormAlert = ''; } transition() { diff --git a/ui/app/models/azure/config.js b/ui/app/models/azure/config.js index 3984d92835d2..bd88b877d76f 100644 --- a/ui/app/models/azure/config.js +++ b/ui/app/models/azure/config.js @@ -75,6 +75,16 @@ export default class AzureConfig extends Model { return fieldToAttrs(this, this.formFieldGroups('azure')); } + get isWifPluginConfigured() { + return !!this.identityTokenAudience || !!this.identityTokenTtl; + } + + get isAzureAccountConfigured() { + // clientSecret is not checked here because it's never return by the API + // however it is an Azure account field + return !!this.rootPasswordTtl; + } + formFieldGroups(accessType = 'azure') { const formFieldGroups = []; formFieldGroups.push({ diff --git a/ui/types/vault/models/azure/config.d.ts b/ui/types/vault/models/azure/config.d.ts index 12b0bf1d115a..70decffc3440 100644 --- a/ui/types/vault/models/azure/config.d.ts +++ b/ui/types/vault/models/azure/config.d.ts @@ -18,6 +18,8 @@ export default class AzureConfig extends Model { rootPasswordTtl: string | undefined; get displayAttrs(): any; + get isWifPluginConfigured(): boolean; + get isAzureAccountConfigured(): boolean; get fieldGroupsWif(): any; get fieldGroupsAzure(): any; formFieldGroups(accessType?: string): {