Backport [UI] Ember Data Migration: KMIP Config into ce/main (hashicorp#11676)

* [UI] Ember Data Migration: KMIP Config (hashicorp#11637)

* converts kmip configuration route to ts

* adds ts and template lint deps to kmip engine

* adds api service to kmip engine

* updates kmip configuration route to use api service

* converts kmip configuration template to page component

* converts kmip configure route to ts

* updates kmip configure workflow to use api service and form class

* enables ts transform in kmip engine

* fixes a11y violations on kmip configuration page

* Update ui/app/forms/secrets/kmip/config.ts

Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>

---------

Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>

* fixes lint error

---------

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
Co-authored-by: Jordan Reimer <jordan.reimer@hashicorp.com>

Author: 3 people

ui/app/app.js

@@ -54,6 +54,7 @@ export default class App extends Application {
     kmip: {
       dependencies: {
         services: [
+          'api',
           'auth',
           'download',
           'flash-messages',

ui/app/forms/secrets/kmip/config.ts

@@ -0,0 +1,30 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import OpenApiForm from 'vault/forms/open-api';
+
+import type { KmipConfigureRequest } from '@hashicorp/vault-client-typescript';
+import type Form from 'vault/forms/form';
+import type FormField from 'vault/utils/forms/field';
+
+export default class KmipConfigForm extends OpenApiForm<KmipConfigureRequest> {
+  constructor(...args: ConstructorParameters<typeof Form>) {
+    super('KmipConfigureRequest', ...args);
+
+    const orderedKeys = [
+      'listen_addrs',
+      'default_tls_client_key_bits',
+      'default_tls_client_key_type',
+      'default_tls_client_ttl',
+      'server_hostnames',
+      'server_ips',
+      'tls_ca_key_bits',
+      'tls_ca_key_type',
+      'tls_min_version',
+    ];
+
+    this.formFields = orderedKeys.map((key) => this.formFields.find((f) => f.name === key) as FormField);
+  }
+}

ui/lib/kmip/addon/components/header-scope.hbs

@@ -12,12 +12,16 @@
 <div class="tabs-container box is-sideless is-fullwidth is-paddingless is-marginless">
   <nav class="tabs">
     <ul>
-      <LinkTo @route="scopes.index" data-test-kmip-link-scopes="true">
-        Scopes
-      </LinkTo>
-      <LinkTo @route="configuration" data-test-kmip-link-config="true">
-        Configuration
-      </LinkTo>
+      <li>
+        <LinkTo @route="scopes.index" data-test-kmip-tab="scopes">
+          Scopes
+        </LinkTo>
+      </li>
+      <li>
+        <LinkTo @route="configuration" data-test-kmip-tab="config">
+          Configuration
+        </LinkTo>
+      </li>
     </ul>
   </nav>
 </div>

ui/lib/kmip/addon/components/page/configuration.hbs

@@ -0,0 +1,43 @@
+{{!
+  Copyright IBM Corp. 2016, 2025
+  SPDX-License-Identifier: BUSL-1.1
+}}
+
+<HeaderScope />
+
+<Toolbar>
+  <ToolbarActions>
+    {{#if @config.ca_pem}}
+      <DownloadButton
+        class="toolbar-button"
+        @color="secondary"
+        @filename={{concat this.secretMountPath.currentPath "-ca"}}
+        @data={{@config.ca_pem}}
+        @extension="pem"
+        @text="Download CA cert"
+        data-test-kmip-toolbar-action="download"
+      />
+    {{/if}}
+    <ToolbarLink @route="configure" data-test-kmip-toolbar-action="config">
+      Configure
+    </ToolbarLink>
+  </ToolbarActions>
+</Toolbar>
+
+{{#if @config}}
+  {{#each this.displayFields as |field|}}
+    <InfoTableRow
+      @label={{field.label}}
+      @value={{get @config field.key}}
+      @formatTtl={{eq field.key "default_tls_client_ttl"}}
+    />
+  {{/each}}
+  <InfoTableRow @label="CA PEM">
+    <MaskedInput @value={{@config.ca_pem}} @displayOnly={{true}} @allowCopy={{true}} />
+  </InfoTableRow>
+{{else}}
+  <EmptyState
+    @title="No configuration for this secrets engine"
+    @message="We'll need to configure a few things before getting started."
+  />
+{{/if}}

ui/lib/kmip/addon/components/page/configuration.ts

@@ -0,0 +1,25 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import Component from '@glimmer/component';
+import { service } from '@ember/service';
+
+import type SecretMountPath from 'vault/services/secret-mount-path';
+
+export default class KmipConfigurationPageComponent extends Component {
+  @service declare readonly secretMountPath: SecretMountPath;
+
+  displayFields = [
+    { key: 'listen_addrs', label: 'Listen addresses' },
+    { key: 'default_tls_client_key_bits', label: 'Default TLS client key bits' },
+    { key: 'default_tls_client_key_type', label: 'Default TLS client key type' },
+    { key: 'default_tls_client_ttl', label: 'Default TLS client TTL' },
+    { key: 'server_hostnames', label: 'Server hostnames' },
+    { key: 'server_ips', label: 'Server IPs' },
+    { key: 'tls_ca_key_bits', label: 'TLS CA key bits' },
+    { key: 'tls_ca_key_type', label: 'TLS CA key type' },
+    { key: 'tls_min_version', label: 'Minimum TLS version' },
+  ];
+}

ui/lib/kmip/addon/components/page/configure.hbs

@@ -0,0 +1,29 @@
+{{!
+  Copyright IBM Corp. 2016, 2025
+  SPDX-License-Identifier: BUSL-1.1
+}}
+
+<Page::Header @title="Configure KMIP Secrets Engine" @icon="lock">
+  <:breadcrumbs>
+    <KmipBreadcrumb @showPath={{true}} @currentRoute="Configure" />
+  </:breadcrumbs>
+</Page::Header>
+
+<form {{on "submit" (perform this.save)}}>
+  <div class="box is-sideless is-fullwidth is-marginless">
+    <MessageError @errorMessage={{this.errorMessage}} />
+    <NamespaceReminder @mode="save" />
+
+    {{#each @form.formFields as |field|}}
+      <FormField @attr={{field}} @model={{@form}} @modelValidations={{this.modelValidations}} />
+    {{/each}}
+  </div>
+
+  <FormSaveButtons @isSaving={{this.save.isRunning}} @cancelLinkParams={{array "configuration"}} @onCancel={{@onCancel}}>
+    <:error>
+      {{#if this.invalidFormAlert}}
+        <AlertInline @type="danger" class="has-top-padding-s" @message={{this.invalidFormAlert}} />
+      {{/if}}
+    </:error>
+  </FormSaveButtons>
+</form>

ui/lib/kmip/addon/components/page/configure.ts

@@ -0,0 +1,55 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+import Component from '@glimmer/component';
+import { service } from '@ember/service';
+import { tracked } from '@glimmer/tracking';
+import { task } from 'ember-concurrency';
+import { waitFor } from '@ember/test-waiters';
+
+import type SecretMountPath from 'vault/services/secret-mount-path';
+import type ApiService from 'vault/services/api';
+import type RouterService from '@ember/routing/router-service';
+import type FlashMessageService from 'vault/services/flash-messages';
+import type { ValidationMap } from 'vault/app-types';
+import type { HTMLElementEvent } from 'vault/forms';
+import type KmipConfigForm from 'vault/forms/secrets/kmip/config';
+
+interface Args {
+  form: KmipConfigForm;
+}
+
+export default class KmipConfigurePageComponent extends Component<Args> {
+  @service declare readonly secretMountPath: SecretMountPath;
+  @service declare readonly api: ApiService;
+  @service('app-router') declare readonly router: RouterService;
+  @service declare readonly flashMessages: FlashMessageService;
+
+  @tracked modelValidations: ValidationMap | null = null;
+  @tracked invalidFormAlert: string | null = null;
+  @tracked errorMessage: string | null = null;
+
+  save = task(
+    waitFor(async (event: HTMLElementEvent<HTMLFormElement>) => {
+      event.preventDefault();
+      this.errorMessage = null;
+
+      try {
+        const { isValid, state, invalidFormMessage, data } = this.args.form.toJSON();
+        this.modelValidations = isValid ? null : state;
+        this.invalidFormAlert = isValid ? '' : invalidFormMessage;
+
+        if (isValid) {
+          await this.api.secrets.kmipConfigure(this.secretMountPath.currentPath, data);
+          this.flashMessages.success('Successfully configured KMIP engine');
+          this.router.transitionTo('vault.cluster.secrets.backend.kmip.configuration');
+        }
+      } catch (error) {
+        const { message } = await this.api.parseError(error);
+        this.errorMessage = message;
+        this.invalidFormAlert = 'There was an error submitting this form.';
+      }
+    })
+  );
+}

ui/lib/kmip/addon/engine.js

@@ -14,6 +14,7 @@ export default class KmipEngine extends Engine {
   Resolver = Resolver;
   dependencies = {
     services: [
+      'api',
       'auth',
       'download',
       'flash-messages',

ui/lib/kmip/addon/routes/configuration.js

@@ -0,0 +1,39 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import Route from '@ember/routing/route';
+import { service } from '@ember/service';
+
+import type ApiService from 'vault/services/api';
+import type SecretMountPath from 'vault/services/secret-mount-path';
+
+export default class KmipConfigurationRoute extends Route {
+  @service declare readonly api: ApiService;
+  @service declare readonly secretMountPath: SecretMountPath;
+
+  async model() {
+    try {
+      const { currentPath } = this.secretMountPath;
+      const { data } = await this.api.secrets.kmipReadConfiguration(currentPath);
+      const config = data as Record<string, unknown>;
+
+      try {
+        const { data } = await this.api.secrets.kmipReadCaPem(currentPath);
+        const ca = data as Record<string, unknown>;
+        return { ...config, ...ca };
+      } catch (error) {
+        // ignore error if CA PEM is not found
+        // component will conditionally render the field if present
+      }
+      return config;
+    } catch (error) {
+      const { status } = await this.api.parseError(error);
+      if (status !== 404) {
+        throw error;
+      }
+      return undefined;
+    }
+  }
+}