feat(vault-form): add STS endpoint url in AWS vault form [KM-297] (#1515)

* feat(vault-form): add STS endpoint url in AWS vault form [KM-297]

* docs(vault-form.md): add an entry to doc [KM-297]

add an entry of awsStsEndpointUrlAvailable to doc

* refactor(vaultform): formatting and field value intialization [KM-297]

formatting and adding sts_endpoint_url in originalConfigFields

Author: TT1228

packages/entities/entities-vaults/docs/vault-form.md

@@ -91,6 +91,12 @@ A form component for Vaults.
     - required: `false`
     - default: `undefined`
     - Show/hide approle option and corresponding fields.
+  
+  - `awsStsEndpointUrlAvailable`
+    - type: `boolean`
+    - required: `false`
+    - default: `undefined`
+    - Show/hide STS endpoint url field in AWS Vault Config.
 
 The base konnect or kongManger config.
 

packages/entities/entities-vaults/sandbox/pages/VaultFormPage.vue

@@ -54,6 +54,7 @@ const kongManagerConfig = ref<KongManagerVaultFormConfig>({
   azureVaultProviderAvailable: false,
   ttl: true,
   hcvAppRoleMethodAvailable: true,
+  awsStsEndpointUrlAvailable: true,
 })
 
 const onError = (error: AxiosError) => {

packages/entities/entities-vaults/src/components/VaultForm.cy.ts

@@ -32,6 +32,7 @@ const baseConfigKM: KongManagerVaultFormConfig = {
   cancelRoute,
   azureVaultProviderAvailable: false,
   ttl: true,
+  awsStsEndpointUrlAvailable: true,
 }
 
 const baseConfigKMTurnOffTTL: KongManagerVaultFormConfig = {
@@ -108,6 +109,7 @@ describe('<VaultForm />', () => {
       cy.getTestId('provider-select').click({ force: true })
       cy.getTestId('vault-form-provider-aws').click({ force: true })
       cy.getTestId('vault-form-config-aws-region').should('be.visible')
+      cy.getTestId('vault-form-config-aws-sts_endpoint_url').should('be.visible')
       cy.getTestId('advanced-fields-collapse').should('be.visible')
 
       // form fields - gcp
@@ -169,6 +171,7 @@ describe('<VaultForm />', () => {
       cy.getTestId('provider-select').click({ force: true })
       cy.getTestId('vault-form-provider-aws').click({ force: true })
       cy.getTestId('vault-form-config-aws-region').should('be.visible')
+      cy.getTestId('vault-form-config-aws-sts_endpoint_url').should('not.exist')
       cy.getTestId('advanced-fields-collapse').should('not.exist')
 
       // form fields - gcp

packages/entities/entities-vaults/src/components/VaultForm.vue

@@ -128,6 +128,19 @@
               required
               type="text"
             />
+            <KInput
+              v-if="config.awsStsEndpointUrlAvailable"
+              v-model.trim="configFields[VaultProviders.AWS].sts_endpoint_url"
+              autocomplete="off"
+              data-testid="vault-form-config-aws-sts_endpoint_url"
+              :is-readonly="form.isReadonly"
+              :label="t('form.config.aws.fields.sts_endpoint_url.label')"
+              :label-attributes="{
+                info: t('form.config.aws.fields.sts_endpoint_url.tooltip'),
+                tooltipAttributes: { maxWidth: '400px' },
+              }"
+              type="text"
+            />
           </div>
 
           <!-- GCP fields -->
@@ -627,6 +640,7 @@ const configFields = reactive<ConfigFields>({
     endpoint_url: '',
     assume_role_arn: '',
     role_session_name: 'KongVault',
+    sts_endpoint_url: '',
   } as AWSVaultConfig,
   [VaultProviders.GCP]: {
     project_id: '',
@@ -669,6 +683,7 @@ const originalConfigFields = reactive<ConfigFields>({
     endpoint_url: '',
     assume_role_arn: '',
     role_session_name: 'KongVault',
+    sts_endpoint_url: '',
   } as AWSVaultConfig,
   [VaultProviders.GCP]: {
     project_id: '',
@@ -871,8 +886,8 @@ const isVaultConfigValid = computed((): boolean => {
   // AWS Vault fields logic
   if (vaultProvider.value === VaultProviders.AWS) {
     return !Object.keys(configFields[VaultProviders.AWS]).filter(key => {
-      // endpoint_url, assume_role_arn and ttl fields are optional
-      if (['endpoint_url', 'assume_role_arn', 'ttl', 'neg_ttl', 'resurrect_ttl'].includes(key)) {
+      // sts_endpoint_url, endpoint_url, assume_role_arn and ttl fields are optional
+      if (['endpoint_url', 'assume_role_arn', 'ttl', 'neg_ttl', 'resurrect_ttl', 'sts_endpoint_url'].includes(key)) {
         return false
       }
       return !(configFields[vaultProvider.value] as AWSVaultConfig)[key as keyof AWSVaultConfig]
@@ -949,6 +964,7 @@ const getPayload = computed((): Record<string, any> => {
     ...configFields[vaultProvider.value],
     endpoint_url: (configFields[vaultProvider.value] as AWSVaultConfig).endpoint_url || null,
     assume_role_arn: (configFields[vaultProvider.value] as AWSVaultConfig).assume_role_arn || null,
+    sts_endpoint_url: (configFields[vaultProvider.value] as AWSVaultConfig).sts_endpoint_url || null,
   }
 
   let config: VaultPayload['config'] = configFields[vaultProvider.value]

packages/entities/entities-vaults/src/locales/en.json

@@ -219,6 +219,10 @@
           "role_session_name": {
             "label": "Role Session Name",
             "tooltip": "The role session name used for role assuming."
+          },
+          "sts_endpoint_url": {
+            "label": "STS Endpoint URL",
+            "tooltip": "The custom STS endpoint URL used for role assuming in AWS Vault. Note that this value will override the default STS endpoint URL(which should be `https: //sts.amazonaws.com`, or `https: //sts.<region>.amazonaws.com` if you have `AWS_STS_REGIONAL_ENDPOINTS` set to `regional`). If you are not using private VPC endpoint for STS service, you should not specify this value."
           }
         }
       },

packages/entities/entities-vaults/src/types/vault-form.ts

@@ -23,6 +23,10 @@ export interface BaseVaultFormConfig extends Omit<BaseFormConfig, 'cancelRoute'>
    * Show/hide Konnect Config Store option
    */
   konnectConfigStoreAvailable?: boolean
+  /**
+ * Show/hide AWS StsEndpointUrl field
+ */
+  awsStsEndpointUrlAvailable?: boolean
 }
 
 /** Konnect Vault form config */
@@ -60,6 +64,7 @@ export interface AWSVaultConfig {
   ttl?: number
   neg_ttl?: number
   resurrect_ttl?: number
+  sts_endpoint_url?: string
 }
 
 export interface GCPVaultConfig {