vault/ui/app/forms/auth/method.ts

/**
 * Copyright IBM Corp. 2016, 2025
 * SPDX-License-Identifier: BUSL-1.1
 */

import MountForm from 'vault/forms/mount';
import FormField from 'vault/utils/forms/field';
import FormFieldGroup from 'vault/utils/forms/field-group';
import { ALL_ENGINES } from 'core/utils/all-engines-metadata';

import type { AuthMethodFormData } from 'vault/auth/methods';

export default class AuthMethodForm extends MountForm<AuthMethodFormData> {
  fieldProps = ['tuneFields', 'userLockoutConfigFields'];

  userLockoutConfigFields = [
    new FormField('user_lockout_config.lockout_threshold', 'string', {
      label: 'Lockout threshold',
      subText: 'Specifies the number of failed login attempts after which the user is locked out, e.g. 15.',
    }),
    new FormField('user_lockout_config.lockout_duration', undefined, {
      label: 'Lockout duration',
      helperTextEnabled: 'The duration for which a user will be locked out, e.g. "5s" or "30m".',
      editType: 'ttl',
      helperTextDisabled: 'No lockout duration configured.',
    }),

    new FormField('user_lockout_config.lockout_counter_reset', undefined, {
      label: 'Lockout counter reset',
      helperTextEnabled:
        'The duration after which the lockout counter is reset with no failed login attempts, e.g. "5s" or "30m".',
      editType: 'ttl',
      helperTextDisabled: 'No reset duration configured.',
    }),
    new FormField('user_lockout_config.lockout_disable', 'boolean', {
      label: 'Disable lockout for this mount',
      subText: 'If checked, disables the user lockout feature for this mount.',
    }),
  ];

  get tuneFields() {
    const readOnly = ['local', 'seal_wrap'];
    // 'token_type' cannot be set for the 'token' auth method
    if (this.normalizedType === 'token') {
      readOnly.push('config.token_type');
    }
    return this.formFieldGroups[1]?.['Method Options']?.filter((field) => {
      return !readOnly.includes(field.name);
    });
  }

  get optionFields() {
    const isWIF = !!ALL_ENGINES.find((engine) => engine.type === this.normalizedType && engine.isWIF);
    const keyField = new FormField('config.identity_token_key', undefined, {
      label: 'Identity token key',
      subText: `A named key to sign tokens. If not provided, this will default to Vault's OIDC default key.`,
      editType: 'yield',
    });

    return [
      this.fields.description,
      this.fields.listingVisibility,
      this.fields.local,
      this.fields.sealWrap,
      this.fields.defaultLeaseTtl,
      this.fields.maxLeaseTtl,
      ...(isWIF ? [keyField] : []),
      new FormField('config.token_type', 'string', {
        label: 'Token type',
        helpText:
          'The type of token that should be generated via this role. For `default-service` and `default-batch` service and batch tokens will be issued respectively, unless the auth method explicitly requests a different type.',
        possibleValues: ['default-service', 'default-batch', 'batch', 'service'],
        noDefault: true,
      }),
      this.fields.auditNonHmacRequestKeys,
      this.fields.auditNonHmacResponseKeys,
      this.fields.passthroughRequestHeaders,
      this.fields.allowedResponseHeaders,
      this.fields.pluginVersion,
    ];
  }

  get formFieldGroups() {
    return [
      new FormFieldGroup('default', [this.fields.path]),
      new FormFieldGroup('Method Options', this.optionFields),
    ];
  }
}
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00			`/**`
license: update headers to IBM Corp. (#10229) (#10233) * license: update headers to IBM Corp. * `make proto` * update offset because source file changed Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec> 2025-10-21 17:20:20 -04:00			`* Copyright IBM Corp. 2016, 2025`
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00			`* SPDX-License-Identifier: BUSL-1.1`
			`*/`

			`import MountForm from 'vault/forms/mount';`
			`import FormField from 'vault/utils/forms/field';`
			`import FormFieldGroup from 'vault/utils/forms/field-group';`
Backport [UI] Ember Data Migration - Core Addon - Search Select into ce/main (#14952) * no-op commit * backports 2a98c83 * fixes conflicts --------- Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Jordan Reimer <jordan.reimer@hashicorp.com> 2026-05-22 11:58:00 -04:00			`import { ALL_ENGINES } from 'core/utils/all-engines-metadata';`
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00
			`import type { AuthMethodFormData } from 'vault/auth/methods';`

			`export default class AuthMethodForm extends MountForm<AuthMethodFormData> {`
Copy [UI] Ember Data Migration - Auth Method Configs into main (#9000) (#9099) * updates auth method options route to use form and api client * updates auth method config and section routes to use api client and open api form * updates display attrs for auth method configs * fixes plugin identity util fields tests * fixes js lint error * updates enable-tune-form tests * hides specific form field for jwt/oidc auth config types * Revert "updates display attrs for auth method configs" This reverts commit 5d382f79276f56b3fdbe64fcbc9c8365c5f4b421. * Revert "fixes plugin identity util fields tests" This reverts commit 6d4acbe3228c796745f2dea6279c1540bb053c62. * fixes config section test * bumps api client version * updates auth config form options component to use proper endpoint * fixes enable tune form tests * fixes auth config form options tests * fixes type errors in snapshot-manage component * updates recover_source_path arg to undefined so it is not included in the query params * fixes remaining test failures related to user_lockout_config --------- Co-authored-by: Vault Automation <github-team-secure-vault-core@hashicorp.com> 2025-09-03 20:11:41 -04:00			`fieldProps = ['tuneFields', 'userLockoutConfigFields'];`

			`userLockoutConfigFields = [`
			`new FormField('user_lockout_config.lockout_threshold', 'string', {`
			`label: 'Lockout threshold',`
			`subText: 'Specifies the number of failed login attempts after which the user is locked out, e.g. 15.',`
			`}),`
			`new FormField('user_lockout_config.lockout_duration', undefined, {`
			`label: 'Lockout duration',`
			`helperTextEnabled: 'The duration for which a user will be locked out, e.g. "5s" or "30m".',`
			`editType: 'ttl',`
			`helperTextDisabled: 'No lockout duration configured.',`
			`}),`

			`new FormField('user_lockout_config.lockout_counter_reset', undefined, {`
			`label: 'Lockout counter reset',`
			`helperTextEnabled:`
			`'The duration after which the lockout counter is reset with no failed login attempts, e.g. "5s" or "30m".',`
			`editType: 'ttl',`
			`helperTextDisabled: 'No reset duration configured.',`
			`}),`
			`new FormField('user_lockout_config.lockout_disable', 'boolean', {`
			`label: 'Disable lockout for this mount',`
			`subText: 'If checked, disables the user lockout feature for this mount.',`
			`}),`
			`];`

			`get tuneFields() {`
			`const readOnly = ['local', 'seal_wrap'];`
Fix auth method config submit following ember data migration (#9755) (#9793) * fix broken form after ember data migration * convert to typescript, add tests * only transition on success * use test.each * use AuthMethodResource * add tests and refactor fallback for engine-display-data * fix token_type submitting for token auth methods * fix imports * fix conditional for token_type * update comments add check for token_type * fix test and add comment to clarify different setting types * revert and keep unknown type, blowing the scope out too much! Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> 2025-10-02 13:52:31 -04:00			`// 'token_type' cannot be set for the 'token' auth method`
			`if (this.normalizedType === 'token') {`
			`readOnly.push('config.token_type');`
			`}`
Copy [UI] Ember Data Migration - Auth Method Configs into main (#9000) (#9099) * updates auth method options route to use form and api client * updates auth method config and section routes to use api client and open api form * updates display attrs for auth method configs * fixes plugin identity util fields tests * fixes js lint error * updates enable-tune-form tests * hides specific form field for jwt/oidc auth config types * Revert "updates display attrs for auth method configs" This reverts commit 5d382f79276f56b3fdbe64fcbc9c8365c5f4b421. * Revert "fixes plugin identity util fields tests" This reverts commit 6d4acbe3228c796745f2dea6279c1540bb053c62. * fixes config section test * bumps api client version * updates auth config form options component to use proper endpoint * fixes enable tune form tests * fixes auth config form options tests * fixes type errors in snapshot-manage component * updates recover_source_path arg to undefined so it is not included in the query params * fixes remaining test failures related to user_lockout_config --------- Co-authored-by: Vault Automation <github-team-secure-vault-core@hashicorp.com> 2025-09-03 20:11:41 -04:00			`return this.formFieldGroups[1]?.['Method Options']?.filter((field) => {`
Fix auth method config submit following ember data migration (#9755) (#9793) * fix broken form after ember data migration * convert to typescript, add tests * only transition on success * use test.each * use AuthMethodResource * add tests and refactor fallback for engine-display-data * fix token_type submitting for token auth methods * fix imports * fix conditional for token_type * update comments add check for token_type * fix test and add comment to clarify different setting types * revert and keep unknown type, blowing the scope out too much! Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> 2025-10-02 13:52:31 -04:00			`return !readOnly.includes(field.name);`
Copy [UI] Ember Data Migration - Auth Method Configs into main (#9000) (#9099) * updates auth method options route to use form and api client * updates auth method config and section routes to use api client and open api form * updates display attrs for auth method configs * fixes plugin identity util fields tests * fixes js lint error * updates enable-tune-form tests * hides specific form field for jwt/oidc auth config types * Revert "updates display attrs for auth method configs" This reverts commit 5d382f79276f56b3fdbe64fcbc9c8365c5f4b421. * Revert "fixes plugin identity util fields tests" This reverts commit 6d4acbe3228c796745f2dea6279c1540bb053c62. * fixes config section test * bumps api client version * updates auth config form options component to use proper endpoint * fixes enable tune form tests * fixes auth config form options tests * fixes type errors in snapshot-manage component * updates recover_source_path arg to undefined so it is not included in the query params * fixes remaining test failures related to user_lockout_config --------- Co-authored-by: Vault Automation <github-team-secure-vault-core@hashicorp.com> 2025-09-03 20:11:41 -04:00			`});`
			`}`

Backport [UI] Ember Data Migration - Core Addon - Search Select into ce/main (#14952) * no-op commit * backports 2a98c83 * fixes conflicts --------- Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Jordan Reimer <jordan.reimer@hashicorp.com> 2026-05-22 11:58:00 -04:00			`get optionFields() {`
			`const isWIF = !!ALL_ENGINES.find((engine) => engine.type === this.normalizedType && engine.isWIF);`
			`const keyField = new FormField('config.identity_token_key', undefined, {`
			`label: 'Identity token key',`
			subText: `A named key to sign tokens. If not provided, this will default to Vault's OIDC default key.`,
			`editType: 'yield',`
			`});`

			`return [`
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00			`this.fields.description,`
			`this.fields.listingVisibility,`
			`this.fields.local,`
			`this.fields.sealWrap,`
			`this.fields.defaultLeaseTtl,`
			`this.fields.maxLeaseTtl,`
Backport [UI] Ember Data Migration - Core Addon - Search Select into ce/main (#14952) * no-op commit * backports 2a98c83 * fixes conflicts --------- Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Jordan Reimer <jordan.reimer@hashicorp.com> 2026-05-22 11:58:00 -04:00			`...(isWIF ? [keyField] : []),`
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00			`new FormField('config.token_type', 'string', {`
			`label: 'Token type',`
			`helpText:`
			'The type of token that should be generated via this role. For `default-service` and `default-batch` service and batch tokens will be issued respectively, unless the auth method explicitly requests a different type.',
			`possibleValues: ['default-service', 'default-batch', 'batch', 'service'],`
			`noDefault: true,`
			`}),`
			`this.fields.auditNonHmacRequestKeys,`
			`this.fields.auditNonHmacResponseKeys,`
			`this.fields.passthroughRequestHeaders,`
			`this.fields.allowedResponseHeaders,`
			`this.fields.pluginVersion,`
Backport [UI] Ember Data Migration - Core Addon - Search Select into ce/main (#14952) * no-op commit * backports 2a98c83 * fixes conflicts --------- Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Jordan Reimer <jordan.reimer@hashicorp.com> 2026-05-22 11:58:00 -04:00			`];`
			`}`

			`get formFieldGroups() {`
			`return [`
			`new FormFieldGroup('default', [this.fields.path]),`
			`new FormFieldGroup('Method Options', this.optionFields),`
			`];`
			`}`
[UI] Ember Data Migration - Auth Method Enable (#31394) * adds form for auth method and updates mount backend form to use it * fixes tests 2025-08-01 10:54:41 -04:00			`}`