address review comments

Author: juliaElastic

x-pack/platform/plugins/shared/fleet/public/components/cloud_connector/aws_connect_setup/aws_identity_federation_setup.tsx

@@ -19,7 +19,8 @@ import {
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import type { CloudSetup } from '@kbn/cloud-plugin/public';
+
+import type { CloudSetupForCloudConnector } from '../types';
 
 import type { AccountType } from '../../../types';
 import { useGetCloudConnectors } from '../hooks/use_get_cloud_connectors';
@@ -35,7 +36,7 @@ export interface AwsIdentityFederationSetupProps {
   accountType?: AccountType;
   packageName?: string;
   policyTemplate?: string;
-  cloud?: CloudSetup;
+  cloud?: CloudSetupForCloudConnector;
   iacTemplateUrl?: string;
   hasInvalidRequiredVars?: boolean;
   isEditPage?: boolean;

x-pack/platform/plugins/shared/fleet/public/components/cloud_connector/aws_connect_setup/aws_temporary_keys_form.tsx

@@ -48,6 +48,7 @@ export const AwsTemporaryKeysForm: React.FC<AwsTemporaryKeysFormProps> = ({
 
   const accessKeyIdInvalid = hasInvalidRequiredVars && !fields.access_key_id;
   const secretAccessKeyInvalid = hasInvalidRequiredVars && !fields.secret_access_key;
+  const sessionTokenInvalid = hasInvalidRequiredVars && !fields.session_token;
 
   return (
     <div data-test-subj={AWS_TEMPORARY_KEYS_FORM_TEST_SUBJ}>
@@ -108,11 +109,20 @@ export const AwsTemporaryKeysForm: React.FC<AwsTemporaryKeysFormProps> = ({
         helpText={i18n.translate('xpack.fleet.awsTemporaryKeysForm.sessionTokenHelp', {
           defaultMessage: 'The session token returned by AWS STS for temporary credentials.',
         })}
+        isInvalid={sessionTokenInvalid}
+        error={
+          sessionTokenInvalid
+            ? i18n.translate('xpack.fleet.awsTemporaryKeysForm.sessionTokenRequired', {
+                defaultMessage: 'Session token is required',
+              })
+            : undefined
+        }
         fullWidth
       >
         <EuiFieldPassword
           fullWidth
           value={fields.session_token}
+          isInvalid={sessionTokenInvalid}
           onChange={(e) => handleChange('session_token', e.target.value)}
           data-test-subj={`${AWS_TEMPORARY_KEYS_FORM_TEST_SUBJ}-sessionToken`}
         />

x-pack/platform/plugins/shared/fleet/public/components/cloud_connector/aws_connect_setup/index.tsx

@@ -8,9 +8,9 @@
 import React, { useState, useCallback } from 'react';
 import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiTitle, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
-import type { CloudSetup } from '@kbn/cloud-plugin/public';
 
 import type { AccountType } from '../../../../common/types';
+import type { CloudSetupForCloudConnector } from '../types';
 
 import { AwsAuthTypeSelector } from './aws_auth_type_selector';
 import type { AwsAuthType } from './aws_auth_type_selector';
@@ -24,7 +24,7 @@ export type { AwsAuthType, AwsStaticKeyCredentials, AwsTemporaryKeyCredentials }
 
 export interface AwsConnectSetupProps {
   hasInvalidRequiredVars?: boolean;
-  cloud?: CloudSetup;
+  cloud?: CloudSetupForCloudConnector;
   accountType?: AccountType;
   isEditPage?: boolean;
   initialConnectorId?: string;

x-pack/platform/plugins/shared/fleet/public/components/cloud_connector/index.ts

@@ -11,7 +11,7 @@ export {
   type CloudConnectorTab,
   type CloudConnectorTabsProps,
 } from './cloud_connector_tabs';
-export type { UpdatePolicy, CloudConnectorCredentials } from './types';
+export type { UpdatePolicy, CloudConnectorCredentials, CloudSetupForCloudConnector } from './types';
 export {
   AwsConnectSetup,
   type AwsConnectSetupProps,

x-pack/platform/plugins/shared/fleet/public/components/cloud_connector/types.ts

@@ -115,12 +115,7 @@ export interface CloudConnectorFormProps {
 
 export type CloudSetupForCloudConnector = Pick<
   CloudSetup,
-  | 'isCloudEnabled'
-  | 'cloudId'
-  | 'cloudHost'
-  | 'deploymentUrl'
-  | 'serverless'
-  | 'isServerlessEnabled'
+  'isCloudEnabled' | 'cloudId' | 'deploymentUrl' | 'serverless' | 'isServerlessEnabled'
 >;
 
 export interface GetCloudConnectorRemoteRoleTemplateParams {

x-pack/platform/plugins/shared/fleet/public/index.ts

@@ -126,7 +126,7 @@ export const LazyCloudConnectorSetup = lazy(() =>
 export type { CloudConnectorSetupProps } from './components/cloud_connector';
 export { CLOUD_CONNECTOR_GCP_ASSET_INVENTORY_REUSABLE_MIN_VERSION } from './components/cloud_connector/constants';
 
-// AWS Connect Setup - auth method picker (Identity Federation + Static Keys) for external plugins
+// AWS Connect Setup - auth method picker (Identity Federation + Static keys + Temporary keys) for external plugins
 export const LazyAwsConnectSetup = lazy(() =>
   import('./components/cloud_connector').then((module) => ({
     default: module.AwsConnectSetup,
@@ -137,6 +137,7 @@ export type {
   AwsAuthType,
   AwsStaticKeyCredentials,
   AwsTemporaryKeyCredentials,
+  CloudSetupForCloudConnector,
 } from './components/cloud_connector';
 export {
   AWS_AUTH_TYPE_SELECTOR_TEST_SUBJ,

x-pack/platform/plugins/shared/ingest_hub/public/onboarding/onboarding_flow_context.tsx

@@ -15,7 +15,7 @@ export interface ConnectStepState {
   temporaryKeys?: AwsTemporaryKeyCredentials;
 }
 
-// Only non-sensitive fields are persisted — password values are never written to session storage
+// Only non-sensitive fields are persistedConnectStep — password values are never written to session storage
 interface PersistedConnectStep {
   connectorId?: string;
   authType?: 'identity_federation' | 'static_keys' | 'temporary_keys';
@@ -32,67 +32,68 @@ interface OnboardingFlowState {
 const OnboardingFlowContext = createContext<OnboardingFlowState | undefined>(undefined);
 
 export function OnboardingFlowProvider({ children }: { children: React.ReactNode }) {
-  const [persisted, setPersisted] = useSessionStorage<PersistedConnectStep>(
+  const [persistedConnectStep, setPersistedConnectStep] = useSessionStorage<PersistedConnectStep>(
     'onboarding.aws.connectStep',
     {}
   );
 
   // Sensitive fields (secret_access_key, session_token) live in memory only.
   // access_key_id is restored from session storage; passwords start empty on page refresh.
   const [staticKeys, setStaticKeysState] = useState<AwsStaticKeyCredentials | undefined>(() =>
-    persisted?.authType === 'static_keys' && persisted.accessKeyId
-      ? { access_key_id: persisted.accessKeyId, secret_access_key: '' }
+    persistedConnectStep?.authType === 'static_keys' && persistedConnectStep.accessKeyId
+      ? { access_key_id: persistedConnectStep.accessKeyId, secret_access_key: '' }
       : undefined
   );
 
   const [temporaryKeys, setTemporaryKeysState] = useState<AwsTemporaryKeyCredentials | undefined>(
     () =>
-      persisted?.authType === 'temporary_keys' && persisted.accessKeyId
-        ? { access_key_id: persisted.accessKeyId, secret_access_key: '', session_token: '' }
+      persistedConnectStep?.authType === 'temporary_keys' && persistedConnectStep.accessKeyId
+        ? {
+            access_key_id: persistedConnectStep.accessKeyId,
+            secret_access_key: '',
+            session_token: '',
+          }
         : undefined
   );
 
   const setConnectorId = useCallback(
     (id: string | undefined) => {
       setStaticKeysState(undefined);
       setTemporaryKeysState(undefined);
-      setPersisted({
+      setPersistedConnectStep({
         connectorId: id,
         authType: id ? 'identity_federation' : undefined,
-        accessKeyId: undefined,
       });
     },
-    [setPersisted]
+    [setPersistedConnectStep]
   );
 
   const setStaticKeys = useCallback(
     (keys: AwsStaticKeyCredentials | undefined) => {
       setStaticKeysState(keys);
       setTemporaryKeysState(undefined);
-      setPersisted({
-        connectorId: undefined,
+      setPersistedConnectStep({
         authType: keys ? 'static_keys' : undefined,
         accessKeyId: keys?.access_key_id,
       });
     },
-    [setPersisted]
+    [setPersistedConnectStep]
   );
 
   const setTemporaryKeys = useCallback(
     (keys: AwsTemporaryKeyCredentials | undefined) => {
       setTemporaryKeysState(keys);
       setStaticKeysState(undefined);
-      setPersisted({
-        connectorId: undefined,
+      setPersistedConnectStep({
         authType: keys ? 'temporary_keys' : undefined,
         accessKeyId: keys?.access_key_id,
       });
     },
-    [setPersisted]
+    [setPersistedConnectStep]
   );
 
   const connectStep: ConnectStepState = {
-    connectorId: persisted?.connectorId,
+    connectorId: persistedConnectStep?.connectorId,
     staticKeys,
     temporaryKeys,
   };

x-pack/platform/plugins/shared/ingest_hub/public/onboarding/step_components/connect_step.tsx

@@ -10,6 +10,7 @@ import { EuiLoadingSpinner } from '@elastic/eui';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
 import type { CoreStart } from '@kbn/core/public';
 import type { CloudStart } from '@kbn/cloud-plugin/public';
+import type { CloudSetupForCloudConnector } from '@kbn/fleet-plugin/public';
 import { LazyAwsConnectSetup } from '@kbn/fleet-plugin/public';
 import { useOnboardingFlow } from '../onboarding_flow_context';
 
@@ -25,7 +26,7 @@ export function ConnectStep({ onNext }: ConnectStepProps) {
     <div data-test-subj="onboardingStep-connect">
       <Suspense fallback={<EuiLoadingSpinner data-test-subj="onboardingStep-connect-loading" />}>
         <LazyAwsConnectSetup
-          cloud={services.cloud as any}
+          cloud={services.cloud as CloudSetupForCloudConnector | undefined}
           initialConnectorId={connectStep.connectorId}
           initialStaticKeys={connectStep.staticKeys}
           initialTemporaryKeys={connectStep.temporaryKeys}