[UI] Ember Data Migration - SSH Role Sign Key and Generate Credential Views | Vault-45234 (#15100) (#15107)

* migrated ssh views - list, detail, create and edit

* adds validation for role name and update test attributes for consistency

* updated sign key attr name in test

* migrated ssh views - list, detail, create and edit

* adds validation for role name and update test attributes for consistency

* updated sign key attr name in test

* moved flat ordering logic to form as per dynamic selection

* Humanized TTL field display value

* Apply suggestions from code review



* fixed prettier issue

* VAULT-45234 - Migrates SSH credential generation and signing components with forms and Api service

* fixed review comments

* Apply suggestions from code review



---------

Co-authored-by: mohit-hashicorp <mohit.ojha@hashicorp.com>
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>

Author: 3 people

ui/app/components/generate-credentials-ssh.hbs

@@ -0,0 +1,77 @@
+{{!
+  Copyright IBM Corp. 2016, 2026
+  SPDX-License-Identifier: BUSL-1.1
+}}
+
+<Page::Header @title="Generate SSH Credentials">
+  <:breadcrumbs>
+    <Page::Breadcrumbs @breadcrumbs={{this.breadcrumbs}} />
+  </:breadcrumbs>
+</Page::Header>
+
+{{#if this.otpData}}
+  <div class="box is-fullwidth is-sideless is-paddingless is-marginless">
+    <Hds::Alert @type="inline" @color="warning" class="has-top-bottom-margin" data-test-warning as |A|>
+      <A.Title>Warning</A.Title>
+      <A.Description>
+        You will not be able to access this information later, so please copy the information below.
+      </A.Description>
+    </Hds::Alert>
+    {{#each this.otpDisplayRows as |row|}}
+      {{#if row.masked}}
+        <InfoTableRow @label={{row.label}} @value={{row.value}}>
+          <MaskedInput @value={{row.value}} @name="key" @displayOnly={{true}} @allowCopy={{true}} />
+        </InfoTableRow>
+      {{else}}
+        <InfoTableRow @label={{row.label}} @value={{row.value}} />
+      {{/if}}
+    {{/each}}
+  </div>
+  <div class="field is-grouped box is-fullwidth is-bottomless">
+    <div class="control">
+      <Hds::Copy::Button
+        @text="Copy credentials"
+        @textToCopy={{this.otpData.key}}
+        @onError={{(fn (set-flash-message "Clipboard copy failed. The Clipboard API requires a secure context." "danger"))}}
+        class="primary"
+      />
+    </div>
+    <div class="control">
+      <Hds::Button @text="Back" @color="secondary" {{on "click" this.reset}} data-test-back-button />
+    </div>
+  </div>
+{{else}}
+  <form {{on "submit" (perform this.generate)}} data-test-secret-generate-form>
+    <div class="box is-sideless is-fullwidth is-marginless">
+      <NamespaceReminder @mode="generate" @noun="credential" />
+      <MessageError @errorMessage={{this.errorMessage}} />
+      {{#each this.credentialForm.formFields as |attr|}}
+        <FormField
+          data-test-field
+          @attr={{attr}}
+          @model={{this.credentialForm}}
+          @modelValidations={{this.modelValidations}}
+        />
+      {{/each}}
+      {{#if this.invalidFormAlert}}
+        <AlertInline @type="danger" @message={{this.invalidFormAlert}} class="has-top-padding-s" />
+      {{/if}}
+    </div>
+    <Hds::ButtonSet class="has-top-bottom-margin">
+      <Hds::Button
+        @text="Generate"
+        @icon={{if this.generate.isRunning "loading"}}
+        type="submit"
+        disabled={{this.generate.isRunning}}
+        data-test-submit
+      />
+      <Hds::Button
+        @text="Cancel"
+        @route="vault.cluster.secrets.backend.list-root"
+        @color="secondary"
+        @model={{@backendPath}}
+        data-test-cancel
+      />
+    </Hds::ButtonSet>
+  </form>
+{{/if}}

ui/app/components/generate-credentials-ssh.ts

@@ -0,0 +1,90 @@
+/**
+ * Copyright IBM Corp. 2016, 2026
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import Component from '@glimmer/component';
+import { service } from '@ember/service';
+import { action } from '@ember/object';
+import { tracked } from '@glimmer/tracking';
+import { task } from 'ember-concurrency';
+import { waitFor } from '@ember/test-waiters';
+import SshOtpCredentialForm from 'vault/forms/ssh/otp-credential';
+
+import type ApiService from 'vault/services/api';
+import type ControlGroupService from 'vault/vault/services/control-group';
+
+interface Args {
+  backendPath: string;
+  roleName: string;
+}
+
+export default class GenerateCredentialsSsh extends Component<Args> {
+  @service declare readonly api: ApiService;
+  @service declare readonly controlGroup: ControlGroupService;
+
+  @tracked credentialForm = new SshOtpCredentialForm();
+  @tracked otpData: Record<string, unknown> | null = null;
+  @tracked errorMessage: string | null = null;
+  @tracked modelValidations: Record<string, unknown> | null = null;
+  @tracked invalidFormAlert: string | null = null;
+
+  get otpDisplayRows() {
+    const data = this.otpData;
+    if (!data) return [];
+    return [
+      { label: 'Username', value: data['username'] },
+      { label: 'IP Address', value: data['ip'] },
+      { label: 'Key', value: data['key'], masked: true },
+      { label: 'Key type', value: data['key_type'] },
+      { label: 'Port', value: data['port'] },
+    ].filter((f) => f.value != null && f.value !== '');
+  }
+
+  get breadcrumbs() {
+    const { backendPath, roleName } = this.args;
+    return [
+      { label: backendPath, route: 'vault.cluster.secrets.backend', model: backendPath },
+      { label: 'Credentials', route: 'vault.cluster.secrets.backend', model: backendPath },
+      { label: roleName, route: 'vault.cluster.secrets.backend.show', model: roleName },
+      { label: 'Generate SSH credentials' },
+    ];
+  }
+
+  generate = task(
+    waitFor(async (evt: Event) => {
+      evt.preventDefault();
+      this.errorMessage = null;
+
+      const { isValid, state, invalidFormMessage, data } = this.credentialForm.toJSON();
+      this.modelValidations = isValid ? null : state;
+      this.invalidFormAlert = isValid ? null : invalidFormMessage;
+      if (!isValid) return;
+      try {
+        const result = await this.api.secrets.sshGenerateCredentials(
+          this.args.roleName,
+          this.args.backendPath,
+          data
+        );
+        this.otpData = (result.data as Record<string, unknown>) ?? {};
+      } catch (error) {
+        const { message, response } = await this.api.parseError(error);
+        if (response?.isControlGroupError) {
+          this.controlGroup.saveTokenFromError(response);
+          this.errorMessage = this.controlGroup.logFromError(response).content;
+        } else {
+          this.errorMessage = message;
+        }
+      }
+    })
+  );
+
+  @action
+  reset() {
+    this.otpData = null;
+    this.credentialForm = new SshOtpCredentialForm();
+    this.errorMessage = null;
+    this.modelValidations = null;
+    this.invalidFormAlert = null;
+  }
+}

ui/app/components/ssh-sign-key.hbs

@@ -0,0 +1,81 @@
+{{!
+  Copyright IBM Corp. 2016, 2026
+  SPDX-License-Identifier: BUSL-1.1
+}}
+
+<Page::Header @title="Sign SSH key">
+  <:breadcrumbs>
+    <Page::Breadcrumbs @breadcrumbs={{this.breadcrumbs}} />
+  </:breadcrumbs>
+</Page::Header>
+
+{{#if this.signedKeyData}}
+  <div class="box is-fullwidth is-sideless is-paddingless is-marginless">
+    <Hds::Alert @type="inline" @color="warning" class="has-top-margin-s has-bottom-margin-s" as |A|>
+      <A.Title>Warning</A.Title>
+      <A.Description>
+        You will not be able to access this information later, so please copy the information below.
+      </A.Description>
+    </Hds::Alert>
+    {{#each this.signDisplayRows as |row|}}
+      <InfoTableRow @label={{row.label}} @value={{row.value}} />
+    {{/each}}
+  </div>
+  <div class="field is-grouped box is-fullwidth is-bottomless">
+    <div class="control">
+      <Hds::Copy::Button
+        @text="Copy key"
+        @textToCopy={{this.signedKeyData.signed_key}}
+        @onError={{(fn (set-flash-message "Clipboard copy failed. The Clipboard API requires a secure context." "danger"))}}
+        class="primary"
+      />
+    </div>
+    {{#if this.signedKeyData.lease_id}}
+      <div class="control">
+        <Hds::Copy::Button
+          @text="Copy lease ID"
+          @textToCopy={{this.signedKeyData.lease_id}}
+          @onError={{(fn
+            (set-flash-message "Clipboard copy failed. The Clipboard API requires a secure context." "danger")
+          )}}
+          class="secondary"
+        />
+      </div>
+    {{/if}}
+    <div class="control">
+      <Hds::Button @text="Back" @color="secondary" {{on "click" this.reset}} data-test-back-button />
+    </div>
+  </div>
+{{else}}
+  <form {{on "submit" (perform this.sign)}} data-test-secret-generate-form="true">
+    <div class="box is-sideless is-fullwidth is-marginless">
+      <MessageError @errorMessage={{this.errorMessage}} />
+      <NamespaceReminder @mode="sign" @noun="SSH key" />
+      <FormFieldGroups
+        @model={{this.signForm}}
+        @mode="create"
+        @groupName="formFieldGroups"
+        @modelValidations={{this.modelValidations}}
+      />
+      {{#if this.invalidFormAlert}}
+        <AlertInline @type="danger" @message={{this.invalidFormAlert}} class="has-top-padding-s" />
+      {{/if}}
+    </div>
+    <Hds::ButtonSet class="has-top-bottom-margin">
+      <Hds::Button
+        @text="Sign"
+        @icon={{if this.sign.isRunning "loading"}}
+        type="submit"
+        disabled={{this.sign.isRunning}}
+        data-test-submit
+      />
+      <Hds::Button
+        @text="Cancel"
+        @color="secondary"
+        @route="vault.cluster.secrets.backend.list-root"
+        @model={{@backendPath}}
+        data-test-cancel
+      />
+    </Hds::ButtonSet>
+  </form>
+{{/if}}

ui/app/components/ssh-sign-key.ts

@@ -0,0 +1,90 @@
+/**
+ * Copyright IBM Corp. 2016, 2026
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import Component from '@glimmer/component';
+import { service } from '@ember/service';
+import { action } from '@ember/object';
+import { tracked } from '@glimmer/tracking';
+import { task } from 'ember-concurrency';
+import { waitFor } from '@ember/test-waiters';
+import SshSignForm from 'vault/forms/ssh/sign';
+
+import type ApiService from 'vault/services/api';
+import type ControlGroupService from 'vault/vault/services/control-group';
+
+interface Args {
+  roleName: string;
+  backendPath: string;
+}
+
+export default class SshSignKey extends Component<Args> {
+  @service declare readonly api: ApiService;
+  @service declare readonly controlGroup: ControlGroupService;
+
+  @tracked signForm = new SshSignForm({ cert_type: 'user' });
+  @tracked signedKeyData: Record<string, unknown> | null = null;
+  @tracked errorMessage: string | null = null;
+  @tracked modelValidations: Record<string, unknown> | null = null;
+  @tracked invalidFormAlert: string | null = null;
+
+  get signDisplayRows() {
+    const data = this.signedKeyData;
+    if (!data) return [];
+    return [
+      { label: 'Signed key', value: data['signed_key'] },
+      { label: 'Lease ID', value: data['lease_id'] },
+      { label: 'Renewable', value: data['renewable'] },
+      { label: 'Lease duration', value: data['lease_duration'] },
+      { label: 'Serial number', value: data['serial_number'] },
+    ].filter((f) => f.value != null && f.value !== '');
+  }
+
+  get breadcrumbs() {
+    const { backendPath, roleName } = this.args;
+    return [
+      { label: backendPath, route: 'vault.cluster.secrets.backend', model: backendPath },
+      { label: 'Sign', route: 'vault.cluster.secrets.backend', model: backendPath },
+      { label: roleName, route: 'vault.cluster.secrets.backend.show', model: roleName },
+      { label: 'Sign SSH Key' },
+    ];
+  }
+
+  sign = task(
+    waitFor(async (evt: Event) => {
+      evt.preventDefault();
+      this.errorMessage = null;
+
+      const { isValid, state, invalidFormMessage, data } = this.signForm.toJSON();
+      this.modelValidations = isValid ? null : state;
+      this.invalidFormAlert = isValid ? null : invalidFormMessage;
+      if (!isValid) return;
+      try {
+        const result = await this.api.secrets.sshSignCertificate(
+          this.args.roleName,
+          this.args.backendPath,
+          data
+        );
+        this.signedKeyData = { ...result, ...(result.data as Record<string, unknown>) };
+      } catch (error) {
+        const { message, response } = await this.api.parseError(error);
+        if (response?.isControlGroupError) {
+          this.controlGroup.saveTokenFromError(response);
+          this.errorMessage = this.controlGroup.logFromError(response).content;
+        } else {
+          this.errorMessage = message;
+        }
+      }
+    })
+  );
+
+  @action
+  reset() {
+    this.signedKeyData = null;
+    this.signForm = new SshSignForm({ cert_type: 'user' });
+    this.errorMessage = null;
+    this.modelValidations = null;
+    this.invalidFormAlert = null;
+  }
+}

ui/app/forms/ssh/otp-credential.ts

@@ -0,0 +1,24 @@
+/**
+ * Copyright IBM Corp. 2016, 2026
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import Form from 'vault/forms/form';
+import FormField from 'vault/utils/forms/field';
+import { Validations } from 'vault/vault/app-types';
+
+interface SshOtpCredentialData {
+  username: string;
+  ip: string;
+}
+
+export default class SshOtpCredentialForm extends Form<SshOtpCredentialData> {
+  formFields = [
+    new FormField('username', 'string', { label: 'Username' }),
+    new FormField('ip', 'string', { label: 'IP address' }),
+  ];
+
+  validations: Validations = {
+    ip: [{ type: 'presence', message: 'IP address is required' }],
+  };
+}