Merge pull request #2917 from mr-ssd/patch-1

docs: add note for dynamic secrets as paid feature

docs/documentation/platform/dynamic-secrets/overview.mdx

@@ -4,6 +4,13 @@ sidebarTitle: "Overview"
 description: "Learn how to generate secrets dynamically on-demand."
 ---
 
+<Info>
+    Note that Dynamic Secrets is a paid feature.
+
+    If you're using Infisical Cloud, then it is available under the **Enterprise Tier** 
+    If you're self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.
+</Info>
+
 ## Introduction
 
 Contrary to static key-value secrets, which require manual input of data into the secure Infisical storage, **dynamic secrets are generated on-demand upon access**. 

docs/documentation/platform/pr-workflows.mdx

@@ -3,6 +3,13 @@ title: "Approval Workflows"
 description: "Learn how to enable a set of policies to manage changes to sensitive secrets and environments."
 ---
 
+<Info>
+    Approval Workflows is a paid feature.
+   
+    If you're using Infisical Cloud, then it is available under the **Pro Tier** and **Enterprise Tire**. 
+    If you're self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.
+</Info>
+
 ## Problem at hand
 
 Updating secrets in high-stakes environments (e.g., production) can have a number of problematic issues: 
@@ -40,4 +47,4 @@ When a user submits a change to an enviropnment that is under a particular polic
 
 Approvers are notified by email and/or Slack as soon as the request is initiated. In the Infisical Dashboard, they will be able to `approve` and `merge` (or `deny`) a request for a change in a particular environment. After that, depending on the workflows setup, the change will be automatically propagated to the right applications (e.g., using [Infisical Kubernetes Operator](https://infisical.com/docs/integrations/platforms/kubernetes)).
 
-![secrets update pull request](../../images/platform/pr-workflows/secret-update-pr.png)
+![secrets update pull request](../../images/platform/pr-workflows/secret-update-pr.png)

frontend/src/const/routes.ts

@@ -101,6 +101,10 @@ export const ROUTE_PATHS = Object.freeze({
         "/secret-manager/$projectId/integrations/azure-devops/create",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/create"
       ),
+      AzureKeyVaultAuthorizePage: setRoute(
+        "/secret-manager/$projectId/integrations/azure-key-vault/authorize",
+        "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize"
+      ),
       AzureKeyVaultOauthCallbackPage: setRoute(
         "/secret-manager/$projectId/integrations/azure-key-vault/oauth2/callback",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/oauth2/callback"

frontend/src/pages/secret-manager/IntegrationsListPage/IntegrationsListPage.utils.tsx

@@ -80,8 +80,16 @@ export const redirectForProviderAuth = (
           createIntegrationMissingEnvVarsNotification(integrationOption.slug);
           return;
         }
-        const link = `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${integrationOption.clientId}&response_type=code&redirect_uri=${window.location.origin}/integrations/azure-key-vault/oauth2/callback&response_mode=query&scope=https://vault.azure.net/.default openid offline_access&state=${state}`;
-        window.location.assign(link);
+        navigate({
+          to: "/secret-manager/$projectId/integrations/azure-key-vault/authorize",
+          params: {
+            projectId
+          },
+          search: {
+            clientId: integrationOption.clientId,
+            state,
+          }
+        });
         break;
       }
       case "azure-app-configuration": {

frontend/src/pages/secret-manager/integrations/AzureKeyVaultAuthorizePage/AzureKeyVaultAuthorizePage.tsx

@@ -0,0 +1,97 @@
+import { Controller, useForm } from "react-hook-form";
+
+import { faArrowUpRightFromSquare, faBookOpen } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import z from "zod";
+
+import { Button, Card, CardTitle, FormControl, Input } from "@app/components/v2";
+import { Helmet } from "react-helmet";
+import { useSearch } from "@tanstack/react-router";
+import { ROUTE_PATHS } from "@app/const/routes";
+
+const schema = z.object({
+  tenantId: z.string().trim().optional()
+});
+
+type FormData = z.infer<typeof schema>;
+
+export function AzureKeyVaultAuthorizePage() {
+  const { state, clientId } = useSearch({
+    from: ROUTE_PATHS.SecretManager.Integratons.AzureKeyVaultAuthorizePage.id,
+  });
+
+  const { control, handleSubmit } = useForm<FormData>({
+    resolver: zodResolver(schema)
+  });
+
+  const onFormSubmit = async ({ tenantId }: FormData) => {
+    const link = `https://login.microsoftonline.com/${
+      tenantId ?? "common"
+    }/oauth2/v2.0/authorize?client_id=${clientId}&response_type=code&redirect_uri=${
+      window.location.origin
+    }/integrations/azure-key-vault/oauth2/callback&response_mode=query&scope=https://vault.azure.net/.default openid offline_access&state=${state}`;
+
+    window.location.assign(link);
+  };
+
+  return (
+    <div className="flex h-full w-full items-center justify-center">
+      <Helmet>
+          <title>Authorize Azure Key Vault Integration</title>
+        <link rel="icon" href="/infisical.ico" />
+      </Helmet>
+      <Card className="mb-12 max-w-lg rounded-md border border-mineshaft-600">
+        <CardTitle
+          className="px-6 text-left text-xl"
+          subTitle="Authenticate with a specific tenant ID or let OAuth handle it automatically."
+        >
+          <div className="flex flex-row items-center">
+            <div className="flex items-center pb-0.5">
+              <img src="/images/integrations/GitHub.png" height={30} width={30} alt="Github logo" />
+            </div>
+            <span className="ml-2.5">Azure Key Vault Integration </span>
+            <a
+              href="https://infisical.com/docs/integrations/cloud/azure-key-vault"
+              target="_blank"
+              rel="noopener noreferrer"
+            >
+              <div className="ml-2 mb-1 inline-block cursor-default rounded-md bg-yellow/20 px-1.5 pb-[0.03rem] pt-[0.04rem] text-sm text-yellow opacity-80 hover:opacity-100">
+                <FontAwesomeIcon icon={faBookOpen} className="mr-1.5" />
+                Docs
+                <FontAwesomeIcon
+                  icon={faArrowUpRightFromSquare}
+                  className="ml-1.5 mb-[0.07rem] text-xxs"
+                />
+              </div>
+            </a>
+          </div>
+        </CardTitle>
+        <form onSubmit={handleSubmit(onFormSubmit)} className="px-6 pb-8 text-right">
+          <Controller
+            control={control}
+            name="tenantId"
+            render={({ field, fieldState: { error } }) => (
+              <FormControl
+                label="Tenant ID (optional)"
+                errorText={error?.message}
+                isError={Boolean(error)}
+              >
+                <Input {...field} placeholder="2e39537c-9a01-4bd6-a7b8-c3b88cbb8db9" />
+              </FormControl>
+            )}
+          />
+          <Button
+            colorSchema="primary"
+            variant="outline_bg"
+            className="mt-2 w-min"
+            size="sm"
+            type="submit"
+          >
+            Connect to Azure Key Vault
+          </Button>
+        </form>
+      </Card>
+    </div>
+  );
+}

frontend/src/pages/secret-manager/integrations/AzureKeyVaultAuthorizePage/route.tsx

@@ -0,0 +1,17 @@
+import { createFileRoute } from "@tanstack/react-router";
+import z from 'zod'
+
+import { AzureKeyVaultAuthorizePage } from "./AzureKeyVaultAuthorizePage";
+
+
+const PageQueryParamsSchema = z.object({
+  state: z.string(),
+  clientId: z.string().optional(),
+});
+
+export const Route = createFileRoute(
+  "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize"
+)({
+  component: AzureKeyVaultAuthorizePage,
+  validateSearch: PageQueryParamsSchema
+});

frontend/src/routeTree.gen.ts

@@ -159,6 +159,7 @@ import { Route as secretManagerIntegrationsChecklyConfigurePageRouteImport } fro
 import { Route as secretManagerIntegrationsChecklyAuthorizePageRouteImport } from './pages/secret-manager/integrations/ChecklyAuthorizePage/route'
 import { Route as secretManagerIntegrationsBitbucketConfigurePageRouteImport } from './pages/secret-manager/integrations/BitbucketConfigurePage/route'
 import { Route as secretManagerIntegrationsAzureKeyVaultConfigurePageRouteImport } from './pages/secret-manager/integrations/AzureKeyVaultConfigurePage/route'
+import { Route as secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteImport } from './pages/secret-manager/integrations/AzureKeyVaultAuthorizePage/route'
 import { Route as secretManagerIntegrationsAzureDevopsConfigurePageRouteImport } from './pages/secret-manager/integrations/AzureDevopsConfigurePage/route'
 import { Route as secretManagerIntegrationsAzureDevopsAuthorizePageRouteImport } from './pages/secret-manager/integrations/AzureDevopsAuthorizePage/route'
 import { Route as secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteImport } from './pages/secret-manager/integrations/AzureAppConfigurationConfigurePage/route'
@@ -1352,6 +1353,14 @@ const secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute =
       AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutIntegrationsRoute,
   } as any)
 
+const secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute =
+  secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteImport.update({
+    id: '/azure-key-vault/authorize',
+    path: '/azure-key-vault/authorize',
+    getParentRoute: () =>
+      AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutIntegrationsRoute,
+  } as any)
+
 const secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute =
   secretManagerIntegrationsAzureDevopsConfigurePageRouteImport.update({
     id: '/azure-devops/create',
@@ -2251,6 +2260,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof secretManagerIntegrationsAzureDevopsConfigurePageRouteImport
       parentRoute: typeof AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutIntegrationsImport
     }
+    '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize': {
+      id: '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize'
+      path: '/azure-key-vault/authorize'
+      fullPath: '/secret-manager/$projectId/integrations/azure-key-vault/authorize'
+      preLoaderRoute: typeof secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteImport
+      parentRoute: typeof AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutIntegrationsImport
+    }
     '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create': {
       id: '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create'
       path: '/azure-key-vault/create'
@@ -2944,6 +2960,7 @@ interface AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutI
   secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteRoute: typeof secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteRoute
   secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute: typeof secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute
   secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute: typeof secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute
+  secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute: typeof secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute
   secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute: typeof secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute
   secretManagerIntegrationsBitbucketConfigurePageRouteRoute: typeof secretManagerIntegrationsBitbucketConfigurePageRouteRoute
   secretManagerIntegrationsChecklyAuthorizePageRouteRoute: typeof secretManagerIntegrationsChecklyAuthorizePageRouteRoute
@@ -3034,6 +3051,8 @@ const AuthenticateInjectOrgDetailsSecretManagerProjectIdSecretManagerLayoutInteg
       secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute,
     secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute:
       secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute,
+    secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute:
+      secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute,
     secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute:
       secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute,
     secretManagerIntegrationsBitbucketConfigurePageRouteRoute:
@@ -3513,6 +3532,7 @@ export interface FileRoutesByFullPath {
   '/secret-manager/$projectId/integrations/azure-app-configuration/create': typeof secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-devops/authorize': typeof secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-devops/create': typeof secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute
+  '/secret-manager/$projectId/integrations/azure-key-vault/authorize': typeof secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-key-vault/create': typeof secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/bitbucket/create': typeof secretManagerIntegrationsBitbucketConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/checkly/authorize': typeof secretManagerIntegrationsChecklyAuthorizePageRouteRoute
@@ -3676,6 +3696,7 @@ export interface FileRoutesByTo {
   '/secret-manager/$projectId/integrations/azure-app-configuration/create': typeof secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-devops/authorize': typeof secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-devops/create': typeof secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute
+  '/secret-manager/$projectId/integrations/azure-key-vault/authorize': typeof secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute
   '/secret-manager/$projectId/integrations/azure-key-vault/create': typeof secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/bitbucket/create': typeof secretManagerIntegrationsBitbucketConfigurePageRouteRoute
   '/secret-manager/$projectId/integrations/checkly/authorize': typeof secretManagerIntegrationsChecklyAuthorizePageRouteRoute
@@ -3854,6 +3875,7 @@ export interface FileRoutesById {
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-app-configuration/create': typeof secretManagerIntegrationsAzureAppConfigurationConfigurePageRouteRoute
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/authorize': typeof secretManagerIntegrationsAzureDevopsAuthorizePageRouteRoute
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/create': typeof secretManagerIntegrationsAzureDevopsConfigurePageRouteRoute
+  '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize': typeof secretManagerIntegrationsAzureKeyVaultAuthorizePageRouteRoute
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create': typeof secretManagerIntegrationsAzureKeyVaultConfigurePageRouteRoute
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/bitbucket/create': typeof secretManagerIntegrationsBitbucketConfigurePageRouteRoute
   '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/checkly/authorize': typeof secretManagerIntegrationsChecklyAuthorizePageRouteRoute
@@ -4024,6 +4046,7 @@ export interface FileRouteTypes {
     | '/secret-manager/$projectId/integrations/azure-app-configuration/create'
     | '/secret-manager/$projectId/integrations/azure-devops/authorize'
     | '/secret-manager/$projectId/integrations/azure-devops/create'
+    | '/secret-manager/$projectId/integrations/azure-key-vault/authorize'
     | '/secret-manager/$projectId/integrations/azure-key-vault/create'
     | '/secret-manager/$projectId/integrations/bitbucket/create'
     | '/secret-manager/$projectId/integrations/checkly/authorize'
@@ -4186,6 +4209,7 @@ export interface FileRouteTypes {
     | '/secret-manager/$projectId/integrations/azure-app-configuration/create'
     | '/secret-manager/$projectId/integrations/azure-devops/authorize'
     | '/secret-manager/$projectId/integrations/azure-devops/create'
+    | '/secret-manager/$projectId/integrations/azure-key-vault/authorize'
     | '/secret-manager/$projectId/integrations/azure-key-vault/create'
     | '/secret-manager/$projectId/integrations/bitbucket/create'
     | '/secret-manager/$projectId/integrations/checkly/authorize'
@@ -4362,6 +4386,7 @@ export interface FileRouteTypes {
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-app-configuration/create'
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/authorize'
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/create'
+    | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize'
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create'
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/bitbucket/create'
     | '/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/checkly/authorize'
@@ -4925,6 +4950,7 @@ export const routeTree = rootRoute
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-app-configuration/create",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/authorize",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-devops/create",
+        "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/bitbucket/create",
         "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/checkly/authorize",
@@ -5105,6 +5131,10 @@ export const routeTree = rootRoute
       "filePath": "secret-manager/integrations/AzureDevopsConfigurePage/route.tsx",
       "parent": "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations"
     },
+    "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/authorize": {
+      "filePath": "secret-manager/integrations/AzureKeyVaultAuthorizePage/route.tsx",
+      "parent": "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations"
+    },
     "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations/azure-key-vault/create": {
       "filePath": "secret-manager/integrations/AzureKeyVaultConfigurePage/route.tsx",
       "parent": "/_authenticate/_inject-org-details/secret-manager/$projectId/_secret-manager-layout/integrations"

frontend/src/routes.ts

@@ -75,6 +75,10 @@ const secretManagerRoutes = route("/secret-manager/$projectId", [
         "/azure-devops/create",
         "secret-manager/integrations/AzureDevopsConfigurePage/route.tsx"
       ),
+      route(
+        "/azure-key-vault/authorize",
+        "secret-manager/integrations/AzureKeyVaultAuthorizePage/route.tsx"
+      ),
       route(
         "/azure-key-vault/oauth2/callback",
         "secret-manager/integrations/AzureKeyVaultOauthCallbackPage/route.tsx"