feat: Allow empty credential configs to work with cloud providers (#9499)

* support empty credential config
* update plugin package
* update yaml for fix test error

Author: cwangsmv

.github/workflows/test.yml

@@ -33,8 +33,8 @@ jobs:
           node-version-file: .nvmrc
           cache: npm
           cache-dependency-path: package-lock.json
-          registry-url: "https://npm.pkg.github.com"
-          scope: "@kong"
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@kong'
 
       - name: Install packages
         run: npm ci
@@ -52,6 +52,8 @@ jobs:
 
       - name: Check Circular References
         uses: actions/github-script@v7
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         if: github.event_name == 'pull_request' && always()
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

package-lock.json

@@ -66,6 +66,6 @@
     "yaml": "^2.7.1"
   },
   "optionalDependencies": {
-    "@kong/insomnia-plugin-external-vault": "0.1.3"
+    "@kong/insomnia-plugin-external-vault": "0.1.4-dev.20251224090833"
   }
 }

packages/insomnia-inso/package.json

@@ -202,7 +202,7 @@
   },
   "optionalDependencies": {
     "@kong/insomnia-plugin-ai": "^1.0.7",
-    "@kong/insomnia-plugin-external-vault": "0.1.3"
+    "@kong/insomnia-plugin-external-vault": "0.1.4-dev.20251224090833"
   },
   "dev": {
     "dev-server-port": 3334

packages/insomnia/package.json

@@ -193,34 +193,7 @@ async function _removeAllCredentials() {
   const cloudCredentials = await cloudCredential.all();
   for (const cred of cloudCredentials) {
     if ('credentials' in cred) {
-      if ('secretAccessKey' in cred.credentials) {
-        removals.push(
-          cloudCredential.update(cred, {
-            // AWS
-            credentials: { ...cred.credentials, secretAccessKey: '', sessionToken: '' },
-          }),
-        );
-        continue;
-      }
-      // hashicorp
-      if ('access_token' in cred.credentials) {
-        removals.push(cloudCredential.update(cred, { credentials: { ...cred.credentials, access_token: '' } }));
-        continue;
-      }
-      if ('client_secret' in cred.credentials) {
-        removals.push(cloudCredential.update(cred, { credentials: { ...cred.credentials, client_secret: '' } }));
-        continue;
-      }
-      if ('secret_id' in cred.credentials) {
-        removals.push(
-          cloudCredential.update(cred, { credentials: { ...cred.credentials, secret_id: '', role_id: '' } }),
-        );
-        continue;
-      }
-      // azure
-      if ('accessToken' in cred.credentials) {
-        removals.push(cloudCredential.update(cred, { credentials: { ...cred.credentials, accessToken: '' } }));
-      }
+      removals.push(cloudCredential.update(cred, { credentials: undefined }));
     }
   }
 

packages/insomnia/src/account/session.ts

@@ -97,16 +97,16 @@ export interface AzureOAuthCredential {
 type BaseCloudCredential =
   | {
       provider: 'aws';
-      credentials: AWSTemporaryCredential | AWSFileCredential | AWSSSOCredential;
+      credentials?: AWSTemporaryCredential | AWSFileCredential | AWSSSOCredential;
     }
   | {
       provider: 'gcp';
-      credentials: GCPCredential;
+      credentials?: GCPCredential;
     }
-  | { provider: 'azure'; credentials: AzureOAuthCredential }
+  | { provider: 'azure'; credentials?: AzureOAuthCredential }
   | {
       provider: 'hashicorp';
-      credentials:
+      credentials?:
         | HCPCredential
         | VaultAppRoleCredential
         | VaultTokenCredential

packages/insomnia/src/models/cloud-credential.ts

@@ -34,8 +34,10 @@ export async function clientAction({ params, request }: Route.ClientActionArgs)
     if (provider === 'hashicorp') {
       // update access token and expires_at
       const { access_token, expires_at } = result as { access_token: string; expires_at: number };
-      patch.credentials['access_token'] = access_token;
-      patch.credentials['expires_at'] = expires_at;
+      if (patch.credentials) {
+        patch.credentials['access_token'] = access_token;
+        patch.credentials['expires_at'] = expires_at;
+      }
     }
     await models.cloudCredential.update(originCredential, patch);
     return result as { access_token: string; expires_at: number };

packages/insomnia/src/routes/cloud-credentials.$cloudCredentialId.update.ts

@@ -19,7 +19,7 @@ export interface AWSCredentialFormProps {
   isLoading: boolean;
   errorMessage?: string;
 }
-const initialFormValue: { name: string; credentials: AWSCloudCredential['credentials'] } = {
+const initialFormValue: { name: string; credentials: Required<AWSCloudCredential>['credentials'] } = {
   name: '',
   credentials: {
     type: AWSCredentialType.temp,
@@ -34,7 +34,7 @@ export const providerType: CloudProviderName = 'aws';
 export const AWSCredentialForm = (props: AWSCredentialFormProps) => {
   const { data, onSubmit, isLoading, errorMessage } = props;
   const isEdit = !!data;
-  const { name, credentials } = (data || initialFormValue) as {
+  const { name, credentials = initialFormValue.credentials } = (data || initialFormValue) as {
     name: string;
     credentials: AWSCloudCredential['credentials'];
   };

packages/insomnia/src/ui/components/modals/cloud-credential-modal/aws-credential-form.tsx

@@ -37,9 +37,9 @@ export const providerType: CloudProviderName = 'hashicorp';
 export const HashiCorpCredentialForm = (props: HashiCorpCredentialFormProps) => {
   const { data, onSubmit, isLoading, errorMessage } = props;
   const isEdit = !!data;
-  const { name, credentials } = data || initialFormValue;
+  const { name, credentials = initialFormValue.credentials } = data || initialFormValue;
   const [isValidUrl, setIsValidUrl] = useState(true);
-  const { type } = credentials as HashiCorpCredential['credentials'];
+  const { type } = credentials as Required<HashiCorpCredential>['credentials'];
   const [credentialType, setCredentialType] = useState<HashiCorpCredentialType>(type);
   const [credentialAuthMethod, setAuthMethod] = useState<HashiCorpVaultAuthMethod>(
     (credentials as VaultTokenCredential | VaultAppRoleCredential).authMethod,

packages/insomnia/src/ui/components/modals/cloud-credential-modal/hashicorp-credential-form.tsx

@@ -6,7 +6,6 @@ import { useDeleteCloudCredentialActionFetcher } from '~/routes/cloud-credential
 
 import { EXTERNAL_VAULT_PLUGIN_NAME } from '../../../common/constants';
 import {
-  type AzureOAuthCredential,
   type CloudProviderCredential,
   type CloudProviderName,
   getProviderDisplayName,
@@ -179,9 +178,9 @@ export const CloudServiceCredentialList = () => {
           <tbody>
             {cloudCredentials.map(cloudCred => {
               const { _id, name, provider, credentials } = cloudCred;
-              let isAzureTokenExpired = false;
-              if (provider === 'azure') {
-                const tokenExpiresOn = (credentials as AzureOAuthCredential).expiresOn;
+              let isAzureTokenExpired = !credentials;
+              if (credentials && provider === 'azure') {
+                const tokenExpiresOn = 'expiresOn' in credentials ? credentials.expiresOn : null;
                 if (tokenExpiresOn && new Date() >= new Date(tokenExpiresOn)) {
                   isAzureTokenExpired = true;
                 }