From 89de6267c7029cc41f13b6a415de5bace1672acd Mon Sep 17 00:00:00 2001
From: Angel Garbarino <Monkeychip@users.noreply.github.com>
Date: Sun, 8 Oct 2023 13:10:35 -0600
Subject: [PATCH] Allow AWS secret engine to send empty policy document
 (#23470) (#23509)

* fix

* changelog

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---
 changelog/23470.txt       | 3 +++
 ui/app/helpers/jsonify.js | 2 ++
 ui/app/models/role-aws.js | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelog/23470.txt

diff --git a/changelog/23470.txt b/changelog/23470.txt
new file mode 100644
index 000000000..744fa76c7
--- /dev/null
+++ b/changelog/23470.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix AWS secret engine to allow empty policy_document field.
+```
\ No newline at end of file
diff --git a/ui/app/helpers/jsonify.js b/ui/app/helpers/jsonify.js
index d6e8168c5..95b9a3b98 100644
--- a/ui/app/helpers/jsonify.js
+++ b/ui/app/helpers/jsonify.js
@@ -6,6 +6,8 @@
 import { helper as buildHelper } from '@ember/component/helper';
 
 export function jsonify([target]) {
+  // aws secret engine needs to be able to send an empty json value on the field policy_document
+  if (!target) return;
   return JSON.parse(target);
 }
 
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index cb8003472..3d7cb8482 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -54,7 +54,7 @@ export default Model.extend({
     editType: 'json',
     helpText:
       'A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.',
-    defaultValue: '{\n}',
+    // Cannot have a default_value on policy_document because in some cases AWS expects this value to be empty.
   }),
   fields: computed('credentialType', function () {
     const credentialType = this.credentialType;