From fd032831cb89afab14fd7f255608bbe09a34bd64 Mon Sep 17 00:00:00 2001
From: Michael Dempsey <bluestealth@bluestealth.pw>
Date: Thu, 10 Nov 2022 14:24:53 -0800
Subject: [PATCH] Expose ssh algorithm_signer in web interface (#10114)
 (#10299)

* Expose ssh algorithm_signer in web interface (#10114)

* Adds allowed values for algorithm_signer to ssh plugin API
* Adds algorithm_signer as field in UI

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
---
 builtin/logical/ssh/path_roles.go | 1 +
 changelog/10299.txt               | 3 +++
 ui/app/models/role-ssh.js         | 4 ++++
 3 files changed, 8 insertions(+)
 create mode 100644 changelog/10299.txt

diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go
index 595839301..6e525c42b 100644
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -380,6 +380,7 @@ func pathRoles(b *backend) *framework.Path {
 				When supplied, this value specifies a signing algorithm for the key. Possible values:
 				ssh-rsa, rsa-sha2-256, rsa-sha2-512, default, or the empty string.
 				`,
+				AllowedValues: []interface{}{"", ssh.SigAlgoRSA, ssh.SigAlgoRSASHA2256, ssh.SigAlgoRSASHA2512},
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Signing Algorithm",
 				},
diff --git a/changelog/10299.txt b/changelog/10299.txt
new file mode 100644
index 000000000..db135b64e
--- /dev/null
+++ b/changelog/10299.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Add algorithm-signer as a SSH Secrets Engine UI field
+```
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index abb13fb5b..0308e91f4 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -37,6 +37,7 @@ const CA_FIELDS = [
   'allowUserKeyIds',
   'keyIdFormat',
   'notBeforeDuration',
+  'algorithmSigner',
 ];
 
 export default Model.extend({
@@ -117,6 +118,9 @@ export default Model.extend({
   keyIdFormat: attr('string', {
     helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
   }),
+  algorithmSigner: attr('string', {
+    helpText: 'When supplied, this value specifies a signing algorithm for the key',
+  }),
 
   showFields: computed('keyType', function () {
     const keyType = this.keyType;