ENG-3695: Surface integration save errors under form fields

[Kelsey-Ethyca]

Ticket ENG-3695

Description Of Changes

When saving an integration, server-side validation errors from the secrets PATCH (e.g. BigQuery keyfile_creds JSON parse failures, Zendesk domain allowed-list checks) used to appear as a transient toast that disappeared too quickly to read. The toast also leaked operator-only guidance (FIDES__SECURITY__DOMAIN_VALIDATION_MODE advisory) into user-facing text.

This PR routes 422 detail entries to the offending form field via antd's form.setFields, so the error renders directly under the input with a cleaned, human-readable message. Toasts are preserved as the fallback for non-validation errors (network, 500s, unmapped 422s).

The fix covers all four places an integration can be created or updated:

• System portal → Integrations tab (ConnectorParameters / ConnectorParametersForm)
• Integrations page → Add/Edit (ConfigureIntegrationForm)
• Existing Jira integration → Jira config tab (JiraConfigTab)

Two follow-ups were filed:

• ENG-3696 (BE): populate loc for model-level secrets validators and split the env-var advisory off the user-facing message so the FE parser doesn't need regex/string-stripping.
• ENG-3697 (FE): validate fields on blur instead of waiting for Save.

Code Changes

• New helper clients/admin-ui/src/features/common/form/parseSecretsFieldErrors.ts (+ Jest test). Converts a 422 detail array into [{ name, errors }] for form.setFields. Uses loc[-1] when present, falls back to a for '<field>' regex on the message, gated on the field existing in the caller's knownFields. Strips the Value error, prefix and the env-var advisory tail. Configurable namePrefix (default ["secrets"], set to [] for forms whose fields are top-level).
• ConnectorParameters.tsx: useConnectorForm.handleSubmit re-throws on parsed validation errors so the form can call setFields; non-mappable errors continue to toast.
• ConnectorParametersForm.tsx: handleFinish catches and applies setFields, short-circuits the post-save mask/property-assignment logic on error.
• ConfigureIntegrationForm.tsx: both error branches (the connection PATCH that bundles secrets in create flow, and the dedicated secrets PATCH) route to setFields first, fall back to existing toasts.
• JiraConfigTab.tsx: handleSave catch routes to setFields against the four Jira secret fields (namePrefix: [] since they're top-level).

Steps to Confirm

1. Go to a system → Integrations tab → add or edit a BigQuery integration. Paste not valid json into Keyfile creds → click Save. Expect: error appears under the Keyfile creds field; no toast.
2. Same flow with a Zendesk integration → set Domain to sfesdfesk.com → click Save. Expect: error appears under the Domain field, env-var advisory stripped; no toast.
3. Repeat (1) on the Integrations page (Add Integration → BigQuery). Expect: same behaviour.
4. Repeat (2) on the Integrations page (Add Integration → Zendesk). Expect: same behaviour.
5. Existing Jira integration → Jira config tab → trigger any field validation failure (e.g. clear out a required field via DOM and submit, or wait for ENG-3696 BE work for stronger server checks). Expect: field-level error.
6. Sanity: leave a required field blank and tab out → existing on-blur required-field error still appears. Trigger a 500 or network error during save → toast still appears.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created (ENG-3696, ENG-3697)
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	May 9, 2026 7:20pm
fides-privacy-center	Ignored		May 9, 2026 7:20pm

[github-actions]

Title	Lines	Statements	Branches	Functions
admin-ui		6.68% (3082/46073)	6.04% (1604/26541)	4.67% (636/13617)
fides-js		79.51% (2019/2539)	66.24% (1248/1884)	73.31% (349/476)
privacy-center		82.53% (364/441)	79.74% (189/237)	74.07% (60/81)

[lucanovera]

Nice UX improvement! Followed the steps and got the expected outcome. Code changes look good. Approved