mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

KMS certificates for Encryption configuration page (#2380)

Browse Source 
- removed unused console certificate code in frontend
- fixed confirmation dialog not closing after submit form on encryption
page
- simplified kms mtls/ca certificates for tenant encryption
configuration

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
2022-10-19 12:32:08 -07:00
committed by GitHub
parent 5f07d45846
commit 6b6cfd10f1
19 changed files with 918 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

246
models/encryption_configuration.go
View File

@@ -42,9 +42,6 @@ type EncryptionConfiguration struct {
// azure
Azure *AzureConfiguration `json:"azure,omitempty"`
// client
Client *KeyPairConfiguration `json:"client,omitempty"`
// gcp
Gcp *GcpConfiguration `json:"gcp,omitempty"`
@@ -54,6 +51,12 @@ type EncryptionConfiguration struct {
// image
Image string `json:"image,omitempty"`
// kms mtls
KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"`
// minio mtls
MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"`
// raw
Raw string `json:"raw,omitempty"`
@@ -66,8 +69,8 @@ type EncryptionConfiguration struct {
// security context
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
// server
Server *KeyPairConfiguration `json:"server,omitempty"`
// server tls
ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"`
// vault
Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -88,14 +91,16 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
Azure *AzureConfiguration `json:"azure,omitempty"`
Client *KeyPairConfiguration `json:"client,omitempty"`
Gcp *GcpConfiguration `json:"gcp,omitempty"`
Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
Image string `json:"image,omitempty"`
KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"`
MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"`
Raw string `json:"raw,omitempty"`
Replicas string `json:"replicas,omitempty"`
@@ -104,7 +109,7 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *KeyPairConfiguration `json:"server,omitempty"`
ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"`
Vault *VaultConfiguration `json:"vault,omitempty"`
}
@@ -116,14 +121,16 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
m.Azure = dataAO1.Azure
m.Client = dataAO1.Client
m.Gcp = dataAO1.Gcp
m.Gemalto = dataAO1.Gemalto
m.Image = dataAO1.Image
m.KmsMtls = dataAO1.KmsMtls
m.MinioMtls = dataAO1.MinioMtls
m.Raw = dataAO1.Raw
m.Replicas = dataAO1.Replicas
@@ -132,7 +139,7 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
m.SecurityContext = dataAO1.SecurityContext
m.Server = dataAO1.Server
m.ServerTLS = dataAO1.ServerTLS
m.Vault = dataAO1.Vault
@@ -153,14 +160,16 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
Azure *AzureConfiguration `json:"azure,omitempty"`
Client *KeyPairConfiguration `json:"client,omitempty"`
Gcp *GcpConfiguration `json:"gcp,omitempty"`
Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
Image string `json:"image,omitempty"`
KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"`
MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"`
Raw string `json:"raw,omitempty"`
Replicas string `json:"replicas,omitempty"`
@@ -169,7 +178,7 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *KeyPairConfiguration `json:"server,omitempty"`
ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"`
Vault *VaultConfiguration `json:"vault,omitempty"`
}
@@ -178,14 +187,16 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
dataAO1.Azure = m.Azure
dataAO1.Client = m.Client
dataAO1.Gcp = m.Gcp
dataAO1.Gemalto = m.Gemalto
dataAO1.Image = m.Image
dataAO1.KmsMtls = m.KmsMtls
dataAO1.MinioMtls = m.MinioMtls
dataAO1.Raw = m.Raw
dataAO1.Replicas = m.Replicas
@@ -194,7 +205,7 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
dataAO1.SecurityContext = m.SecurityContext
dataAO1.Server = m.Server
dataAO1.ServerTLS = m.ServerTLS
dataAO1.Vault = m.Vault
@@ -223,10 +234,6 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateClient(formats); err != nil {
res = append(res, err)
}
if err := m.validateGcp(formats); err != nil {
res = append(res, err)
}
@@ -235,11 +242,19 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateKmsMtls(formats); err != nil {
res = append(res, err)
}
if err := m.validateMinioMtls(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecurityContext(formats); err != nil {
res = append(res, err)
}
if err := m.validateServer(formats); err != nil {
if err := m.validateServerTLS(formats); err != nil {
res = append(res, err)
}
@@ -293,26 +308,6 @@ func (m *EncryptionConfiguration) validateAzure(formats strfmt.Registry) error {
return nil
}
func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {
if swag.IsZero(m.Client) { // not required
return nil
}
if m.Client != nil {
if err := m.Client.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("client")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("client")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateGcp(formats strfmt.Registry) error {
if swag.IsZero(m.Gcp) { // not required
@@ -353,6 +348,46 @@ func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error
return nil
}
func (m *EncryptionConfiguration) validateKmsMtls(formats strfmt.Registry) error {
if swag.IsZero(m.KmsMtls) { // not required
return nil
}
if m.KmsMtls != nil {
if err := m.KmsMtls.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateMinioMtls(formats strfmt.Registry) error {
if swag.IsZero(m.MinioMtls) { // not required
return nil
}
if m.MinioMtls != nil {
if err := m.MinioMtls.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("minio_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("minio_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateSecurityContext(formats strfmt.Registry) error {
if swag.IsZero(m.SecurityContext) { // not required
@@ -373,18 +408,18 @@ func (m *EncryptionConfiguration) validateSecurityContext(formats strfmt.Registr
return nil
}
func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {
func (m *EncryptionConfiguration) validateServerTLS(formats strfmt.Registry) error {
if swag.IsZero(m.Server) { // not required
if swag.IsZero(m.ServerTLS) { // not required
return nil
}
if m.Server != nil {
if err := m.Server.Validate(formats); err != nil {
if m.ServerTLS != nil {
if err := m.ServerTLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
return ve.ValidateName("server_tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
return ce.ValidateName("server_tls")
}
return err
}
@@ -430,10 +465,6 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s
res = append(res, err)
}
if err := m.contextValidateClient(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateGcp(ctx, formats); err != nil {
res = append(res, err)
}
@@ -442,11 +473,19 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s
res = append(res, err)
}
if err := m.contextValidateKmsMtls(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateMinioMtls(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateServer(ctx, formats); err != nil {
if err := m.contextValidateServerTLS(ctx, formats); err != nil {
res = append(res, err)
}
@@ -492,22 +531,6 @@ func (m *EncryptionConfiguration) contextValidateAzure(ctx context.Context, form
return nil
}
func (m *EncryptionConfiguration) contextValidateClient(ctx context.Context, formats strfmt.Registry) error {
if m.Client != nil {
if err := m.Client.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("client")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("client")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) contextValidateGcp(ctx context.Context, formats strfmt.Registry) error {
if m.Gcp != nil {
@@ -540,6 +563,38 @@ func (m *EncryptionConfiguration) contextValidateGemalto(ctx context.Context, fo
return nil
}
func (m *EncryptionConfiguration) contextValidateKmsMtls(ctx context.Context, formats strfmt.Registry) error {
if m.KmsMtls != nil {
if err := m.KmsMtls.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) contextValidateMinioMtls(ctx context.Context, formats strfmt.Registry) error {
if m.MinioMtls != nil {
if err := m.MinioMtls.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("minio_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("minio_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
if m.SecurityContext != nil {
@@ -556,14 +611,14 @@ func (m *EncryptionConfiguration) contextValidateSecurityContext(ctx context.Con
return nil
}
func (m *EncryptionConfiguration) contextValidateServer(ctx context.Context, formats strfmt.Registry) error {
func (m *EncryptionConfiguration) contextValidateServerTLS(ctx context.Context, formats strfmt.Registry) error {
if m.Server != nil {
if err := m.Server.ContextValidate(ctx, formats); err != nil {
if m.ServerTLS != nil {
if err := m.ServerTLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
return ve.ValidateName("server_tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
return ce.ValidateName("server_tls")
}
return err
}
@@ -605,3 +660,46 @@ func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// EncryptionConfigurationAO1KmsMtls encryption configuration a o1 kms mtls
//
// swagger:model EncryptionConfigurationAO1KmsMtls
type EncryptionConfigurationAO1KmsMtls struct {
// ca
Ca string `json:"ca,omitempty"`
// crt
Crt string `json:"crt,omitempty"`
// key
Key string `json:"key,omitempty"`
}
// Validate validates this encryption configuration a o1 kms mtls
func (m *EncryptionConfigurationAO1KmsMtls) Validate(formats strfmt.Registry) error {
return nil
}
// ContextValidate validates this encryption configuration a o1 kms mtls based on context it is used
func (m *EncryptionConfigurationAO1KmsMtls) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfigurationAO1KmsMtls) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfigurationAO1KmsMtls) UnmarshalBinary(b []byte) error {
var res EncryptionConfigurationAO1KmsMtls
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

267
models/encryption_configuration_response.go
View File

@@ -51,8 +51,11 @@ type EncryptionConfigurationResponse struct {
// image
Image string `json:"image,omitempty"`
// mtls client
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
// kms mtls
KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"`
// minio mtls
MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"`
// raw
Raw string `json:"raw,omitempty"`
@@ -63,8 +66,8 @@ type EncryptionConfigurationResponse struct {
// security context
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
// server
Server *CertificateInfo `json:"server,omitempty"`
// server tls
ServerTLS *CertificateInfo `json:"server_tls,omitempty"`
// vault
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
@@ -91,7 +94,9 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error {
Image string `json:"image,omitempty"`
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"`
MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"`
Raw string `json:"raw,omitempty"`
@@ -99,7 +104,7 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error {
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *CertificateInfo `json:"server,omitempty"`
ServerTLS *CertificateInfo `json:"server_tls,omitempty"`
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
}
@@ -117,7 +122,9 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error {
m.Image = dataAO1.Image
m.MtlsClient = dataAO1.MtlsClient
m.KmsMtls = dataAO1.KmsMtls
m.MinioMtls = dataAO1.MinioMtls
m.Raw = dataAO1.Raw
@@ -125,7 +132,7 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error {
m.SecurityContext = dataAO1.SecurityContext
m.Server = dataAO1.Server
m.ServerTLS = dataAO1.ServerTLS
m.Vault = dataAO1.Vault
@@ -152,7 +159,9 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) {
Image string `json:"image,omitempty"`
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"`
MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"`
Raw string `json:"raw,omitempty"`
@@ -160,7 +169,7 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) {
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *CertificateInfo `json:"server,omitempty"`
ServerTLS *CertificateInfo `json:"server_tls,omitempty"`
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
}
@@ -175,7 +184,9 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) {
dataAO1.Image = m.Image
dataAO1.MtlsClient = m.MtlsClient
dataAO1.KmsMtls = m.KmsMtls
dataAO1.MinioMtls = m.MinioMtls
dataAO1.Raw = m.Raw
@@ -183,7 +194,7 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) {
dataAO1.SecurityContext = m.SecurityContext
dataAO1.Server = m.Server
dataAO1.ServerTLS = m.ServerTLS
dataAO1.Vault = m.Vault
@@ -220,7 +231,11 @@ func (m *EncryptionConfigurationResponse) Validate(formats strfmt.Registry) erro
res = append(res, err)
}
if err := m.validateMtlsClient(formats); err != nil {
if err := m.validateKmsMtls(formats); err != nil {
res = append(res, err)
}
if err := m.validateMinioMtls(formats); err != nil {
res = append(res, err)
}
@@ -228,7 +243,7 @@ func (m *EncryptionConfigurationResponse) Validate(formats strfmt.Registry) erro
res = append(res, err)
}
if err := m.validateServer(formats); err != nil {
if err := m.validateServerTLS(formats); err != nil {
res = append(res, err)
}
@@ -322,18 +337,38 @@ func (m *EncryptionConfigurationResponse) validateGemalto(formats strfmt.Registr
return nil
}
func (m *EncryptionConfigurationResponse) validateMtlsClient(formats strfmt.Registry) error {
func (m *EncryptionConfigurationResponse) validateKmsMtls(formats strfmt.Registry) error {
if swag.IsZero(m.MtlsClient) { // not required
if swag.IsZero(m.KmsMtls) { // not required
return nil
}
if m.MtlsClient != nil {
if err := m.MtlsClient.Validate(formats); err != nil {
if m.KmsMtls != nil {
if err := m.KmsMtls.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("mtls_client")
return ve.ValidateName("kms_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("mtls_client")
return ce.ValidateName("kms_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateMinioMtls(formats strfmt.Registry) error {
if swag.IsZero(m.MinioMtls) { // not required
return nil
}
if m.MinioMtls != nil {
if err := m.MinioMtls.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("minio_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("minio_mtls")
}
return err
}
@@ -362,18 +397,18 @@ func (m *EncryptionConfigurationResponse) validateSecurityContext(formats strfmt
return nil
}
func (m *EncryptionConfigurationResponse) validateServer(formats strfmt.Registry) error {
func (m *EncryptionConfigurationResponse) validateServerTLS(formats strfmt.Registry) error {
if swag.IsZero(m.Server) { // not required
if swag.IsZero(m.ServerTLS) { // not required
return nil
}
if m.Server != nil {
if err := m.Server.Validate(formats); err != nil {
if m.ServerTLS != nil {
if err := m.ServerTLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
return ve.ValidateName("server_tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
return ce.ValidateName("server_tls")
}
return err
}
@@ -427,7 +462,11 @@ func (m *EncryptionConfigurationResponse) ContextValidate(ctx context.Context, f
res = append(res, err)
}
if err := m.contextValidateMtlsClient(ctx, formats); err != nil {
if err := m.contextValidateKmsMtls(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateMinioMtls(ctx, formats); err != nil {
res = append(res, err)
}
@@ -435,7 +474,7 @@ func (m *EncryptionConfigurationResponse) ContextValidate(ctx context.Context, f
res = append(res, err)
}
if err := m.contextValidateServer(ctx, formats); err != nil {
if err := m.contextValidateServerTLS(ctx, formats); err != nil {
res = append(res, err)
}
@@ -513,14 +552,30 @@ func (m *EncryptionConfigurationResponse) contextValidateGemalto(ctx context.Con
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateMtlsClient(ctx context.Context, formats strfmt.Registry) error {
func (m *EncryptionConfigurationResponse) contextValidateKmsMtls(ctx context.Context, formats strfmt.Registry) error {
if m.MtlsClient != nil {
if err := m.MtlsClient.ContextValidate(ctx, formats); err != nil {
if m.KmsMtls != nil {
if err := m.KmsMtls.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("mtls_client")
return ve.ValidateName("kms_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("mtls_client")
return ce.ValidateName("kms_mtls")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateMinioMtls(ctx context.Context, formats strfmt.Registry) error {
if m.MinioMtls != nil {
if err := m.MinioMtls.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("minio_mtls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("minio_mtls")
}
return err
}
@@ -545,14 +600,14 @@ func (m *EncryptionConfigurationResponse) contextValidateSecurityContext(ctx con
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateServer(ctx context.Context, formats strfmt.Registry) error {
func (m *EncryptionConfigurationResponse) contextValidateServerTLS(ctx context.Context, formats strfmt.Registry) error {
if m.Server != nil {
if err := m.Server.ContextValidate(ctx, formats); err != nil {
if m.ServerTLS != nil {
if err := m.ServerTLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
return ve.ValidateName("server_tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
return ce.ValidateName("server_tls")
}
return err
}
@@ -594,3 +649,139 @@ func (m *EncryptionConfigurationResponse) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// EncryptionConfigurationResponseAO1KmsMtls encryption configuration response a o1 kms mtls
//
// swagger:model EncryptionConfigurationResponseAO1KmsMtls
type EncryptionConfigurationResponseAO1KmsMtls struct {
// ca
Ca *CertificateInfo `json:"ca,omitempty"`
// crt
Crt *CertificateInfo `json:"crt,omitempty"`
}
// Validate validates this encryption configuration response a o1 kms mtls
func (m *EncryptionConfigurationResponseAO1KmsMtls) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationResponseAO1KmsMtls) validateCa(formats strfmt.Registry) error {
if swag.IsZero(m.Ca) { // not required
return nil
}
if m.Ca != nil {
if err := m.Ca.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponseAO1KmsMtls) validateCrt(formats strfmt.Registry) error {
if swag.IsZero(m.Crt) { // not required
return nil
}
if m.Crt != nil {
if err := m.Crt.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls" + "." + "crt")
}
return err
}
}
return nil
}
// ContextValidate validate this encryption configuration response a o1 kms mtls based on the context it is used
func (m *EncryptionConfigurationResponseAO1KmsMtls) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCa(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateCrt(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationResponseAO1KmsMtls) contextValidateCa(ctx context.Context, formats strfmt.Registry) error {
if m.Ca != nil {
if err := m.Ca.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponseAO1KmsMtls) contextValidateCrt(ctx context.Context, formats strfmt.Registry) error {
if m.Crt != nil {
if err := m.Crt.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("kms_mtls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("kms_mtls" + "." + "crt")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfigurationResponseAO1KmsMtls) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfigurationResponseAO1KmsMtls) UnmarshalBinary(b []byte) error {
var res EncryptionConfigurationResponseAO1KmsMtls
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

102
models/gemalto_configuration.go
View File

@@ -135,9 +135,6 @@ type GemaltoConfigurationKeysecure struct {
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// tls
TLS *GemaltoConfigurationKeysecureTLS `json:"tls,omitempty"`
}
// Validate validates this gemalto configuration keysecure
@@ -152,10 +149,6 @@ func (m *GemaltoConfigurationKeysecure) Validate(formats strfmt.Registry) error
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -191,25 +184,6 @@ func (m *GemaltoConfigurationKeysecure) validateEndpoint(formats strfmt.Registry
return nil
}
func (m *GemaltoConfigurationKeysecure) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration keysecure based on the context it is used
func (m *GemaltoConfigurationKeysecure) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
@@ -218,10 +192,6 @@ func (m *GemaltoConfigurationKeysecure) ContextValidate(ctx context.Context, for
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -244,22 +214,6 @@ func (m *GemaltoConfigurationKeysecure) contextValidateCredentials(ctx context.C
return nil
}
func (m *GemaltoConfigurationKeysecure) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecure) MarshalBinary() ([]byte, error) {
if m == nil {
@@ -353,59 +307,3 @@ func (m *GemaltoConfigurationKeysecureCredentials) UnmarshalBinary(b []byte) err
*m = res
return nil
}
// GemaltoConfigurationKeysecureTLS gemalto configuration keysecure TLS
//
// swagger:model GemaltoConfigurationKeysecureTLS
type GemaltoConfigurationKeysecureTLS struct {
// ca
// Required: true
Ca *string `json:"ca"`
}
// Validate validates this gemalto configuration keysecure TLS
func (m *GemaltoConfigurationKeysecureTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationKeysecureTLS) validateCa(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
return err
}
return nil
}
// ContextValidate validates this gemalto configuration keysecure TLS based on context it is used
func (m *GemaltoConfigurationKeysecureTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureTLS) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationKeysecureTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

138
models/gemalto_configuration_response.go
View File

@@ -135,9 +135,6 @@ type GemaltoConfigurationResponseKeysecure struct {
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// tls
TLS *GemaltoConfigurationResponseKeysecureTLS `json:"tls,omitempty"`
}
// Validate validates this gemalto configuration response keysecure
@@ -152,10 +149,6 @@ func (m *GemaltoConfigurationResponseKeysecure) Validate(formats strfmt.Registry
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -191,25 +184,6 @@ func (m *GemaltoConfigurationResponseKeysecure) validateEndpoint(formats strfmt.
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration response keysecure based on the context it is used
func (m *GemaltoConfigurationResponseKeysecure) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
@@ -218,10 +192,6 @@ func (m *GemaltoConfigurationResponseKeysecure) ContextValidate(ctx context.Cont
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -244,22 +214,6 @@ func (m *GemaltoConfigurationResponseKeysecure) contextValidateCredentials(ctx c
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecure) MarshalBinary() ([]byte, error) {
if m == nil {
@@ -353,95 +307,3 @@ func (m *GemaltoConfigurationResponseKeysecureCredentials) UnmarshalBinary(b []b
*m = res
return nil
}
// GemaltoConfigurationResponseKeysecureTLS gemalto configuration response keysecure TLS
//
// swagger:model GemaltoConfigurationResponseKeysecureTLS
type GemaltoConfigurationResponseKeysecureTLS struct {
// ca
// Required: true
Ca *CertificateInfo `json:"ca"`
}
// Validate validates this gemalto configuration response keysecure TLS
func (m *GemaltoConfigurationResponseKeysecureTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureTLS) validateCa(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
return err
}
if m.Ca != nil {
if err := m.Ca.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration response keysecure TLS based on the context it is used
func (m *GemaltoConfigurationResponseKeysecureTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCa(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error {
if m.Ca != nil {
if err := m.Ca.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureTLS) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationResponseKeysecureTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

89
models/vault_configuration.go
View File

@@ -55,9 +55,6 @@ type VaultConfiguration struct {
// status
Status *VaultConfigurationStatus `json:"status,omitempty"`
// tls
TLS *VaultConfigurationTLS `json:"tls,omitempty"`
}
// Validate validates this vault configuration
@@ -76,10 +73,6 @@ func (m *VaultConfiguration) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -134,25 +127,6 @@ func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error {
return nil
}
func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// ContextValidate validate this vault configuration based on the context it is used
func (m *VaultConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
@@ -165,10 +139,6 @@ func (m *VaultConfiguration) ContextValidate(ctx context.Context, formats strfmt
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -207,22 +177,6 @@ func (m *VaultConfiguration) contextValidateStatus(ctx context.Context, formats
return nil
}
func (m *VaultConfiguration) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
@@ -356,46 +310,3 @@ func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// VaultConfigurationTLS vault configuration TLS
//
// swagger:model VaultConfigurationTLS
type VaultConfigurationTLS struct {
// ca
Ca string `json:"ca,omitempty"`
// crt
Crt string `json:"crt,omitempty"`
// key
Key string `json:"key,omitempty"`
}
// Validate validates this vault configuration TLS
func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error {
return nil
}
// ContextValidate validates this vault configuration TLS based on context it is used
func (m *VaultConfigurationTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error {
var res VaultConfigurationTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

182
models/vault_configuration_response.go
View File

@@ -55,9 +55,6 @@ type VaultConfigurationResponse struct {
// status
Status *VaultConfigurationResponseStatus `json:"status,omitempty"`
// tls
TLS *VaultConfigurationResponseTLS `json:"tls,omitempty"`
}
// Validate validates this vault configuration response
@@ -76,10 +73,6 @@ func (m *VaultConfigurationResponse) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -134,25 +127,6 @@ func (m *VaultConfigurationResponse) validateStatus(formats strfmt.Registry) err
return nil
}
func (m *VaultConfigurationResponse) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// ContextValidate validate this vault configuration response based on the context it is used
func (m *VaultConfigurationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
@@ -165,10 +139,6 @@ func (m *VaultConfigurationResponse) ContextValidate(ctx context.Context, format
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -207,22 +177,6 @@ func (m *VaultConfigurationResponse) contextValidateStatus(ctx context.Context,
return nil
}
func (m *VaultConfigurationResponse) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponse) MarshalBinary() ([]byte, error) {
if m == nil {
@@ -356,139 +310,3 @@ func (m *VaultConfigurationResponseStatus) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// VaultConfigurationResponseTLS vault configuration response TLS
//
// swagger:model VaultConfigurationResponseTLS
type VaultConfigurationResponseTLS struct {
// ca
Ca *CertificateInfo `json:"ca,omitempty"`
// crt
Crt *CertificateInfo `json:"crt,omitempty"`
}
// Validate validates this vault configuration response TLS
func (m *VaultConfigurationResponseTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponseTLS) validateCa(formats strfmt.Registry) error {
if swag.IsZero(m.Ca) { // not required
return nil
}
if m.Ca != nil {
if err := m.Ca.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponseTLS) validateCrt(formats strfmt.Registry) error {
if swag.IsZero(m.Crt) { // not required
return nil
}
if m.Crt != nil {
if err := m.Crt.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "crt")
}
return err
}
}
return nil
}
// ContextValidate validate this vault configuration response TLS based on the context it is used
func (m *VaultConfigurationResponseTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCa(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateCrt(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponseTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error {
if m.Ca != nil {
if err := m.Ca.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponseTLS) contextValidateCrt(ctx context.Context, formats strfmt.Registry) error {
if m.Crt != nil {
if err := m.Crt.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "crt")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponseTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationResponseTLS) UnmarshalBinary(b []byte) error {
var res VaultConfigurationResponseTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

282
operatorapi/embedded_spec.go
View File

@@ -3045,10 +3045,6 @@ func init() {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gcp": {
"type": "object",
"$ref": "#/definitions/gcpConfiguration"
@@ -3060,6 +3056,24 @@ func init() {
"image": {
"type": "string"
},
"kms_mtls": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
},
"minio_mtls": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"raw": {
"type": "string"
},
@@ -3076,7 +3090,7 @@ func init() {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"server_tls": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
@@ -3115,7 +3129,20 @@ func init() {
"image": {
"type": "string"
},
"mtls_client": {
"kms_mtls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"minio_mtls": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
@@ -3129,7 +3156,7 @@ func init() {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"server_tls": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
@@ -3304,17 +3331,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "string"
}
}
}
}
}
@@ -3354,18 +3370,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
@@ -5140,20 +5144,6 @@ func init() {
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
}
}
},
@@ -5206,19 +5196,6 @@ func init() {
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
},
@@ -7748,6 +7725,33 @@ func init() {
}
}
},
"EncryptionConfigurationAO1KmsMtls": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
},
"EncryptionConfigurationResponseAO1KmsMtls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"GcpConfigurationSecretmanager": {
"type": "object",
"required": [
@@ -7824,17 +7828,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "string"
}
}
}
}
},
@@ -7857,17 +7850,6 @@ func init() {
}
}
},
"GemaltoConfigurationKeysecureTLS": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "string"
}
}
},
"GemaltoConfigurationResponseKeysecure": {
"type": "object",
"required": [
@@ -7896,18 +7878,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
},
@@ -7930,18 +7900,6 @@ func init() {
}
}
},
"GemaltoConfigurationResponseKeysecureTLS": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"IdpConfigurationActiveDirectory": {
"type": "object",
"required": [
@@ -8463,19 +8421,6 @@ func init() {
}
}
},
"VaultConfigurationResponseTLS": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"VaultConfigurationStatus": {
"type": "object",
"properties": {
@@ -8485,20 +8430,6 @@ func init() {
}
}
},
"VaultConfigurationTLS": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
},
"allocatableResourcesResponse": {
"type": "object",
"properties": {
@@ -9117,10 +9048,6 @@ func init() {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gcp": {
"type": "object",
"$ref": "#/definitions/gcpConfiguration"
@@ -9132,6 +9059,24 @@ func init() {
"image": {
"type": "string"
},
"kms_mtls": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
},
"minio_mtls": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"raw": {
"type": "string"
},
@@ -9148,7 +9093,7 @@ func init() {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"server_tls": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
@@ -9187,7 +9132,20 @@ func init() {
"image": {
"type": "string"
},
"mtls_client": {
"kms_mtls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"minio_mtls": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
@@ -9201,7 +9159,7 @@ func init() {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"server_tls": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
@@ -9376,17 +9334,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "string"
}
}
}
}
}
@@ -9426,18 +9373,6 @@ func init() {
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
@@ -11065,20 +11000,6 @@ func init() {
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "string"
},
"crt": {
"type": "string"
},
"key": {
"type": "string"
}
}
}
}
},
@@ -11131,19 +11052,6 @@ func init() {
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
},

4
operatorapi/tenant_add.go
View File

@@ -291,9 +291,9 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
// If encryption configuration is present and TLS will be enabled (using AutoCert or External certificates)
if tenantReq.Encryption != nil && canEncryptionBeEnabled {
// KES client mTLSCertificates used by MinIO instance
if tenantReq.Encryption.Client != nil {
if tenantReq.Encryption.MinioMtls != nil {
tenantExternalClientCertSecretName := fmt.Sprintf("%s-external-client-certificate-kes", tenantName)
certificates := []*models.KeyPairConfiguration{tenantReq.Encryption.Client}
certificates := []*models.KeyPairConfiguration{tenantReq.Encryption.MinioMtls}
certificateSecrets, err := createOrReplaceExternalCertSecrets(ctx, &k8sClient, ns, certificates, tenantExternalClientCertSecretName, tenantName)
if err != nil {
return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)

40
operatorapi/tenants_helper.go
View File

@@ -182,13 +182,13 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI,
}
}
}
if body.Server != nil {
if body.ServerTLS != nil {
kesExternalCertSecretName := fmt.Sprintf("%s-kes-external-cert", secretName)
if tenant.KESExternalCert() {
kesExternalCertSecretName = tenant.Spec.KES.ExternalCertSecret.Name
}
// update certificates
certificates := []*models.KeyPairConfiguration{body.Server}
certificates := []*models.KeyPairConfiguration{body.ServerTLS}
createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, kesExternalCertSecretName, tenantName)
if err != nil {
return err
@@ -197,13 +197,13 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI,
tenant.Spec.KES.ExternalCertSecret = createdCertificates[0]
}
}
if body.Client != nil {
if body.MinioMtls != nil {
tenantExternalClientCertSecretName := fmt.Sprintf("%s-tenant-external-client-cert", secretName)
if tenant.ExternalClientCert() {
tenantExternalClientCertSecretName = tenant.Spec.ExternalClientCertSecret.Name
}
// Update certificates
certificates := []*models.KeyPairConfiguration{body.Client}
certificates := []*models.KeyPairConfiguration{body.MinioMtls}
createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, tenantExternalClientCertSecretName, tenantName)
if err != nil {
return err
@@ -309,7 +309,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
return nil, err
}
if len(kesExternalCerts) > 0 {
encryptConfig.Server = kesExternalCerts[0]
encryptConfig.ServerTLS = kesExternalCerts[0]
}
}
if tenant.ExternalClientCert() {
@@ -318,7 +318,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
return nil, err
}
if len(clientCerts) > 0 {
encryptConfig.MtlsClient = clientCerts[0]
encryptConfig.MinioMtls = clientCerts[0]
}
}
@@ -357,7 +357,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
}
}
if tenant.KESClientCert() {
vaultConfig.TLS = &models.VaultConfigurationResponseTLS{}
encryptConfig.KmsMtls = &models.EncryptionConfigurationResponseAO1KmsMtls{}
clientSecretName := tenant.Spec.KES.ClientCertSecret.Name
keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{})
if err != nil {
@@ -365,14 +365,14 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
}
// Extract client public certificate
if rawCert, ok := keyPair.Data["client.crt"]; ok {
vaultConfig.TLS.Crt, err = parseCertificate(clientSecretName, rawCert)
encryptConfig.KmsMtls.Crt, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
}
// Extract client ca certificate
if rawCert, ok := keyPair.Data["ca.crt"]; ok {
vaultConfig.TLS.Ca, err = parseCertificate(clientSecretName, rawCert)
encryptConfig.KmsMtls.Ca, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
@@ -420,7 +420,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
}
if gemalto.KeySecure.TLS != nil {
if tenant.KESClientCert() {
gemaltoConfig.Keysecure.TLS = &models.GemaltoConfigurationResponseKeysecureTLS{}
encryptConfig.KmsMtls = &models.EncryptionConfigurationResponseAO1KmsMtls{}
clientSecretName := tenant.Spec.KES.ClientCertSecret.Name
keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{})
if err != nil {
@@ -428,7 +428,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
}
// Extract client ca certificate
if rawCert, ok := keyPair.Data["ca.crt"]; ok {
gemaltoConfig.Keysecure.TLS.Ca, err = parseCertificate(clientSecretName, rawCert)
encryptConfig.KmsMtls.Ca, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
@@ -511,8 +511,8 @@ func getKESConfiguration(ctx context.Context, clientSet K8sClientI, ns string, e
}
}
// Generate server certificates for KES
if encryptionCfg.Server != nil {
certificates := []*models.KeyPairConfiguration{encryptionCfg.Server}
if encryptionCfg.ServerTLS != nil {
certificates := []*models.KeyPairConfiguration{encryptionCfg.ServerTLS}
certificateSecrets, err := createOrReplaceExternalCertSecrets(ctx, clientSet, ns, certificates, kesExternalCertSecretName, tenantName)
if err != nil {
return nil, err
@@ -633,9 +633,9 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
// and pass it to KES via the ${MINIO_KES_IDENTITY} variable
clientCrtIdentity := "${MINIO_KES_IDENTITY}"
// If a client certificate is provided proceed to calculate the identity
if encryptionCfg.Client != nil {
if encryptionCfg.MinioMtls != nil {
// Client certificate for KES used by Minio to mTLS
clientTLSCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.Client.Crt)
clientTLSCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.MinioMtls.Crt)
if err != nil {
return nil, nil, err
}
@@ -717,8 +717,8 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
return nil, nil, errors.New("approle credentials missing for kes")
}
// Vault mTLS kesConfiguration
if encryptionCfg.Vault.TLS != nil {
vaultTLSConfig := encryptionCfg.Vault.TLS
if encryptionCfg.KmsMtls != nil {
vaultTLSConfig := encryptionCfg.KmsMtls
kesConfig.Keys.Vault.TLS = &kes.VaultTLS{}
if vaultTLSConfig.Crt != "" {
clientCrt, err := base64.StdEncoding.DecodeString(vaultTLSConfig.Crt)
@@ -773,9 +773,9 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
if encryptionCfg.Gemalto.Keysecure != nil {
kesConfig.Keys.Gemalto.KeySecure.Endpoint = *encryptionCfg.Gemalto.Keysecure.Endpoint
// Gemalto TLS kesConfiguration
if encryptionCfg.Gemalto.Keysecure.TLS != nil {
if encryptionCfg.Gemalto.Keysecure.TLS.Ca != nil {
caCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.Gemalto.Keysecure.TLS.Ca)
if encryptionCfg.KmsMtls != nil {
if encryptionCfg.KmsMtls.Ca != "" {
caCrt, err := base64.StdEncoding.DecodeString(encryptionCfg.KmsMtls.Ca)
if err != nil {
return nil, nil, err
}

16
operatorapi/tenants_helper_test.go
View File

@@ -289,7 +289,7 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) {
ctx: context.Background(),
clientSet: k8sClient,
encryptionCfg: &models.EncryptionConfiguration{
Client: &models.KeyPairConfiguration{
MinioMtls: &models.KeyPairConfiguration{
Crt: &badCrt,
Key: &badKey,
},
@@ -312,7 +312,7 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) {
ctx: context.Background(),
clientSet: k8sClient,
encryptionCfg: &models.EncryptionConfiguration{
Client: &models.KeyPairConfiguration{
MinioMtls: &models.KeyPairConfiguration{
Crt: &key, // will cause an error because we are passing a private key as the public key
Key: &key,
},
@@ -335,10 +335,15 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) {
ctx: context.Background(),
clientSet: k8sClient,
encryptionCfg: &models.EncryptionConfiguration{
Client: &models.KeyPairConfiguration{
MinioMtls: &models.KeyPairConfiguration{
Crt: &crt,
Key: &key,
},
KmsMtls: &models.EncryptionConfigurationAO1KmsMtls{
Ca: crt,
Crt: crt,
Key: key,
},
Vault: &models.VaultConfiguration{
Approle: &models.VaultConfigurationApprole{
Engine: "",
@@ -351,11 +356,6 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) {
Namespace: "",
Prefix: "",
Status: nil,
TLS: &models.VaultConfigurationTLS{
Ca: crt,
Crt: crt,
Key: key,
},
},
},
ns: "default",

7
portal-ui/src/screens/Console/Common/TLSCertificate/TLSCertificate.tsx
View File

@@ -140,8 +140,11 @@ const TLSCertificate = ({
<span className="label">{`${certificates.length} Domain (s):`}</span>
</Box>
<List className={classes.certificatesList}>
{certificates.map((dom) => (
<ListItem className={classes.certificatesListItem}>
{certificates.map((dom, index) => (
<ListItem
key={`${dom}-${index}`}
className={classes.certificatesListItem}
>
<ListItemAvatar>
<LanguageIcon />
</ListItemAvatar>

116
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx
View File

@@ -40,8 +40,10 @@ import {
} from "../../../../../utils/validationFunctions";
import SectionH1 from "../../../Common/SectionH1";
import {
addFileClientCert,
addFileServerCert,
addFileMinIOMTLSCert,
addFileKESServerCert,
addFileKMSCa,
addFileKMSMTLSCert,
isPageValid,
updateAddField,
} from "../createTenantSlice";
@@ -135,13 +137,18 @@ const Encryption = ({ classes }: IEncryptionProps) => {
const minioServerCertificates = useSelector(
(state: AppState) => state.createTenant.certificates.minioServerCertificates
);
const serverCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.serverCertificate
const kesServerCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.kesServerCertificate
);
const clientCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.clientCertificate
const minioMTLSCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.minioMTLSCertificate
);
const kmsMTLSCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.kmsMTLSCertificate
);
const kmsCA = useSelector(
(state: AppState) => state.createTenant.certificates.kmsCA
);
const enableCustomCerts = useSelector(
(state: AppState) => state.createTenant.fields.security.enableCustomCerts
);
@@ -231,22 +238,22 @@ const Encryption = ({ classes }: IEncryptionProps) => {
{
fieldKey: "serverKey",
required: !enableAutoCert,
value: serverCertificate.encoded_key,
value: kesServerCertificate.encoded_key,
},
{
fieldKey: "serverCert",
required: !enableAutoCert,
value: serverCertificate.encoded_cert,
value: kesServerCertificate.encoded_cert,
},
{
fieldKey: "clientKey",
required: !enableAutoCert,
value: clientCertificate.encoded_key,
value: minioMTLSCertificate.encoded_key,
},
{
fieldKey: "clientCert",
required: !enableAutoCert,
value: clientCertificate.encoded_cert,
value: minioMTLSCertificate.encoded_cert,
},
];
}
@@ -275,10 +282,10 @@ const Encryption = ({ classes }: IEncryptionProps) => {
dispatch,
enableAutoCert,
enableCustomCerts,
serverCertificate.encoded_key,
serverCertificate.encoded_cert,
clientCertificate.encoded_key,
clientCertificate.encoded_cert,
kesServerCertificate.encoded_key,
kesServerCertificate.encoded_cert,
minioMTLSCertificate.encoded_key,
minioMTLSCertificate.encoded_cert,
kesSecurityContext,
replicas,
]);
@@ -407,12 +414,12 @@ const Encryption = ({ classes }: IEncryptionProps) => {
<Grid item xs={12} style={{ marginBottom: 15 }}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Encryption Service Certificates
Encryption server certificates
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileServerCert({
addFileKESServerCert({
key: "key",
fileName: fileName,
value: encodedValue,
@@ -425,13 +432,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
name="serverKey"
label="Key"
error={validationErrors["serverKey"] || ""}
value={serverCertificate.key}
value={kesServerCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileServerCert({
addFileKESServerCert({
key: "cert",
fileName: fileName,
value: encodedValue,
@@ -444,7 +451,7 @@ const Encryption = ({ classes }: IEncryptionProps) => {
name="serverCert"
label="Cert"
error={validationErrors["serverCert"] || ""}
value={serverCertificate.cert}
value={kesServerCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
@@ -454,12 +461,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication with MinIO
MinIO mTLS certificates (connection between MinIO and
the Encryption server)
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileClientCert({
addFileMinIOMTLSCert({
key: "key",
fileName: fileName,
value: encodedValue,
@@ -472,13 +480,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
name="clientKey"
label="Key"
error={validationErrors["clientKey"] || ""}
value={clientCertificate.key}
value={minioMTLSCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileClientCert({
addFileMinIOMTLSCert({
key: "cert",
fileName: fileName,
value: encodedValue,
@@ -491,12 +499,70 @@ const Encryption = ({ classes }: IEncryptionProps) => {
name="clientCert"
label="Cert"
error={validationErrors["clientCert"] || ""}
value={clientCertificate.cert}
value={minioMTLSCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
</Grid>
</Grid>
<Grid container className={classes.mutualTlsConfig}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
KMS mTLS certificates (connection between the Encryption
server and the KMS)
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileKMSMTLSCert({
key: "key",
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_key");
}}
accept=".key,.pem"
id="vault_key"
name="vault_key"
label="Key"
value={kmsMTLSCertificate.key}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileKMSMTLSCert({
key: "cert",
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_cert");
}}
accept=".cer,.crt,.cert,.pem"
id="vault_cert"
name="vault_cert"
label="Cert"
value={kmsMTLSCertificate.cert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileKMSCa({
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_ca");
}}
accept=".cer,.crt,.cert,.pem"
id="vault_ca"
name="vault_ca"
label="CA"
value={kmsCA.cert}
/>
</fieldset>
</Grid>
</Fragment>
)}
<Grid item xs={12}>

40
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/GemaltoKMSAdd.tsx
View File

@@ -28,12 +28,7 @@ import {
wizardCommon,
} from "../../../../Common/FormComponents/common/styleLibrary";
import makeStyles from "@mui/styles/makeStyles";
import FileSelector from "../../../../Common/FormComponents/FileSelector/FileSelector";
import {
addFileGemaltoCa,
isPageValid,
updateAddField,
} from "../../createTenantSlice";
import { isPageValid, updateAddField } from "../../createTenantSlice";
import {
commonFormValidation,
IValidation,
@@ -56,9 +51,6 @@ const GemaltoKMSAdd = () => {
const encryptionTab = useSelector(
(state: AppState) => state.createTenant.fields.encryption.encryptionTab
);
const gemaltoCA = useSelector(
(state: AppState) => state.createTenant.certificates.gemaltoCA
);
const gemaltoEndpoint = useSelector(
(state: AppState) => state.createTenant.fields.encryption.gemaltoEndpoint
);
@@ -209,36 +201,6 @@ const GemaltoKMSAdd = () => {
</Grid>
</fieldset>
</Grid>
<Grid
item
xs={12}
style={{
marginBottom: 15,
}}
>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Custom CA Root certificate verification
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileGemaltoCa({
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("gemalto_ca");
}}
accept=".cer,.crt,.cert,.pem"
id="gemalto_ca"
name="gemalto_ca"
label="CA"
value={gemaltoCA.cert}
/>
</fieldset>
</Grid>
</Fragment>
);
};

72
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/VaultKMSAdd.tsx
View File

@@ -18,13 +18,7 @@ import React, { Fragment, useCallback, useEffect, useState } from "react";
import Grid from "@mui/material/Grid";
import InputBoxWrapper from "../../../../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
import FileSelector from "../../../../Common/FormComponents/FileSelector/FileSelector";
import {
addFileVaultCa,
addFileVaultCert,
isPageValid,
updateAddField,
} from "../../createTenantSlice";
import { isPageValid, updateAddField } from "../../createTenantSlice";
import { useSelector } from "react-redux";
import { AppState, useAppDispatch } from "../../../../../../store";
import { Theme } from "@mui/material/styles";
@@ -85,12 +79,6 @@ const VaultKMSAdd = () => {
const vaultPing = useSelector(
(state: AppState) => state.createTenant.fields.encryption.vaultPing
);
const vaultCertificate = useSelector(
(state: AppState) => state.createTenant.certificates.vaultCertificate
);
const vaultCA = useSelector(
(state: AppState) => state.createTenant.certificates.vaultCA
);
const [validationErrors, setValidationErrors] = useState<any>({});
@@ -278,64 +266,6 @@ const VaultKMSAdd = () => {
</Grid>
</fieldset>
</Grid>
<Grid container className={classes.mutualTlsConfig}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication (optional)
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileVaultCert({
key: "key",
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_key");
}}
accept=".key,.pem"
id="vault_key"
name="vault_key"
label="Key"
value={vaultCertificate.key}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileVaultCert({
key: "cert",
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_cert");
}}
accept=".cer,.crt,.cert,.pem"
id="vault_cert"
name="vault_cert"
label="Cert"
value={vaultCertificate.cert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
dispatch(
addFileVaultCa({
fileName: fileName,
value: encodedValue,
})
);
cleanValidation("vault_ca");
}}
accept=".cer,.crt,.cert,.pem"
id="vault_ca"
name="vault_ca"
label="CA"
value={vaultCA.cert}
/>
</fieldset>
</Grid>
<Grid
item
xs={12}

129
portal-ui/src/screens/Console/Tenants/AddTenant/createTenantSlice.ts
View File

@@ -323,52 +323,29 @@ const initialState: ICreateTenant = {
encoded_cert: "",
},
],
consoleCaCertificates: [
{
id: Date.now().toString(),
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
],
consoleCertificate: {
id: "console_cert_pair",
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
serverCertificate: {
kesServerCertificate: {
id: "encryptionServerCertificate",
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
clientCertificate: {
minioMTLSCertificate: {
id: "encryptionClientCertificate",
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
vaultCertificate: {
id: "encryptionVaultCertificate",
kmsMTLSCertificate: {
id: "encryptionKMSMTLSCertificate",
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
vaultCA: {
id: "encryptionVaultCA",
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
},
gemaltoCA: {
id: "encryptionGemaltoCA",
kmsCA: {
id: "encryptionKMSCA",
key: "",
cert: "",
encoded_key: "",
@@ -656,91 +633,38 @@ export const createTenantSlice = createSlice({
);
}
},
addConsoleCertificate: (state, action: PayloadAction<CertificateFile>) => {
const consoleCert = state.certificates.consoleCertificate;
state.certificates.consoleCertificate = {
...consoleCert,
[action.payload.key]: action.payload.fileName,
[`encoded_${action.payload.key}`]: action.payload.value,
};
},
addConsoleCaCertificate: (state) => {
state.certificates.consoleCaCertificates.push({
id: Date.now().toString(),
key: "",
cert: "",
encoded_key: "",
encoded_cert: "",
});
},
addFileToConsoleCaCertificates: (
state,
action: PayloadAction<CertificateFile>
) => {
const consoleCaCertificates = state.certificates.consoleCaCertificates;
addFileKESServerCert: (state, action: PayloadAction<KeyFileValue>) => {
const encServerCert = state.certificates.kesServerCertificate;
state.certificates.consoleCaCertificates = consoleCaCertificates.map(
(item: KeyPair) => {
if (item.id === action.payload.id) {
return {
...item,
[action.payload.key]: action.payload.fileName,
[`encoded_${action.payload.key}`]: action.payload.value,
};
}
return item;
}
);
},
deleteConsoleCaCertificate: (state, action: PayloadAction<string>) => {
const consoleCACertsList = state.certificates.consoleCaCertificates;
if (consoleCACertsList.length > 1) {
state.certificates.consoleCaCertificates = consoleCACertsList.filter(
(item: KeyPair) => item.id !== action.payload
);
}
},
addFileServerCert: (state, action: PayloadAction<KeyFileValue>) => {
const encServerCert = state.certificates.serverCertificate;
state.certificates.serverCertificate = {
state.certificates.kesServerCertificate = {
...encServerCert,
[action.payload.key]: action.payload.fileName,
[`encoded_${action.payload.key}`]: action.payload.value,
};
},
addFileClientCert: (state, action: PayloadAction<KeyFileValue>) => {
const encClientCert = state.certificates.clientCertificate;
addFileMinIOMTLSCert: (state, action: PayloadAction<KeyFileValue>) => {
const encClientCert = state.certificates.minioMTLSCertificate;
state.certificates.clientCertificate = {
state.certificates.minioMTLSCertificate = {
...encClientCert,
[action.payload.key]: action.payload.fileName,
[`encoded_${action.payload.key}`]: action.payload.value,
};
},
addFileVaultCert: (state, action: PayloadAction<KeyFileValue>) => {
const encVaultCert = state.certificates.vaultCertificate;
addFileKMSMTLSCert: (state, action: PayloadAction<KeyFileValue>) => {
const encKMSTLSCert = state.certificates.kmsMTLSCertificate;
state.certificates.vaultCertificate = {
...encVaultCert,
state.certificates.kmsMTLSCertificate = {
...encKMSTLSCert,
[action.payload.key]: action.payload.fileName,
[`encoded_${action.payload.key}`]: action.payload.value,
};
},
addFileVaultCa: (state, action: PayloadAction<FileValue>) => {
const encVaultCA = state.certificates.vaultCA;
addFileKMSCa: (state, action: PayloadAction<FileValue>) => {
const encKMSCA = state.certificates.kmsCA;
state.certificates.vaultCA = {
...encVaultCA,
cert: action.payload.fileName,
encoded_cert: action.payload.value,
};
},
addFileGemaltoCa: (state, action: PayloadAction<FileValue>) => {
const encGemaltoCA = state.certificates.gemaltoCA;
state.certificates.gemaltoCA = {
...encGemaltoCA,
state.certificates.kmsCA = {
...encKMSCA,
cert: action.payload.fileName,
encoded_cert: action.payload.value,
};
@@ -1038,21 +962,16 @@ export const {
addCaCertificate,
deleteCaCertificate,
addFileToCaCertificates,
addConsoleCaCertificate,
deleteConsoleCaCertificate,
addFileToConsoleCaCertificates,
addKeyPair,
deleteKeyPair,
addFileToKeyPair,
addClientKeyPair,
deleteClientKeyPair,
addFileToClientKeyPair,
addConsoleCertificate,
addFileServerCert,
addFileClientCert,
addFileVaultCert,
addFileVaultCa,
addFileGemaltoCa,
addFileKESServerCert,
addFileMinIOMTLSCert,
addFileKMSMTLSCert,
addFileKMSCa,
resetAddTenantForm,
setKeyValuePairs,
setEnvVars,

98
portal-ui/src/screens/Console/Tenants/AddTenant/thunks/createTenantThunk.ts
View File

@@ -65,11 +65,10 @@ export const createTenantAsync = createAsyncThunk(
const minioServerCertificates = certificates.minioServerCertificates;
const minioClientCertificates = certificates.minioClientCertificates;
const minioCAsCertificates = certificates.minioCAsCertificates;
const serverCertificate = certificates.serverCertificate;
const clientCertificate = certificates.clientCertificate;
const vaultCertificate = certificates.vaultCertificate;
const vaultCA = certificates.vaultCA;
const gemaltoCA = certificates.gemaltoCA;
const kesServerCertificate = certificates.kesServerCertificate;
const minioMTLSCertificate = certificates.minioMTLSCertificate;
const kmsMTLSCertificate = certificates.kmsMTLSCertificate;
const kmsCA = certificates.kmsCA;
const rawConfiguration = fields.encryption.rawConfiguration;
const encryptionTab = fields.encryption.encryptionTab;
const enableEncryption = fields.encryption.enableEncryption;
@@ -346,13 +345,6 @@ export const createTenantAsync = createAsyncThunk(
switch (encryptionType) {
case "gemalto":
let gemaltoCAIntroduce = {};
if (gemaltoCA.encoded_cert !== "") {
gemaltoCAIntroduce = {
ca: gemaltoCA.encoded_cert,
};
}
insertEncrypt = {
gemalto: {
keysecure: {
@@ -362,9 +354,6 @@ export const createTenantAsync = createAsyncThunk(
domain: gemaltoDomain,
retry: parseInt(gemaltoRetry),
},
tls: {
...gemaltoCAIntroduce,
},
},
},
};
@@ -416,31 +405,6 @@ export const createTenantAsync = createAsyncThunk(
};
break;
case "vault":
let vaultKeyPair = null;
let vaultCAInsert = null;
if (
vaultCertificate.encoded_key !== "" &&
vaultCertificate.encoded_cert !== ""
) {
vaultKeyPair = {
key: vaultCertificate.encoded_key,
crt: vaultCertificate.encoded_cert,
};
}
if (vaultCA.encoded_cert !== "") {
vaultCAInsert = {
ca: vaultCA.encoded_cert,
};
}
let vaultTLS = null;
if (vaultKeyPair || vaultCAInsert) {
vaultTLS = {
tls: {
...vaultKeyPair,
...vaultCAInsert,
},
};
}
insertEncrypt = {
vault: {
endpoint: vaultEndpoint,
@@ -453,7 +417,6 @@ export const createTenantAsync = createAsyncThunk(
secret: vaultSecret,
retry: parseInt(vaultRetry),
},
...vaultTLS,
status: {
ping: parseInt(vaultPing),
},
@@ -464,27 +427,56 @@ export const createTenantAsync = createAsyncThunk(
let encryptionServerKeyPair: any = {};
let encryptionClientKeyPair: any = {};
let encryptionKMSCertificates: any = {};
// MinIO -> KES (mTLS certificates)
if (
clientCertificate.encoded_key !== "" &&
clientCertificate.encoded_cert !== ""
minioMTLSCertificate.encoded_key !== "" &&
minioMTLSCertificate.encoded_cert !== ""
) {
encryptionClientKeyPair = {
client: {
key: clientCertificate.encoded_key,
crt: clientCertificate.encoded_cert,
minio_mtls: {
key: minioMTLSCertificate.encoded_key,
crt: minioMTLSCertificate.encoded_cert,
},
};
}
// KES server certificates
if (
serverCertificate.encoded_key !== "" &&
serverCertificate.encoded_cert !== ""
kesServerCertificate.encoded_key !== "" &&
kesServerCertificate.encoded_cert !== ""
) {
encryptionServerKeyPair = {
server: {
key: serverCertificate.encoded_key,
crt: serverCertificate.encoded_cert,
server_tls: {
key: kesServerCertificate.encoded_key,
crt: kesServerCertificate.encoded_cert,
},
};
}
// KES -> KMS (mTLS certificates)
let kmsMTLSKeyPair = null;
let kmsCAInsert = null;
if (
kmsMTLSCertificate.encoded_key !== "" &&
kmsMTLSCertificate.encoded_cert !== ""
) {
kmsMTLSKeyPair = {
key: kmsMTLSCertificate.encoded_key,
crt: kmsMTLSCertificate.encoded_cert,
};
}
if (kmsCA.encoded_cert !== "") {
kmsCAInsert = {
ca: kmsCA.encoded_cert,
};
}
if (kmsMTLSKeyPair || kmsCAInsert) {
encryptionKMSCertificates = {
kms_mtls: {
...kmsMTLSKeyPair,
...kmsCAInsert,
},
};
}
@@ -498,6 +490,7 @@ export const createTenantAsync = createAsyncThunk(
image: kesImage,
...encryptionClientKeyPair,
...encryptionServerKeyPair,
...encryptionKMSCertificates,
...insertEncrypt,
},
};
@@ -583,7 +576,7 @@ export const createTenantAsync = createAsyncThunk(
idp: { ...dataIDP },
};
const response = createTenantCall(dataSend)
return createTenantCall(dataSend)
.then((resp) => {
return resp;
})
@@ -591,6 +584,5 @@ export const createTenantAsync = createAsyncThunk(
dispatch(setErrorSnackMessage(err));
return rejectWithValue(err);
});
return response;
}
);

440
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx
View File

@@ -97,7 +97,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
useState<string>("");
const [encryptionEnabled, setEncryptionEnabled] = useState<boolean>(false);
const [encryptionType, setEncryptionType] = useState<string>("vault");
const [replicas, setReplicas] = useState<string>("2");
const [replicas, setReplicas] = useState<string>("1");
const [image, setImage] = useState<string>("");
const [refreshEncryptionInfo, setRefreshEncryptionInfo] =
useState<boolean>(false);
@@ -116,11 +116,12 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
const [enabledCustomCertificates, setEnabledCustomCertificates] =
useState<boolean>(false);
const [updatingEncryption, setUpdatingEncryption] = useState<boolean>(false);
const [serverTLSCertificateSecret, setServerTLSCertificateSecret] =
const [kesServerTLSCertificateSecret, setKesServerTLSCertificateSecret] =
useState<ICertificateInfo | null>(null);
const [mTLSCertificateSecret, setMTLSCertificateSecret] =
const [minioMTLSCertificateSecret, setMinioMTLSCertificateSecret] =
useState<ICertificateInfo | null>(null);
const [mTLSCertificate, setMTLSCertificate] = useState<KeyPair | null>(null);
const [minioMTLSCertificate, setMinioMTLSCertificate] =
useState<KeyPair | null>(null);
const [certificatesToBeRemoved, setCertificatesToBeRemoved] = useState<
string[]
>([]);
@@ -128,22 +129,18 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
const [isFormValid, setIsFormValid] = useState<boolean>(false);
const [showVaultAppRoleSecret, setShowVaultAppRoleSecret] =
useState<boolean>(false);
const [vaultClientCertificateSecret, setVaultClientCertificateSecret] =
const [kmsMTLSCertificateSecret, setKmsMTLSCertificateSecret] =
useState<ICertificateInfo | null>(null);
const [vaultCACertificateSecret, setVaultCACertificateSecret] =
const [kmsCACertificateSecret, setKMSCACertificateSecret] =
useState<ICertificateInfo | null>(null);
const [vaultClientCertificate, setVaultClientCertificate] =
useState<KeyPair | null>(null);
const [serverCertificate, setServerCertificate] = useState<KeyPair | null>(
const [kmsMTLSCertificate, setKmsMTLSCertificate] = useState<KeyPair | null>(
null
);
const [vaultCACertificate, setVaultCACertificate] = useState<KeyPair | null>(
const [kesServerCertificate, setKESServerCertificate] =
useState<KeyPair | null>(null);
const [kmsCACertificate, setKmsCACertificate] = useState<KeyPair | null>(
null
);
const [gemaltoCACertificateSecret, setGemaltoCACertificateSecret] =
useState<ICertificateInfo | null>(null);
const [gemaltoCACertificate, setGemaltotCACertificate] =
useState<KeyPair | null>(null);
const [validationErrors, setValidationErrors] = useState<any>({});
const cleanValidation = (fieldName: string) => {
setValidationErrors(clearValidationError(validationErrors, fieldName));
@@ -199,22 +196,22 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
{
fieldKey: "serverKey",
required: false,
value: serverCertificate?.encoded_key || "",
value: kesServerCertificate?.encoded_key || "",
},
{
fieldKey: "serverCert",
required: false,
value: serverCertificate?.encoded_cert || "",
value: kesServerCertificate?.encoded_cert || "",
},
{
fieldKey: "clientKey",
required: false,
value: mTLSCertificate?.encoded_key || "",
value: minioMTLSCertificate?.encoded_key || "",
},
{
fieldKey: "clientCert",
required: false,
value: mTLSCertificate?.encoded_cert || "",
value: minioMTLSCertificate?.encoded_cert || "",
},
];
}
@@ -345,14 +342,14 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
enabledCustomCertificates,
encryptionEnabled,
encryptionType,
serverCertificate?.encoded_key,
serverCertificate?.encoded_cert,
mTLSCertificate?.encoded_key,
mTLSCertificate?.encoded_cert,
vaultClientCertificate?.encoded_key,
vaultClientCertificate?.encoded_cert,
vaultCACertificate?.encoded_key,
vaultCACertificate?.encoded_cert,
kesServerCertificate?.encoded_key,
kesServerCertificate?.encoded_cert,
minioMTLSCertificate?.encoded_key,
minioMTLSCertificate?.encoded_cert,
kmsMTLSCertificate?.encoded_key,
kmsMTLSCertificate?.encoded_cert,
kmsCACertificate?.encoded_key,
kmsCACertificate?.encoded_cert,
securityContext,
vaultConfiguration,
awsConfiguration,
@@ -375,19 +372,12 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
if (resp.vault) {
setEncryptionType("vault");
setVaultConfiguration(resp.vault);
if (resp.vault.tls) {
setVaultClientCertificateSecret(resp.vault.tls.crt);
setVaultCACertificateSecret(resp.vault.tls.ca);
}
} else if (resp.aws) {
setEncryptionType("aws");
setAWSConfiguration(resp.aws);
} else if (resp.gemalto) {
setEncryptionType("gemalto");
setGemaltoConfiguration(resp.gemalto);
if (resp.gemalto.keysecure.tls) {
setGemaltoCACertificateSecret(resp.gemalto.keysecure.tls.ca);
}
} else if (resp.gcp) {
setEncryptionType("gcp");
setGCPConfiguration(resp.gcp);
@@ -402,14 +392,18 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
if (resp.securityContext) {
setSecurityContext(resp.securityContext);
}
if (resp.server || resp.mtls_client) {
if (resp.server_tls || resp.minio_mtls || resp.kms_mtls) {
setEnabledCustomCertificates(true);
}
if (resp.server) {
setServerTLSCertificateSecret(resp.server);
if (resp.server_tls) {
setKesServerTLSCertificateSecret(resp.server_tls);
}
if (resp.mtls_client) {
setMTLSCertificateSecret(resp.mtls_client);
if (resp.minio_mtls) {
setMinioMTLSCertificateSecret(resp.minio_mtls);
}
if (resp.kms_mtls) {
setKmsMTLSCertificateSecret(resp.kms_mtls.crt);
setKMSCACertificateSecret(resp.kms_mtls.ca);
}
setRefreshEncryptionInfo(false);
})
@@ -430,20 +424,17 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
...certificatesToBeRemoved,
certificateInfo.name,
]);
if (certificateInfo.name === serverTLSCertificateSecret?.name) {
setServerTLSCertificateSecret(null);
if (certificateInfo.name === kesServerTLSCertificateSecret?.name) {
setKesServerTLSCertificateSecret(null);
}
if (certificateInfo.name === mTLSCertificateSecret?.name) {
setMTLSCertificateSecret(null);
if (certificateInfo.name === minioMTLSCertificateSecret?.name) {
setMinioMTLSCertificateSecret(null);
}
if (certificateInfo.name === vaultClientCertificateSecret?.name) {
setVaultClientCertificateSecret(null);
if (certificateInfo.name === kmsMTLSCertificateSecret?.name) {
setKmsMTLSCertificateSecret(null);
}
if (certificateInfo.name === vaultCACertificateSecret?.name) {
setVaultCACertificateSecret(null);
}
if (certificateInfo.name === gemaltoCACertificateSecret?.name) {
setGemaltoCACertificateSecret(null);
if (certificateInfo.name === kmsCACertificateSecret?.name) {
setKMSCACertificateSecret(null);
}
};
@@ -452,15 +443,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
let insertEncrypt = {};
switch (encryptionType) {
case "gemalto":
let gemaltoCAIntroduce = {};
if (gemaltoCACertificate?.encoded_cert) {
gemaltoCAIntroduce = {
tls: {
ca: gemaltoCACertificate?.encoded_cert,
},
};
}
insertEncrypt = {
gemalto: {
keysecure: {
@@ -474,7 +456,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
gemaltoConfiguration?.keysecure?.credentials?.retry
),
},
...gemaltoCAIntroduce,
},
},
};
@@ -543,31 +524,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
};
break;
case "vault":
let vaultKeyPair = null;
let vaultCAInsert = null;
if (
vaultClientCertificate?.encoded_key &&
vaultClientCertificate?.encoded_cert
) {
vaultKeyPair = {
key: vaultClientCertificate?.encoded_key,
crt: vaultClientCertificate?.encoded_cert,
};
}
if (vaultCACertificate?.encoded_cert) {
vaultCAInsert = {
ca: vaultCACertificate?.encoded_cert,
};
}
let vaultTLS = null;
if (vaultKeyPair || vaultCAInsert) {
vaultTLS = {
tls: {
...vaultKeyPair,
...vaultCAInsert,
},
};
}
insertEncrypt = {
vault: {
endpoint: vaultConfiguration?.endpoint || "",
@@ -580,7 +536,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
secret: vaultConfiguration?.approle?.secret || "",
retry: parseInt(vaultConfiguration?.approle?.retry),
},
...vaultTLS,
status: {
ping: parseInt(vaultConfiguration?.status?.ping),
},
@@ -591,24 +546,57 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
let encryptionServerKeyPair: any = {};
let encryptionClientKeyPair: any = {};
let encryptionKMSCertificates: any = {};
if (mTLSCertificate?.encoded_key && mTLSCertificate?.encoded_cert) {
// MinIO -> KES (mTLS certificates)
if (
minioMTLSCertificate?.encoded_key &&
minioMTLSCertificate?.encoded_cert
) {
encryptionClientKeyPair = {
client: {
key: mTLSCertificate?.encoded_key,
crt: mTLSCertificate?.encoded_cert,
minio_mtls: {
key: minioMTLSCertificate?.encoded_key,
crt: minioMTLSCertificate?.encoded_cert,
},
};
}
if (serverCertificate?.encoded_key && serverCertificate?.encoded_cert) {
// KES server certificates
if (
kesServerCertificate?.encoded_key &&
kesServerCertificate?.encoded_cert
) {
encryptionServerKeyPair = {
server: {
key: serverCertificate?.encoded_key,
crt: serverCertificate?.encoded_cert,
server_tls: {
key: kesServerCertificate?.encoded_key,
crt: kesServerCertificate?.encoded_cert,
},
};
}
// KES -> KMS (mTLS certificates)
let kmsMTLSKeyPair = null;
let kmsCAInsert = null;
if (kmsMTLSCertificate?.encoded_key && kmsMTLSCertificate?.encoded_cert) {
kmsMTLSKeyPair = {
key: kmsMTLSCertificate?.encoded_key,
crt: kmsMTLSCertificate?.encoded_cert,
};
}
if (kmsCACertificate?.encoded_cert) {
kmsCAInsert = {
ca: kmsCACertificate?.encoded_cert,
};
}
if (kmsMTLSKeyPair || kmsCAInsert) {
encryptionKMSCertificates = {
kms_mtls: {
...kmsMTLSKeyPair,
...kmsCAInsert,
},
};
}
const dataSend = {
raw: editRawConfiguration ? encryptionRawConfiguration : "",
secretsToBeDeleted: certificatesToBeRemoved || [],
@@ -617,6 +605,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
image: image,
...encryptionClientKeyPair,
...encryptionServerKeyPair,
...encryptionKMSCertificates,
...insertEncrypt,
};
if (!updatingEncryption) {
@@ -647,9 +636,9 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
{}
)
.then(() => {
fetchEncryptionInfo();
setConfirmOpen(false);
setUpdatingEncryption(false);
fetchEncryptionInfo();
})
.catch((err: ErrorResponseHandler) => {
setUpdatingEncryption(false);
@@ -915,92 +904,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
value={vaultConfiguration?.approle?.retry || ""}
/>
</Grid>
<Grid item xs={12}>
<SectionTitle>Vault Certificates (optional)</SectionTitle>
</Grid>
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication with Vault (optional)
</legend>
{vaultClientCertificateSecret ? (
<TLSCertificate
certificateInfo={vaultClientCertificateSecret}
onDelete={() =>
removeCertificate(vaultClientCertificateSecret)
}
/>
) : (
<Fragment>
<FileSelector
onChange={(encodedValue, fileName) =>
setVaultClientCertificate({
encoded_key: encodedValue || "",
id: vaultClientCertificate?.id || "",
key: fileName || "",
cert: vaultClientCertificate?.cert || "",
encoded_cert:
vaultClientCertificate?.encoded_cert || "",
})
}
accept=".key,.pem"
id="vault_key"
name="vault_key"
label="Key"
value={vaultClientCertificate?.key || ""}
/>
<FileSelector
onChange={(encodedValue, fileName) =>
setVaultClientCertificate({
encoded_key:
vaultClientCertificate?.encoded_key || "",
id: vaultClientCertificate?.id || "",
key: vaultClientCertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
})
}
accept=".cer,.crt,.cert,.pem"
id="vault_cert"
name="vault_cert"
label="Cert"
value={vaultClientCertificate?.cert || ""}
/>
</Fragment>
)}
</fieldset>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Vault CA certificate (optional)
</legend>
{vaultCACertificateSecret ? (
<TLSCertificate
certificateInfo={vaultCACertificateSecret}
onDelete={() =>
removeCertificate(vaultCACertificateSecret)
}
/>
) : (
<FileSelector
onChange={(encodedValue, fileName) =>
setVaultCACertificate({
encoded_key:
vaultCACertificate?.encoded_key || "",
id: vaultCACertificate?.id || "",
key: vaultCACertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
})
}
accept=".cer,.crt,.cert,.pem"
id="vault_ca"
name="vault_ca"
label="CA"
value={vaultCACertificate?.cert || ""}
/>
)}
</fieldset>
</Grid>
<Grid item xs={12}>
<SectionTitle>Status</SectionTitle>
</Grid>
@@ -1494,45 +1397,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
error={validationErrors["gemalto_retry"] || ""}
/>
</Grid>
<Grid
item
xs={12}
style={{
marginBottom: 15,
}}
>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Custom CA Root certificate verification
</legend>
{gemaltoCACertificateSecret ? (
<TLSCertificate
certificateInfo={gemaltoCACertificateSecret}
onDelete={() =>
removeCertificate(gemaltoCACertificateSecret)
}
/>
) : (
<FileSelector
onChange={(encodedValue, fileName) =>
setGemaltotCACertificate({
encoded_key:
gemaltoCACertificate?.encoded_key || "",
id: gemaltoCACertificate?.id || "",
key: gemaltoCACertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
})
}
accept=".cer,.crt,.cert,.pem"
id="gemalto_ca"
name="gemalto_ca"
label="CA"
value={gemaltoCACertificate?.cert || ""}
/>
)}
</fieldset>
</Grid>
</Fragment>
)}
</Fragment>
@@ -1558,26 +1422,26 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
KES server TLS Certificates (optional)
Encryption server certificates
</legend>
{serverTLSCertificateSecret ? (
{kesServerTLSCertificateSecret ? (
<TLSCertificate
certificateInfo={serverTLSCertificateSecret}
certificateInfo={kesServerTLSCertificateSecret}
onDelete={() =>
removeCertificate(serverTLSCertificateSecret)
removeCertificate(kesServerTLSCertificateSecret)
}
/>
) : (
<Fragment>
<FileSelector
onChange={(encodedValue, fileName) => {
setServerCertificate({
setKESServerCertificate({
encoded_key: encodedValue || "",
id: serverCertificate?.id || "",
id: kesServerCertificate?.id || "",
key: fileName || "",
cert: serverCertificate?.cert || "",
cert: kesServerCertificate?.cert || "",
encoded_cert:
serverCertificate?.encoded_cert || "",
kesServerCertificate?.encoded_cert || "",
});
cleanValidation("serverKey");
}}
@@ -1585,14 +1449,15 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
id="serverKey"
name="serverKey"
label="Key"
value={serverCertificate?.key}
value={kesServerCertificate?.key}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
setServerCertificate({
encoded_key: serverCertificate?.encoded_key || "",
id: serverCertificate?.id || "",
key: serverCertificate?.key || "",
setKESServerCertificate({
encoded_key:
kesServerCertificate?.encoded_key || "",
id: kesServerCertificate?.id || "",
key: kesServerCertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
});
@@ -1602,7 +1467,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
id="serverCert"
name="serverCert"
label="Cert"
value={serverCertificate?.cert}
value={kesServerCertificate?.cert}
/>
</Fragment>
)}
@@ -1611,25 +1476,27 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication with MinIO (optional)
MinIO mTLS certificates (connection between MinIO and the
Encryption server)
</legend>
{mTLSCertificateSecret ? (
{minioMTLSCertificateSecret ? (
<TLSCertificate
certificateInfo={mTLSCertificateSecret}
certificateInfo={minioMTLSCertificateSecret}
onDelete={() =>
removeCertificate(mTLSCertificateSecret)
removeCertificate(minioMTLSCertificateSecret)
}
/>
) : (
<Fragment>
<FileSelector
onChange={(encodedValue, fileName) => {
setMTLSCertificate({
setMinioMTLSCertificate({
encoded_key: encodedValue || "",
id: mTLSCertificate?.id || "",
id: minioMTLSCertificate?.id || "",
key: fileName || "",
cert: mTLSCertificate?.cert || "",
encoded_cert: mTLSCertificate?.encoded_cert || "",
cert: minioMTLSCertificate?.cert || "",
encoded_cert:
minioMTLSCertificate?.encoded_cert || "",
});
cleanValidation("clientKey");
}}
@@ -1637,14 +1504,15 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
id="clientKey"
name="clientKey"
label="Key"
value={mTLSCertificate?.key}
value={minioMTLSCertificate?.key}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
setMTLSCertificate({
encoded_key: mTLSCertificate?.encoded_key || "",
id: mTLSCertificate?.id || "",
key: mTLSCertificate?.key || "",
setMinioMTLSCertificate({
encoded_key:
minioMTLSCertificate?.encoded_key || "",
id: minioMTLSCertificate?.id || "",
key: minioMTLSCertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
});
@@ -1654,12 +1522,90 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
id="clientCert"
name="clientCert"
label="Cert"
value={mTLSCertificate?.cert}
value={minioMTLSCertificate?.cert}
/>
</Fragment>
)}
</fieldset>
</Grid>
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
KMS mTLS certificates (connection between the Encryption
server and the KMS)
</legend>
{kmsMTLSCertificateSecret ? (
<TLSCertificate
certificateInfo={kmsMTLSCertificateSecret}
onDelete={() =>
removeCertificate(kmsMTLSCertificateSecret)
}
/>
) : (
<Fragment>
<FileSelector
onChange={(encodedValue, fileName) => {
setKmsMTLSCertificate({
encoded_key: encodedValue || "",
id: kmsMTLSCertificate?.id || "",
key: fileName || "",
cert: kmsMTLSCertificate?.cert || "",
encoded_cert:
kmsMTLSCertificate?.encoded_cert || "",
});
}}
accept=".key,.pem"
id="kms_mtls_key"
name="kms_mtls_key"
label="Key"
value={kmsMTLSCertificate?.key}
/>
<FileSelector
onChange={(encodedValue, fileName) =>
setKmsMTLSCertificate({
encoded_key:
kmsMTLSCertificate?.encoded_key || "",
id: kmsMTLSCertificate?.id || "",
key: kmsMTLSCertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
})
}
accept=".cer,.crt,.cert,.pem"
id="kms_mtls_cert"
name="kms_mtls_cert"
label="Cert"
value={kmsMTLSCertificate?.cert || ""}
/>
</Fragment>
)}
{kmsCACertificateSecret ? (
<TLSCertificate
certificateInfo={kmsCACertificateSecret}
onDelete={() =>
removeCertificate(kmsCACertificateSecret)
}
/>
) : (
<FileSelector
onChange={(encodedValue, fileName) =>
setKmsCACertificate({
encoded_key: kmsCACertificate?.encoded_key || "",
id: kmsCACertificate?.id || "",
key: kmsCACertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
})
}
accept=".cer,.crt,.cert,.pem"
id="kms_mtls_ca"
name="kms_mtls_ca"
label="CA"
value={kmsCACertificate?.cert || ""}
/>
)}
</fieldset>
</Grid>
</Fragment>
)}
<Grid item xs={12}>

30
portal-ui/src/screens/Console/Tenants/types.ts
View File

@@ -55,11 +55,6 @@ export interface ITenantSecurityResponse {
securityContext: ISecurityContext;
}
export interface IVaultTLS {
crt: ICertificateInfo;
ca: ICertificateInfo;
}
export interface IVaultAppRole {
engine: string;
id: string;
@@ -78,17 +73,11 @@ export interface IVaultConfiguration {
prefix: string;
approle: IVaultAppRole;
status: IVaultStatus;
tls: IVaultTLS;
}
export interface IGemaltoTLS {
ca: ICertificateInfo;
}
export interface IKeysecureConfiguration {
endpoint: string;
credentials: IGemaltoCredentials;
tls: IGemaltoTLS;
}
export interface IGemaltoConfiguration {
@@ -100,8 +89,12 @@ export interface ITenantEncryptionResponse {
image: string;
replicas: string;
securityContext: ISecurityContext;
server: ICertificateInfo;
mtls_client: ICertificateInfo;
server_tls: ICertificateInfo;
minio_mtls: ICertificateInfo;
kms_mtls: {
crt: ICertificateInfo;
ca: ICertificateInfo;
};
vault?: IVaultConfiguration;
aws?: IAWSConfig;
gemalto?: IGemaltoConfiguration;
@@ -113,13 +106,10 @@ export interface ICertificatesItems {
minioServerCertificates: KeyPair[];
minioClientCertificates: KeyPair[];
minioCAsCertificates: KeyPair[];
consoleCaCertificates: KeyPair[];
consoleCertificate: KeyPair;
serverCertificate: KeyPair;
clientCertificate: KeyPair;
vaultCertificate: KeyPair;
vaultCA: KeyPair;
gemaltoCA: KeyPair;
kesServerCertificate: KeyPair;
minioMTLSCertificate: KeyPair;
kmsMTLSCertificate: KeyPair;
kmsCA: KeyPair;
}
export interface IFieldStore {

59
swagger-operator.yml
View File

@@ -2243,12 +2243,21 @@ definitions:
type: array
items:
type: string
server:
server_tls:
type: object
$ref: "#/definitions/keyPairConfiguration"
client:
minio_mtls:
type: object
$ref: "#/definitions/keyPairConfiguration"
kms_mtls:
type: object
properties:
key:
type: string
crt:
type: string
ca:
type: string
gemalto:
type: object
$ref: "#/definitions/gemaltoConfiguration"
@@ -2279,12 +2288,21 @@ definitions:
type: string
replicas:
type: string
server:
server_tls:
type: object
$ref: "#/definitions/certificateInfo"
mtls_client:
minio_mtls:
type: object
$ref: "#/definitions/certificateInfo"
kms_mtls:
type: object
properties:
crt:
type: object
$ref: "#/definitions/certificateInfo"
ca:
type: object
$ref: "#/definitions/certificateInfo"
gemalto:
type: object
$ref: "#/definitions/gemaltoConfigurationResponse"
@@ -2339,15 +2357,6 @@ definitions:
ping:
type: integer
format: int64
tls:
type: object
properties:
key:
type: string
crt:
type: string
ca:
type: string
vaultConfigurationResponse:
type: object
@@ -2384,15 +2393,6 @@ definitions:
ping:
type: integer
format: int64
tls:
type: object
properties:
crt:
type: object
$ref: "#/definitions/certificateInfo"
ca:
type: object
$ref: "#/definitions/certificateInfo"
awsConfiguration:
type: object
@@ -2451,13 +2451,6 @@ definitions:
retry:
type: integer
format: int64
tls:
type: object
required:
- ca
properties:
ca:
type: string
gemaltoConfigurationResponse:
type: object
@@ -2485,14 +2478,6 @@ definitions:
retry:
type: integer
format: int64
tls:
type: object
required:
- ca
properties:
ca:
type: object
$ref: "#/definitions/certificateInfo"
gcpConfiguration:
type: object