diff --git a/models/encryption_configuration.go b/models/encryption_configuration.go index 20a53a557..d403a49f4 100644 --- a/models/encryption_configuration.go +++ b/models/encryption_configuration.go @@ -42,9 +42,6 @@ type EncryptionConfiguration struct { // azure Azure *AzureConfiguration `json:"azure,omitempty"` - // client - Client *KeyPairConfiguration `json:"client,omitempty"` - // gcp Gcp *GcpConfiguration `json:"gcp,omitempty"` @@ -54,6 +51,12 @@ type EncryptionConfiguration struct { // image Image string `json:"image,omitempty"` + // kms mtls + KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"` + + // minio mtls + MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"` + // raw Raw string `json:"raw,omitempty"` @@ -66,8 +69,8 @@ type EncryptionConfiguration struct { // security context SecurityContext *SecurityContext `json:"securityContext,omitempty"` - // server - Server *KeyPairConfiguration `json:"server,omitempty"` + // server tls + ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"` // vault Vault *VaultConfiguration `json:"vault,omitempty"` @@ -88,14 +91,16 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error { Azure *AzureConfiguration `json:"azure,omitempty"` - Client *KeyPairConfiguration `json:"client,omitempty"` - Gcp *GcpConfiguration `json:"gcp,omitempty"` Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"` Image string `json:"image,omitempty"` + KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"` + + MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"` + Raw string `json:"raw,omitempty"` Replicas string `json:"replicas,omitempty"` @@ -104,7 +109,7 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error { SecurityContext *SecurityContext `json:"securityContext,omitempty"` - Server *KeyPairConfiguration `json:"server,omitempty"` + ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"` Vault *VaultConfiguration `json:"vault,omitempty"` } @@ -116,14 +121,16 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error { m.Azure = dataAO1.Azure - m.Client = dataAO1.Client - m.Gcp = dataAO1.Gcp m.Gemalto = dataAO1.Gemalto m.Image = dataAO1.Image + m.KmsMtls = dataAO1.KmsMtls + + m.MinioMtls = dataAO1.MinioMtls + m.Raw = dataAO1.Raw m.Replicas = dataAO1.Replicas @@ -132,7 +139,7 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error { m.SecurityContext = dataAO1.SecurityContext - m.Server = dataAO1.Server + m.ServerTLS = dataAO1.ServerTLS m.Vault = dataAO1.Vault @@ -153,14 +160,16 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) { Azure *AzureConfiguration `json:"azure,omitempty"` - Client *KeyPairConfiguration `json:"client,omitempty"` - Gcp *GcpConfiguration `json:"gcp,omitempty"` Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"` Image string `json:"image,omitempty"` + KmsMtls *EncryptionConfigurationAO1KmsMtls `json:"kms_mtls,omitempty"` + + MinioMtls *KeyPairConfiguration `json:"minio_mtls,omitempty"` + Raw string `json:"raw,omitempty"` Replicas string `json:"replicas,omitempty"` @@ -169,7 +178,7 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) { SecurityContext *SecurityContext `json:"securityContext,omitempty"` - Server *KeyPairConfiguration `json:"server,omitempty"` + ServerTLS *KeyPairConfiguration `json:"server_tls,omitempty"` Vault *VaultConfiguration `json:"vault,omitempty"` } @@ -178,14 +187,16 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) { dataAO1.Azure = m.Azure - dataAO1.Client = m.Client - dataAO1.Gcp = m.Gcp dataAO1.Gemalto = m.Gemalto dataAO1.Image = m.Image + dataAO1.KmsMtls = m.KmsMtls + + dataAO1.MinioMtls = m.MinioMtls + dataAO1.Raw = m.Raw dataAO1.Replicas = m.Replicas @@ -194,7 +205,7 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) { dataAO1.SecurityContext = m.SecurityContext - dataAO1.Server = m.Server + dataAO1.ServerTLS = m.ServerTLS dataAO1.Vault = m.Vault @@ -223,10 +234,6 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error { res = append(res, err) } - if err := m.validateClient(formats); err != nil { - res = append(res, err) - } - if err := m.validateGcp(formats); err != nil { res = append(res, err) } @@ -235,11 +242,19 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateKmsMtls(formats); err != nil { + res = append(res, err) + } + + if err := m.validateMinioMtls(formats); err != nil { + res = append(res, err) + } + if err := m.validateSecurityContext(formats); err != nil { res = append(res, err) } - if err := m.validateServer(formats); err != nil { + if err := m.validateServerTLS(formats); err != nil { res = append(res, err) } @@ -293,26 +308,6 @@ func (m *EncryptionConfiguration) validateAzure(formats strfmt.Registry) error { return nil } -func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error { - - if swag.IsZero(m.Client) { // not required - return nil - } - - if m.Client != nil { - if err := m.Client.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("client") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("client") - } - return err - } - } - - return nil -} - func (m *EncryptionConfiguration) validateGcp(formats strfmt.Registry) error { if swag.IsZero(m.Gcp) { // not required @@ -353,6 +348,46 @@ func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error return nil } +func (m *EncryptionConfiguration) validateKmsMtls(formats strfmt.Registry) error { + + if swag.IsZero(m.KmsMtls) { // not required + return nil + } + + if m.KmsMtls != nil { + if err := m.KmsMtls.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfiguration) validateMinioMtls(formats strfmt.Registry) error { + + if swag.IsZero(m.MinioMtls) { // not required + return nil + } + + if m.MinioMtls != nil { + if err := m.MinioMtls.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("minio_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("minio_mtls") + } + return err + } + } + + return nil +} + func (m *EncryptionConfiguration) validateSecurityContext(formats strfmt.Registry) error { if swag.IsZero(m.SecurityContext) { // not required @@ -373,18 +408,18 @@ func (m *EncryptionConfiguration) validateSecurityContext(formats strfmt.Registr return nil } -func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error { +func (m *EncryptionConfiguration) validateServerTLS(formats strfmt.Registry) error { - if swag.IsZero(m.Server) { // not required + if swag.IsZero(m.ServerTLS) { // not required return nil } - if m.Server != nil { - if err := m.Server.Validate(formats); err != nil { + if m.ServerTLS != nil { + if err := m.ServerTLS.Validate(formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("server") + return ve.ValidateName("server_tls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("server") + return ce.ValidateName("server_tls") } return err } @@ -430,10 +465,6 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s res = append(res, err) } - if err := m.contextValidateClient(ctx, formats); err != nil { - res = append(res, err) - } - if err := m.contextValidateGcp(ctx, formats); err != nil { res = append(res, err) } @@ -442,11 +473,19 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s res = append(res, err) } + if err := m.contextValidateKmsMtls(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateMinioMtls(ctx, formats); err != nil { + res = append(res, err) + } + if err := m.contextValidateSecurityContext(ctx, formats); err != nil { res = append(res, err) } - if err := m.contextValidateServer(ctx, formats); err != nil { + if err := m.contextValidateServerTLS(ctx, formats); err != nil { res = append(res, err) } @@ -492,22 +531,6 @@ func (m *EncryptionConfiguration) contextValidateAzure(ctx context.Context, form return nil } -func (m *EncryptionConfiguration) contextValidateClient(ctx context.Context, formats strfmt.Registry) error { - - if m.Client != nil { - if err := m.Client.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("client") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("client") - } - return err - } - } - - return nil -} - func (m *EncryptionConfiguration) contextValidateGcp(ctx context.Context, formats strfmt.Registry) error { if m.Gcp != nil { @@ -540,6 +563,38 @@ func (m *EncryptionConfiguration) contextValidateGemalto(ctx context.Context, fo return nil } +func (m *EncryptionConfiguration) contextValidateKmsMtls(ctx context.Context, formats strfmt.Registry) error { + + if m.KmsMtls != nil { + if err := m.KmsMtls.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfiguration) contextValidateMinioMtls(ctx context.Context, formats strfmt.Registry) error { + + if m.MinioMtls != nil { + if err := m.MinioMtls.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("minio_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("minio_mtls") + } + return err + } + } + + return nil +} + func (m *EncryptionConfiguration) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error { if m.SecurityContext != nil { @@ -556,14 +611,14 @@ func (m *EncryptionConfiguration) contextValidateSecurityContext(ctx context.Con return nil } -func (m *EncryptionConfiguration) contextValidateServer(ctx context.Context, formats strfmt.Registry) error { +func (m *EncryptionConfiguration) contextValidateServerTLS(ctx context.Context, formats strfmt.Registry) error { - if m.Server != nil { - if err := m.Server.ContextValidate(ctx, formats); err != nil { + if m.ServerTLS != nil { + if err := m.ServerTLS.ContextValidate(ctx, formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("server") + return ve.ValidateName("server_tls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("server") + return ce.ValidateName("server_tls") } return err } @@ -605,3 +660,46 @@ func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error { *m = res return nil } + +// EncryptionConfigurationAO1KmsMtls encryption configuration a o1 kms mtls +// +// swagger:model EncryptionConfigurationAO1KmsMtls +type EncryptionConfigurationAO1KmsMtls struct { + + // ca + Ca string `json:"ca,omitempty"` + + // crt + Crt string `json:"crt,omitempty"` + + // key + Key string `json:"key,omitempty"` +} + +// Validate validates this encryption configuration a o1 kms mtls +func (m *EncryptionConfigurationAO1KmsMtls) Validate(formats strfmt.Registry) error { + return nil +} + +// ContextValidate validates this encryption configuration a o1 kms mtls based on context it is used +func (m *EncryptionConfigurationAO1KmsMtls) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *EncryptionConfigurationAO1KmsMtls) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *EncryptionConfigurationAO1KmsMtls) UnmarshalBinary(b []byte) error { + var res EncryptionConfigurationAO1KmsMtls + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/models/encryption_configuration_response.go b/models/encryption_configuration_response.go index f23d3ab39..b516bdeb6 100644 --- a/models/encryption_configuration_response.go +++ b/models/encryption_configuration_response.go @@ -51,8 +51,11 @@ type EncryptionConfigurationResponse struct { // image Image string `json:"image,omitempty"` - // mtls client - MtlsClient *CertificateInfo `json:"mtls_client,omitempty"` + // kms mtls + KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"` + + // minio mtls + MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"` // raw Raw string `json:"raw,omitempty"` @@ -63,8 +66,8 @@ type EncryptionConfigurationResponse struct { // security context SecurityContext *SecurityContext `json:"securityContext,omitempty"` - // server - Server *CertificateInfo `json:"server,omitempty"` + // server tls + ServerTLS *CertificateInfo `json:"server_tls,omitempty"` // vault Vault *VaultConfigurationResponse `json:"vault,omitempty"` @@ -91,7 +94,9 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error { Image string `json:"image,omitempty"` - MtlsClient *CertificateInfo `json:"mtls_client,omitempty"` + KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"` + + MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"` Raw string `json:"raw,omitempty"` @@ -99,7 +104,7 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error { SecurityContext *SecurityContext `json:"securityContext,omitempty"` - Server *CertificateInfo `json:"server,omitempty"` + ServerTLS *CertificateInfo `json:"server_tls,omitempty"` Vault *VaultConfigurationResponse `json:"vault,omitempty"` } @@ -117,7 +122,9 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error { m.Image = dataAO1.Image - m.MtlsClient = dataAO1.MtlsClient + m.KmsMtls = dataAO1.KmsMtls + + m.MinioMtls = dataAO1.MinioMtls m.Raw = dataAO1.Raw @@ -125,7 +132,7 @@ func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error { m.SecurityContext = dataAO1.SecurityContext - m.Server = dataAO1.Server + m.ServerTLS = dataAO1.ServerTLS m.Vault = dataAO1.Vault @@ -152,7 +159,9 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) { Image string `json:"image,omitempty"` - MtlsClient *CertificateInfo `json:"mtls_client,omitempty"` + KmsMtls *EncryptionConfigurationResponseAO1KmsMtls `json:"kms_mtls,omitempty"` + + MinioMtls *CertificateInfo `json:"minio_mtls,omitempty"` Raw string `json:"raw,omitempty"` @@ -160,7 +169,7 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) { SecurityContext *SecurityContext `json:"securityContext,omitempty"` - Server *CertificateInfo `json:"server,omitempty"` + ServerTLS *CertificateInfo `json:"server_tls,omitempty"` Vault *VaultConfigurationResponse `json:"vault,omitempty"` } @@ -175,7 +184,9 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) { dataAO1.Image = m.Image - dataAO1.MtlsClient = m.MtlsClient + dataAO1.KmsMtls = m.KmsMtls + + dataAO1.MinioMtls = m.MinioMtls dataAO1.Raw = m.Raw @@ -183,7 +194,7 @@ func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) { dataAO1.SecurityContext = m.SecurityContext - dataAO1.Server = m.Server + dataAO1.ServerTLS = m.ServerTLS dataAO1.Vault = m.Vault @@ -220,7 +231,11 @@ func (m *EncryptionConfigurationResponse) Validate(formats strfmt.Registry) erro res = append(res, err) } - if err := m.validateMtlsClient(formats); err != nil { + if err := m.validateKmsMtls(formats); err != nil { + res = append(res, err) + } + + if err := m.validateMinioMtls(formats); err != nil { res = append(res, err) } @@ -228,7 +243,7 @@ func (m *EncryptionConfigurationResponse) Validate(formats strfmt.Registry) erro res = append(res, err) } - if err := m.validateServer(formats); err != nil { + if err := m.validateServerTLS(formats); err != nil { res = append(res, err) } @@ -322,18 +337,38 @@ func (m *EncryptionConfigurationResponse) validateGemalto(formats strfmt.Registr return nil } -func (m *EncryptionConfigurationResponse) validateMtlsClient(formats strfmt.Registry) error { +func (m *EncryptionConfigurationResponse) validateKmsMtls(formats strfmt.Registry) error { - if swag.IsZero(m.MtlsClient) { // not required + if swag.IsZero(m.KmsMtls) { // not required return nil } - if m.MtlsClient != nil { - if err := m.MtlsClient.Validate(formats); err != nil { + if m.KmsMtls != nil { + if err := m.KmsMtls.Validate(formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("mtls_client") + return ve.ValidateName("kms_mtls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("mtls_client") + return ce.ValidateName("kms_mtls") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfigurationResponse) validateMinioMtls(formats strfmt.Registry) error { + + if swag.IsZero(m.MinioMtls) { // not required + return nil + } + + if m.MinioMtls != nil { + if err := m.MinioMtls.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("minio_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("minio_mtls") } return err } @@ -362,18 +397,18 @@ func (m *EncryptionConfigurationResponse) validateSecurityContext(formats strfmt return nil } -func (m *EncryptionConfigurationResponse) validateServer(formats strfmt.Registry) error { +func (m *EncryptionConfigurationResponse) validateServerTLS(formats strfmt.Registry) error { - if swag.IsZero(m.Server) { // not required + if swag.IsZero(m.ServerTLS) { // not required return nil } - if m.Server != nil { - if err := m.Server.Validate(formats); err != nil { + if m.ServerTLS != nil { + if err := m.ServerTLS.Validate(formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("server") + return ve.ValidateName("server_tls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("server") + return ce.ValidateName("server_tls") } return err } @@ -427,7 +462,11 @@ func (m *EncryptionConfigurationResponse) ContextValidate(ctx context.Context, f res = append(res, err) } - if err := m.contextValidateMtlsClient(ctx, formats); err != nil { + if err := m.contextValidateKmsMtls(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateMinioMtls(ctx, formats); err != nil { res = append(res, err) } @@ -435,7 +474,7 @@ func (m *EncryptionConfigurationResponse) ContextValidate(ctx context.Context, f res = append(res, err) } - if err := m.contextValidateServer(ctx, formats); err != nil { + if err := m.contextValidateServerTLS(ctx, formats); err != nil { res = append(res, err) } @@ -513,14 +552,30 @@ func (m *EncryptionConfigurationResponse) contextValidateGemalto(ctx context.Con return nil } -func (m *EncryptionConfigurationResponse) contextValidateMtlsClient(ctx context.Context, formats strfmt.Registry) error { +func (m *EncryptionConfigurationResponse) contextValidateKmsMtls(ctx context.Context, formats strfmt.Registry) error { - if m.MtlsClient != nil { - if err := m.MtlsClient.ContextValidate(ctx, formats); err != nil { + if m.KmsMtls != nil { + if err := m.KmsMtls.ContextValidate(ctx, formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("mtls_client") + return ve.ValidateName("kms_mtls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("mtls_client") + return ce.ValidateName("kms_mtls") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfigurationResponse) contextValidateMinioMtls(ctx context.Context, formats strfmt.Registry) error { + + if m.MinioMtls != nil { + if err := m.MinioMtls.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("minio_mtls") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("minio_mtls") } return err } @@ -545,14 +600,14 @@ func (m *EncryptionConfigurationResponse) contextValidateSecurityContext(ctx con return nil } -func (m *EncryptionConfigurationResponse) contextValidateServer(ctx context.Context, formats strfmt.Registry) error { +func (m *EncryptionConfigurationResponse) contextValidateServerTLS(ctx context.Context, formats strfmt.Registry) error { - if m.Server != nil { - if err := m.Server.ContextValidate(ctx, formats); err != nil { + if m.ServerTLS != nil { + if err := m.ServerTLS.ContextValidate(ctx, formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("server") + return ve.ValidateName("server_tls") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("server") + return ce.ValidateName("server_tls") } return err } @@ -594,3 +649,139 @@ func (m *EncryptionConfigurationResponse) UnmarshalBinary(b []byte) error { *m = res return nil } + +// EncryptionConfigurationResponseAO1KmsMtls encryption configuration response a o1 kms mtls +// +// swagger:model EncryptionConfigurationResponseAO1KmsMtls +type EncryptionConfigurationResponseAO1KmsMtls struct { + + // ca + Ca *CertificateInfo `json:"ca,omitempty"` + + // crt + Crt *CertificateInfo `json:"crt,omitempty"` +} + +// Validate validates this encryption configuration response a o1 kms mtls +func (m *EncryptionConfigurationResponseAO1KmsMtls) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateCa(formats); err != nil { + res = append(res, err) + } + + if err := m.validateCrt(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *EncryptionConfigurationResponseAO1KmsMtls) validateCa(formats strfmt.Registry) error { + if swag.IsZero(m.Ca) { // not required + return nil + } + + if m.Ca != nil { + if err := m.Ca.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls" + "." + "ca") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls" + "." + "ca") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfigurationResponseAO1KmsMtls) validateCrt(formats strfmt.Registry) error { + if swag.IsZero(m.Crt) { // not required + return nil + } + + if m.Crt != nil { + if err := m.Crt.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls" + "." + "crt") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls" + "." + "crt") + } + return err + } + } + + return nil +} + +// ContextValidate validate this encryption configuration response a o1 kms mtls based on the context it is used +func (m *EncryptionConfigurationResponseAO1KmsMtls) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateCa(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateCrt(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *EncryptionConfigurationResponseAO1KmsMtls) contextValidateCa(ctx context.Context, formats strfmt.Registry) error { + + if m.Ca != nil { + if err := m.Ca.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls" + "." + "ca") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls" + "." + "ca") + } + return err + } + } + + return nil +} + +func (m *EncryptionConfigurationResponseAO1KmsMtls) contextValidateCrt(ctx context.Context, formats strfmt.Registry) error { + + if m.Crt != nil { + if err := m.Crt.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("kms_mtls" + "." + "crt") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("kms_mtls" + "." + "crt") + } + return err + } + } + + return nil +} + +// MarshalBinary interface implementation +func (m *EncryptionConfigurationResponseAO1KmsMtls) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *EncryptionConfigurationResponseAO1KmsMtls) UnmarshalBinary(b []byte) error { + var res EncryptionConfigurationResponseAO1KmsMtls + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/models/gemalto_configuration.go b/models/gemalto_configuration.go index 20a48373c..59edb1aca 100644 --- a/models/gemalto_configuration.go +++ b/models/gemalto_configuration.go @@ -135,9 +135,6 @@ type GemaltoConfigurationKeysecure struct { // endpoint // Required: true Endpoint *string `json:"endpoint"` - - // tls - TLS *GemaltoConfigurationKeysecureTLS `json:"tls,omitempty"` } // Validate validates this gemalto configuration keysecure @@ -152,10 +149,6 @@ func (m *GemaltoConfigurationKeysecure) Validate(formats strfmt.Registry) error res = append(res, err) } - if err := m.validateTLS(formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -191,25 +184,6 @@ func (m *GemaltoConfigurationKeysecure) validateEndpoint(formats strfmt.Registry return nil } -func (m *GemaltoConfigurationKeysecure) validateTLS(formats strfmt.Registry) error { - if swag.IsZero(m.TLS) { // not required - return nil - } - - if m.TLS != nil { - if err := m.TLS.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls") - } - return err - } - } - - return nil -} - // ContextValidate validate this gemalto configuration keysecure based on the context it is used func (m *GemaltoConfigurationKeysecure) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error @@ -218,10 +192,6 @@ func (m *GemaltoConfigurationKeysecure) ContextValidate(ctx context.Context, for res = append(res, err) } - if err := m.contextValidateTLS(ctx, formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -244,22 +214,6 @@ func (m *GemaltoConfigurationKeysecure) contextValidateCredentials(ctx context.C return nil } -func (m *GemaltoConfigurationKeysecure) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error { - - if m.TLS != nil { - if err := m.TLS.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls") - } - return err - } - } - - return nil -} - // MarshalBinary interface implementation func (m *GemaltoConfigurationKeysecure) MarshalBinary() ([]byte, error) { if m == nil { @@ -353,59 +307,3 @@ func (m *GemaltoConfigurationKeysecureCredentials) UnmarshalBinary(b []byte) err *m = res return nil } - -// GemaltoConfigurationKeysecureTLS gemalto configuration keysecure TLS -// -// swagger:model GemaltoConfigurationKeysecureTLS -type GemaltoConfigurationKeysecureTLS struct { - - // ca - // Required: true - Ca *string `json:"ca"` -} - -// Validate validates this gemalto configuration keysecure TLS -func (m *GemaltoConfigurationKeysecureTLS) Validate(formats strfmt.Registry) error { - var res []error - - if err := m.validateCa(formats); err != nil { - res = append(res, err) - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} - -func (m *GemaltoConfigurationKeysecureTLS) validateCa(formats strfmt.Registry) error { - - if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil { - return err - } - - return nil -} - -// ContextValidate validates this gemalto configuration keysecure TLS based on context it is used -func (m *GemaltoConfigurationKeysecureTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error { - return nil -} - -// MarshalBinary interface implementation -func (m *GemaltoConfigurationKeysecureTLS) MarshalBinary() ([]byte, error) { - if m == nil { - return nil, nil - } - return swag.WriteJSON(m) -} - -// UnmarshalBinary interface implementation -func (m *GemaltoConfigurationKeysecureTLS) UnmarshalBinary(b []byte) error { - var res GemaltoConfigurationKeysecureTLS - if err := swag.ReadJSON(b, &res); err != nil { - return err - } - *m = res - return nil -} diff --git a/models/gemalto_configuration_response.go b/models/gemalto_configuration_response.go index 6ffabaf87..614bc98ce 100644 --- a/models/gemalto_configuration_response.go +++ b/models/gemalto_configuration_response.go @@ -135,9 +135,6 @@ type GemaltoConfigurationResponseKeysecure struct { // endpoint // Required: true Endpoint *string `json:"endpoint"` - - // tls - TLS *GemaltoConfigurationResponseKeysecureTLS `json:"tls,omitempty"` } // Validate validates this gemalto configuration response keysecure @@ -152,10 +149,6 @@ func (m *GemaltoConfigurationResponseKeysecure) Validate(formats strfmt.Registry res = append(res, err) } - if err := m.validateTLS(formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -191,25 +184,6 @@ func (m *GemaltoConfigurationResponseKeysecure) validateEndpoint(formats strfmt. return nil } -func (m *GemaltoConfigurationResponseKeysecure) validateTLS(formats strfmt.Registry) error { - if swag.IsZero(m.TLS) { // not required - return nil - } - - if m.TLS != nil { - if err := m.TLS.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls") - } - return err - } - } - - return nil -} - // ContextValidate validate this gemalto configuration response keysecure based on the context it is used func (m *GemaltoConfigurationResponseKeysecure) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error @@ -218,10 +192,6 @@ func (m *GemaltoConfigurationResponseKeysecure) ContextValidate(ctx context.Cont res = append(res, err) } - if err := m.contextValidateTLS(ctx, formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -244,22 +214,6 @@ func (m *GemaltoConfigurationResponseKeysecure) contextValidateCredentials(ctx c return nil } -func (m *GemaltoConfigurationResponseKeysecure) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error { - - if m.TLS != nil { - if err := m.TLS.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls") - } - return err - } - } - - return nil -} - // MarshalBinary interface implementation func (m *GemaltoConfigurationResponseKeysecure) MarshalBinary() ([]byte, error) { if m == nil { @@ -353,95 +307,3 @@ func (m *GemaltoConfigurationResponseKeysecureCredentials) UnmarshalBinary(b []b *m = res return nil } - -// GemaltoConfigurationResponseKeysecureTLS gemalto configuration response keysecure TLS -// -// swagger:model GemaltoConfigurationResponseKeysecureTLS -type GemaltoConfigurationResponseKeysecureTLS struct { - - // ca - // Required: true - Ca *CertificateInfo `json:"ca"` -} - -// Validate validates this gemalto configuration response keysecure TLS -func (m *GemaltoConfigurationResponseKeysecureTLS) Validate(formats strfmt.Registry) error { - var res []error - - if err := m.validateCa(formats); err != nil { - res = append(res, err) - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} - -func (m *GemaltoConfigurationResponseKeysecureTLS) validateCa(formats strfmt.Registry) error { - - if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil { - return err - } - - if m.Ca != nil { - if err := m.Ca.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca") - } - return err - } - } - - return nil -} - -// ContextValidate validate this gemalto configuration response keysecure TLS based on the context it is used -func (m *GemaltoConfigurationResponseKeysecureTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error { - var res []error - - if err := m.contextValidateCa(ctx, formats); err != nil { - res = append(res, err) - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} - -func (m *GemaltoConfigurationResponseKeysecureTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error { - - if m.Ca != nil { - if err := m.Ca.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca") - } - return err - } - } - - return nil -} - -// MarshalBinary interface implementation -func (m *GemaltoConfigurationResponseKeysecureTLS) MarshalBinary() ([]byte, error) { - if m == nil { - return nil, nil - } - return swag.WriteJSON(m) -} - -// UnmarshalBinary interface implementation -func (m *GemaltoConfigurationResponseKeysecureTLS) UnmarshalBinary(b []byte) error { - var res GemaltoConfigurationResponseKeysecureTLS - if err := swag.ReadJSON(b, &res); err != nil { - return err - } - *m = res - return nil -} diff --git a/models/vault_configuration.go b/models/vault_configuration.go index 12e2fc665..93086913f 100644 --- a/models/vault_configuration.go +++ b/models/vault_configuration.go @@ -55,9 +55,6 @@ type VaultConfiguration struct { // status Status *VaultConfigurationStatus `json:"status,omitempty"` - - // tls - TLS *VaultConfigurationTLS `json:"tls,omitempty"` } // Validate validates this vault configuration @@ -76,10 +73,6 @@ func (m *VaultConfiguration) Validate(formats strfmt.Registry) error { res = append(res, err) } - if err := m.validateTLS(formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -134,25 +127,6 @@ func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error { return nil } -func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error { - if swag.IsZero(m.TLS) { // not required - return nil - } - - if m.TLS != nil { - if err := m.TLS.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls") - } - return err - } - } - - return nil -} - // ContextValidate validate this vault configuration based on the context it is used func (m *VaultConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error @@ -165,10 +139,6 @@ func (m *VaultConfiguration) ContextValidate(ctx context.Context, formats strfmt res = append(res, err) } - if err := m.contextValidateTLS(ctx, formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -207,22 +177,6 @@ func (m *VaultConfiguration) contextValidateStatus(ctx context.Context, formats return nil } -func (m *VaultConfiguration) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error { - - if m.TLS != nil { - if err := m.TLS.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls") - } - return err - } - } - - return nil -} - // MarshalBinary interface implementation func (m *VaultConfiguration) MarshalBinary() ([]byte, error) { if m == nil { @@ -356,46 +310,3 @@ func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error { *m = res return nil } - -// VaultConfigurationTLS vault configuration TLS -// -// swagger:model VaultConfigurationTLS -type VaultConfigurationTLS struct { - - // ca - Ca string `json:"ca,omitempty"` - - // crt - Crt string `json:"crt,omitempty"` - - // key - Key string `json:"key,omitempty"` -} - -// Validate validates this vault configuration TLS -func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error { - return nil -} - -// ContextValidate validates this vault configuration TLS based on context it is used -func (m *VaultConfigurationTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error { - return nil -} - -// MarshalBinary interface implementation -func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) { - if m == nil { - return nil, nil - } - return swag.WriteJSON(m) -} - -// UnmarshalBinary interface implementation -func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error { - var res VaultConfigurationTLS - if err := swag.ReadJSON(b, &res); err != nil { - return err - } - *m = res - return nil -} diff --git a/models/vault_configuration_response.go b/models/vault_configuration_response.go index 466ef2fd3..0515054d4 100644 --- a/models/vault_configuration_response.go +++ b/models/vault_configuration_response.go @@ -55,9 +55,6 @@ type VaultConfigurationResponse struct { // status Status *VaultConfigurationResponseStatus `json:"status,omitempty"` - - // tls - TLS *VaultConfigurationResponseTLS `json:"tls,omitempty"` } // Validate validates this vault configuration response @@ -76,10 +73,6 @@ func (m *VaultConfigurationResponse) Validate(formats strfmt.Registry) error { res = append(res, err) } - if err := m.validateTLS(formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -134,25 +127,6 @@ func (m *VaultConfigurationResponse) validateStatus(formats strfmt.Registry) err return nil } -func (m *VaultConfigurationResponse) validateTLS(formats strfmt.Registry) error { - if swag.IsZero(m.TLS) { // not required - return nil - } - - if m.TLS != nil { - if err := m.TLS.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls") - } - return err - } - } - - return nil -} - // ContextValidate validate this vault configuration response based on the context it is used func (m *VaultConfigurationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error @@ -165,10 +139,6 @@ func (m *VaultConfigurationResponse) ContextValidate(ctx context.Context, format res = append(res, err) } - if err := m.contextValidateTLS(ctx, formats); err != nil { - res = append(res, err) - } - if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -207,22 +177,6 @@ func (m *VaultConfigurationResponse) contextValidateStatus(ctx context.Context, return nil } -func (m *VaultConfigurationResponse) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error { - - if m.TLS != nil { - if err := m.TLS.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls") - } - return err - } - } - - return nil -} - // MarshalBinary interface implementation func (m *VaultConfigurationResponse) MarshalBinary() ([]byte, error) { if m == nil { @@ -356,139 +310,3 @@ func (m *VaultConfigurationResponseStatus) UnmarshalBinary(b []byte) error { *m = res return nil } - -// VaultConfigurationResponseTLS vault configuration response TLS -// -// swagger:model VaultConfigurationResponseTLS -type VaultConfigurationResponseTLS struct { - - // ca - Ca *CertificateInfo `json:"ca,omitempty"` - - // crt - Crt *CertificateInfo `json:"crt,omitempty"` -} - -// Validate validates this vault configuration response TLS -func (m *VaultConfigurationResponseTLS) Validate(formats strfmt.Registry) error { - var res []error - - if err := m.validateCa(formats); err != nil { - res = append(res, err) - } - - if err := m.validateCrt(formats); err != nil { - res = append(res, err) - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} - -func (m *VaultConfigurationResponseTLS) validateCa(formats strfmt.Registry) error { - if swag.IsZero(m.Ca) { // not required - return nil - } - - if m.Ca != nil { - if err := m.Ca.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls" + "." + "ca") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls" + "." + "ca") - } - return err - } - } - - return nil -} - -func (m *VaultConfigurationResponseTLS) validateCrt(formats strfmt.Registry) error { - if swag.IsZero(m.Crt) { // not required - return nil - } - - if m.Crt != nil { - if err := m.Crt.Validate(formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls" + "." + "crt") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls" + "." + "crt") - } - return err - } - } - - return nil -} - -// ContextValidate validate this vault configuration response TLS based on the context it is used -func (m *VaultConfigurationResponseTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error { - var res []error - - if err := m.contextValidateCa(ctx, formats); err != nil { - res = append(res, err) - } - - if err := m.contextValidateCrt(ctx, formats); err != nil { - res = append(res, err) - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} - -func (m *VaultConfigurationResponseTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error { - - if m.Ca != nil { - if err := m.Ca.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls" + "." + "ca") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls" + "." + "ca") - } - return err - } - } - - return nil -} - -func (m *VaultConfigurationResponseTLS) contextValidateCrt(ctx context.Context, formats strfmt.Registry) error { - - if m.Crt != nil { - if err := m.Crt.ContextValidate(ctx, formats); err != nil { - if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("tls" + "." + "crt") - } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("tls" + "." + "crt") - } - return err - } - } - - return nil -} - -// MarshalBinary interface implementation -func (m *VaultConfigurationResponseTLS) MarshalBinary() ([]byte, error) { - if m == nil { - return nil, nil - } - return swag.WriteJSON(m) -} - -// UnmarshalBinary interface implementation -func (m *VaultConfigurationResponseTLS) UnmarshalBinary(b []byte) error { - var res VaultConfigurationResponseTLS - if err := swag.ReadJSON(b, &res); err != nil { - return err - } - *m = res - return nil -} diff --git a/operatorapi/embedded_spec.go b/operatorapi/embedded_spec.go index 787bf3116..7dd8a56da 100644 --- a/operatorapi/embedded_spec.go +++ b/operatorapi/embedded_spec.go @@ -3045,10 +3045,6 @@ func init() { "type": "object", "$ref": "#/definitions/azureConfiguration" }, - "client": { - "type": "object", - "$ref": "#/definitions/keyPairConfiguration" - }, "gcp": { "type": "object", "$ref": "#/definitions/gcpConfiguration" @@ -3060,6 +3056,24 @@ func init() { "image": { "type": "string" }, + "kms_mtls": { + "type": "object", + "properties": { + "ca": { + "type": "string" + }, + "crt": { + "type": "string" + }, + "key": { + "type": "string" + } + } + }, + "minio_mtls": { + "type": "object", + "$ref": "#/definitions/keyPairConfiguration" + }, "raw": { "type": "string" }, @@ -3076,7 +3090,7 @@ func init() { "type": "object", "$ref": "#/definitions/securityContext" }, - "server": { + "server_tls": { "type": "object", "$ref": "#/definitions/keyPairConfiguration" }, @@ -3115,7 +3129,20 @@ func init() { "image": { "type": "string" }, - "mtls_client": { + "kms_mtls": { + "type": "object", + "properties": { + "ca": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + }, + "crt": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + } + } + }, + "minio_mtls": { "type": "object", "$ref": "#/definitions/certificateInfo" }, @@ -3129,7 +3156,7 @@ func init() { "type": "object", "$ref": "#/definitions/securityContext" }, - "server": { + "server_tls": { "type": "object", "$ref": "#/definitions/certificateInfo" }, @@ -3304,17 +3331,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "string" - } - } } } } @@ -3354,18 +3370,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } } } } @@ -5140,20 +5144,6 @@ func init() { "format": "int64" } } - }, - "tls": { - "type": "object", - "properties": { - "ca": { - "type": "string" - }, - "crt": { - "type": "string" - }, - "key": { - "type": "string" - } - } } } }, @@ -5206,19 +5196,6 @@ func init() { "format": "int64" } } - }, - "tls": { - "type": "object", - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - }, - "crt": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } } } }, @@ -7748,6 +7725,33 @@ func init() { } } }, + "EncryptionConfigurationAO1KmsMtls": { + "type": "object", + "properties": { + "ca": { + "type": "string" + }, + "crt": { + "type": "string" + }, + "key": { + "type": "string" + } + } + }, + "EncryptionConfigurationResponseAO1KmsMtls": { + "type": "object", + "properties": { + "ca": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + }, + "crt": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + } + } + }, "GcpConfigurationSecretmanager": { "type": "object", "required": [ @@ -7824,17 +7828,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "string" - } - } } } }, @@ -7857,17 +7850,6 @@ func init() { } } }, - "GemaltoConfigurationKeysecureTLS": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "string" - } - } - }, "GemaltoConfigurationResponseKeysecure": { "type": "object", "required": [ @@ -7896,18 +7878,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } } } }, @@ -7930,18 +7900,6 @@ func init() { } } }, - "GemaltoConfigurationResponseKeysecureTLS": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } - }, "IdpConfigurationActiveDirectory": { "type": "object", "required": [ @@ -8463,19 +8421,6 @@ func init() { } } }, - "VaultConfigurationResponseTLS": { - "type": "object", - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - }, - "crt": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } - }, "VaultConfigurationStatus": { "type": "object", "properties": { @@ -8485,20 +8430,6 @@ func init() { } } }, - "VaultConfigurationTLS": { - "type": "object", - "properties": { - "ca": { - "type": "string" - }, - "crt": { - "type": "string" - }, - "key": { - "type": "string" - } - } - }, "allocatableResourcesResponse": { "type": "object", "properties": { @@ -9117,10 +9048,6 @@ func init() { "type": "object", "$ref": "#/definitions/azureConfiguration" }, - "client": { - "type": "object", - "$ref": "#/definitions/keyPairConfiguration" - }, "gcp": { "type": "object", "$ref": "#/definitions/gcpConfiguration" @@ -9132,6 +9059,24 @@ func init() { "image": { "type": "string" }, + "kms_mtls": { + "type": "object", + "properties": { + "ca": { + "type": "string" + }, + "crt": { + "type": "string" + }, + "key": { + "type": "string" + } + } + }, + "minio_mtls": { + "type": "object", + "$ref": "#/definitions/keyPairConfiguration" + }, "raw": { "type": "string" }, @@ -9148,7 +9093,7 @@ func init() { "type": "object", "$ref": "#/definitions/securityContext" }, - "server": { + "server_tls": { "type": "object", "$ref": "#/definitions/keyPairConfiguration" }, @@ -9187,7 +9132,20 @@ func init() { "image": { "type": "string" }, - "mtls_client": { + "kms_mtls": { + "type": "object", + "properties": { + "ca": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + }, + "crt": { + "type": "object", + "$ref": "#/definitions/certificateInfo" + } + } + }, + "minio_mtls": { "type": "object", "$ref": "#/definitions/certificateInfo" }, @@ -9201,7 +9159,7 @@ func init() { "type": "object", "$ref": "#/definitions/securityContext" }, - "server": { + "server_tls": { "type": "object", "$ref": "#/definitions/certificateInfo" }, @@ -9376,17 +9334,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "string" - } - } } } } @@ -9426,18 +9373,6 @@ func init() { }, "endpoint": { "type": "string" - }, - "tls": { - "type": "object", - "required": [ - "ca" - ], - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } } } } @@ -11065,20 +11000,6 @@ func init() { "format": "int64" } } - }, - "tls": { - "type": "object", - "properties": { - "ca": { - "type": "string" - }, - "crt": { - "type": "string" - }, - "key": { - "type": "string" - } - } } } }, @@ -11131,19 +11052,6 @@ func init() { "format": "int64" } } - }, - "tls": { - "type": "object", - "properties": { - "ca": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - }, - "crt": { - "type": "object", - "$ref": "#/definitions/certificateInfo" - } - } } } }, diff --git a/operatorapi/tenant_add.go b/operatorapi/tenant_add.go index 2b60c3424..f2fc00960 100644 --- a/operatorapi/tenant_add.go +++ b/operatorapi/tenant_add.go @@ -291,9 +291,9 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre // If encryption configuration is present and TLS will be enabled (using AutoCert or External certificates) if tenantReq.Encryption != nil && canEncryptionBeEnabled { // KES client mTLSCertificates used by MinIO instance - if tenantReq.Encryption.Client != nil { + if tenantReq.Encryption.MinioMtls != nil { tenantExternalClientCertSecretName := fmt.Sprintf("%s-external-client-certificate-kes", tenantName) - certificates := []*models.KeyPairConfiguration{tenantReq.Encryption.Client} + certificates := []*models.KeyPairConfiguration{tenantReq.Encryption.MinioMtls} certificateSecrets, err := createOrReplaceExternalCertSecrets(ctx, &k8sClient, ns, certificates, tenantExternalClientCertSecretName, tenantName) if err != nil { return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault) diff --git a/operatorapi/tenants_helper.go b/operatorapi/tenants_helper.go index cdddc6bff..f2e60c148 100644 --- a/operatorapi/tenants_helper.go +++ b/operatorapi/tenants_helper.go @@ -182,13 +182,13 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI, } } } - if body.Server != nil { + if body.ServerTLS != nil { kesExternalCertSecretName := fmt.Sprintf("%s-kes-external-cert", secretName) if tenant.KESExternalCert() { kesExternalCertSecretName = tenant.Spec.KES.ExternalCertSecret.Name } // update certificates - certificates := []*models.KeyPairConfiguration{body.Server} + certificates := []*models.KeyPairConfiguration{body.ServerTLS} createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, kesExternalCertSecretName, tenantName) if err != nil { return err @@ -197,13 +197,13 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI, tenant.Spec.KES.ExternalCertSecret = createdCertificates[0] } } - if body.Client != nil { + if body.MinioMtls != nil { tenantExternalClientCertSecretName := fmt.Sprintf("%s-tenant-external-client-cert", secretName) if tenant.ExternalClientCert() { tenantExternalClientCertSecretName = tenant.Spec.ExternalClientCertSecret.Name } // Update certificates - certificates := []*models.KeyPairConfiguration{body.Client} + certificates := []*models.KeyPairConfiguration{body.MinioMtls} createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, tenantExternalClientCertSecretName, tenantName) if err != nil { return err @@ -309,7 +309,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c return nil, err } if len(kesExternalCerts) > 0 { - encryptConfig.Server = kesExternalCerts[0] + encryptConfig.ServerTLS = kesExternalCerts[0] } } if tenant.ExternalClientCert() { @@ -318,7 +318,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c return nil, err } if len(clientCerts) > 0 { - encryptConfig.MtlsClient = clientCerts[0] + encryptConfig.MinioMtls = clientCerts[0] } } @@ -357,7 +357,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c } } if tenant.KESClientCert() { - vaultConfig.TLS = &models.VaultConfigurationResponseTLS{} + encryptConfig.KmsMtls = &models.EncryptionConfigurationResponseAO1KmsMtls{} clientSecretName := tenant.Spec.KES.ClientCertSecret.Name keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{}) if err != nil { @@ -365,14 +365,14 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c } // Extract client public certificate if rawCert, ok := keyPair.Data["client.crt"]; ok { - vaultConfig.TLS.Crt, err = parseCertificate(clientSecretName, rawCert) + encryptConfig.KmsMtls.Crt, err = parseCertificate(clientSecretName, rawCert) if err != nil { return nil, err } } // Extract client ca certificate if rawCert, ok := keyPair.Data["ca.crt"]; ok { - vaultConfig.TLS.Ca, err = parseCertificate(clientSecretName, rawCert) + encryptConfig.KmsMtls.Ca, err = parseCertificate(clientSecretName, rawCert) if err != nil { return nil, err } @@ -420,7 +420,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c } if gemalto.KeySecure.TLS != nil { if tenant.KESClientCert() { - gemaltoConfig.Keysecure.TLS = &models.GemaltoConfigurationResponseKeysecureTLS{} + encryptConfig.KmsMtls = &models.EncryptionConfigurationResponseAO1KmsMtls{} clientSecretName := tenant.Spec.KES.ClientCertSecret.Name keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{}) if err != nil { @@ -428,7 +428,7 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c } // Extract client ca certificate if rawCert, ok := keyPair.Data["ca.crt"]; ok { - gemaltoConfig.Keysecure.TLS.Ca, err = parseCertificate(clientSecretName, rawCert) + encryptConfig.KmsMtls.Ca, err = parseCertificate(clientSecretName, rawCert) if err != nil { return nil, err } @@ -511,8 +511,8 @@ func getKESConfiguration(ctx context.Context, clientSet K8sClientI, ns string, e } } // Generate server certificates for KES - if encryptionCfg.Server != nil { - certificates := []*models.KeyPairConfiguration{encryptionCfg.Server} + if encryptionCfg.ServerTLS != nil { + certificates := []*models.KeyPairConfiguration{encryptionCfg.ServerTLS} certificateSecrets, err := createOrReplaceExternalCertSecrets(ctx, clientSet, ns, certificates, kesExternalCertSecretName, tenantName) if err != nil { return nil, err @@ -633,9 +633,9 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl // and pass it to KES via the ${MINIO_KES_IDENTITY} variable clientCrtIdentity := "${MINIO_KES_IDENTITY}" // If a client certificate is provided proceed to calculate the identity - if encryptionCfg.Client != nil { + if encryptionCfg.MinioMtls != nil { // Client certificate for KES used by Minio to mTLS - clientTLSCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.Client.Crt) + clientTLSCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.MinioMtls.Crt) if err != nil { return nil, nil, err } @@ -717,8 +717,8 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl return nil, nil, errors.New("approle credentials missing for kes") } // Vault mTLS kesConfiguration - if encryptionCfg.Vault.TLS != nil { - vaultTLSConfig := encryptionCfg.Vault.TLS + if encryptionCfg.KmsMtls != nil { + vaultTLSConfig := encryptionCfg.KmsMtls kesConfig.Keys.Vault.TLS = &kes.VaultTLS{} if vaultTLSConfig.Crt != "" { clientCrt, err := base64.StdEncoding.DecodeString(vaultTLSConfig.Crt) @@ -773,9 +773,9 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl if encryptionCfg.Gemalto.Keysecure != nil { kesConfig.Keys.Gemalto.KeySecure.Endpoint = *encryptionCfg.Gemalto.Keysecure.Endpoint // Gemalto TLS kesConfiguration - if encryptionCfg.Gemalto.Keysecure.TLS != nil { - if encryptionCfg.Gemalto.Keysecure.TLS.Ca != nil { - caCrt, err := base64.StdEncoding.DecodeString(*encryptionCfg.Gemalto.Keysecure.TLS.Ca) + if encryptionCfg.KmsMtls != nil { + if encryptionCfg.KmsMtls.Ca != "" { + caCrt, err := base64.StdEncoding.DecodeString(encryptionCfg.KmsMtls.Ca) if err != nil { return nil, nil, err } diff --git a/operatorapi/tenants_helper_test.go b/operatorapi/tenants_helper_test.go index 1c90d426f..d5fbf405f 100644 --- a/operatorapi/tenants_helper_test.go +++ b/operatorapi/tenants_helper_test.go @@ -289,7 +289,7 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) { ctx: context.Background(), clientSet: k8sClient, encryptionCfg: &models.EncryptionConfiguration{ - Client: &models.KeyPairConfiguration{ + MinioMtls: &models.KeyPairConfiguration{ Crt: &badCrt, Key: &badKey, }, @@ -312,7 +312,7 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) { ctx: context.Background(), clientSet: k8sClient, encryptionCfg: &models.EncryptionConfiguration{ - Client: &models.KeyPairConfiguration{ + MinioMtls: &models.KeyPairConfiguration{ Crt: &key, // will cause an error because we are passing a private key as the public key Key: &key, }, @@ -335,10 +335,15 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) { ctx: context.Background(), clientSet: k8sClient, encryptionCfg: &models.EncryptionConfiguration{ - Client: &models.KeyPairConfiguration{ + MinioMtls: &models.KeyPairConfiguration{ Crt: &crt, Key: &key, }, + KmsMtls: &models.EncryptionConfigurationAO1KmsMtls{ + Ca: crt, + Crt: crt, + Key: key, + }, Vault: &models.VaultConfiguration{ Approle: &models.VaultConfigurationApprole{ Engine: "", @@ -351,11 +356,6 @@ func Test_createOrReplaceKesConfigurationSecrets(t *testing.T) { Namespace: "", Prefix: "", Status: nil, - TLS: &models.VaultConfigurationTLS{ - Ca: crt, - Crt: crt, - Key: key, - }, }, }, ns: "default", diff --git a/portal-ui/src/screens/Console/Common/TLSCertificate/TLSCertificate.tsx b/portal-ui/src/screens/Console/Common/TLSCertificate/TLSCertificate.tsx index 2ac31bdc0..943bdba93 100644 --- a/portal-ui/src/screens/Console/Common/TLSCertificate/TLSCertificate.tsx +++ b/portal-ui/src/screens/Console/Common/TLSCertificate/TLSCertificate.tsx @@ -140,8 +140,11 @@ const TLSCertificate = ({ {`${certificates.length} Domain (s):`} - {certificates.map((dom) => ( - + {certificates.map((dom, index) => ( + diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx index ed6b127ff..6b278e93a 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx @@ -40,8 +40,10 @@ import { } from "../../../../../utils/validationFunctions"; import SectionH1 from "../../../Common/SectionH1"; import { - addFileClientCert, - addFileServerCert, + addFileMinIOMTLSCert, + addFileKESServerCert, + addFileKMSCa, + addFileKMSMTLSCert, isPageValid, updateAddField, } from "../createTenantSlice"; @@ -135,13 +137,18 @@ const Encryption = ({ classes }: IEncryptionProps) => { const minioServerCertificates = useSelector( (state: AppState) => state.createTenant.certificates.minioServerCertificates ); - const serverCertificate = useSelector( - (state: AppState) => state.createTenant.certificates.serverCertificate + const kesServerCertificate = useSelector( + (state: AppState) => state.createTenant.certificates.kesServerCertificate ); - const clientCertificate = useSelector( - (state: AppState) => state.createTenant.certificates.clientCertificate + const minioMTLSCertificate = useSelector( + (state: AppState) => state.createTenant.certificates.minioMTLSCertificate + ); + const kmsMTLSCertificate = useSelector( + (state: AppState) => state.createTenant.certificates.kmsMTLSCertificate + ); + const kmsCA = useSelector( + (state: AppState) => state.createTenant.certificates.kmsCA ); - const enableCustomCerts = useSelector( (state: AppState) => state.createTenant.fields.security.enableCustomCerts ); @@ -231,22 +238,22 @@ const Encryption = ({ classes }: IEncryptionProps) => { { fieldKey: "serverKey", required: !enableAutoCert, - value: serverCertificate.encoded_key, + value: kesServerCertificate.encoded_key, }, { fieldKey: "serverCert", required: !enableAutoCert, - value: serverCertificate.encoded_cert, + value: kesServerCertificate.encoded_cert, }, { fieldKey: "clientKey", required: !enableAutoCert, - value: clientCertificate.encoded_key, + value: minioMTLSCertificate.encoded_key, }, { fieldKey: "clientCert", required: !enableAutoCert, - value: clientCertificate.encoded_cert, + value: minioMTLSCertificate.encoded_cert, }, ]; } @@ -275,10 +282,10 @@ const Encryption = ({ classes }: IEncryptionProps) => { dispatch, enableAutoCert, enableCustomCerts, - serverCertificate.encoded_key, - serverCertificate.encoded_cert, - clientCertificate.encoded_key, - clientCertificate.encoded_cert, + kesServerCertificate.encoded_key, + kesServerCertificate.encoded_cert, + minioMTLSCertificate.encoded_key, + minioMTLSCertificate.encoded_cert, kesSecurityContext, replicas, ]); @@ -407,12 +414,12 @@ const Encryption = ({ classes }: IEncryptionProps) => {
- Encryption Service Certificates + Encryption server certificates { dispatch( - addFileServerCert({ + addFileKESServerCert({ key: "key", fileName: fileName, value: encodedValue, @@ -425,13 +432,13 @@ const Encryption = ({ classes }: IEncryptionProps) => { name="serverKey" label="Key" error={validationErrors["serverKey"] || ""} - value={serverCertificate.key} + value={kesServerCertificate.key} required={!enableAutoCert} /> { dispatch( - addFileServerCert({ + addFileKESServerCert({ key: "cert", fileName: fileName, value: encodedValue, @@ -444,7 +451,7 @@ const Encryption = ({ classes }: IEncryptionProps) => { name="serverCert" label="Cert" error={validationErrors["serverCert"] || ""} - value={serverCertificate.cert} + value={kesServerCertificate.cert} required={!enableAutoCert} />
@@ -454,12 +461,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
- Mutual TLS authentication with MinIO + MinIO mTLS certificates (connection between MinIO and + the Encryption server) { dispatch( - addFileClientCert({ + addFileMinIOMTLSCert({ key: "key", fileName: fileName, value: encodedValue, @@ -472,13 +480,13 @@ const Encryption = ({ classes }: IEncryptionProps) => { name="clientKey" label="Key" error={validationErrors["clientKey"] || ""} - value={clientCertificate.key} + value={minioMTLSCertificate.key} required={!enableAutoCert} /> { dispatch( - addFileClientCert({ + addFileMinIOMTLSCert({ key: "cert", fileName: fileName, value: encodedValue, @@ -491,12 +499,70 @@ const Encryption = ({ classes }: IEncryptionProps) => { name="clientCert" label="Cert" error={validationErrors["clientCert"] || ""} - value={clientCertificate.cert} + value={minioMTLSCertificate.cert} required={!enableAutoCert} />
+ +
+ + KMS mTLS certificates (connection between the Encryption + server and the KMS) + + { + dispatch( + addFileKMSMTLSCert({ + key: "key", + fileName: fileName, + value: encodedValue, + }) + ); + cleanValidation("vault_key"); + }} + accept=".key,.pem" + id="vault_key" + name="vault_key" + label="Key" + value={kmsMTLSCertificate.key} + /> + { + dispatch( + addFileKMSMTLSCert({ + key: "cert", + fileName: fileName, + value: encodedValue, + }) + ); + cleanValidation("vault_cert"); + }} + accept=".cer,.crt,.cert,.pem" + id="vault_cert" + name="vault_cert" + label="Cert" + value={kmsMTLSCertificate.cert} + /> + { + dispatch( + addFileKMSCa({ + fileName: fileName, + value: encodedValue, + }) + ); + cleanValidation("vault_ca"); + }} + accept=".cer,.crt,.cert,.pem" + id="vault_ca" + name="vault_ca" + label="CA" + value={kmsCA.cert} + /> +
+ )} diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/GemaltoKMSAdd.tsx b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/GemaltoKMSAdd.tsx index 8cb1971ef..872d4521b 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/GemaltoKMSAdd.tsx +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/GemaltoKMSAdd.tsx @@ -28,12 +28,7 @@ import { wizardCommon, } from "../../../../Common/FormComponents/common/styleLibrary"; import makeStyles from "@mui/styles/makeStyles"; -import FileSelector from "../../../../Common/FormComponents/FileSelector/FileSelector"; -import { - addFileGemaltoCa, - isPageValid, - updateAddField, -} from "../../createTenantSlice"; +import { isPageValid, updateAddField } from "../../createTenantSlice"; import { commonFormValidation, IValidation, @@ -56,9 +51,6 @@ const GemaltoKMSAdd = () => { const encryptionTab = useSelector( (state: AppState) => state.createTenant.fields.encryption.encryptionTab ); - const gemaltoCA = useSelector( - (state: AppState) => state.createTenant.certificates.gemaltoCA - ); const gemaltoEndpoint = useSelector( (state: AppState) => state.createTenant.fields.encryption.gemaltoEndpoint ); @@ -209,36 +201,6 @@ const GemaltoKMSAdd = () => { - -
- - Custom CA Root certificate verification - - - { - dispatch( - addFileGemaltoCa({ - fileName: fileName, - value: encodedValue, - }) - ); - cleanValidation("gemalto_ca"); - }} - accept=".cer,.crt,.cert,.pem" - id="gemalto_ca" - name="gemalto_ca" - label="CA" - value={gemaltoCA.cert} - /> -
- ); }; diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/VaultKMSAdd.tsx b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/VaultKMSAdd.tsx index d45e802d6..20180d834 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/VaultKMSAdd.tsx +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption/VaultKMSAdd.tsx @@ -18,13 +18,7 @@ import React, { Fragment, useCallback, useEffect, useState } from "react"; import Grid from "@mui/material/Grid"; import InputBoxWrapper from "../../../../Common/FormComponents/InputBoxWrapper/InputBoxWrapper"; -import FileSelector from "../../../../Common/FormComponents/FileSelector/FileSelector"; -import { - addFileVaultCa, - addFileVaultCert, - isPageValid, - updateAddField, -} from "../../createTenantSlice"; +import { isPageValid, updateAddField } from "../../createTenantSlice"; import { useSelector } from "react-redux"; import { AppState, useAppDispatch } from "../../../../../../store"; import { Theme } from "@mui/material/styles"; @@ -85,12 +79,6 @@ const VaultKMSAdd = () => { const vaultPing = useSelector( (state: AppState) => state.createTenant.fields.encryption.vaultPing ); - const vaultCertificate = useSelector( - (state: AppState) => state.createTenant.certificates.vaultCertificate - ); - const vaultCA = useSelector( - (state: AppState) => state.createTenant.certificates.vaultCA - ); const [validationErrors, setValidationErrors] = useState({}); @@ -278,64 +266,6 @@ const VaultKMSAdd = () => { - - -
- - Mutual TLS authentication (optional) - - { - dispatch( - addFileVaultCert({ - key: "key", - fileName: fileName, - value: encodedValue, - }) - ); - cleanValidation("vault_key"); - }} - accept=".key,.pem" - id="vault_key" - name="vault_key" - label="Key" - value={vaultCertificate.key} - /> - { - dispatch( - addFileVaultCert({ - key: "cert", - fileName: fileName, - value: encodedValue, - }) - ); - cleanValidation("vault_cert"); - }} - accept=".cer,.crt,.cert,.pem" - id="vault_cert" - name="vault_cert" - label="Cert" - value={vaultCertificate.cert} - /> - { - dispatch( - addFileVaultCa({ - fileName: fileName, - value: encodedValue, - }) - ); - cleanValidation("vault_ca"); - }} - accept=".cer,.crt,.cert,.pem" - id="vault_ca" - name="vault_ca" - label="CA" - value={vaultCA.cert} - /> -
- ) => { - const consoleCert = state.certificates.consoleCertificate; - state.certificates.consoleCertificate = { - ...consoleCert, - [action.payload.key]: action.payload.fileName, - [`encoded_${action.payload.key}`]: action.payload.value, - }; - }, - addConsoleCaCertificate: (state) => { - state.certificates.consoleCaCertificates.push({ - id: Date.now().toString(), - key: "", - cert: "", - encoded_key: "", - encoded_cert: "", - }); - }, - addFileToConsoleCaCertificates: ( - state, - action: PayloadAction - ) => { - const consoleCaCertificates = state.certificates.consoleCaCertificates; + addFileKESServerCert: (state, action: PayloadAction) => { + const encServerCert = state.certificates.kesServerCertificate; - state.certificates.consoleCaCertificates = consoleCaCertificates.map( - (item: KeyPair) => { - if (item.id === action.payload.id) { - return { - ...item, - [action.payload.key]: action.payload.fileName, - [`encoded_${action.payload.key}`]: action.payload.value, - }; - } - return item; - } - ); - }, - deleteConsoleCaCertificate: (state, action: PayloadAction) => { - const consoleCACertsList = state.certificates.consoleCaCertificates; - if (consoleCACertsList.length > 1) { - state.certificates.consoleCaCertificates = consoleCACertsList.filter( - (item: KeyPair) => item.id !== action.payload - ); - } - }, - addFileServerCert: (state, action: PayloadAction) => { - const encServerCert = state.certificates.serverCertificate; - - state.certificates.serverCertificate = { + state.certificates.kesServerCertificate = { ...encServerCert, [action.payload.key]: action.payload.fileName, [`encoded_${action.payload.key}`]: action.payload.value, }; }, - addFileClientCert: (state, action: PayloadAction) => { - const encClientCert = state.certificates.clientCertificate; + addFileMinIOMTLSCert: (state, action: PayloadAction) => { + const encClientCert = state.certificates.minioMTLSCertificate; - state.certificates.clientCertificate = { + state.certificates.minioMTLSCertificate = { ...encClientCert, [action.payload.key]: action.payload.fileName, [`encoded_${action.payload.key}`]: action.payload.value, }; }, - addFileVaultCert: (state, action: PayloadAction) => { - const encVaultCert = state.certificates.vaultCertificate; + addFileKMSMTLSCert: (state, action: PayloadAction) => { + const encKMSTLSCert = state.certificates.kmsMTLSCertificate; - state.certificates.vaultCertificate = { - ...encVaultCert, + state.certificates.kmsMTLSCertificate = { + ...encKMSTLSCert, [action.payload.key]: action.payload.fileName, [`encoded_${action.payload.key}`]: action.payload.value, }; }, - addFileVaultCa: (state, action: PayloadAction) => { - const encVaultCA = state.certificates.vaultCA; + addFileKMSCa: (state, action: PayloadAction) => { + const encKMSCA = state.certificates.kmsCA; - state.certificates.vaultCA = { - ...encVaultCA, - cert: action.payload.fileName, - encoded_cert: action.payload.value, - }; - }, - addFileGemaltoCa: (state, action: PayloadAction) => { - const encGemaltoCA = state.certificates.gemaltoCA; - - state.certificates.gemaltoCA = { - ...encGemaltoCA, + state.certificates.kmsCA = { + ...encKMSCA, cert: action.payload.fileName, encoded_cert: action.payload.value, }; @@ -1038,21 +962,16 @@ export const { addCaCertificate, deleteCaCertificate, addFileToCaCertificates, - addConsoleCaCertificate, - deleteConsoleCaCertificate, - addFileToConsoleCaCertificates, addKeyPair, deleteKeyPair, addFileToKeyPair, addClientKeyPair, deleteClientKeyPair, addFileToClientKeyPair, - addConsoleCertificate, - addFileServerCert, - addFileClientCert, - addFileVaultCert, - addFileVaultCa, - addFileGemaltoCa, + addFileKESServerCert, + addFileMinIOMTLSCert, + addFileKMSMTLSCert, + addFileKMSCa, resetAddTenantForm, setKeyValuePairs, setEnvVars, diff --git a/portal-ui/src/screens/Console/Tenants/AddTenant/thunks/createTenantThunk.ts b/portal-ui/src/screens/Console/Tenants/AddTenant/thunks/createTenantThunk.ts index 95eecf36e..99ba0aef5 100644 --- a/portal-ui/src/screens/Console/Tenants/AddTenant/thunks/createTenantThunk.ts +++ b/portal-ui/src/screens/Console/Tenants/AddTenant/thunks/createTenantThunk.ts @@ -65,11 +65,10 @@ export const createTenantAsync = createAsyncThunk( const minioServerCertificates = certificates.minioServerCertificates; const minioClientCertificates = certificates.minioClientCertificates; const minioCAsCertificates = certificates.minioCAsCertificates; - const serverCertificate = certificates.serverCertificate; - const clientCertificate = certificates.clientCertificate; - const vaultCertificate = certificates.vaultCertificate; - const vaultCA = certificates.vaultCA; - const gemaltoCA = certificates.gemaltoCA; + const kesServerCertificate = certificates.kesServerCertificate; + const minioMTLSCertificate = certificates.minioMTLSCertificate; + const kmsMTLSCertificate = certificates.kmsMTLSCertificate; + const kmsCA = certificates.kmsCA; const rawConfiguration = fields.encryption.rawConfiguration; const encryptionTab = fields.encryption.encryptionTab; const enableEncryption = fields.encryption.enableEncryption; @@ -346,13 +345,6 @@ export const createTenantAsync = createAsyncThunk( switch (encryptionType) { case "gemalto": - let gemaltoCAIntroduce = {}; - - if (gemaltoCA.encoded_cert !== "") { - gemaltoCAIntroduce = { - ca: gemaltoCA.encoded_cert, - }; - } insertEncrypt = { gemalto: { keysecure: { @@ -362,9 +354,6 @@ export const createTenantAsync = createAsyncThunk( domain: gemaltoDomain, retry: parseInt(gemaltoRetry), }, - tls: { - ...gemaltoCAIntroduce, - }, }, }, }; @@ -416,31 +405,6 @@ export const createTenantAsync = createAsyncThunk( }; break; case "vault": - let vaultKeyPair = null; - let vaultCAInsert = null; - if ( - vaultCertificate.encoded_key !== "" && - vaultCertificate.encoded_cert !== "" - ) { - vaultKeyPair = { - key: vaultCertificate.encoded_key, - crt: vaultCertificate.encoded_cert, - }; - } - if (vaultCA.encoded_cert !== "") { - vaultCAInsert = { - ca: vaultCA.encoded_cert, - }; - } - let vaultTLS = null; - if (vaultKeyPair || vaultCAInsert) { - vaultTLS = { - tls: { - ...vaultKeyPair, - ...vaultCAInsert, - }, - }; - } insertEncrypt = { vault: { endpoint: vaultEndpoint, @@ -453,7 +417,6 @@ export const createTenantAsync = createAsyncThunk( secret: vaultSecret, retry: parseInt(vaultRetry), }, - ...vaultTLS, status: { ping: parseInt(vaultPing), }, @@ -464,27 +427,56 @@ export const createTenantAsync = createAsyncThunk( let encryptionServerKeyPair: any = {}; let encryptionClientKeyPair: any = {}; + let encryptionKMSCertificates: any = {}; + // MinIO -> KES (mTLS certificates) if ( - clientCertificate.encoded_key !== "" && - clientCertificate.encoded_cert !== "" + minioMTLSCertificate.encoded_key !== "" && + minioMTLSCertificate.encoded_cert !== "" ) { encryptionClientKeyPair = { - client: { - key: clientCertificate.encoded_key, - crt: clientCertificate.encoded_cert, + minio_mtls: { + key: minioMTLSCertificate.encoded_key, + crt: minioMTLSCertificate.encoded_cert, }, }; } + // KES server certificates if ( - serverCertificate.encoded_key !== "" && - serverCertificate.encoded_cert !== "" + kesServerCertificate.encoded_key !== "" && + kesServerCertificate.encoded_cert !== "" ) { encryptionServerKeyPair = { - server: { - key: serverCertificate.encoded_key, - crt: serverCertificate.encoded_cert, + server_tls: { + key: kesServerCertificate.encoded_key, + crt: kesServerCertificate.encoded_cert, + }, + }; + } + + // KES -> KMS (mTLS certificates) + let kmsMTLSKeyPair = null; + let kmsCAInsert = null; + if ( + kmsMTLSCertificate.encoded_key !== "" && + kmsMTLSCertificate.encoded_cert !== "" + ) { + kmsMTLSKeyPair = { + key: kmsMTLSCertificate.encoded_key, + crt: kmsMTLSCertificate.encoded_cert, + }; + } + if (kmsCA.encoded_cert !== "") { + kmsCAInsert = { + ca: kmsCA.encoded_cert, + }; + } + if (kmsMTLSKeyPair || kmsCAInsert) { + encryptionKMSCertificates = { + kms_mtls: { + ...kmsMTLSKeyPair, + ...kmsCAInsert, }, }; } @@ -498,6 +490,7 @@ export const createTenantAsync = createAsyncThunk( image: kesImage, ...encryptionClientKeyPair, ...encryptionServerKeyPair, + ...encryptionKMSCertificates, ...insertEncrypt, }, }; @@ -583,7 +576,7 @@ export const createTenantAsync = createAsyncThunk( idp: { ...dataIDP }, }; - const response = createTenantCall(dataSend) + return createTenantCall(dataSend) .then((resp) => { return resp; }) @@ -591,6 +584,5 @@ export const createTenantAsync = createAsyncThunk( dispatch(setErrorSnackMessage(err)); return rejectWithValue(err); }); - return response; } ); diff --git a/portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx b/portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx index 0c0b74712..88e8fe9ed 100644 --- a/portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx +++ b/portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx @@ -97,7 +97,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { useState(""); const [encryptionEnabled, setEncryptionEnabled] = useState(false); const [encryptionType, setEncryptionType] = useState("vault"); - const [replicas, setReplicas] = useState("2"); + const [replicas, setReplicas] = useState("1"); const [image, setImage] = useState(""); const [refreshEncryptionInfo, setRefreshEncryptionInfo] = useState(false); @@ -116,11 +116,12 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { const [enabledCustomCertificates, setEnabledCustomCertificates] = useState(false); const [updatingEncryption, setUpdatingEncryption] = useState(false); - const [serverTLSCertificateSecret, setServerTLSCertificateSecret] = + const [kesServerTLSCertificateSecret, setKesServerTLSCertificateSecret] = useState(null); - const [mTLSCertificateSecret, setMTLSCertificateSecret] = + const [minioMTLSCertificateSecret, setMinioMTLSCertificateSecret] = useState(null); - const [mTLSCertificate, setMTLSCertificate] = useState(null); + const [minioMTLSCertificate, setMinioMTLSCertificate] = + useState(null); const [certificatesToBeRemoved, setCertificatesToBeRemoved] = useState< string[] >([]); @@ -128,22 +129,18 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { const [isFormValid, setIsFormValid] = useState(false); const [showVaultAppRoleSecret, setShowVaultAppRoleSecret] = useState(false); - const [vaultClientCertificateSecret, setVaultClientCertificateSecret] = + const [kmsMTLSCertificateSecret, setKmsMTLSCertificateSecret] = useState(null); - const [vaultCACertificateSecret, setVaultCACertificateSecret] = + const [kmsCACertificateSecret, setKMSCACertificateSecret] = useState(null); - const [vaultClientCertificate, setVaultClientCertificate] = - useState(null); - const [serverCertificate, setServerCertificate] = useState( + const [kmsMTLSCertificate, setKmsMTLSCertificate] = useState( null ); - const [vaultCACertificate, setVaultCACertificate] = useState( + const [kesServerCertificate, setKESServerCertificate] = + useState(null); + const [kmsCACertificate, setKmsCACertificate] = useState( null ); - const [gemaltoCACertificateSecret, setGemaltoCACertificateSecret] = - useState(null); - const [gemaltoCACertificate, setGemaltotCACertificate] = - useState(null); const [validationErrors, setValidationErrors] = useState({}); const cleanValidation = (fieldName: string) => { setValidationErrors(clearValidationError(validationErrors, fieldName)); @@ -199,22 +196,22 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { { fieldKey: "serverKey", required: false, - value: serverCertificate?.encoded_key || "", + value: kesServerCertificate?.encoded_key || "", }, { fieldKey: "serverCert", required: false, - value: serverCertificate?.encoded_cert || "", + value: kesServerCertificate?.encoded_cert || "", }, { fieldKey: "clientKey", required: false, - value: mTLSCertificate?.encoded_key || "", + value: minioMTLSCertificate?.encoded_key || "", }, { fieldKey: "clientCert", required: false, - value: mTLSCertificate?.encoded_cert || "", + value: minioMTLSCertificate?.encoded_cert || "", }, ]; } @@ -345,14 +342,14 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { enabledCustomCertificates, encryptionEnabled, encryptionType, - serverCertificate?.encoded_key, - serverCertificate?.encoded_cert, - mTLSCertificate?.encoded_key, - mTLSCertificate?.encoded_cert, - vaultClientCertificate?.encoded_key, - vaultClientCertificate?.encoded_cert, - vaultCACertificate?.encoded_key, - vaultCACertificate?.encoded_cert, + kesServerCertificate?.encoded_key, + kesServerCertificate?.encoded_cert, + minioMTLSCertificate?.encoded_key, + minioMTLSCertificate?.encoded_cert, + kmsMTLSCertificate?.encoded_key, + kmsMTLSCertificate?.encoded_cert, + kmsCACertificate?.encoded_key, + kmsCACertificate?.encoded_cert, securityContext, vaultConfiguration, awsConfiguration, @@ -375,19 +372,12 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { if (resp.vault) { setEncryptionType("vault"); setVaultConfiguration(resp.vault); - if (resp.vault.tls) { - setVaultClientCertificateSecret(resp.vault.tls.crt); - setVaultCACertificateSecret(resp.vault.tls.ca); - } } else if (resp.aws) { setEncryptionType("aws"); setAWSConfiguration(resp.aws); } else if (resp.gemalto) { setEncryptionType("gemalto"); setGemaltoConfiguration(resp.gemalto); - if (resp.gemalto.keysecure.tls) { - setGemaltoCACertificateSecret(resp.gemalto.keysecure.tls.ca); - } } else if (resp.gcp) { setEncryptionType("gcp"); setGCPConfiguration(resp.gcp); @@ -402,14 +392,18 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { if (resp.securityContext) { setSecurityContext(resp.securityContext); } - if (resp.server || resp.mtls_client) { + if (resp.server_tls || resp.minio_mtls || resp.kms_mtls) { setEnabledCustomCertificates(true); } - if (resp.server) { - setServerTLSCertificateSecret(resp.server); + if (resp.server_tls) { + setKesServerTLSCertificateSecret(resp.server_tls); } - if (resp.mtls_client) { - setMTLSCertificateSecret(resp.mtls_client); + if (resp.minio_mtls) { + setMinioMTLSCertificateSecret(resp.minio_mtls); + } + if (resp.kms_mtls) { + setKmsMTLSCertificateSecret(resp.kms_mtls.crt); + setKMSCACertificateSecret(resp.kms_mtls.ca); } setRefreshEncryptionInfo(false); }) @@ -430,20 +424,17 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { ...certificatesToBeRemoved, certificateInfo.name, ]); - if (certificateInfo.name === serverTLSCertificateSecret?.name) { - setServerTLSCertificateSecret(null); + if (certificateInfo.name === kesServerTLSCertificateSecret?.name) { + setKesServerTLSCertificateSecret(null); } - if (certificateInfo.name === mTLSCertificateSecret?.name) { - setMTLSCertificateSecret(null); + if (certificateInfo.name === minioMTLSCertificateSecret?.name) { + setMinioMTLSCertificateSecret(null); } - if (certificateInfo.name === vaultClientCertificateSecret?.name) { - setVaultClientCertificateSecret(null); + if (certificateInfo.name === kmsMTLSCertificateSecret?.name) { + setKmsMTLSCertificateSecret(null); } - if (certificateInfo.name === vaultCACertificateSecret?.name) { - setVaultCACertificateSecret(null); - } - if (certificateInfo.name === gemaltoCACertificateSecret?.name) { - setGemaltoCACertificateSecret(null); + if (certificateInfo.name === kmsCACertificateSecret?.name) { + setKMSCACertificateSecret(null); } }; @@ -452,15 +443,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { let insertEncrypt = {}; switch (encryptionType) { case "gemalto": - let gemaltoCAIntroduce = {}; - - if (gemaltoCACertificate?.encoded_cert) { - gemaltoCAIntroduce = { - tls: { - ca: gemaltoCACertificate?.encoded_cert, - }, - }; - } insertEncrypt = { gemalto: { keysecure: { @@ -474,7 +456,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { gemaltoConfiguration?.keysecure?.credentials?.retry ), }, - ...gemaltoCAIntroduce, }, }, }; @@ -543,31 +524,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { }; break; case "vault": - let vaultKeyPair = null; - let vaultCAInsert = null; - if ( - vaultClientCertificate?.encoded_key && - vaultClientCertificate?.encoded_cert - ) { - vaultKeyPair = { - key: vaultClientCertificate?.encoded_key, - crt: vaultClientCertificate?.encoded_cert, - }; - } - if (vaultCACertificate?.encoded_cert) { - vaultCAInsert = { - ca: vaultCACertificate?.encoded_cert, - }; - } - let vaultTLS = null; - if (vaultKeyPair || vaultCAInsert) { - vaultTLS = { - tls: { - ...vaultKeyPair, - ...vaultCAInsert, - }, - }; - } insertEncrypt = { vault: { endpoint: vaultConfiguration?.endpoint || "", @@ -580,7 +536,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { secret: vaultConfiguration?.approle?.secret || "", retry: parseInt(vaultConfiguration?.approle?.retry), }, - ...vaultTLS, status: { ping: parseInt(vaultConfiguration?.status?.ping), }, @@ -591,24 +546,57 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { let encryptionServerKeyPair: any = {}; let encryptionClientKeyPair: any = {}; + let encryptionKMSCertificates: any = {}; - if (mTLSCertificate?.encoded_key && mTLSCertificate?.encoded_cert) { + // MinIO -> KES (mTLS certificates) + if ( + minioMTLSCertificate?.encoded_key && + minioMTLSCertificate?.encoded_cert + ) { encryptionClientKeyPair = { - client: { - key: mTLSCertificate?.encoded_key, - crt: mTLSCertificate?.encoded_cert, + minio_mtls: { + key: minioMTLSCertificate?.encoded_key, + crt: minioMTLSCertificate?.encoded_cert, }, }; } - if (serverCertificate?.encoded_key && serverCertificate?.encoded_cert) { + // KES server certificates + if ( + kesServerCertificate?.encoded_key && + kesServerCertificate?.encoded_cert + ) { encryptionServerKeyPair = { - server: { - key: serverCertificate?.encoded_key, - crt: serverCertificate?.encoded_cert, + server_tls: { + key: kesServerCertificate?.encoded_key, + crt: kesServerCertificate?.encoded_cert, }, }; } + + // KES -> KMS (mTLS certificates) + let kmsMTLSKeyPair = null; + let kmsCAInsert = null; + if (kmsMTLSCertificate?.encoded_key && kmsMTLSCertificate?.encoded_cert) { + kmsMTLSKeyPair = { + key: kmsMTLSCertificate?.encoded_key, + crt: kmsMTLSCertificate?.encoded_cert, + }; + } + if (kmsCACertificate?.encoded_cert) { + kmsCAInsert = { + ca: kmsCACertificate?.encoded_cert, + }; + } + if (kmsMTLSKeyPair || kmsCAInsert) { + encryptionKMSCertificates = { + kms_mtls: { + ...kmsMTLSKeyPair, + ...kmsCAInsert, + }, + }; + } + const dataSend = { raw: editRawConfiguration ? encryptionRawConfiguration : "", secretsToBeDeleted: certificatesToBeRemoved || [], @@ -617,6 +605,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { image: image, ...encryptionClientKeyPair, ...encryptionServerKeyPair, + ...encryptionKMSCertificates, ...insertEncrypt, }; if (!updatingEncryption) { @@ -647,9 +636,9 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { {} ) .then(() => { - fetchEncryptionInfo(); setConfirmOpen(false); setUpdatingEncryption(false); + fetchEncryptionInfo(); }) .catch((err: ErrorResponseHandler) => { setUpdatingEncryption(false); @@ -915,92 +904,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { value={vaultConfiguration?.approle?.retry || ""} /> - - Vault Certificates (optional) - - -
- - Mutual TLS authentication with Vault (optional) - - {vaultClientCertificateSecret ? ( - - removeCertificate(vaultClientCertificateSecret) - } - /> - ) : ( - - - setVaultClientCertificate({ - encoded_key: encodedValue || "", - id: vaultClientCertificate?.id || "", - key: fileName || "", - cert: vaultClientCertificate?.cert || "", - encoded_cert: - vaultClientCertificate?.encoded_cert || "", - }) - } - accept=".key,.pem" - id="vault_key" - name="vault_key" - label="Key" - value={vaultClientCertificate?.key || ""} - /> - - setVaultClientCertificate({ - encoded_key: - vaultClientCertificate?.encoded_key || "", - id: vaultClientCertificate?.id || "", - key: vaultClientCertificate?.key || "", - cert: fileName || "", - encoded_cert: encodedValue || "", - }) - } - accept=".cer,.crt,.cert,.pem" - id="vault_cert" - name="vault_cert" - label="Cert" - value={vaultClientCertificate?.cert || ""} - /> - - )} -
-
- - Vault CA certificate (optional) - - {vaultCACertificateSecret ? ( - - removeCertificate(vaultCACertificateSecret) - } - /> - ) : ( - - setVaultCACertificate({ - encoded_key: - vaultCACertificate?.encoded_key || "", - id: vaultCACertificate?.id || "", - key: vaultCACertificate?.key || "", - cert: fileName || "", - encoded_cert: encodedValue || "", - }) - } - accept=".cer,.crt,.cert,.pem" - id="vault_ca" - name="vault_ca" - label="CA" - value={vaultCACertificate?.cert || ""} - /> - )} -
- Status @@ -1494,45 +1397,6 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { error={validationErrors["gemalto_retry"] || ""} /> - -
- - Custom CA Root certificate verification - - {gemaltoCACertificateSecret ? ( - - removeCertificate(gemaltoCACertificateSecret) - } - /> - ) : ( - - setGemaltotCACertificate({ - encoded_key: - gemaltoCACertificate?.encoded_key || "", - id: gemaltoCACertificate?.id || "", - key: gemaltoCACertificate?.key || "", - cert: fileName || "", - encoded_cert: encodedValue || "", - }) - } - accept=".cer,.crt,.cert,.pem" - id="gemalto_ca" - name="gemalto_ca" - label="CA" - value={gemaltoCACertificate?.cert || ""} - /> - )} -
- )} @@ -1558,26 +1422,26 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
- KES server TLS Certificates (optional) + Encryption server certificates - {serverTLSCertificateSecret ? ( + {kesServerTLSCertificateSecret ? ( - removeCertificate(serverTLSCertificateSecret) + removeCertificate(kesServerTLSCertificateSecret) } /> ) : ( { - setServerCertificate({ + setKESServerCertificate({ encoded_key: encodedValue || "", - id: serverCertificate?.id || "", + id: kesServerCertificate?.id || "", key: fileName || "", - cert: serverCertificate?.cert || "", + cert: kesServerCertificate?.cert || "", encoded_cert: - serverCertificate?.encoded_cert || "", + kesServerCertificate?.encoded_cert || "", }); cleanValidation("serverKey"); }} @@ -1585,14 +1449,15 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { id="serverKey" name="serverKey" label="Key" - value={serverCertificate?.key} + value={kesServerCertificate?.key} /> { - setServerCertificate({ - encoded_key: serverCertificate?.encoded_key || "", - id: serverCertificate?.id || "", - key: serverCertificate?.key || "", + setKESServerCertificate({ + encoded_key: + kesServerCertificate?.encoded_key || "", + id: kesServerCertificate?.id || "", + key: kesServerCertificate?.key || "", cert: fileName || "", encoded_cert: encodedValue || "", }); @@ -1602,7 +1467,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { id="serverCert" name="serverCert" label="Cert" - value={serverCertificate?.cert} + value={kesServerCertificate?.cert} /> )} @@ -1611,25 +1476,27 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
- Mutual TLS authentication with MinIO (optional) + MinIO mTLS certificates (connection between MinIO and the + Encryption server) - {mTLSCertificateSecret ? ( + {minioMTLSCertificateSecret ? ( - removeCertificate(mTLSCertificateSecret) + removeCertificate(minioMTLSCertificateSecret) } /> ) : ( { - setMTLSCertificate({ + setMinioMTLSCertificate({ encoded_key: encodedValue || "", - id: mTLSCertificate?.id || "", + id: minioMTLSCertificate?.id || "", key: fileName || "", - cert: mTLSCertificate?.cert || "", - encoded_cert: mTLSCertificate?.encoded_cert || "", + cert: minioMTLSCertificate?.cert || "", + encoded_cert: + minioMTLSCertificate?.encoded_cert || "", }); cleanValidation("clientKey"); }} @@ -1637,14 +1504,15 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { id="clientKey" name="clientKey" label="Key" - value={mTLSCertificate?.key} + value={minioMTLSCertificate?.key} /> { - setMTLSCertificate({ - encoded_key: mTLSCertificate?.encoded_key || "", - id: mTLSCertificate?.id || "", - key: mTLSCertificate?.key || "", + setMinioMTLSCertificate({ + encoded_key: + minioMTLSCertificate?.encoded_key || "", + id: minioMTLSCertificate?.id || "", + key: minioMTLSCertificate?.key || "", cert: fileName || "", encoded_cert: encodedValue || "", }); @@ -1654,12 +1522,90 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => { id="clientCert" name="clientCert" label="Cert" - value={mTLSCertificate?.cert} + value={minioMTLSCertificate?.cert} /> )}
+ +
+ + KMS mTLS certificates (connection between the Encryption + server and the KMS) + + {kmsMTLSCertificateSecret ? ( + + removeCertificate(kmsMTLSCertificateSecret) + } + /> + ) : ( + + { + setKmsMTLSCertificate({ + encoded_key: encodedValue || "", + id: kmsMTLSCertificate?.id || "", + key: fileName || "", + cert: kmsMTLSCertificate?.cert || "", + encoded_cert: + kmsMTLSCertificate?.encoded_cert || "", + }); + }} + accept=".key,.pem" + id="kms_mtls_key" + name="kms_mtls_key" + label="Key" + value={kmsMTLSCertificate?.key} + /> + + setKmsMTLSCertificate({ + encoded_key: + kmsMTLSCertificate?.encoded_key || "", + id: kmsMTLSCertificate?.id || "", + key: kmsMTLSCertificate?.key || "", + cert: fileName || "", + encoded_cert: encodedValue || "", + }) + } + accept=".cer,.crt,.cert,.pem" + id="kms_mtls_cert" + name="kms_mtls_cert" + label="Cert" + value={kmsMTLSCertificate?.cert || ""} + /> + + )} + {kmsCACertificateSecret ? ( + + removeCertificate(kmsCACertificateSecret) + } + /> + ) : ( + + setKmsCACertificate({ + encoded_key: kmsCACertificate?.encoded_key || "", + id: kmsCACertificate?.id || "", + key: kmsCACertificate?.key || "", + cert: fileName || "", + encoded_cert: encodedValue || "", + }) + } + accept=".cer,.crt,.cert,.pem" + id="kms_mtls_ca" + name="kms_mtls_ca" + label="CA" + value={kmsCACertificate?.cert || ""} + /> + )} +
+ )} diff --git a/portal-ui/src/screens/Console/Tenants/types.ts b/portal-ui/src/screens/Console/Tenants/types.ts index 96474bc6a..9f964b2ae 100644 --- a/portal-ui/src/screens/Console/Tenants/types.ts +++ b/portal-ui/src/screens/Console/Tenants/types.ts @@ -55,11 +55,6 @@ export interface ITenantSecurityResponse { securityContext: ISecurityContext; } -export interface IVaultTLS { - crt: ICertificateInfo; - ca: ICertificateInfo; -} - export interface IVaultAppRole { engine: string; id: string; @@ -78,17 +73,11 @@ export interface IVaultConfiguration { prefix: string; approle: IVaultAppRole; status: IVaultStatus; - tls: IVaultTLS; -} - -export interface IGemaltoTLS { - ca: ICertificateInfo; } export interface IKeysecureConfiguration { endpoint: string; credentials: IGemaltoCredentials; - tls: IGemaltoTLS; } export interface IGemaltoConfiguration { @@ -100,8 +89,12 @@ export interface ITenantEncryptionResponse { image: string; replicas: string; securityContext: ISecurityContext; - server: ICertificateInfo; - mtls_client: ICertificateInfo; + server_tls: ICertificateInfo; + minio_mtls: ICertificateInfo; + kms_mtls: { + crt: ICertificateInfo; + ca: ICertificateInfo; + }; vault?: IVaultConfiguration; aws?: IAWSConfig; gemalto?: IGemaltoConfiguration; @@ -113,13 +106,10 @@ export interface ICertificatesItems { minioServerCertificates: KeyPair[]; minioClientCertificates: KeyPair[]; minioCAsCertificates: KeyPair[]; - consoleCaCertificates: KeyPair[]; - consoleCertificate: KeyPair; - serverCertificate: KeyPair; - clientCertificate: KeyPair; - vaultCertificate: KeyPair; - vaultCA: KeyPair; - gemaltoCA: KeyPair; + kesServerCertificate: KeyPair; + minioMTLSCertificate: KeyPair; + kmsMTLSCertificate: KeyPair; + kmsCA: KeyPair; } export interface IFieldStore { diff --git a/swagger-operator.yml b/swagger-operator.yml index 7894d9904..766967fd5 100644 --- a/swagger-operator.yml +++ b/swagger-operator.yml @@ -2243,12 +2243,21 @@ definitions: type: array items: type: string - server: + server_tls: type: object $ref: "#/definitions/keyPairConfiguration" - client: + minio_mtls: type: object $ref: "#/definitions/keyPairConfiguration" + kms_mtls: + type: object + properties: + key: + type: string + crt: + type: string + ca: + type: string gemalto: type: object $ref: "#/definitions/gemaltoConfiguration" @@ -2279,12 +2288,21 @@ definitions: type: string replicas: type: string - server: + server_tls: type: object $ref: "#/definitions/certificateInfo" - mtls_client: + minio_mtls: type: object $ref: "#/definitions/certificateInfo" + kms_mtls: + type: object + properties: + crt: + type: object + $ref: "#/definitions/certificateInfo" + ca: + type: object + $ref: "#/definitions/certificateInfo" gemalto: type: object $ref: "#/definitions/gemaltoConfigurationResponse" @@ -2339,15 +2357,6 @@ definitions: ping: type: integer format: int64 - tls: - type: object - properties: - key: - type: string - crt: - type: string - ca: - type: string vaultConfigurationResponse: type: object @@ -2384,15 +2393,6 @@ definitions: ping: type: integer format: int64 - tls: - type: object - properties: - crt: - type: object - $ref: "#/definitions/certificateInfo" - ca: - type: object - $ref: "#/definitions/certificateInfo" awsConfiguration: type: object @@ -2451,13 +2451,6 @@ definitions: retry: type: integer format: int64 - tls: - type: object - required: - - ca - properties: - ca: - type: string gemaltoConfigurationResponse: type: object @@ -2485,14 +2478,6 @@ definitions: retry: type: integer format: int64 - tls: - type: object - required: - - ca - properties: - ca: - type: object - $ref: "#/definitions/certificateInfo" gcpConfiguration: type: object