remove EXTERNAL_INSECURE

README.md

@@ -622,42 +622,40 @@ In addition to `password` and `password-path`, there is a new field `password-ke
 Validation allows only one of these three fields to be present.
 ```yaml
   dto.Credentials:
-      description: Credentials represents authentication details to the Aerospike cluster.
-      properties:
-        auth-mode:
-          description: >-
-            The authentication mode string (INTERNAL, EXTERNAL,
-            EXTERNAL_INSECURE, PKI).
-          enum:
-            - INTERNAL
-            - EXTERNAL
-            - EXTERNAL_INSECURE
-            - PKI
-          type: string
-        password:
-          description: The password for the cluster authentication.
-          example: testPswd
-          type: string
-        password-key-secret:
-          description: |-
-            The secret keyword in Aerospike Secret Agent containing password.
-            Only applicable when SecretAgent is specified.
-          type: string
-        password-path:
-          description: >-
-            The file path with the password string, will take precedence over
-            the password field.
-          example: /path/to/pass.txt
-          type: string
-        secret-agent:
-          allOf:
-            - $ref: '#/components/schemas/dto.SecretAgent'
-          description: Secret Agent configuration (optional).
-          type: object
-        user:
-          description: The username for the cluster authentication.
-          example: testUser
-          type: string
-      type: object
+    description: Credentials represents authentication details to the Aerospike cluster.
+    properties:
+      auth-mode:
+        description: >-
+          The authentication mode string (INTERNAL, EXTERNAL, PKI).
+        enum:
+          - INTERNAL
+          - EXTERNAL
+          - PKI
+        type: string
+      password:
+        description: The password for the cluster authentication.
+        example: testPswd
+        type: string
+      password-key-secret:
+        description: |-
+          The secret keyword in Aerospike Secret Agent containing password.
+          Only applicable when SecretAgent is specified.
+        type: string
+      password-path:
+        description: >-
+          The file path with the password string, will take precedence over
+          the password field.
+        example: /path/to/pass.txt
+        type: string
+      secret-agent:
+        allOf:
+          - $ref: '#/components/schemas/dto.SecretAgent'
+        description: Secret Agent configuration (optional).
+        type: object
+      user:
+        description: The username for the cluster authentication.
+        example: testUser
+        type: string
+    type: object
 ```
 

docs/docs.go

@@ -2030,12 +2030,11 @@ const docTemplate = `{
             "type": "object",
             "properties": {
                 "auth-mode": {
-                    "description": "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).",
+                    "description": "The authentication mode string (INTERNAL, EXTERNAL, PKI).",
                     "type": "string",
                     "enum": [
                         "INTERNAL",
                         "EXTERNAL",
-                        "EXTERNAL_INSECURE",
                         "PKI"
                     ]
                 },

docs/openapi.json

@@ -2217,8 +2217,8 @@
         "description" : "Credentials represents authentication details to the Aerospike cluster.",
         "properties" : {
           "auth-mode" : {
-            "description" : "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).",
-            "enum" : [ "INTERNAL", "EXTERNAL", "EXTERNAL_INSECURE", "PKI" ],
+            "description" : "The authentication mode string (INTERNAL, EXTERNAL, PKI).",
+            "enum" : [ "INTERNAL", "EXTERNAL", "PKI" ],
             "type" : "string"
           },
           "password" : {

docs/openapi.yaml

@@ -1745,12 +1745,10 @@ components:
         cluster.
       properties:
         auth-mode:
-          description: "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE,\
-            \ PKI)."
+          description: "The authentication mode string (INTERNAL, EXTERNAL, PKI)."
           enum:
           - INTERNAL
           - EXTERNAL
-          - EXTERNAL_INSECURE
           - PKI
           type: string
         password:

pkg/dto/aerospike_cluster.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"strings"
 
 	"github.com/aerospike/aerospike-backup-service/v2/pkg/model"
 )
@@ -176,8 +177,8 @@ type Credentials struct {
 	Password *string `yaml:"password,omitempty" json:"password,omitempty" example:"testPswd"`
 	// The file path with the password string.
 	PasswordPath *string `yaml:"password-path,omitempty" json:"password-path,omitempty" example:"/path/to/pass.txt"`
-	// The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).
-	AuthMode *string `yaml:"auth-mode,omitempty" json:"auth-mode,omitempty" enums:"INTERNAL,EXTERNAL,EXTERNAL_INSECURE,PKI"`
+	// The authentication mode string (INTERNAL, EXTERNAL, PKI).
+	AuthMode *string `yaml:"auth-mode,omitempty" json:"auth-mode,omitempty" enums:"INTERNAL,EXTERNAL,PKI"`
 }
 
 func (c *Credentials) fromModel(m *model.Credentials, config *model.Config) {
@@ -205,6 +206,13 @@ func (c *Credentials) Validate() error {
 		return fmt.Errorf("password and password-path are mutually exclusive")
 	}
 
+	if c.AuthMode != nil &&
+		!(strings.ToUpper(*c.AuthMode) == "INTERNAL" ||
+			strings.ToUpper(*c.AuthMode) == "EXTERNAL" ||
+			strings.ToUpper(*c.AuthMode) == "PKI") {
+		return fmt.Errorf("auth-mode %q incorrect, should be one of: INTERNAL,EXTERNAL,PKI", *c.AuthMode)
+	}
+
 	return c.SecretAgentConfig.validate()
 }
 

pkg/model/aerospike_cluster.go

@@ -299,7 +299,7 @@ type Credentials struct {
 	Password *string
 	// The file path with the password string, will take precedence over the password field.
 	PasswordPath *string
-	// The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).
+	// The authentication mode string (INTERNAL, EXTERNAL, PKI).
 	AuthMode *string
 	// The name of the configured Secret Agent to use for authentication.
 	SecretAgent *SecretAgent