diff --git a/README.md b/README.md index dccb47ec..21aee86b 100644 --- a/README.md +++ b/README.md @@ -622,42 +622,40 @@ In addition to `password` and `password-path`, there is a new field `password-ke Validation allows only one of these three fields to be present. ```yaml dto.Credentials: - description: Credentials represents authentication details to the Aerospike cluster. - properties: - auth-mode: - description: >- - The authentication mode string (INTERNAL, EXTERNAL, - EXTERNAL_INSECURE, PKI). - enum: - - INTERNAL - - EXTERNAL - - EXTERNAL_INSECURE - - PKI - type: string - password: - description: The password for the cluster authentication. - example: testPswd - type: string - password-key-secret: - description: |- - The secret keyword in Aerospike Secret Agent containing password. - Only applicable when SecretAgent is specified. - type: string - password-path: - description: >- - The file path with the password string, will take precedence over - the password field. - example: /path/to/pass.txt - type: string - secret-agent: - allOf: - - $ref: '#/components/schemas/dto.SecretAgent' - description: Secret Agent configuration (optional). - type: object - user: - description: The username for the cluster authentication. - example: testUser - type: string - type: object + description: Credentials represents authentication details to the Aerospike cluster. + properties: + auth-mode: + description: >- + The authentication mode string (INTERNAL, EXTERNAL, PKI). + enum: + - INTERNAL + - EXTERNAL + - PKI + type: string + password: + description: The password for the cluster authentication. + example: testPswd + type: string + password-key-secret: + description: |- + The secret keyword in Aerospike Secret Agent containing password. + Only applicable when SecretAgent is specified. + type: string + password-path: + description: >- + The file path with the password string, will take precedence over + the password field. + example: /path/to/pass.txt + type: string + secret-agent: + allOf: + - $ref: '#/components/schemas/dto.SecretAgent' + description: Secret Agent configuration (optional). + type: object + user: + description: The username for the cluster authentication. + example: testUser + type: string + type: object ``` diff --git a/docs/docs.go b/docs/docs.go index a0ae0f0c..c3b536f5 100644 --- a/docs/docs.go +++ b/docs/docs.go @@ -2030,12 +2030,11 @@ const docTemplate = `{ "type": "object", "properties": { "auth-mode": { - "description": "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).", + "description": "The authentication mode string (INTERNAL, EXTERNAL, PKI).", "type": "string", "enum": [ "INTERNAL", "EXTERNAL", - "EXTERNAL_INSECURE", "PKI" ] }, diff --git a/docs/openapi.json b/docs/openapi.json index cb285452..97bef681 100644 --- a/docs/openapi.json +++ b/docs/openapi.json @@ -2217,8 +2217,8 @@ "description" : "Credentials represents authentication details to the Aerospike cluster.", "properties" : { "auth-mode" : { - "description" : "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).", - "enum" : [ "INTERNAL", "EXTERNAL", "EXTERNAL_INSECURE", "PKI" ], + "description" : "The authentication mode string (INTERNAL, EXTERNAL, PKI).", + "enum" : [ "INTERNAL", "EXTERNAL", "PKI" ], "type" : "string" }, "password" : { diff --git a/docs/openapi.yaml b/docs/openapi.yaml index 6ea6a770..ea852a1e 100644 --- a/docs/openapi.yaml +++ b/docs/openapi.yaml @@ -1745,12 +1745,10 @@ components: cluster. properties: auth-mode: - description: "The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE,\ - \ PKI)." + description: "The authentication mode string (INTERNAL, EXTERNAL, PKI)." enum: - INTERNAL - EXTERNAL - - EXTERNAL_INSECURE - PKI type: string password: diff --git a/pkg/dto/aerospike_cluster.go b/pkg/dto/aerospike_cluster.go index 7f96d9b2..fd707a18 100644 --- a/pkg/dto/aerospike_cluster.go +++ b/pkg/dto/aerospike_cluster.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "io" + "strings" "github.com/aerospike/aerospike-backup-service/v2/pkg/model" ) @@ -176,8 +177,8 @@ type Credentials struct { Password *string `yaml:"password,omitempty" json:"password,omitempty" example:"testPswd"` // The file path with the password string. PasswordPath *string `yaml:"password-path,omitempty" json:"password-path,omitempty" example:"/path/to/pass.txt"` - // The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI). - AuthMode *string `yaml:"auth-mode,omitempty" json:"auth-mode,omitempty" enums:"INTERNAL,EXTERNAL,EXTERNAL_INSECURE,PKI"` + // The authentication mode string (INTERNAL, EXTERNAL, PKI). + AuthMode *string `yaml:"auth-mode,omitempty" json:"auth-mode,omitempty" enums:"INTERNAL,EXTERNAL,PKI"` } func (c *Credentials) fromModel(m *model.Credentials, config *model.Config) { @@ -205,6 +206,13 @@ func (c *Credentials) Validate() error { return fmt.Errorf("password and password-path are mutually exclusive") } + if c.AuthMode != nil && + !(strings.ToUpper(*c.AuthMode) == "INTERNAL" || + strings.ToUpper(*c.AuthMode) == "EXTERNAL" || + strings.ToUpper(*c.AuthMode) == "PKI") { + return fmt.Errorf("auth-mode %q incorrect, should be one of: INTERNAL,EXTERNAL,PKI", *c.AuthMode) + } + return c.SecretAgentConfig.validate() } diff --git a/pkg/model/aerospike_cluster.go b/pkg/model/aerospike_cluster.go index 127570c9..a3befa56 100644 --- a/pkg/model/aerospike_cluster.go +++ b/pkg/model/aerospike_cluster.go @@ -299,7 +299,7 @@ type Credentials struct { Password *string // The file path with the password string, will take precedence over the password field. PasswordPath *string - // The authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI). + // The authentication mode string (INTERNAL, EXTERNAL, PKI). AuthMode *string // The name of the configured Secret Agent to use for authentication. SecretAgent *SecretAgent