Skip to content

Commit

Permalink
[PLAT-16368]: Disallow encryption at transit for K8 universes in EDIT…
Browse files Browse the repository at this point in the history 
… mode

Summary:
Disallow encryption at transit for K8 universes in EDIT mode
Also by mistake in this diff D39943, I disallowed cert rotation, but the intention should be dis-allow enabling tls after universe deployment but we still want to support certs rotate

Test Plan:
Refer to the video
{F319735}

Reviewers: jmak, anijhawan, vbansal

Reviewed By: vbansal

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D40782
  • Loading branch information
@rajmaddy89
rajmaddy89 committed Dec 31, 2024
1 parent f340171 commit bab843a
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
7 changes: 4 additions & 3 deletions managed/ui/src/components/universes/SecurityModal/SecurityMenu.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@ import { UNIVERSE_TASKS } from '../../../redesign/helpers/constants';

export function SecurityMenu({
backToMainMenu,
isItKubernetesUniverse,
editTLSAvailability,
showTLSConfigurationModal,
showManageKeyModal,
manageKeyAvailability,
allowedTasks
allowedTasks,
isEncryptionAtTransitEnabled,
isItKubernetesUniverse
}) {
const { test, released } = useSelector((state) => state.featureFlags);

Expand All @@ -34,7 +35,7 @@ export function SecurityMenu({
availability={tlsAvailability}
disabled={
isActionFrozen(allowedTasks, UNIVERSE_TASKS.ENCRYPTION_IN_TRANSIT) ||
isItKubernetesUniverse
(isItKubernetesUniverse && !isEncryptionAtTransitEnabled)
}
>
Encryption in-Transit
Expand Down
7 changes: 6 additions & 1 deletion managed/ui/src/components/universes/UniverseDetail/UniverseDetail.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,10 @@ class UniverseDetail extends Component {
);
const useSystemd = primaryCluster?.userIntent?.useSystemd;
const isYSQLEnabledInUniverse = primaryCluster?.userIntent?.enableYSQL;
const isEncryptionAtTransitEnabled = !!(
primaryCluster?.userIntent?.enableNodeToNodeEncrypt ||
primaryCluster?.userIntent.enableClientToNodeEncrypt
);
const isReadOnlyUniverse =
getPromiseState(currentUniverse).isSuccess() &&
currentUniverse.data.universeDetails.capability === 'READ_ONLY';
Expand Down Expand Up @@ -1540,12 +1544,13 @@ class UniverseDetail extends Component {
<>
<SecurityMenu
backToMainMenu={() => setActiveSubmenu(ActionMenu.MORE)}
isItKubernetesUniverse={isKubernetesUniverse}
allowedTasks={allowedTasks}
showTLSConfigurationModal={showTLSConfigurationModal}
editTLSAvailability={editTLSAvailability}
showManageKeyModal={showManageKeyModal}
manageKeyAvailability={manageKeyAvailability}
isEncryptionAtTransitEnabled={isEncryptionAtTransitEnabled}
isItKubernetesUniverse={isKubernetesUniverse}
/>
</>
)
Expand Down

0 comments on commit bab843a

Please sign in to comment.