Add KES v2 config and toolbox helps

[pjuarezd]

What does this do?

• Enables by default the admin policy for releases of KES v0.22.0 and newer
• Fixes genetared config errors, that were preventing start of KES pods because of an invalid config.
• Enhances KES Configuration UI in Operator Console with explanations of each config field
• Fixes bug: UI fails to load values in form fields when the KES config in the secret has the kestore field, instead of keys.

How does it looks?

During the tenant creation Operator console page, Encryption is disabled by default

When the switch is turned on, Encryption section shows as in the image below:

• A subtle, but substantial change is that now every field in the Encryption config page have a tooltip exaplaining what the field is about.

• When apply, also the tooltip explains what is the expected value, event what will the default be if no value is specified

• Also an small enhancement is that now the Credentials section is enclosed in a groupbox, to differenciate it from config settings.

• Tenant creation and tenant edition Encryption sections now also matches in look-and-feel

• Added a warning message on the "Save" action: "The content of the KES config secret will be overwritten."

KES Config updates

Starting KES v0.22.0 the admin section is required to be present, even if disabled, this was breaking fresh installs since the config generated from the Operator Console was not taking this into conscideration.

• For versions prior to v0.22.0 the previous configuration will keep being stored in the config secret as was before, we will call it KES Config version 1 for differentiation purposes, that configuration is as show below:

• For KES versions v0.22.0 and newer, KES config will enable admin by default, change the section keys name to kestore and remove the policy section, we will call this config KES Config version 2. And looks as shown below:

• The config variations are identified on base to the KES container images. On semantic versioning and datetime versioning, as follows:
  • Anything with date time versioning is consider KES Config version 2
  • date time container image name could include a "architecture" suffix, ie: minio/kes:2023-05-02T22-48-10Z-arm64 this include arm64 as version suffix.
  • KES v0.22.0 is considered KES Config version 2
  • Any semantic version prior to v0.22.0 is considered KES Config version 1

[cesnietor]

could you please remove this magic number and make it a constant? to know better what that means (it will self document)

[pjuarezd]

what about using a regex to identify if a tag matches the format with architecture in it? I think it is way more self describing that split by dashes

kesImageTagWithArchRegexPattern = `(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z)(-.*)`

[cesnietor]

That would be a much more robust implementation I agree!

[cesnietor]

should we add here an assert of the expected response? cause otherwise we would just be testing that there were no errors. Similar in other related tests that don't return errors.

[pjuarezd]

you got it!, added assertion for expected errors and response model.

[cesnietor]

@pjuarezd I found something while setting up encryption.
If I write something on the Encryption fields, the Create button is disabled until all fields are set but if I started setting up some fields and I change between encryption methods, the Create button gets enabled and allows us to create a Tenant. Which then causes an error while trying to initialize it. I think we probably need to refresh the button state every time we change encryption methods.

Screen.Recording.2023-05-22.at.10.24.14.AM.mov

[pjuarezd]

@pjuarezd I found something while setting up encryption. If I write something on the Encryption fields, the Create button is disabled until all fields are set but if I started setting up some fields and I change between encryption methods, the Create button gets enabled and allows us to create a Tenant. Which then causes an error while trying to initialize it. I think we probably need to refresh the button state every time we change encryption methods.

Screen.Recording.2023-05-22.at.10.24.14.AM.mov

that is a neat finding!, but I think belongs in a new bug ticket, in the scope of this PR I am not changing the behavior of the form.

[cesnietor]

@pjuarezd I found something while setting up encryption. If I write something on the Encryption fields, the Create button is disabled until all fields are set but if I started setting up some fields and I change between encryption methods, the Create button gets enabled and allows us to create a Tenant. Which then causes an error while trying to initialize it. I think we probably need to refresh the button state every time we change encryption methods.
Screen.Recording.2023-05-22.at.10.24.14.AM.mov

that is a neat finding!, but I think belongs in a new bug ticket, in the scope of this PR I am not changing the behavior of the form.

Sounds good, I've created this issue #1610