Skip to content

2.27.0.0-b458

2.27.0.0-b458: [PLAT-18102]Adding ciphertrust support to CLI
@Arpit-yb Arpit-yb tagged this 18 Aug 07:00 
Summary:
This PR adds the support for CRUD operations for CipherTrust KMS configs

```
./yba ear ciphertrust create
Create a CipherTrust encryption at rest configuration in YugabyteDB Anywhere

Usage:
  yba ear ciphertrust create [flags]

Aliases:
  create, add

Examples:
yba ear ciphertrust create --name <config-name> \
    --manager-url <ciphertrust-manager-url> --auth-type <PASSWORD|REFRESH_TOKEN> \
    [--username <username> --password <password> | --refresh-token <token>] \
    --key-name <key-name> --key-algorithm AES --key-size <128|192|256>

Flags:
      --manager-url string     [Required] CipherTrust Manager URL.
      --auth-type string       [Optional]Authentication type. Allowed values (case sensitive): PASSWORD, REFRESH_TOKEN (default "PASSWORD")
      --username string        [Optional] CipherTrust username (for auth-type PASSWORD)
      --password string        [Optional] CipherTrust password (for auth-type PASSWORD)
      --refresh-token string   [Optional] CipherTrust refresh token (for auth-type REFRESH_TOKEN)
      --key-name string        [Required] CipherTrust key name
      --key-algorithm string   [Optional] CipherTrust key algorithm. Allowed values (case sensitive): AES (default "AES")
      --key-size int           [Optional] CipherTrust key size for algorithm AES. Allowed values: 128, 192, 256 (default 256)
  -h, --help                   help for create

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
      --ca-cert string     CA certificate file path for secure connection to YugabyteDB Anywhere. Required when the endpoint is https and --insecure is not set.
      --config string      Full path to a specific configuration file for YBA CLI. If provided, this takes precedence over the directory specified via --directory, and the generated files are added to the same path. If not provided, the CLI will look for '.yba-cli.yaml' in the directory specified by --directory. Defaults to '$HOME/.yba-cli/.yba-cli.yaml'.
      --debug              Use debug mode, same as --logLevel debug.
      --directory string   Directory containing YBA CLI configuration and generated files. If specified, the CLI will look for a configuration file named '.yba-cli.yaml' in this directory. Defaults to '$HOME/.yba-cli/'.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
      --insecure           Allow insecure connections to YugabyteDB Anywhere. Value ignored for http endpoints. Defaults to false for https.
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Optional] The name of the configuration for the action. Required for create, delete, describe, update and refresh.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```
```
./yba ear ciphertrust update -h
Update a CipherTrust encryption at rest (EAR) configuration in YugabyteDB Anywhere

Usage:
  yba ear ciphertrust update [flags]

Aliases:
  update, edit

Examples:
yba ear ciphertrust update --name <config-name> \
    --auth-type <PASSWORD|REFRESH_TOKEN> [--username <username> --password <password> | --refresh-token <token>]

Flags:
      --auth-type string       [Required] Update CipherTrust auth type. Allowed values: PASSWORD, REFRESH_TOKEN
      --username string        [Optional] Update CipherTrust username (for auth-type PASSWORD)
      --password string        [Optional] Update CipherTrust password (for auth-type PASSWORD)
      --refresh-token string   [Optional] Update CipherTrust refresh token (for auth-type REFRESH_TOKEN)
  -h, --help                   help for update

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
      --ca-cert string     CA certificate file path for secure connection to YugabyteDB Anywhere. Required when the endpoint is https and --insecure is not set.
      --config string      Full path to a specific configuration file for YBA CLI. If provided, this takes precedence over the directory specified via --directory, and the generated files are added to the same path. If not provided, the CLI will look for '.yba-cli.yaml' in the directory specified by --directory. Defaults to '$HOME/.yba-cli/.yba-cli.yaml'.
      --debug              Use debug mode, same as --logLevel debug.
      --directory string   Directory containing YBA CLI configuration and generated files. If specified, the CLI will look for a configuration file named '.yba-cli.yaml' in this directory. Defaults to '$HOME/.yba-cli/'.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
      --insecure           Allow insecure connections to YugabyteDB Anywhere. Value ignored for http endpoints. Defaults to false for https.
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Optional] The name of the configuration for the action. Required for create, delete, describe, update and refresh.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```
```
Delete a CipherTrust encryption at rest configuration in YugabyteDB Anywhere

Usage:
  yba ear ciphertrust delete [flags]

Aliases:
  delete, remove, rm

Examples:
yba ear ciphertrust delete --name <config-name>

Flags:
  -f, --force   [Optional] Bypass the prompt for non-interactive usage.
  -h, --help    help for delete
```
```
Describe a CipherTrust YugabyteDB Anywhere Encryption In Transit (EAR) configuration

Usage:
  yba ear ciphertrust describe [flags]

Aliases:
  describe, get

Examples:
yba ear ciphertrust describe --name <config-name>

Flags:
  -h, --help   help for describe
```
```
Refresh a CipherTrust YugabyteDB Anywhere Encryption In Transit (EAR) configuration

Usage:
  yba ear ciphertrust refresh [flags]

Examples:
yba ear ciphertrust refresh --name <config-name>

Flags:
  -h, --help   help for refresh

Global Flags:
  -a, --apiToken string    YugabyteDB Anywhere api token.
      --ca-cert string     CA certificate file path for secure connection to YugabyteDB Anywhere. Required when the endpoint is https and --insecure is not set.
      --config string      Full path to a specific configuration file for YBA CLI. If provided, this takes precedence over the directory specified via --directory, and the generated files are added to the same path. If not provided, the CLI will look for '.yba-cli.yaml' in the directory specified by --directory. Defaults to '$HOME/.yba-cli/.yba-cli.yaml'.
      --debug              Use debug mode, same as --logLevel debug.
      --directory string   Directory containing YBA CLI configuration and generated files. If specified, the CLI will look for a configuration file named '.yba-cli.yaml' in this directory. Defaults to '$HOME/.yba-cli/'.
      --disable-color      Disable colors in output. (default false)
  -H, --host string        YugabyteDB Anywhere Host (default "http://localhost:9000")
      --insecure           Allow insecure connections to YugabyteDB Anywhere. Value ignored for http endpoints. Defaults to false for https.
  -l, --logLevel string    Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
  -n, --name string        [Optional] The name of the configuration for the action. Required for create, delete, describe, update and refresh.
  -o, --output string      Select the desired output format. Allowed values: table, json, pretty. (default "table")
      --timeout duration   Wait command timeout, example: 5m, 1h. (default 168h0m0s)
      --wait               Wait until the task is completed, otherwise it will exit immediately. (default true)
```

Test Plan:
Tested locally

  # Created a ciphertrust KMS config -> Update -> Refresh -> Delete
  # List multiple ciphertrust configs

Will run iTests for cipherTrust KMS

Reviewers: dkumar, skurapati

Reviewed By: dkumar

Differential Revision: https://phorge.dev.yugabyte.com/D45981
Assets 2
Loading