synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-04-02 14:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

misc: renamed disable flag + docs

Browse Source
This commit is contained in:
Sheen Capadngan
2024-11-08 02:02:12 +08:00
parent e761e65322
commit 027b200b1a
10 changed files with 40 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/src/db/migrations/20241107112632_skip-bootstrap-cert-validation-est.ts
View File

@ -3,16 +3,16 @@ import { Knex } from "knex";
import { TableName } from "../schemas";
export async function up(knex: Knex): Promise<void> {
const hasSkipBootstrapCertValidationCol = await knex.schema.hasColumn(
const hasDisableBootstrapCertValidationCol = await knex.schema.hasColumn(
TableName.CertificateTemplateEstConfig,
"skipBootstrapCertValidation"
"disableBootstrapCertValidation"
);
const hasCaChainCol = await knex.schema.hasColumn(TableName.CertificateTemplateEstConfig, "encryptedCaChain");
await knex.schema.alterTable(TableName.CertificateTemplateEstConfig, (t) => {
if (!hasSkipBootstrapCertValidationCol) {
t.boolean("skipBootstrapCertValidation").defaultTo(false).notNullable();
if (!hasDisableBootstrapCertValidationCol) {
t.boolean("disableBootstrapCertValidation").defaultTo(false).notNullable();
}
if (hasCaChainCol) {
@ -22,16 +22,16 @@ export async function up(knex: Knex): Promise<void> {
}
export async function down(knex: Knex): Promise<void> {
const hasSkipBootstrapCertValidationCol = await knex.schema.hasColumn(
const hasDisableBootstrapCertValidationCol = await knex.schema.hasColumn(
TableName.CertificateTemplateEstConfig,
"skipBootstrapCertValidation"
"disableBootstrapCertValidation"
);
const hasCaChainCol = await knex.schema.hasColumn(TableName.CertificateTemplateEstConfig, "encryptedCaChain");
await knex.schema.alterTable(TableName.CertificateTemplateEstConfig, (t) => {
if (hasSkipBootstrapCertValidationCol) {
t.dropColumn("skipBootstrapCertValidation");
if (hasDisableBootstrapCertValidationCol) {
t.dropColumn("disableBootstrapCertValidation");
}
if (hasCaChainCol) {

2
backend/src/db/schemas/certificate-template-est-configs.ts
View File

@ -17,7 +17,7 @@ export const CertificateTemplateEstConfigsSchema = z.object({
isEnabled: z.boolean(),
createdAt: z.date(),
updatedAt: z.date(),
skipBootstrapCertValidation: z.boolean().default(false)
disableBootstrapCertValidation: z.boolean().default(false)
});
export type TCertificateTemplateEstConfigs = z.infer<typeof CertificateTemplateEstConfigsSchema>;

2
backend/src/ee/services/certificate-est/certificate-est-service.ts
View File

@ -171,7 +171,7 @@ export const certificateEstServiceFactory = ({
});
}
if (!estConfig.skipBootstrapCertValidation) {
if (!estConfig.disableBootstrapCertValidation) {
const caCerts = estConfig.caChain
.match(/-----BEGIN CERTIFICATE-----[\s\S]+?-----END CERTIFICATE-----/g)
?.map((cert) => {

10
backend/src/server/routes/v1/certificate-template-router.ts
View File

@ -15,7 +15,7 @@ const sanitizedEstConfig = CertificateTemplateEstConfigsSchema.pick({
id: true,
certificateTemplateId: true,
isEnabled: true,
skipBootstrapCertValidation: true
disableBootstrapCertValidation: true
});
export const registerCertificateTemplateRouter = async (server: FastifyZodProvider) => {
@ -247,11 +247,11 @@ export const registerCertificateTemplateRouter = async (server: FastifyZodProvid
caChain: z.string().trim().optional(),
passphrase: z.string().min(1),
isEnabled: z.boolean().default(true),
skipBootstrapCertValidation: z.boolean().default(false)
disableBootstrapCertValidation: z.boolean().default(false)
})
.refine(
({ caChain, skipBootstrapCertValidation }) =>
skipBootstrapCertValidation || (!skipBootstrapCertValidation && caChain),
({ caChain, disableBootstrapCertValidation }) =>
disableBootstrapCertValidation || (!disableBootstrapCertValidation && caChain),
"CA chain is required"
),
response: {
@ -299,7 +299,7 @@ export const registerCertificateTemplateRouter = async (server: FastifyZodProvid
body: z.object({
caChain: z.string().trim().optional(),
passphrase: z.string().min(1).optional(),
skipBootstrapCertValidation: z.boolean().optional(),
disableBootstrapCertValidation: z.boolean().optional(),
isEnabled: z.boolean().optional()
}),
response: {

10
backend/src/services/certificate-template/certificate-template-service.ts
View File

@ -236,7 +236,7 @@ export const certificateTemplateServiceFactory = ({
actorAuthMethod,
actor,
actorOrgId,
skipBootstrapCertValidation
disableBootstrapCertValidation
}: TCreateEstConfigurationDTO) => {
const plan = await licenseService.getPlan(actorOrgId);
if (!plan.pkiEst) {
@ -305,7 +305,7 @@ export const certificateTemplateServiceFactory = ({
hashedPassphrase,
encryptedCaChain,
isEnabled,
skipBootstrapCertValidation
disableBootstrapCertValidation
});
return { ...estConfig, projectId: certTemplate.projectId };
@ -320,7 +320,7 @@ export const certificateTemplateServiceFactory = ({
actorAuthMethod,
actor,
actorOrgId,
skipBootstrapCertValidation
disableBootstrapCertValidation
}: TUpdateEstConfigurationDTO) => {
const plan = await licenseService.getPlan(actorOrgId);
if (!plan.pkiEst) {
@ -369,7 +369,7 @@ export const certificateTemplateServiceFactory = ({
const updatedData: TCertificateTemplateEstConfigsUpdate = {
isEnabled,
skipBootstrapCertValidation
disableBootstrapCertValidation
};
if (caChain) {
@ -468,7 +468,7 @@ export const certificateTemplateServiceFactory = ({
hashedPassphrase: estConfig.hashedPassphrase,
projectId: certTemplate.projectId,
orgId: certTemplate.orgId,
skipBootstrapCertValidation: estConfig.skipBootstrapCertValidation
disableBootstrapCertValidation: estConfig.disableBootstrapCertValidation
};
};

4
backend/src/services/certificate-template/certificate-template-types.ts
View File

@ -37,7 +37,7 @@ export type TCreateEstConfigurationDTO = {
caChain?: string;
passphrase: string;
isEnabled: boolean;
skipBootstrapCertValidation: boolean;
disableBootstrapCertValidation: boolean;
} & Omit<TProjectPermission, "projectId">;
export type TUpdateEstConfigurationDTO = {
@ -45,7 +45,7 @@ export type TUpdateEstConfigurationDTO = {
caChain?: string;
passphrase?: string;
isEnabled?: boolean;
skipBootstrapCertValidation?: boolean;
disableBootstrapCertValidation?: boolean;
} & Omit<TProjectPermission, "projectId">;
export type TGetEstConfigurationDTO =

1
docs/documentation/platform/pki/est.mdx
View File

@ -35,6 +35,7 @@ These endpoints are exposed on port 8443 under the .well-known/est path e.g.
![est enrollment modal create](/images/platform/pki/est/template-enrollment-modal.png)
- **Disable Bootstrap Certificate Validation** - Enable this if your devices are not configured with a bootstrap certificate.
- **Certificate Authority Chain** - This is the certificate chain used to validate your devices' manufacturing/pre-installed certificates. This will be used to authenticate your devices with Infisical's EST server.
- **Passphrase** - This is also used to authenticate your devices with Infisical's EST server. When configuring the clients, use the value defined here as the EST password.

BIN
docs/images/platform/pki/est/template-enrollment-modal.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 612 KiB

After

Width:  |  Height:  |  Size: 507 KiB

6
frontend/src/hooks/api/certificateTemplates/types.ts
View File

@ -49,7 +49,7 @@ export type TCreateEstConfigDTO = {
caChain?: string;
passphrase: string;
isEnabled: boolean;
skipBootstrapCertValidation: boolean;
disableBootstrapCertValidation: boolean;
};
export type TUpdateEstConfigDTO = {
@ -57,7 +57,7 @@ export type TUpdateEstConfigDTO = {
caChain?: string;
passphrase?: string;
isEnabled?: boolean;
skipBootstrapCertValidation?: boolean;
disableBootstrapCertValidation?: boolean;
};
export type TEstConfig = {
@ -65,5 +65,5 @@ export type TEstConfig = {
certificateTemplateId: string;
caChain: string;
isEnabled: boolean;
skipBootstrapCertValidation: boolean;
disableBootstrapCertValidation: boolean;
};

28
frontend/src/views/Project/CertificatesPage/components/CertificatesTab/components/CertificateTemplateEnrollmentModal.tsx
View File

@ -36,7 +36,7 @@ const schema = z.object({
caChain: z.string().optional(),
passphrase: z.string().optional(),
isEnabled: z.boolean(),
skipBootstrapCertValidation: z.boolean().optional().default(false)
disableBootstrapCertValidation: z.boolean().optional().default(false)
});
export type FormData = z.infer<typeof schema>;
@ -65,26 +65,26 @@ export const CertificateTemplateEnrollmentModal = ({ popUp, handlePopUpToggle }:
const { mutateAsync: updateEstConfig } = useUpdateEstConfig();
const [isPassphraseFocused, setIsPassphraseFocused] = useToggle(false);
const skipBootstrapCertValidation = watch("skipBootstrapCertValidation");
const disableBootstrapCertValidation = watch("disableBootstrapCertValidation");
useEffect(() => {
if (skipBootstrapCertValidation) {
if (disableBootstrapCertValidation) {
setValue("caChain", "");
}
}, [skipBootstrapCertValidation]);
}, [disableBootstrapCertValidation]);
useEffect(() => {
if (data) {
reset({
caChain: data.caChain,
isEnabled: data.isEnabled,
skipBootstrapCertValidation: data.skipBootstrapCertValidation
disableBootstrapCertValidation: data.disableBootstrapCertValidation
});
} else {
reset({
caChain: "",
isEnabled: false,
skipBootstrapCertValidation: false
disableBootstrapCertValidation: false
});
}
}, [data]);
@ -97,7 +97,7 @@ export const CertificateTemplateEnrollmentModal = ({ popUp, handlePopUpToggle }:
caChain,
passphrase,
isEnabled,
skipBootstrapCertValidation
disableBootstrapCertValidation
});
} else {
if (!passphrase) {
@ -110,7 +110,7 @@ export const CertificateTemplateEnrollmentModal = ({ popUp, handlePopUpToggle }:
caChain,
passphrase,
isEnabled,
skipBootstrapCertValidation
disableBootstrapCertValidation
});
}
@ -167,7 +167,7 @@ export const CertificateTemplateEnrollmentModal = ({ popUp, handlePopUpToggle }:
)}
<Controller
control={control}
name="skipBootstrapCertValidation"
name="disableBootstrapCertValidation"
render={({ field, fieldState: { error } }) => {
return (
<FormControl isError={Boolean(error)} errorText={error?.message}>
@ -176,27 +176,27 @@ export const CertificateTemplateEnrollmentModal = ({ popUp, handlePopUpToggle }:
onCheckedChange={(value) => field.onChange(value)}
isChecked={field.value}
>
<p className="ml-1 w-full">Skip Bootstrap Certificate Validation</p>
<p className="ml-1 w-full">Disable Bootstrap Certificate Validation</p>
</Switch>
</FormControl>
);
}}
/>
{!skipBootstrapCertValidation && (
{!disableBootstrapCertValidation && (
<Controller
control={control}
name="caChain"
disabled={skipBootstrapCertValidation}
disabled={disableBootstrapCertValidation}
render={({ field, fieldState: { error } }) => (
<FormControl
label="Certificate Authority Chain"
isError={Boolean(error)}
errorText={error?.message}
isRequired={!skipBootstrapCertValidation}
isRequired={!disableBootstrapCertValidation}
>
<TextArea
{...field}
isDisabled={skipBootstrapCertValidation}
isDisabled={disableBootstrapCertValidation}
className="min-h-[15rem] border-none bg-mineshaft-900 text-gray-400"
reSize="none"
/>