Added TlsAuthenticationProvider to be used in AuthenticationClass (#387)

maltesander · maltesander · commit 990e565e2c26 · 2022-05-04T10:08:36.000Z
## Description - added TlsAuthenticationProvider as discussed in stackabletech/documentation#186 - removed MutualTlsVerification Co-authored-by: Malte Sander <malte.sander.it@gmail.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,9 +6,11 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
-- New commons::s3 module with common S3 connection structs ([#377])
+- New commons::s3 module with common S3 connection structs ([#377]).
+- New `TlsAuthenticationProvider` for `AuthenticationClass` ([#387]).
 
 [#377]: https://github.com/stackabletech/operator-rs/issues/377
+[#387]: https://github.com/stackabletech/operator-rs/pull/387
 
 ## [0.17.0] - 2022-04-14
 
diff --git a/src/commons/authentication.rs b/src/commons/authentication.rs
@@ -1,6 +1,6 @@
 use serde::{Deserialize, Serialize};
 
-use crate::commons::ldap::LdapAuthenticationProvider;
+use crate::commons::{ldap::LdapAuthenticationProvider, tls::TlsAuthenticationProvider};
 use kube::CustomResource;
 use schemars::JsonSchema;
 
@@ -24,6 +24,8 @@ pub struct AuthenticationClassSpec {
 
 #[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
 #[serde(rename_all = "camelCase")]
+#[allow(clippy::large_enum_variant)]
 pub enum AuthenticationClassProvider {
     Ldap(LdapAuthenticationProvider),
+    Tls(TlsAuthenticationProvider),
 }
diff --git a/src/commons/tls.rs b/src/commons/tls.rs
@@ -14,8 +14,6 @@ pub enum TlsVerification {
     None {},
     /// Use TLS and ca certificate to verify the server
     Server(TlsServerVerification),
-    /// Use TLS and ca certificate to verify the server and the client
-    Mutual(TlsMutualVerification),
 }
 
 #[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
@@ -43,3 +41,13 @@ pub enum CaCert {
     /// So if you got provided with a ca cert but don't have access to the key you can still use this method.
     SecretClass(String),
 }
+
+#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TlsAuthenticationProvider {
+    /// See `<https://docs.stackable.tech/home/contributor/adr/ADR016-tls-authentication.html>`.
+    /// If `client_cert_secret_class` is not set, the TLS settings may also be used for client authentication.
+    /// If `client_cert_secret_class` is set, the [SecretClass](https://docs.stackable.tech/secret-operator/secretclass.html)
+    /// will be used to provision client certificates.
+    pub client_cert_secret_class: Option<String>,
+}
