BUG-868079 Add the option to configure keystore and truststore type f…

…or cassandra client encryption

charts/pega/README.md

@@ -768,6 +768,7 @@ Parameter     | Tier Level Environment Variable | Description | Default value
 `username` | N/A | The plain text username for authentication with the Cassandra cluster.<br/>Change the value in your helm chart to the username supplied by your Cassandra cluster provider. For better security, avoid plain text usernames and leave this parameter blank; then include the username in an external secrets manager with the key CASSANDRA_USERNAME. <br/>If you make no change, Pega attempts to authenticate with the Cassandra cluster using the default username `dnode_ext`. | dnode_ext
 `password` | N/A | The plain text password for authentication with the Cassandra cluster.<br/>Change the value in your helm chart to the password supplied by your Cassandra cluster provider. For better security, avoid plain text passwords and leave this parameter blank; then include the password in an external secrets manager with the key CASSANDRA_PASSWORD. <br/>If you make no change, Pega attempts to authenticate with the Cassandra cluster using the default password `dnode_ext`.| dnode_ext
 `clientEncryption` | N/A | Enable (true) or disable (false) client encryption on the Cassandra connection. | false
+`clientEncryptionStoreType` | N/A | If required specify the type of cassandra truststore and keystore that hold keys and certificates for client encryption. Available store types are JKS and PKCS12.|Empty
 `trustStore` | N/A | If required, provide the trustStore certificate file name.<br/>When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.<br/>Pega deployments only support trustStores that use the Java Key Store (.jks) format. | Empty
 `trustStorePassword` | N/A | If required provide trustStorePassword value in plain text. For better security leave this parameter blank and include the password in an external secrets manager with the key CASSANDRA_TRUSTSTORE_PASSWORD. | Empty
 `keyStore` | N/A | If required, provide the keystore certificate file name.<br/>When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.<br/>Pega deployments only support keystores that use the Java Key Store (.jks) format. | Empty

charts/pega/templates/pega-environment-config.yaml

@@ -99,6 +99,8 @@ data:
   CASSANDRA_PORT: "{{ .Values.dds.port }}"
   # Whether to enable client encryption on the Cassandra connection.
   CASSANDRA_CLIENT_ENCRYPTION: "{{ .Values.dds.clientEncryption }}"
+  # Type of cassandra truststore and keystore used to hold keys and certificates for client encryption. Available store types are JKS and PKCS12.
+  CASSANDRA_CLIENT_ENCRYPTION_STORE_TYPE: "{{ .Values.dds.clientEncryptionStoreType }}"
   # Path to a mounted trust store file for Cassandra encryption.
   CASSANDRA_TRUSTSTORE: "{{ .Values.dds.trustStore }}"
   # Path to a mounted key store file for Cassandra encryption.

charts/pega/values-large.yaml

@@ -514,15 +514,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

charts/pega/values.yaml

@@ -427,15 +427,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/pega-tier-config-override_values.yaml

@@ -249,6 +249,7 @@ dds:
   username: "dnode_ext"
   password: "dnode_ext"
   clientEncryption: false
+  clientEncryptionStoreType: ""
   trustStore: ""
   trustStorePassword: ""
   keyStore: ""

terratest/src/test/pega/data/pega-tier-service-override_values.yaml

@@ -377,15 +377,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_http_disabled.yaml

@@ -333,15 +333,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_ingress_disabled.yaml

@@ -400,15 +400,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_pdb_custom_labels.yaml

@@ -248,6 +248,7 @@ dds:
   username: "dnode_ext"
   password: "dnode_ext"
   clientEncryption: false
+  clientEncryptionStoreType: ""
   trustStore: ""
   trustStorePassword: ""
   keyStore: ""

terratest/src/test/pega/data/values_pdb_disabled.yaml

@@ -244,6 +244,7 @@ dds:
   username: "dnode_ext"
   password: "dnode_ext"
   clientEncryption: false
+  clientEncryptionStoreType: ""
   trustStore: ""
   trustStorePassword: ""
   keyStore: ""

terratest/src/test/pega/data/values_pdb_enabled.yaml

@@ -244,6 +244,7 @@ dds:
   username: "dnode_ext"
   password: "dnode_ext"
   clientEncryption: false
+  clientEncryptionStoreType: ""
   trustStore: ""
   trustStorePassword: ""
   keyStore: ""

terratest/src/test/pega/data/values_with_overidden_liveness_probe_config.yaml

@@ -322,6 +322,7 @@ dds:
   username: "dnode_ext"
   password: "dnode_ext"
   clientEncryption: false
+  clientEncryptionStoreType: ""
   trustStore: ""
   trustStorePassword: ""
   keyStore: ""

terratest/src/test/pega/data/values_zdt_upgrade_http_default_port_renamed_deployment_renamed_tier.yaml

@@ -349,15 +349,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption, default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_zdt_upgrade_http_non_default_port81.yaml

@@ -346,15 +346,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption, default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_zdt_upgrade_https_default_port.yaml

@@ -346,15 +346,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""

terratest/src/test/pega/data/values_zdt_upgrade_https_non_default_port.yaml

@@ -346,15 +346,15 @@ dds:
   password: "dnode_ext"
   # Whether to enable client encryption on the Cassandra connection.
   clientEncryption: false
+  # If required provide type of cassandra truststore and keystore used that hold keys and certificates for client encryption. Available store types are JKS and PKCS12. Default is JKS.
+  clientEncryptionStoreType: ""
   # If required, provide the trustStore certificate file name.
   # When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support trustStores using the Java Key Store (.jks) format.
   trustStore: ""
   # If required provide trustStorePassword value in plain text.
   trustStorePassword: ""
   # If required, provide the keystore certificate file name.
   # When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
-  # Pega deployments only support keystore using the Java Key Store (.jks) format.
   keyStore: ""
   # If required provide keyStorePassword value in plain text.
   keyStorePassword: ""