From a397eae50571ef5947d21e0200369356ec32a56b Mon Sep 17 00:00:00 2001
From: pjuarezd <pjuarezd@users.noreply.github.com>
Date: Wed, 21 Feb 2024 17:31:21 -0800
Subject: [PATCH] Detect KES version from image tag to Identify if "version 3"
 should be used.

A breaking change in config file is making Operator fail, Operator needs to handle the config across different KES config versions.

https://github.com/minio/kes/pull/414
Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
---
 api/encryption-handlers.go | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/api/encryption-handlers.go b/api/encryption-handlers.go
index 5d43a9730e3..64e9b0a98b4 100644
--- a/api/encryption-handlers.go
+++ b/api/encryption-handlers.go
@@ -59,6 +59,10 @@ const (
 	KesConfigVersion1 = "v1"
 	// KesConfigVersion2 identifier v2
 	KesConfigVersion2 = "v2"
+	// KesConfigVersion3 identifier v3.
+	// This corresponds to the deprecation of the `--key`, `--cert` and `--auth` flags.
+	// Config file will now include these options.
+	KesConfigVersion3 = "v3"
 )
 
 // KesConfigVersionsMap is a map of kes config version types
@@ -1119,7 +1123,7 @@ func getKesConfigMethod(image string) (configVersion, error) {
 }
 
 func getKesConfigVersion(image string) (string, error) {
-	version := KesConfigVersion2
+	version := KesConfigVersion3
 
 	imageStrings := strings.Split(image, ":")
 	var imageTag string
@@ -1134,7 +1138,7 @@ func getKesConfigVersion(image string) (string, error) {
 	}
 
 	if imageTag == "latest" {
-		return KesConfigVersion2, nil
+		return KesConfigVersion3, nil
 	}
 
 	// When the image tag is semantic version is config v1
@@ -1143,7 +1147,10 @@ func getKesConfigVersion(image string) (string, error) {
 		if semver.Compare(imageTag, "v0.22.0") < 0 {
 			return KesConfigVersion1, nil
 		}
-		return KesConfigVersion2, nil
+		if semver.Compare(imageTag, "v0.23.0") < 0 {
+			return KesConfigVersion3, nil
+		}
+		return KesConfigVersion3, nil
 	}
 
 	releaseTagNoArch := imageTag
@@ -1157,16 +1164,22 @@ func getKesConfigVersion(image string) (string, error) {
 	}
 
 	// v0.22.0 is the initial image version for Kes config v2, any time format came after and is v2
-	_, err := miniov2.ReleaseTagToReleaseTime(releaseTagNoArch)
+	// v0.23.0 deprecated `--key`, `--cert` and `--auth` flags, for this is v3 config
+	imageVersionTime, err := miniov2.ReleaseTagToReleaseTime(releaseTagNoArch)
 	if err != nil {
 		// could not parse semversion either, returning error
 		return "", fmt.Errorf("could not identify KES version from image TAG: %s", releaseTagNoArch)
 	}
 
-	// Leaving this snippet as comment as this will helpful to compare in future config versions
-	// kesv2ReleaseTime, _ := miniov2.ReleaseTagToReleaseTime("2023-04-03T16-41-28Z")
-	// if imageVersionTime.Before(kesv2ReleaseTime) {
-	// 	version = kesConfigVersion2
-	// }
+	kesv2ReleaseTime, _ := miniov2.ReleaseTagToReleaseTime("2023-04-03T16-41-28Z")
+	kesv3ReleaseTime, _ := miniov2.ReleaseTagToReleaseTime("2023-11-09T17-35-47Z")
+
+	if imageVersionTime.Before(kesv2ReleaseTime) {
+		return KesConfigVersion2, nil
+	}
+
+	if imageVersionTime.Before(kesv3ReleaseTime) {
+		return KesConfigVersion3, nil
+	}
 	return version, nil
 }