Truststore shows PEM common name with no way to set a custom nickname

[eve-scality]

Identified by automated analysis of ARTESCA-16559
Confidence: high

What needs to change

File: src/react/truststore/ImportCertificate.tsx
Implement nickname support across 4 layers in zenko-ui:

1. Data model (src/react/truststore/hooks.ts): Add an optional nickname field to ZenkoCRCertificateBundle:

   export type ZenkoCRCertificateBundle = {
     'ca.crt'?: string;
     secretName?: string;
     secretAttributeName?: string;
     nickname?: string;  // User-defined label
   };

2. Import form (src/react/truststore/ImportCertificate.tsx): Add a text input field for the nickname in the form:

   • Extend the form schema to { certificate: string | undefined; nickname?: string }
   • Add an InputV2 or TextInput field above or below the certificate dropzone with label "Certificate Name (optional)"
   • Pass the nickname to the mutation on submit

3. Mutation (src/js/mutations.ts): Update useAddCertificateToZenkoConfigurationMutation to include the nickname in the JSON Patch:

   value: { 'ca.crt': args.certificate, nickname: args.nickname }

4. Display table (src/react/truststore/Truststore.tsx): In formatCertificateDataForTable, prefer the nickname when available:

   • Add a nickname field to CertificateData
   • In the Name column cell renderer, display the nickname if set, falling back to the commonName chain
   • Also display the nickname in the delete confirmation dialog

Note on Zenko CR compatibility: The Zenko CR schema (zenko-operator) may need to be updated to accept the nickname field in extraCACerts items. This should be verified — if the CR uses strict validation, the operator needs an update too.

Technical Context

The Truststore feature in zenko-ui has no support for user-defined nicknames at any layer of the implementation:

1. Import form (ImportCertificate.tsx): The form schema only defines a single field certificate: string — there is no input for a nickname/label. On submit, only the raw PEM content is passed to the mutation.

2. Storage/mutation (mutations.ts): The useAddCertificateToZenkoConfigurationMutation stores certificates in the Zenko CR at /spec/egress/extraCACerts with only a ca.crt field. There is no additional metadata field for a user-provided name.

3. Data model (hooks.ts): The ZenkoCRCertificateBundle type only has ca.crt, secretName, and secretAttributeName — no nickname field.

4. Display table (Truststore.tsx): The "Name" column is populated by extracting certificate.commonName from the parsed PEM data. Since different ARTESCA instances use the same CA, they all show the same Common Name (e.g., "Artesca-CA"), making them indistinguishable.

The result is that when multiple CAs from different ARTESCA instances are imported, they all display the same name extracted from the PEM file, with no way for the user to tell them apart.

Evidence

src/react/truststore/ImportCertificate.tsx
├── L23: const formMethods = useForm<{ certificate: string | undefined }>({ ...  — The import form only has a single 'certificate' field. There is no 'nickname' or 'name' field defined in the form schema, so users cannot provide a custom label when importing a certificate.
└── L50: const onSubmit = (data: { certificate: string }) => { ...  — On form submission, only the raw PEM certificate content is passed to the mutation. No nickname metadata is included.
src/react/truststore/Truststore.tsx
└── L54: certificateBundle.parsedCertificates.forEach((certificate: ParsedCertificate) => { ...  — The 'Name' column data is populated from certificate.commonName — extracted directly from the PEM file content. All CAs with the same CN (e.g., 'Artesca-CA') are indistinguishable in the UI.
src/react/truststore/hooks.ts
└── L6: export type ZenkoCRCertificateBundle = { ...  — The data model for certificate bundles stored in the Zenko CR has no 'nickname' or 'label' field. The data structure needs to be extended to support custom names.
src/js/mutations.ts
└── L405: return usePatchZenkoConfigurationMutation((args: { certificate: string }) => { ...  — The JSON Patch mutation only stores 'ca.crt' in the Zenko CR. A nickname field needs to be added to the patch value object alongside 'ca.crt'.

Upstream Impact

Medium impact — Users who import multiple CA certificates from different ARTESCA instances (a common multi-cluster scenario) cannot distinguish them in the Truststore table because they all display the same PEM Common Name (e.g., 'Artesca-CA'). This makes certificate management error-prone, as users may accidentally delete the wrong certificate.