Allow enable at-rest Encryption without request for in-transit TLS in Operator UI

[pjuarezd]

Operator Console is not allowing to set Encryption (at rest) unless TLS and encryption in-transit (autocert or custom certificates) is enabled.

Would be better to allow Encryption in-rest regardless of encryption in transit is enabled or not.

It seems that this is solely a problem in the UI, since most likelly the CRD would allow to enable encyption without this restriction.

Describe alternatives you've considered
Use CRD instead

Additional context

encryption.no.tls.mov

[pjuarezd]

I will test when you have the UI change @cesnietor

[pjuarezd]

@aead just pointed out that TLS (https) is required, https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html

All GET and PUT requests for AWS KMS encrypted objects must be made using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Requests must also be signed using valid credentials, such as AWS Signature Version 4 (or AWS Signature Version 2).

Maybe this change is not needed

[pjuarezd]

We discussed this internally,

SSE-C only mandates TLS
SSE-S3 and SSE-KMS do not require any TLS on the wire

Allow enable at-rest Encryption without request for in-transit is still valid
fyi @cesnietor @aead

[cesnietor]

@pjuarezd so in summary how should the UI experience look like?

[pjuarezd]

@pjuarezd so in summary how should the UI experience look like?

changes requested in this issue are still valid and is the expected final result, hesistated for a moment but we are fine.

[cesnietor]

closing this since operator ui has been deprecated, see https://github.com/minio/operator/blob/master/docs/notes/v6.0.0.md#whats-new for more.