feat: add ability to disable connection info secret creation (#599)

.trunk/configs/.golangci.yml

@@ -9,13 +9,14 @@ issues:
       text: underscore
     - linters:
         - gomnd
-      text: "mnd: Magic number: 0644"
+      text: "mnd: Magic number: 0o644"
 
 linters:
   disable-all: true
   enable:
     - errcheck
     - gofmt
+    - gofumpt
     - gosimple
     - ineffassign
     - misspell

CHANGELOG.md

@@ -40,6 +40,30 @@
 - Change `Kafka` field `userConfig.kafka_version`: enum ~~`[3.1, 3.3, 3.4, 3.5, 3.6]`~~ → `[3.4, 3.5, 3.6]`
 - Change `PostgreSQL` field `userConfig.pg_version`: enum ~~`[11, 12, 13, 14, 15, 16]`~~ → `[12, 13,
 14, 15, 16]`
+- Add `Cassandra` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `Clickhouse` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `ClickhouseUser` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `ConnectionPool` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `Grafana` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `Kafka` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `MySQL` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `OpenSearch` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `PostgreSQL` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `Project` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `Redis` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
+- Add `ServiceUser` field `connInfoSecretTargetDisabled`, type `boolean`: When true, the secret containing
+  connection information will not be created, defaults to false
 
 ## v0.16.1 - 2023-12-15
 

api/v1alpha1/cassandra_types.go

@@ -11,6 +11,7 @@ import (
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
 // CassandraSpec defines the desired state of Cassandra
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type CassandraSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -25,6 +26,10 @@ type CassandraSpec struct {
 	// Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// Cassandra specific user configuration options
 	UserConfig *cassandrauserconfig.CassandraUserConfig `json:"userConfig,omitempty"`
 }
@@ -54,6 +59,10 @@ func (in *Cassandra) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (in *Cassandra) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *Cassandra) GetRefs() []*ResourceReferenceObject {
 	return in.Spec.GetRefs(in.GetNamespace())
 }

api/v1alpha1/clickhouse_types.go

@@ -9,6 +9,7 @@ import (
 )
 
 // ClickhouseSpec defines the desired state of Clickhouse
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type ClickhouseSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -23,6 +24,10 @@ type ClickhouseSpec struct {
 	// Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// OpenSearch specific user configuration options
 	UserConfig *clickhouseuserconfig.ClickhouseUserConfig `json:"userConfig,omitempty"`
 }
@@ -58,6 +63,10 @@ func (in *Clickhouse) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (in *Clickhouse) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *Clickhouse) GetRefs() []*ResourceReferenceObject {
 	return in.Spec.GetRefs(in.GetNamespace())
 }

api/v1alpha1/clickhouseuser_types.go

@@ -7,6 +7,7 @@ import (
 )
 
 // ClickhouseUserSpec defines the desired state of ClickhouseUser
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type ClickhouseUserSpec struct {
 	// +kubebuilder:validation:MaxLength=63
 	// +kubebuilder:validation:Format="^[a-zA-Z0-9_-]*$"
@@ -23,6 +24,10 @@ type ClickhouseUserSpec struct {
 	// Exposed keys: `CLICKHOUSEUSER_HOST`, `CLICKHOUSEUSER_PORT`, `CLICKHOUSEUSER_USER`, `CLICKHOUSEUSER_PASSWORD`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// Authentication reference to Aiven token in a secret
 	AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`
 }
@@ -54,6 +59,10 @@ type ClickhouseUser struct {
 
 var _ AivenManagedObject = &ClickhouseUser{}
 
+func (in *ClickhouseUser) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *ClickhouseUser) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }

api/v1alpha1/common.go

@@ -214,4 +214,5 @@ type AivenManagedObject interface {
 
 	AuthSecretRef() *AuthSecretReference
 	Conditions() *[]metav1.Condition
+	NoSecret() bool
 }

api/v1alpha1/connectionpool_types.go

@@ -7,6 +7,7 @@ import (
 )
 
 // ConnectionPoolSpec defines the desired state of ConnectionPool
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type ConnectionPoolSpec struct {
 	// +kubebuilder:validation:MaxLength=63
 	// +kubebuilder:validation:Format="^[a-zA-Z0-9_-]*$"
@@ -38,6 +39,10 @@ type ConnectionPoolSpec struct {
 	// Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// Authentication reference to Aiven token in a secret
 	AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`
 }
@@ -76,6 +81,10 @@ func (in *ConnectionPool) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (in *ConnectionPool) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *ConnectionPool) GetConnInfoSecretTarget() ConnInfoSecretTarget {
 	return in.Spec.ConnInfoSecretTarget
 }

api/v1alpha1/database_types.go

@@ -56,9 +56,14 @@ type Database struct {
 
 var _ AivenManagedObject = &Database{}
 
+func (*Database) NoSecret() bool {
+	return false
+}
+
 func (in *Database) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }
+
 func (in *Database) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }

api/v1alpha1/grafana_types.go

@@ -11,6 +11,7 @@ import (
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
 // GrafanaSpec defines the desired state of Grafana
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type GrafanaSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -25,6 +26,10 @@ type GrafanaSpec struct {
 	// Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// Cassandra specific user configuration options
 	UserConfig *grafanauserconfig.GrafanaUserConfig `json:"userConfig,omitempty"`
 }
@@ -54,6 +59,10 @@ func (in *Grafana) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (in *Grafana) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *Grafana) GetRefs() []*ResourceReferenceObject {
 	return in.Spec.GetRefs(in.GetNamespace())
 }

api/v1alpha1/kafka_types.go

@@ -9,6 +9,7 @@ import (
 )
 
 // KafkaSpec defines the desired state of Kafka
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type KafkaSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -23,6 +24,10 @@ type KafkaSpec struct {
 	// Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// Switch the service to use Karapace for schema registry and REST proxy
 	Karapace *bool `json:"karapace,omitempty"`
 
@@ -48,6 +53,10 @@ type Kafka struct {
 
 var _ AivenManagedObject = &Kafka{}
 
+func (in *Kafka) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *Kafka) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }

api/v1alpha1/kafkaacl_types.go

@@ -67,6 +67,10 @@ func (in *KafkaACL) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (*KafkaACL) NoSecret() bool {
+	return false
+}
+
 // +kubebuilder:object:root=true
 
 // KafkaACLList contains a list of KafkaACL

api/v1alpha1/kafkaconnect_types.go

@@ -34,6 +34,10 @@ type KafkaConnect struct {
 
 var _ AivenManagedObject = &KafkaConnect{}
 
+func (*KafkaConnect) NoSecret() bool {
+	return false
+}
+
 func (in *KafkaConnect) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }

api/v1alpha1/kafkaconnector_types.go

@@ -94,6 +94,10 @@ func (in *KafkaConnector) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (*KafkaConnector) NoSecret() bool {
+	return false
+}
+
 //+kubebuilder:object:root=true
 
 // KafkaConnectorList contains a list of KafkaConnector

api/v1alpha1/kafkaschema_types.go

@@ -60,6 +60,10 @@ type KafkaSchema struct {
 
 var _ AivenManagedObject = &KafkaSchema{}
 
+func (*KafkaSchema) NoSecret() bool {
+	return false
+}
+
 func (in *KafkaSchema) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }

api/v1alpha1/kafkatopic_types.go

@@ -175,6 +175,10 @@ func (in *KafkaTopic) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (*KafkaTopic) NoSecret() bool {
+	return false
+}
+
 // +kubebuilder:object:root=true
 
 // KafkaTopicList contains a list of KafkaTopic

api/v1alpha1/mysql_types.go

@@ -9,6 +9,7 @@ import (
 )
 
 // MySQLSpec defines the desired state of MySQL
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type MySQLSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -23,6 +24,10 @@ type MySQLSpec struct {
 	// Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// MySQL specific user configuration options
 	UserConfig *mysqluserconfig.MysqlUserConfig `json:"userConfig,omitempty"`
 }
@@ -44,9 +49,14 @@ type MySQL struct {
 
 var _ AivenManagedObject = &MySQL{}
 
+func (in *MySQL) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *MySQL) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }
+
 func (in *MySQL) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }

api/v1alpha1/opensearch_types.go

@@ -9,6 +9,7 @@ import (
 )
 
 // OpenSearchSpec defines the desired state of OpenSearch
+// +kubebuilder:validation:XValidation:rule="has(oldSelf.connInfoSecretTargetDisabled) == has(self.connInfoSecretTargetDisabled)",message="connInfoSecretTargetDisabled can only be set during resource creation."
 type OpenSearchSpec struct {
 	ServiceCommonSpec `json:",inline"`
 
@@ -23,6 +24,10 @@ type OpenSearchSpec struct {
 	// Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`
 	ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
+	// When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
+	ConnInfoSecretTargetDisabled *bool `json:"connInfoSecretTargetDisabled,omitempty"`
+
 	// OpenSearch specific user configuration options
 	UserConfig *opensearchuserconfig.OpensearchUserConfig `json:"userConfig,omitempty"`
 }
@@ -53,10 +58,15 @@ var _ AivenManagedObject = &OpenSearch{}
 func (in *OpenSearch) AuthSecretRef() *AuthSecretReference {
 	return in.Spec.AuthSecretRef
 }
+
 func (in *OpenSearch) Conditions() *[]metav1.Condition {
 	return &in.Status.Conditions
 }
 
+func (in *OpenSearch) NoSecret() bool {
+	return in.Spec.ConnInfoSecretTargetDisabled != nil && *in.Spec.ConnInfoSecretTargetDisabled
+}
+
 func (in *OpenSearch) GetRefs() []*ResourceReferenceObject {
 	return in.Spec.GetRefs(in.GetNamespace())
 }