Skip to content

Commit

Permalink
feat(services): expose CA certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
byashimov committed Feb 13, 2024
1 parent 017d5c5 commit 428a622
Show file tree
Hide file tree
Showing 51 changed files with 95 additions and 61 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

## [MAJOR.MINOR.PATCH] - YYYY-MM-DD

- Expose project CA certificate to service secrets: `REDIS_CA_CERT`, `MYSQL_CA_CERT`, etc.

## v0.17.0 - 2024-02-01

- Bump k8s deps to 1.26.13
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/cassandra_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type CassandraSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`
// Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/clickhouse_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type ClickhouseSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`
// Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/connectionpool_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ type ConnectionPoolSpec struct {
PoolMode string `json:"poolMode,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`
// Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/grafana_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type GrafanaSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`
// Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/kafka_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type KafkaSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`
// Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/mysql_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type MySQLSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`
// Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/opensearch_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type OpenSearchSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`
// Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/postgresql_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type PostgreSQLSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`
// Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/redis_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type RedisSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`
// Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`,
`CASSANDRA_URI`, `CASSANDRA_HOSTS`"
`CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`"
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`,
`CLICKHOUSE_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
"Information regarding secret creation. Exposed keys:
`CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`,
`CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`,
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`"
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`,
`GRAFANA_URI`, `GRAFANA_HOSTS`"
`GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ spec:
`KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`,
`KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`,
`KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`,
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`"
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`,
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`"
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`"
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`,
`OPENSEARCH_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`,
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`"
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`,
`POSTGRESQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion charts/aiven-operator-crds/templates/aiven.io_redis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`"
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_cassandras.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`,
`CASSANDRA_URI`, `CASSANDRA_HOSTS`"
`CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
3 changes: 2 additions & 1 deletion config/crd/bases/aiven.io_clickhouses.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`"
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`,
`CLICKHOUSE_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_connectionpools.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
"Information regarding secret creation. Exposed keys:
`CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`,
`CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`,
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`"
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_grafanas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`,
`GRAFANA_URI`, `GRAFANA_HOSTS`"
`GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_kafkas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ spec:
`KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`,
`KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`,
`KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`,
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`"
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_mysqls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`,
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`"
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
3 changes: 2 additions & 1 deletion config/crd/bases/aiven.io_opensearches.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`"
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`,
`OPENSEARCH_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
3 changes: 2 additions & 1 deletion config/crd/bases/aiven.io_postgresqls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`,
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`"
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`,
`POSTGRESQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_redis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`"
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand Down
6 changes: 6 additions & 0 deletions controllers/connectionpool_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,11 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe
return nil, fmt.Errorf("cannot get ConnectionPool: %w", err)
}

cert, err := avnGen.ProjectKmsGetCA(ctx, connPool.Spec.Project)
if err != nil {
return nil, fmt.Errorf("cannot get project CA certificate: %w", err)
}

// The pool comes with its own port
poolURI, err := url.Parse(cp.ConnectionURI)
if err != nil {
Expand Down Expand Up @@ -159,6 +164,7 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe
prefix + "PASSWORD": s.URIParams["password"],
prefix + "SSLMODE": s.URIParams["sslmode"],
prefix + "DATABASE_URI": cp.ConnectionURI,
prefix + "CA_CERT": cert,
// todo: remove in future releases
"PGHOST": s.URIParams["host"],
"PGPORT": poolURI.Port(),
Expand Down
23 changes: 21 additions & 2 deletions controllers/generic_service_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,8 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG
return nil, err
}

s, err := avn.Services.Get(ctx, o.getServiceCommonSpec().Project, o.getObjectMeta().Name)
spec := o.getServiceCommonSpec()
s, err := avn.Services.Get(ctx, spec.Project, o.getObjectMeta().Name)
if err != nil {
return nil, fmt.Errorf("failed to get service from Aiven: %w", err)
}
Expand All @@ -181,7 +182,24 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG

// Some services get secrets after they are running only,
// like ip addresses (hosts)
return o.newSecret(ctx, s)
secret, err := o.newSecret(ctx, s)
if err != nil || secret == nil {
return secret, err
}

ca, err := avnGen.ProjectKmsGetCA(ctx, spec.Project)
if err != nil {
return nil, fmt.Errorf("cannot get project CA certificate: %w", err)
}

// We don't expect the Data map to be empty, it must panic.
prefix := getSecretPrefix(o)
secret.Data[prefix+"CA_CERT"] = []byte(ca)
if o.getServiceType() == "kafka" {
// todo: backward compatibility, remove in future releases
secret.Data["CA_CERT"] = []byte(ca)
}
return secret, nil
}
return nil, nil
}
Expand Down Expand Up @@ -212,6 +230,7 @@ type serviceAdapterFabric func(*aiven.Client, client.Object) (serviceAdapter, er

// serviceAdapter turns client.Object into a generic thing
type serviceAdapter interface {
objWithSecret
getObjectMeta() *metav1.ObjectMeta
getServiceStatus() *v1alpha1.ServiceStatus
getServiceCommonSpec() *v1alpha1.ServiceCommonSpec
Expand Down
7 changes: 0 additions & 7 deletions controllers/kafka_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1
password = s.Users[0].Password
}

caCert, err := a.avn.CA.Get(ctx, a.getServiceCommonSpec().Project)
if err != nil {
return nil, fmt.Errorf("aiven client error %w", err)
}

prefix := getSecretPrefix(a)
stringData := map[string]string{
prefix + "HOST": s.URIParams["host"],
Expand All @@ -88,15 +83,13 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1
prefix + "ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey,
prefix + "REST_URI": s.ConnectionInfo.KafkaRestURI,
prefix + "SCHEMA_REGISTRY_URI": s.ConnectionInfo.SchemaRegistryURI,
prefix + "CA_CERT": caCert,
// todo: remove in future releases
"HOST": s.URIParams["host"],
"PORT": s.URIParams["port"],
"PASSWORD": password,
"USERNAME": userName,
"ACCESS_CERT": s.ConnectionInfo.KafkaAccessCert,
"ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey,
"CA_CERT": caCert,
}

for _, c := range s.Components {
Expand Down
Loading

0 comments on commit 428a622

Please sign in to comment.