From 428a6229f93d3b0927c62670359846712994ac1d Mon Sep 17 00:00:00 2001 From: Murad Biashimov Date: Tue, 13 Feb 2024 11:03:34 +0100 Subject: [PATCH] feat(services): expose CA certificate --- CHANGELOG.md | 2 ++ api/v1alpha1/cassandra_types.go | 2 +- api/v1alpha1/clickhouse_types.go | 2 +- api/v1alpha1/connectionpool_types.go | 2 +- api/v1alpha1/grafana_types.go | 2 +- api/v1alpha1/kafka_types.go | 2 +- api/v1alpha1/mysql_types.go | 2 +- api/v1alpha1/opensearch_types.go | 2 +- api/v1alpha1/postgresql_types.go | 2 +- api/v1alpha1/redis_types.go | 2 +- .../templates/aiven.io_cassandras.yaml | 2 +- .../templates/aiven.io_clickhouses.yaml | 3 ++- .../templates/aiven.io_connectionpools.yaml | 2 +- .../templates/aiven.io_grafanas.yaml | 2 +- .../templates/aiven.io_kafkas.yaml | 2 +- .../templates/aiven.io_mysqls.yaml | 2 +- .../templates/aiven.io_opensearches.yaml | 3 ++- .../templates/aiven.io_postgresqls.yaml | 3 ++- .../templates/aiven.io_redis.yaml | 2 +- config/crd/bases/aiven.io_cassandras.yaml | 2 +- config/crd/bases/aiven.io_clickhouses.yaml | 3 ++- .../crd/bases/aiven.io_connectionpools.yaml | 2 +- config/crd/bases/aiven.io_grafanas.yaml | 2 +- config/crd/bases/aiven.io_kafkas.yaml | 2 +- config/crd/bases/aiven.io_mysqls.yaml | 2 +- config/crd/bases/aiven.io_opensearches.yaml | 3 ++- config/crd/bases/aiven.io_postgresqls.yaml | 3 ++- config/crd/bases/aiven.io_redis.yaml | 2 +- controllers/connectionpool_controller.go | 6 +++++ controllers/generic_service_handler.go | 23 +++++++++++++++++-- controllers/kafka_controller.go | 7 ------ docs/docs/api-reference/cassandra.md | 4 ++-- docs/docs/api-reference/clickhouse.md | 4 ++-- docs/docs/api-reference/connectionpool.md | 4 ++-- docs/docs/api-reference/grafana.md | 4 ++-- docs/docs/api-reference/kafka.md | 4 ++-- docs/docs/api-reference/mysql.md | 4 ++-- docs/docs/api-reference/opensearch.md | 4 ++-- docs/docs/api-reference/postgresql.md | 4 ++-- docs/docs/api-reference/redis.md | 4 ++-- go.mod | 2 +- go.sum | 9 +++----- tests/cassandra_test.go | 1 + tests/clickhouse_test.go | 1 + tests/connectionpool_test.go | 1 + tests/grafana_test.go | 1 + tests/kafka_test.go | 2 ++ tests/mysql_test.go | 1 + tests/opensearch_test.go | 1 + tests/postgresql_test.go | 2 ++ tests/redis_test.go | 1 + 51 files changed, 95 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 854b0893c..13c2ee68b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD +- Expose project CA certificate to service secrets: `REDIS_CA_CERT`, `MYSQL_CA_CERT`, etc. + ## v0.17.0 - 2024-02-01 - Bump k8s deps to 1.26.13 diff --git a/api/v1alpha1/cassandra_types.go b/api/v1alpha1/cassandra_types.go index 11fb2f685..e3c77d15e 100644 --- a/api/v1alpha1/cassandra_types.go +++ b/api/v1alpha1/cassandra_types.go @@ -23,7 +23,7 @@ type CassandraSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS` + // Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/clickhouse_types.go b/api/v1alpha1/clickhouse_types.go index 4328f1085..3ddd7c9da 100644 --- a/api/v1alpha1/clickhouse_types.go +++ b/api/v1alpha1/clickhouse_types.go @@ -21,7 +21,7 @@ type ClickhouseSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD` + // Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/connectionpool_types.go b/api/v1alpha1/connectionpool_types.go index de094ca99..a33d811ec 100644 --- a/api/v1alpha1/connectionpool_types.go +++ b/api/v1alpha1/connectionpool_types.go @@ -36,7 +36,7 @@ type ConnectionPoolSpec struct { PoolMode string `json:"poolMode,omitempty"` // Information regarding secret creation. - // Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI` + // Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/grafana_types.go b/api/v1alpha1/grafana_types.go index e763a2d34..afc5b5cb7 100644 --- a/api/v1alpha1/grafana_types.go +++ b/api/v1alpha1/grafana_types.go @@ -23,7 +23,7 @@ type GrafanaSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS` + // Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/kafka_types.go b/api/v1alpha1/kafka_types.go index 02334428f..4e5eba51e 100644 --- a/api/v1alpha1/kafka_types.go +++ b/api/v1alpha1/kafka_types.go @@ -21,7 +21,7 @@ type KafkaSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT` + // Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/mysql_types.go b/api/v1alpha1/mysql_types.go index f80893be0..bb4d1b17a 100644 --- a/api/v1alpha1/mysql_types.go +++ b/api/v1alpha1/mysql_types.go @@ -21,7 +21,7 @@ type MySQLSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI` + // Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/opensearch_types.go b/api/v1alpha1/opensearch_types.go index ac1c30c9f..4f2589309 100644 --- a/api/v1alpha1/opensearch_types.go +++ b/api/v1alpha1/opensearch_types.go @@ -21,7 +21,7 @@ type OpenSearchSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD` + // Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/postgresql_types.go b/api/v1alpha1/postgresql_types.go index 7e995e0ca..404faa5cc 100644 --- a/api/v1alpha1/postgresql_types.go +++ b/api/v1alpha1/postgresql_types.go @@ -21,7 +21,7 @@ type PostgreSQLSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI` + // Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/redis_types.go b/api/v1alpha1/redis_types.go index 85f4ea0b9..61ed0a131 100644 --- a/api/v1alpha1/redis_types.go +++ b/api/v1alpha1/redis_types.go @@ -21,7 +21,7 @@ type RedisSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` + // Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml index b2ccc320d..3c53411c3 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, - `CASSANDRA_URI`, `CASSANDRA_HOSTS`" + `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml index 3bebac7b5..b53d8fc1d 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`" + `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, + `CLICKHOUSE_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml b/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml index d40e27b1d..7a9c5207a 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml @@ -74,7 +74,7 @@ spec: "Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, - `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`" + `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml index a9e3de5f8..de4849302 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, - `GRAFANA_URI`, `GRAFANA_HOSTS`" + `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml index 589d89307..695353a70 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml @@ -73,7 +73,7 @@ spec: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, - `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`" + `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml index 853d3ac47..cf2d2e81f 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, - `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`" + `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml index 7e581231e..d8effae15 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`" + `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, + `OPENSEARCH_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml index 555c7e212..9f0877c4f 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml @@ -71,7 +71,8 @@ spec: description: "Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, - `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`" + `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, + `POSTGRESQL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml index fe95067b8..9ad3ed3f3 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml @@ -57,7 +57,7 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`" + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_cassandras.yaml b/config/crd/bases/aiven.io_cassandras.yaml index b2ccc320d..3c53411c3 100644 --- a/config/crd/bases/aiven.io_cassandras.yaml +++ b/config/crd/bases/aiven.io_cassandras.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, - `CASSANDRA_URI`, `CASSANDRA_HOSTS`" + `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_clickhouses.yaml b/config/crd/bases/aiven.io_clickhouses.yaml index 3bebac7b5..b53d8fc1d 100644 --- a/config/crd/bases/aiven.io_clickhouses.yaml +++ b/config/crd/bases/aiven.io_clickhouses.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`" + `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, + `CLICKHOUSE_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_connectionpools.yaml b/config/crd/bases/aiven.io_connectionpools.yaml index d40e27b1d..7a9c5207a 100644 --- a/config/crd/bases/aiven.io_connectionpools.yaml +++ b/config/crd/bases/aiven.io_connectionpools.yaml @@ -74,7 +74,7 @@ spec: "Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, - `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`" + `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_grafanas.yaml b/config/crd/bases/aiven.io_grafanas.yaml index a9e3de5f8..de4849302 100644 --- a/config/crd/bases/aiven.io_grafanas.yaml +++ b/config/crd/bases/aiven.io_grafanas.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, - `GRAFANA_URI`, `GRAFANA_HOSTS`" + `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_kafkas.yaml b/config/crd/bases/aiven.io_kafkas.yaml index 589d89307..695353a70 100644 --- a/config/crd/bases/aiven.io_kafkas.yaml +++ b/config/crd/bases/aiven.io_kafkas.yaml @@ -73,7 +73,7 @@ spec: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, - `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`" + `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_mysqls.yaml b/config/crd/bases/aiven.io_mysqls.yaml index 853d3ac47..cf2d2e81f 100644 --- a/config/crd/bases/aiven.io_mysqls.yaml +++ b/config/crd/bases/aiven.io_mysqls.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, - `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`" + `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_opensearches.yaml b/config/crd/bases/aiven.io_opensearches.yaml index 7e581231e..d8effae15 100644 --- a/config/crd/bases/aiven.io_opensearches.yaml +++ b/config/crd/bases/aiven.io_opensearches.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`" + `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, + `OPENSEARCH_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_postgresqls.yaml b/config/crd/bases/aiven.io_postgresqls.yaml index 555c7e212..9f0877c4f 100644 --- a/config/crd/bases/aiven.io_postgresqls.yaml +++ b/config/crd/bases/aiven.io_postgresqls.yaml @@ -71,7 +71,8 @@ spec: description: "Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, - `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`" + `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, + `POSTGRESQL_CA_CERT`" properties: annotations: additionalProperties: diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml index fe95067b8..9ad3ed3f3 100644 --- a/config/crd/bases/aiven.io_redis.yaml +++ b/config/crd/bases/aiven.io_redis.yaml @@ -57,7 +57,7 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`" + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`" properties: annotations: additionalProperties: diff --git a/controllers/connectionpool_controller.go b/controllers/connectionpool_controller.go index 74af62b10..49637b722 100644 --- a/controllers/connectionpool_controller.go +++ b/controllers/connectionpool_controller.go @@ -131,6 +131,11 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe return nil, fmt.Errorf("cannot get ConnectionPool: %w", err) } + cert, err := avnGen.ProjectKmsGetCA(ctx, connPool.Spec.Project) + if err != nil { + return nil, fmt.Errorf("cannot get project CA certificate: %w", err) + } + // The pool comes with its own port poolURI, err := url.Parse(cp.ConnectionURI) if err != nil { @@ -159,6 +164,7 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe prefix + "PASSWORD": s.URIParams["password"], prefix + "SSLMODE": s.URIParams["sslmode"], prefix + "DATABASE_URI": cp.ConnectionURI, + prefix + "CA_CERT": cert, // todo: remove in future releases "PGHOST": s.URIParams["host"], "PGPORT": poolURI.Port(), diff --git a/controllers/generic_service_handler.go b/controllers/generic_service_handler.go index bc1e943ae..ad9073d8a 100644 --- a/controllers/generic_service_handler.go +++ b/controllers/generic_service_handler.go @@ -166,7 +166,8 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG return nil, err } - s, err := avn.Services.Get(ctx, o.getServiceCommonSpec().Project, o.getObjectMeta().Name) + spec := o.getServiceCommonSpec() + s, err := avn.Services.Get(ctx, spec.Project, o.getObjectMeta().Name) if err != nil { return nil, fmt.Errorf("failed to get service from Aiven: %w", err) } @@ -181,7 +182,24 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG // Some services get secrets after they are running only, // like ip addresses (hosts) - return o.newSecret(ctx, s) + secret, err := o.newSecret(ctx, s) + if err != nil || secret == nil { + return secret, err + } + + ca, err := avnGen.ProjectKmsGetCA(ctx, spec.Project) + if err != nil { + return nil, fmt.Errorf("cannot get project CA certificate: %w", err) + } + + // We don't expect the Data map to be empty, it must panic. + prefix := getSecretPrefix(o) + secret.Data[prefix+"CA_CERT"] = []byte(ca) + if o.getServiceType() == "kafka" { + // todo: backward compatibility, remove in future releases + secret.Data["CA_CERT"] = []byte(ca) + } + return secret, nil } return nil, nil } @@ -212,6 +230,7 @@ type serviceAdapterFabric func(*aiven.Client, client.Object) (serviceAdapter, er // serviceAdapter turns client.Object into a generic thing type serviceAdapter interface { + objWithSecret getObjectMeta() *metav1.ObjectMeta getServiceStatus() *v1alpha1.ServiceStatus getServiceCommonSpec() *v1alpha1.ServiceCommonSpec diff --git a/controllers/kafka_controller.go b/controllers/kafka_controller.go index aa25b8db7..f44e2959c 100644 --- a/controllers/kafka_controller.go +++ b/controllers/kafka_controller.go @@ -73,11 +73,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 password = s.Users[0].Password } - caCert, err := a.avn.CA.Get(ctx, a.getServiceCommonSpec().Project) - if err != nil { - return nil, fmt.Errorf("aiven client error %w", err) - } - prefix := getSecretPrefix(a) stringData := map[string]string{ prefix + "HOST": s.URIParams["host"], @@ -88,7 +83,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 prefix + "ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey, prefix + "REST_URI": s.ConnectionInfo.KafkaRestURI, prefix + "SCHEMA_REGISTRY_URI": s.ConnectionInfo.SchemaRegistryURI, - prefix + "CA_CERT": caCert, // todo: remove in future releases "HOST": s.URIParams["host"], "PORT": s.URIParams["port"], @@ -96,7 +90,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 "USERNAME": userName, "ACCESS_CERT": s.ConnectionInfo.KafkaAccessCert, "ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey, - "CA_CERT": caCert, } for _, c := range s.Components { diff --git a/docs/docs/api-reference/cassandra.md b/docs/docs/api-reference/cassandra.md index 1fe728880..34dff65b6 100644 --- a/docs/docs/api-reference/cassandra.md +++ b/docs/docs/api-reference/cassandra.md @@ -65,7 +65,7 @@ CassandraSpec defines the desired state of Cassandra. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -93,7 +93,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`. +Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/clickhouse.md b/docs/docs/api-reference/clickhouse.md index c68df324b..9c583a43d 100644 --- a/docs/docs/api-reference/clickhouse.md +++ b/docs/docs/api-reference/clickhouse.md @@ -56,7 +56,7 @@ ClickhouseSpec defines the desired state of Clickhouse. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -84,7 +84,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`. +Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/connectionpool.md b/docs/docs/api-reference/connectionpool.md index 315e464c1..502bc998a 100644 --- a/docs/docs/api-reference/connectionpool.md +++ b/docs/docs/api-reference/connectionpool.md @@ -57,7 +57,7 @@ ConnectionPoolSpec defines the desired state of ConnectionPool. **Optional** - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`poolMode`](#spec.poolMode-property){: name='spec.poolMode-property'} (string, Enum: `session`, `transaction`, `statement`). Mode the pool operates in (session, transaction, statement). - [`poolSize`](#spec.poolSize-property){: name='spec.poolSize-property'} (integer). Number of connections the pool may create towards the backend server. @@ -77,7 +77,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`. +Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/grafana.md b/docs/docs/api-reference/grafana.md index 8fc245b58..dfa041ea6 100644 --- a/docs/docs/api-reference/grafana.md +++ b/docs/docs/api-reference/grafana.md @@ -64,7 +64,7 @@ GrafanaSpec defines the desired state of Grafana. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -92,7 +92,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`. +Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/kafka.md b/docs/docs/api-reference/kafka.md index abad7aa96..eadb5bf12 100644 --- a/docs/docs/api-reference/kafka.md +++ b/docs/docs/api-reference/kafka.md @@ -56,7 +56,7 @@ KafkaSpec defines the desired state of Kafka. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`karapace`](#spec.karapace-property){: name='spec.karapace-property'} (boolean). Switch the service to use Karapace for schema registry and REST proxy. @@ -85,7 +85,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`. +Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/mysql.md b/docs/docs/api-reference/mysql.md index 10b4c98c8..0015989ea 100644 --- a/docs/docs/api-reference/mysql.md +++ b/docs/docs/api-reference/mysql.md @@ -64,7 +64,7 @@ MySQLSpec defines the desired state of MySQL. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -92,7 +92,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`. +Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/opensearch.md b/docs/docs/api-reference/opensearch.md index 282b9033f..dccc5319c 100644 --- a/docs/docs/api-reference/opensearch.md +++ b/docs/docs/api-reference/opensearch.md @@ -57,7 +57,7 @@ OpenSearchSpec defines the desired state of OpenSearch. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -85,7 +85,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`. +Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/postgresql.md b/docs/docs/api-reference/postgresql.md index 64d041ffe..1ff833709 100644 --- a/docs/docs/api-reference/postgresql.md +++ b/docs/docs/api-reference/postgresql.md @@ -59,7 +59,7 @@ PostgreSQLSpec defines the desired state of postgres instance. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -87,7 +87,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`. +Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`. **Required** diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md index ed5c4a365..8ca5b3a3a 100644 --- a/docs/docs/api-reference/redis.md +++ b/docs/docs/api-reference/redis.md @@ -59,7 +59,7 @@ RedisSpec defines the desired state of Redis. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -87,7 +87,7 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`. +Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`. **Required** diff --git a/go.mod b/go.mod index 1fd832d19..fe61d0c1e 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.21 require ( github.com/aiven/aiven-go-client/v2 v2.12.0 github.com/aiven/go-api-schemas v1.59.0 + github.com/aiven/go-client-codegen v0.0.0-20240213091901-bcce131d40dd github.com/dave/jennifer v1.7.0 github.com/docker/go-units v0.5.0 github.com/ghodss/yaml v1.0.0 @@ -27,7 +28,6 @@ require ( ) require ( - github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect diff --git a/go.sum b/go.sum index 4e3b88c36..b4cfbc369 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,8 @@ github.com/aiven/aiven-go-client/v2 v2.12.0 h1:VxOfn61AtfLjy2B+DdXF2/7OHyyFZ1aQa github.com/aiven/aiven-go-client/v2 v2.12.0/go.mod h1:x0xhzxWEKAwKv0xY5FvECiI6tesWshcPHvjwl0B/1SU= github.com/aiven/go-api-schemas v1.59.0 h1:DEH5KuxCpdtIxcnBubwf/svjExE1KK3DbQHT+tb5aeU= github.com/aiven/go-api-schemas v1.59.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= -github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8 h1:sSdq3/2fF6O3b+ykD7KQrN13zHymijT2sbxnCQjJyI0= -github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= +github.com/aiven/go-client-codegen v0.0.0-20240213091901-bcce131d40dd h1:hb50RdwzDAasfhwL44u+wuEeJv99LXC/u8B9V/tpiXo= +github.com/aiven/go-client-codegen v0.0.0-20240213091901-bcce131d40dd/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -186,8 +186,6 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= -github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-version v0.0.0-20161031182605-e96d38404026 h1:qWx/DcC6l4ZzuS+JBAzI5XjtLFDCc08zYeZ0kLnaH2g= @@ -363,8 +361,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= diff --git a/tests/cassandra_test.go b/tests/cassandra_test.go index 121d035a3..6e7b6b80d 100644 --- a/tests/cassandra_test.go +++ b/tests/cassandra_test.go @@ -111,4 +111,5 @@ func TestCassandra(t *testing.T) { assert.NotEmpty(t, secret.Data["CASSANDRA_PASSWORD"]) assert.NotEmpty(t, secret.Data["CASSANDRA_URI"]) assert.NotEmpty(t, secret.Data["CASSANDRA_HOSTS"]) + assert.NotEmpty(t, secret.Data["CASSANDRA_CA_CERT"]) } diff --git a/tests/clickhouse_test.go b/tests/clickhouse_test.go index 5a6a3ae9a..ba2dfd1de 100644 --- a/tests/clickhouse_test.go +++ b/tests/clickhouse_test.go @@ -106,4 +106,5 @@ func TestClickhouse(t *testing.T) { assert.NotEmpty(t, secret.Data["CLICKHOUSE_PORT"]) assert.NotEmpty(t, secret.Data["CLICKHOUSE_USER"]) assert.NotEmpty(t, secret.Data["CLICKHOUSE_PASSWORD"]) + assert.NotEmpty(t, secret.Data["CLICKHOUSE_CA_CERT"]) } diff --git a/tests/connectionpool_test.go b/tests/connectionpool_test.go index a35c93aca..c269ed27f 100644 --- a/tests/connectionpool_test.go +++ b/tests/connectionpool_test.go @@ -165,6 +165,7 @@ func TestConnectionPool(t *testing.T) { assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_PASSWORD"]) assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_SSLMODE"]) assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_CA_CERT"]) // URI contains valid values uri := string(secret.Data["CONNECTIONPOOL_DATABASE_URI"]) diff --git a/tests/grafana_test.go b/tests/grafana_test.go index a82754519..cc6bc367a 100644 --- a/tests/grafana_test.go +++ b/tests/grafana_test.go @@ -110,4 +110,5 @@ func TestGrafana(t *testing.T) { assert.NotEmpty(t, secret.Data["GRAFANA_PASSWORD"]) assert.NotEmpty(t, secret.Data["GRAFANA_URI"]) assert.NotEmpty(t, secret.Data["GRAFANA_HOSTS"]) + assert.NotEmpty(t, secret.Data["GRAFANA_CA_CERT"]) } diff --git a/tests/kafka_test.go b/tests/kafka_test.go index 05787b647..dab097ccc 100644 --- a/tests/kafka_test.go +++ b/tests/kafka_test.go @@ -112,6 +112,7 @@ func TestKafka(t *testing.T) { assert.NotEmpty(t, secret.Data["PASSWORD"]) assert.NotEmpty(t, secret.Data["ACCESS_CERT"]) assert.NotEmpty(t, secret.Data["ACCESS_KEY"]) + assert.NotEmpty(t, secret.Data["CA_CERT"]) // New secrets assert.NotEmpty(t, secret.Data["KAFKA_HOST"]) @@ -120,6 +121,7 @@ func TestKafka(t *testing.T) { assert.NotEmpty(t, secret.Data["KAFKA_PASSWORD"]) assert.NotEmpty(t, secret.Data["KAFKA_ACCESS_CERT"]) assert.NotEmpty(t, secret.Data["KAFKA_ACCESS_KEY"]) + assert.NotEmpty(t, secret.Data["KAFKA_CA_CERT"]) // SASL test assert.Equal(t, anyPointer(true), ks.Spec.UserConfig.KafkaAuthenticationMethods.Sasl) diff --git a/tests/mysql_test.go b/tests/mysql_test.go index 2bb6949c5..8576a68aa 100644 --- a/tests/mysql_test.go +++ b/tests/mysql_test.go @@ -111,4 +111,5 @@ func TestMySQL(t *testing.T) { assert.NotEmpty(t, secret.Data["MYSQL_SSL_MODE"]) assert.NotEmpty(t, secret.Data["MYSQL_URI"]) assert.NotEmpty(t, secret.Data["MYSQL_REPLICA_URI"]) // business-4 has replica + assert.NotEmpty(t, secret.Data["MYSQL_CA_CERT"]) } diff --git a/tests/opensearch_test.go b/tests/opensearch_test.go index 085597e9f..0d75ad697 100644 --- a/tests/opensearch_test.go +++ b/tests/opensearch_test.go @@ -114,6 +114,7 @@ func TestOpenSearch(t *testing.T) { assert.NotEmpty(t, secret.Data["OPENSEARCH_PORT"]) assert.NotEmpty(t, secret.Data["OPENSEARCH_USER"]) assert.NotEmpty(t, secret.Data["OPENSEARCH_PASSWORD"]) + assert.NotEmpty(t, secret.Data["OPENSEARCH_CA_CERT"]) assert.Equal(t, map[string]string{"foo": "bar"}, secret.Annotations) assert.Equal(t, map[string]string{"baz": "egg"}, secret.Labels) } diff --git a/tests/postgresql_test.go b/tests/postgresql_test.go index 408ad0dbe..6c0b1982a 100644 --- a/tests/postgresql_test.go +++ b/tests/postgresql_test.go @@ -142,6 +142,7 @@ func TestPgReadReplica(t *testing.T) { assert.NotEmpty(t, secret.Data["POSTGRESQL_PASSWORD"]) assert.NotEmpty(t, secret.Data["POSTGRESQL_SSLMODE"]) assert.NotEmpty(t, secret.Data["POSTGRESQL_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["POSTGRESQL_CA_CERT"]) } } @@ -244,4 +245,5 @@ func TestPgCustomPrefix(t *testing.T) { assert.NotEmpty(t, secret.Data["MY_PG_PASSWORD"]) assert.NotEmpty(t, secret.Data["MY_PG_SSLMODE"]) assert.NotEmpty(t, secret.Data["MY_PG_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["MY_PG_CA_CERT"]) } diff --git a/tests/redis_test.go b/tests/redis_test.go index 2578ec690..8133ca074 100644 --- a/tests/redis_test.go +++ b/tests/redis_test.go @@ -106,4 +106,5 @@ func TestRedis(t *testing.T) { assert.NotEmpty(t, secret.Data["REDIS_PORT"]) assert.NotEmpty(t, secret.Data["REDIS_USER"]) assert.NotEmpty(t, secret.Data["REDIS_PASSWORD"]) + assert.NotEmpty(t, secret.Data["REDIS_CA_CERT"]) }