fix(redis): remove REDIS_CA_CERT secret key (#728)

aiven · May 7, 2024 · 801980b · 801980b
1 parent 779d980
commit 801980b
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - Fix `ServiceIntegration` deletion when instance has no id set
 - Change `Kafka` field `userConfig.kafka_version`: enum ~~`[3.4, 3.5, 3.6]`~~ → `[3.4, 3.5, 3.6, 3.7]`
 - Add `ServiceIntegration` `flink_external_postgresql` type
+- Remove `REDIS_CA_CERT` secret key. Can't be used with the service type
 
 ## v0.19.0 - 2024-04-18
 

diff --git a/api/v1alpha1/redis_types.go b/api/v1alpha1/redis_types.go
@@ -20,7 +20,7 @@ type RedisSpec struct {
 //+kubebuilder:subresource:status
 
 // Redis is the Schema for the redis API.
-// Info "Exposes secret keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`
+// Info "Exposes secret keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`
 // +kubebuilder:subresource:status
 type Redis struct {
 	metav1.TypeMeta   `json:",inline"`

diff --git a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml
@@ -20,7 +20,7 @@ spec:
         openAPIV3Schema:
           description:
             'Redis is the Schema for the redis API. Info "Exposes secret
-            keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`'
+            keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`'
           properties:
             apiVersion:
               description:

diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml
@@ -20,7 +20,7 @@ spec:
         openAPIV3Schema:
           description:
             'Redis is the Schema for the redis API. Info "Exposes secret
-            keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`'
+            keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`'
           properties:
             apiVersion:
               description:

diff --git a/controllers/generic_service_handler.go b/controllers/generic_service_handler.go
@@ -193,6 +193,12 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG
 			return secret, err
 		}
 
+		// Redis shouldn't expose CA_CERT
+		// It can't be used to connect to redis
+		if o.getServiceType() == "redis" {
+			return secret, nil
+		}
+
 		cert, err := avnGen.ProjectKmsGetCA(ctx, spec.Project)
 		if err != nil {
 			return nil, fmt.Errorf("cannot retrieve project CA certificate: %w", err)

diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md
@@ -40,7 +40,7 @@ Redis is the Schema for the redis API.
 
 !!! Info "Exposes secret keys"
 
-    `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`.
+    `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`.
 
 **Required**
 

diff --git a/tests/redis_test.go b/tests/redis_test.go
@@ -107,5 +107,4 @@ func TestRedis(t *testing.T) {
 	assert.NotEmpty(t, secret.Data["REDIS_PORT"])
 	assert.NotEmpty(t, secret.Data["REDIS_USER"])
 	assert.NotEmpty(t, secret.Data["REDIS_PASSWORD"])
-	assert.NotEmpty(t, secret.Data["REDIS_CA_CERT"])
 }