From 801980bcb2c6fd543222025200466d55d0584c72 Mon Sep 17 00:00:00 2001 From: Murad Biashimov Date: Tue, 7 May 2024 13:20:55 +0200 Subject: [PATCH] fix(redis): remove REDIS_CA_CERT secret key (#728) --- CHANGELOG.md | 1 + api/v1alpha1/redis_types.go | 2 +- charts/aiven-operator-crds/templates/aiven.io_redis.yaml | 2 +- config/crd/bases/aiven.io_redis.yaml | 2 +- controllers/generic_service_handler.go | 6 ++++++ docs/docs/api-reference/redis.md | 2 +- tests/redis_test.go | 1 - 7 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 644ecd83..bf3fc79e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Fix `ServiceIntegration` deletion when instance has no id set - Change `Kafka` field `userConfig.kafka_version`: enum ~~`[3.4, 3.5, 3.6]`~~ → `[3.4, 3.5, 3.6, 3.7]` - Add `ServiceIntegration` `flink_external_postgresql` type +- Remove `REDIS_CA_CERT` secret key. Can't be used with the service type ## v0.19.0 - 2024-04-18 diff --git a/api/v1alpha1/redis_types.go b/api/v1alpha1/redis_types.go index 5fa45c88..c68a88f3 100644 --- a/api/v1alpha1/redis_types.go +++ b/api/v1alpha1/redis_types.go @@ -20,7 +20,7 @@ type RedisSpec struct { //+kubebuilder:subresource:status // Redis is the Schema for the redis API. -// Info "Exposes secret keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT` +// Info "Exposes secret keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` // +kubebuilder:subresource:status type Redis struct { metav1.TypeMeta `json:",inline"` diff --git a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml index 4c8844e7..25f85f89 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml @@ -20,7 +20,7 @@ spec: openAPIV3Schema: description: 'Redis is the Schema for the redis API. Info "Exposes secret - keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`' + keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`' properties: apiVersion: description: diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml index 4c8844e7..25f85f89 100644 --- a/config/crd/bases/aiven.io_redis.yaml +++ b/config/crd/bases/aiven.io_redis.yaml @@ -20,7 +20,7 @@ spec: openAPIV3Schema: description: 'Redis is the Schema for the redis API. Info "Exposes secret - keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`' + keys": `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`' properties: apiVersion: description: diff --git a/controllers/generic_service_handler.go b/controllers/generic_service_handler.go index 785bc6af..52735268 100644 --- a/controllers/generic_service_handler.go +++ b/controllers/generic_service_handler.go @@ -193,6 +193,12 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG return secret, err } + // Redis shouldn't expose CA_CERT + // It can't be used to connect to redis + if o.getServiceType() == "redis" { + return secret, nil + } + cert, err := avnGen.ProjectKmsGetCA(ctx, spec.Project) if err != nil { return nil, fmt.Errorf("cannot retrieve project CA certificate: %w", err) diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md index c8106a3d..39b9ae6d 100644 --- a/docs/docs/api-reference/redis.md +++ b/docs/docs/api-reference/redis.md @@ -40,7 +40,7 @@ Redis is the Schema for the redis API. !!! Info "Exposes secret keys" - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`. + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`. **Required** diff --git a/tests/redis_test.go b/tests/redis_test.go index a3af0b1b..578b11d6 100644 --- a/tests/redis_test.go +++ b/tests/redis_test.go @@ -107,5 +107,4 @@ func TestRedis(t *testing.T) { assert.NotEmpty(t, secret.Data["REDIS_PORT"]) assert.NotEmpty(t, secret.Data["REDIS_USER"]) assert.NotEmpty(t, secret.Data["REDIS_PASSWORD"]) - assert.NotEmpty(t, secret.Data["REDIS_CA_CERT"]) }