From f1fd387128633b6f6719969cfc04f47107ce3832 Mon Sep 17 00:00:00 2001 From: Murad Biashimov Date: Tue, 13 Feb 2024 11:03:34 +0100 Subject: [PATCH] feat(services): expose CA certificate --- CHANGELOG.md | 1 + api/v1alpha1/cassandra_types.go | 2 +- api/v1alpha1/clickhouse_types.go | 2 +- api/v1alpha1/common.go | 2 +- api/v1alpha1/connectionpool_types.go | 2 +- api/v1alpha1/grafana_types.go | 2 +- api/v1alpha1/kafka_types.go | 2 +- api/v1alpha1/mysql_types.go | 2 +- api/v1alpha1/opensearch_types.go | 2 +- api/v1alpha1/postgresql_types.go | 2 +- api/v1alpha1/redis_types.go | 2 +- .../templates/aiven.io_cassandras.yaml | 4 ++-- .../templates/aiven.io_clickhouses.yaml | 5 ++-- .../templates/aiven.io_clickhouseusers.yaml | 2 +- .../templates/aiven.io_connectionpools.yaml | 4 ++-- .../templates/aiven.io_grafanas.yaml | 4 ++-- .../templates/aiven.io_kafkas.yaml | 4 ++-- .../templates/aiven.io_mysqls.yaml | 4 ++-- .../templates/aiven.io_opensearches.yaml | 5 ++-- .../templates/aiven.io_postgresqls.yaml | 5 ++-- .../templates/aiven.io_projects.yaml | 2 +- .../templates/aiven.io_redis.yaml | 4 ++-- .../templates/aiven.io_serviceusers.yaml | 2 +- config/crd/bases/aiven.io_cassandras.yaml | 4 ++-- config/crd/bases/aiven.io_clickhouses.yaml | 5 ++-- .../crd/bases/aiven.io_clickhouseusers.yaml | 2 +- .../crd/bases/aiven.io_connectionpools.yaml | 4 ++-- config/crd/bases/aiven.io_grafanas.yaml | 4 ++-- config/crd/bases/aiven.io_kafkas.yaml | 4 ++-- config/crd/bases/aiven.io_mysqls.yaml | 4 ++-- config/crd/bases/aiven.io_opensearches.yaml | 5 ++-- config/crd/bases/aiven.io_postgresqls.yaml | 5 ++-- config/crd/bases/aiven.io_projects.yaml | 2 +- config/crd/bases/aiven.io_redis.yaml | 4 ++-- config/crd/bases/aiven.io_serviceusers.yaml | 2 +- controllers/connectionpool_controller.go | 7 ++++++ controllers/generic_service_handler.go | 23 +++++++++++++++++-- controllers/kafka_controller.go | 7 ------ controllers/kafkaconnect_controller.go | 4 ++++ docs/docs/api-reference/cassandra.md | 6 ++--- docs/docs/api-reference/clickhouse.md | 6 ++--- docs/docs/api-reference/clickhouseuser.md | 2 +- docs/docs/api-reference/connectionpool.md | 6 ++--- docs/docs/api-reference/grafana.md | 6 ++--- docs/docs/api-reference/kafka.md | 6 ++--- docs/docs/api-reference/mysql.md | 6 ++--- docs/docs/api-reference/opensearch.md | 6 ++--- docs/docs/api-reference/postgresql.md | 6 ++--- docs/docs/api-reference/project.md | 2 +- docs/docs/api-reference/redis.md | 6 ++--- docs/docs/api-reference/serviceuser.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- tests/cassandra_test.go | 1 + tests/clickhouse_test.go | 1 + tests/connectionpool_test.go | 1 + tests/grafana_test.go | 1 + tests/kafka_test.go | 2 ++ tests/mysql_test.go | 1 + tests/opensearch_test.go | 1 + tests/postgresql_test.go | 2 ++ tests/redis_test.go | 1 + 62 files changed, 135 insertions(+), 94 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53926fa5f..749c849e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD +- Expose project CA certificate to service secrets: `REDIS_CA_CERT`, `MYSQL_CA_CERT`, etc. - Add `KafkaTopic` field `config.local_retention_bytes`, type `integer`: local.retention.bytes value - Add `KafkaTopic` field `config.local_retention_ms`, type `integer`: local.retention.ms value - Add `KafkaTopic` field `config.remote_storage_enable`, type `boolean`: remote_storage_enable diff --git a/api/v1alpha1/cassandra_types.go b/api/v1alpha1/cassandra_types.go index 11fb2f685..e3c77d15e 100644 --- a/api/v1alpha1/cassandra_types.go +++ b/api/v1alpha1/cassandra_types.go @@ -23,7 +23,7 @@ type CassandraSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS` + // Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/clickhouse_types.go b/api/v1alpha1/clickhouse_types.go index 4328f1085..3ddd7c9da 100644 --- a/api/v1alpha1/clickhouse_types.go +++ b/api/v1alpha1/clickhouse_types.go @@ -21,7 +21,7 @@ type ClickhouseSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD` + // Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go index d2b6c72fe..6b1d0de98 100644 --- a/api/v1alpha1/common.go +++ b/api/v1alpha1/common.go @@ -24,7 +24,7 @@ type AuthSecretReference struct { // ConnInfoSecretTarget contains information secret name type ConnInfoSecretTarget struct { - // Name of the secret resource to be created. By default, is equal to the resource name + // Name of the secret resource to be created. By default, it is equal to the resource name Name string `json:"name"` // +kubebuilder:pruning:PreserveUnknownFields // Annotations added to the secret diff --git a/api/v1alpha1/connectionpool_types.go b/api/v1alpha1/connectionpool_types.go index de094ca99..a33d811ec 100644 --- a/api/v1alpha1/connectionpool_types.go +++ b/api/v1alpha1/connectionpool_types.go @@ -36,7 +36,7 @@ type ConnectionPoolSpec struct { PoolMode string `json:"poolMode,omitempty"` // Information regarding secret creation. - // Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI` + // Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/grafana_types.go b/api/v1alpha1/grafana_types.go index e763a2d34..afc5b5cb7 100644 --- a/api/v1alpha1/grafana_types.go +++ b/api/v1alpha1/grafana_types.go @@ -23,7 +23,7 @@ type GrafanaSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS` + // Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/kafka_types.go b/api/v1alpha1/kafka_types.go index 02334428f..4e5eba51e 100644 --- a/api/v1alpha1/kafka_types.go +++ b/api/v1alpha1/kafka_types.go @@ -21,7 +21,7 @@ type KafkaSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT` + // Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/mysql_types.go b/api/v1alpha1/mysql_types.go index f80893be0..bb4d1b17a 100644 --- a/api/v1alpha1/mysql_types.go +++ b/api/v1alpha1/mysql_types.go @@ -21,7 +21,7 @@ type MySQLSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI` + // Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/opensearch_types.go b/api/v1alpha1/opensearch_types.go index ac1c30c9f..4f2589309 100644 --- a/api/v1alpha1/opensearch_types.go +++ b/api/v1alpha1/opensearch_types.go @@ -21,7 +21,7 @@ type OpenSearchSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD` + // Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/postgresql_types.go b/api/v1alpha1/postgresql_types.go index 7e995e0ca..404faa5cc 100644 --- a/api/v1alpha1/postgresql_types.go +++ b/api/v1alpha1/postgresql_types.go @@ -21,7 +21,7 @@ type PostgreSQLSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI` + // Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/api/v1alpha1/redis_types.go b/api/v1alpha1/redis_types.go index 85f4ea0b9..61ed0a131 100644 --- a/api/v1alpha1/redis_types.go +++ b/api/v1alpha1/redis_types.go @@ -21,7 +21,7 @@ type RedisSpec struct { AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"` // Information regarding secret creation. - // Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` + // Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT` ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable." diff --git a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml index b2ccc320d..bd7921ab4 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, - `CASSANDRA_URI`, `CASSANDRA_HOSTS`" + `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml index 3bebac7b5..df6d2af8f 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`" + `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, + `CLICKHOUSE_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +75,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml b/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml index ed8134bbd..0c15c6b97 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml @@ -81,7 +81,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml b/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml index d40e27b1d..9db1cd2c0 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_connectionpools.yaml @@ -74,7 +74,7 @@ spec: "Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, - `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`" + `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`" properties: annotations: additionalProperties: @@ -91,7 +91,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml index a9e3de5f8..b7ce60f1d 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, - `GRAFANA_URI`, `GRAFANA_HOSTS`" + `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml index 589d89307..bc4af808c 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml @@ -73,7 +73,7 @@ spec: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, - `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`" + `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`" properties: annotations: additionalProperties: @@ -90,7 +90,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml index 853d3ac47..80039a06d 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, - `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`" + `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml index 7e581231e..f209c715f 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`" + `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, + `OPENSEARCH_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +75,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml index 555c7e212..ffe161214 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml @@ -71,7 +71,8 @@ spec: description: "Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, - `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`" + `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, + `POSTGRESQL_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +89,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_projects.yaml b/charts/aiven-operator-crds/templates/aiven.io_projects.yaml index 693a5b639..6a3c352cf 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_projects.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_projects.yaml @@ -118,7 +118,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml index fe95067b8..c8f618360 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml @@ -57,7 +57,7 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`" + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +74,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_serviceusers.yaml b/charts/aiven-operator-crds/templates/aiven.io_serviceusers.yaml index 378d98fe8..1859de969 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_serviceusers.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_serviceusers.yaml @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_cassandras.yaml b/config/crd/bases/aiven.io_cassandras.yaml index b2ccc320d..bd7921ab4 100644 --- a/config/crd/bases/aiven.io_cassandras.yaml +++ b/config/crd/bases/aiven.io_cassandras.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, - `CASSANDRA_URI`, `CASSANDRA_HOSTS`" + `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_clickhouses.yaml b/config/crd/bases/aiven.io_clickhouses.yaml index 3bebac7b5..df6d2af8f 100644 --- a/config/crd/bases/aiven.io_clickhouses.yaml +++ b/config/crd/bases/aiven.io_clickhouses.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`" + `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, + `CLICKHOUSE_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +75,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_clickhouseusers.yaml b/config/crd/bases/aiven.io_clickhouseusers.yaml index ed8134bbd..0c15c6b97 100644 --- a/config/crd/bases/aiven.io_clickhouseusers.yaml +++ b/config/crd/bases/aiven.io_clickhouseusers.yaml @@ -81,7 +81,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_connectionpools.yaml b/config/crd/bases/aiven.io_connectionpools.yaml index d40e27b1d..9db1cd2c0 100644 --- a/config/crd/bases/aiven.io_connectionpools.yaml +++ b/config/crd/bases/aiven.io_connectionpools.yaml @@ -74,7 +74,7 @@ spec: "Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, - `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`" + `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`" properties: annotations: additionalProperties: @@ -91,7 +91,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_grafanas.yaml b/config/crd/bases/aiven.io_grafanas.yaml index a9e3de5f8..b7ce60f1d 100644 --- a/config/crd/bases/aiven.io_grafanas.yaml +++ b/config/crd/bases/aiven.io_grafanas.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, - `GRAFANA_URI`, `GRAFANA_HOSTS`" + `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_kafkas.yaml b/config/crd/bases/aiven.io_kafkas.yaml index 589d89307..bc4af808c 100644 --- a/config/crd/bases/aiven.io_kafkas.yaml +++ b/config/crd/bases/aiven.io_kafkas.yaml @@ -73,7 +73,7 @@ spec: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, - `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`" + `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`" properties: annotations: additionalProperties: @@ -90,7 +90,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_mysqls.yaml b/config/crd/bases/aiven.io_mysqls.yaml index 853d3ac47..80039a06d 100644 --- a/config/crd/bases/aiven.io_mysqls.yaml +++ b/config/crd/bases/aiven.io_mysqls.yaml @@ -71,7 +71,7 @@ spec: description: "Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, - `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`" + `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_opensearches.yaml b/config/crd/bases/aiven.io_opensearches.yaml index 7e581231e..f209c715f 100644 --- a/config/crd/bases/aiven.io_opensearches.yaml +++ b/config/crd/bases/aiven.io_opensearches.yaml @@ -57,7 +57,8 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`" + `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, + `OPENSEARCH_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +75,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_postgresqls.yaml b/config/crd/bases/aiven.io_postgresqls.yaml index 555c7e212..ffe161214 100644 --- a/config/crd/bases/aiven.io_postgresqls.yaml +++ b/config/crd/bases/aiven.io_postgresqls.yaml @@ -71,7 +71,8 @@ spec: description: "Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, - `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`" + `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, + `POSTGRESQL_CA_CERT`" properties: annotations: additionalProperties: @@ -88,7 +89,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_projects.yaml b/config/crd/bases/aiven.io_projects.yaml index 693a5b639..6a3c352cf 100644 --- a/config/crd/bases/aiven.io_projects.yaml +++ b/config/crd/bases/aiven.io_projects.yaml @@ -118,7 +118,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml index fe95067b8..c8f618360 100644 --- a/config/crd/bases/aiven.io_redis.yaml +++ b/config/crd/bases/aiven.io_redis.yaml @@ -57,7 +57,7 @@ spec: connInfoSecretTarget: description: "Information regarding secret creation. Exposed keys: - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`" + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`" properties: annotations: additionalProperties: @@ -74,7 +74,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/config/crd/bases/aiven.io_serviceusers.yaml b/config/crd/bases/aiven.io_serviceusers.yaml index 378d98fe8..1859de969 100644 --- a/config/crd/bases/aiven.io_serviceusers.yaml +++ b/config/crd/bases/aiven.io_serviceusers.yaml @@ -88,7 +88,7 @@ spec: name: description: Name of the secret resource to be created. By default, - is equal to the resource name + it is equal to the resource name type: string prefix: description: diff --git a/controllers/connectionpool_controller.go b/controllers/connectionpool_controller.go index 74af62b10..f7df0ca6a 100644 --- a/controllers/connectionpool_controller.go +++ b/controllers/connectionpool_controller.go @@ -131,6 +131,11 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe return nil, fmt.Errorf("cannot get ConnectionPool: %w", err) } + cert, err := avnGen.ProjectKmsGetCA(ctx, connPool.Spec.Project) + if err != nil { + return nil, fmt.Errorf("cannot retrieve project CA certificate: %w", err) + } + // The pool comes with its own port poolURI, err := url.Parse(cp.ConnectionURI) if err != nil { @@ -159,6 +164,7 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe prefix + "PASSWORD": s.URIParams["password"], prefix + "SSLMODE": s.URIParams["sslmode"], prefix + "DATABASE_URI": cp.ConnectionURI, + prefix + "CA_CERT": cert, // todo: remove in future releases "PGHOST": s.URIParams["host"], "PGPORT": poolURI.Port(), @@ -187,6 +193,7 @@ func (h ConnectionPoolHandler) get(ctx context.Context, avn *aiven.Client, avnGe prefix + "PASSWORD": u.Password, prefix + "SSLMODE": s.URIParams["sslmode"], prefix + "DATABASE_URI": cp.ConnectionURI, + prefix + "CA_CERT": cert, // todo: remove in future releases "PGHOST": s.URIParams["host"], "PGPORT": poolURI.Port(), diff --git a/controllers/generic_service_handler.go b/controllers/generic_service_handler.go index bc1e943ae..ec54f2137 100644 --- a/controllers/generic_service_handler.go +++ b/controllers/generic_service_handler.go @@ -166,7 +166,8 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG return nil, err } - s, err := avn.Services.Get(ctx, o.getServiceCommonSpec().Project, o.getObjectMeta().Name) + spec := o.getServiceCommonSpec() + s, err := avn.Services.Get(ctx, spec.Project, o.getObjectMeta().Name) if err != nil { return nil, fmt.Errorf("failed to get service from Aiven: %w", err) } @@ -181,7 +182,24 @@ func (h *genericServiceHandler) get(ctx context.Context, avn *aiven.Client, avnG // Some services get secrets after they are running only, // like ip addresses (hosts) - return o.newSecret(ctx, s) + secret, err := o.newSecret(ctx, s) + if err != nil || secret == nil { + return secret, err + } + + cert, err := avnGen.ProjectKmsGetCA(ctx, spec.Project) + if err != nil { + return nil, fmt.Errorf("cannot retrieve project CA certificate: %w", err) + } + + // We don't expect the StringData map to be empty, it must panic. + prefix := getSecretPrefix(o) + secret.StringData[prefix+"CA_CERT"] = cert + if o.getServiceType() == "kafka" { + // todo: backward compatibility, remove in future releases + secret.StringData["CA_CERT"] = cert + } + return secret, nil } return nil, nil } @@ -212,6 +230,7 @@ type serviceAdapterFabric func(*aiven.Client, client.Object) (serviceAdapter, er // serviceAdapter turns client.Object into a generic thing type serviceAdapter interface { + objWithSecret getObjectMeta() *metav1.ObjectMeta getServiceStatus() *v1alpha1.ServiceStatus getServiceCommonSpec() *v1alpha1.ServiceCommonSpec diff --git a/controllers/kafka_controller.go b/controllers/kafka_controller.go index aa25b8db7..f44e2959c 100644 --- a/controllers/kafka_controller.go +++ b/controllers/kafka_controller.go @@ -73,11 +73,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 password = s.Users[0].Password } - caCert, err := a.avn.CA.Get(ctx, a.getServiceCommonSpec().Project) - if err != nil { - return nil, fmt.Errorf("aiven client error %w", err) - } - prefix := getSecretPrefix(a) stringData := map[string]string{ prefix + "HOST": s.URIParams["host"], @@ -88,7 +83,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 prefix + "ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey, prefix + "REST_URI": s.ConnectionInfo.KafkaRestURI, prefix + "SCHEMA_REGISTRY_URI": s.ConnectionInfo.SchemaRegistryURI, - prefix + "CA_CERT": caCert, // todo: remove in future releases "HOST": s.URIParams["host"], "PORT": s.URIParams["port"], @@ -96,7 +90,6 @@ func (a *kafkaAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1 "USERNAME": userName, "ACCESS_CERT": s.ConnectionInfo.KafkaAccessCert, "ACCESS_KEY": s.ConnectionInfo.KafkaAccessKey, - "CA_CERT": caCert, } for _, c := range s.Components { diff --git a/controllers/kafkaconnect_controller.go b/controllers/kafkaconnect_controller.go index 69ed00da0..cdf4bb799 100644 --- a/controllers/kafkaconnect_controller.go +++ b/controllers/kafkaconnect_controller.go @@ -74,3 +74,7 @@ func (a *kafkaConnectAdapter) getServiceType() string { func (a *kafkaConnectAdapter) getDiskSpace() string { return "" } + +func (a *kafkaConnectAdapter) GetConnInfoSecretTarget() v1alpha1.ConnInfoSecretTarget { + return v1alpha1.ConnInfoSecretTarget{} +} diff --git a/docs/docs/api-reference/cassandra.md b/docs/docs/api-reference/cassandra.md index 1fe728880..e4641a4ac 100644 --- a/docs/docs/api-reference/cassandra.md +++ b/docs/docs/api-reference/cassandra.md @@ -65,7 +65,7 @@ CassandraSpec defines the desired state of Cassandra. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -93,11 +93,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`. +Information regarding secret creation. Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/clickhouse.md b/docs/docs/api-reference/clickhouse.md index c68df324b..2d1e5d0c0 100644 --- a/docs/docs/api-reference/clickhouse.md +++ b/docs/docs/api-reference/clickhouse.md @@ -56,7 +56,7 @@ ClickhouseSpec defines the desired state of Clickhouse. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -84,11 +84,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`. +Information regarding secret creation. Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/clickhouseuser.md b/docs/docs/api-reference/clickhouseuser.md index 541667ef1..0356d37a0 100644 --- a/docs/docs/api-reference/clickhouseuser.md +++ b/docs/docs/api-reference/clickhouseuser.md @@ -73,7 +73,7 @@ Information regarding secret creation. Exposed keys: `CLICKHOUSEUSER_HOST`, `CLI **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/connectionpool.md b/docs/docs/api-reference/connectionpool.md index 315e464c1..57c539e64 100644 --- a/docs/docs/api-reference/connectionpool.md +++ b/docs/docs/api-reference/connectionpool.md @@ -57,7 +57,7 @@ ConnectionPoolSpec defines the desired state of ConnectionPool. **Optional** - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`poolMode`](#spec.poolMode-property){: name='spec.poolMode-property'} (string, Enum: `session`, `transaction`, `statement`). Mode the pool operates in (session, transaction, statement). - [`poolSize`](#spec.poolSize-property){: name='spec.poolSize-property'} (integer). Number of connections the pool may create towards the backend server. @@ -77,11 +77,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`. +Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/grafana.md b/docs/docs/api-reference/grafana.md index d45ed0a34..acc790b6b 100644 --- a/docs/docs/api-reference/grafana.md +++ b/docs/docs/api-reference/grafana.md @@ -64,7 +64,7 @@ GrafanaSpec defines the desired state of Grafana. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -92,11 +92,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`. +Information regarding secret creation. Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/kafka.md b/docs/docs/api-reference/kafka.md index 30d0d565c..c8bb26091 100644 --- a/docs/docs/api-reference/kafka.md +++ b/docs/docs/api-reference/kafka.md @@ -56,7 +56,7 @@ KafkaSpec defines the desired state of Kafka. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`karapace`](#spec.karapace-property){: name='spec.karapace-property'} (boolean). Switch the service to use Karapace for schema registry and REST proxy. @@ -85,11 +85,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`. +Information regarding secret creation. Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/mysql.md b/docs/docs/api-reference/mysql.md index fa9c603c4..a8dc1cf04 100644 --- a/docs/docs/api-reference/mysql.md +++ b/docs/docs/api-reference/mysql.md @@ -64,7 +64,7 @@ MySQLSpec defines the desired state of MySQL. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -92,11 +92,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`. +Information regarding secret creation. Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/opensearch.md b/docs/docs/api-reference/opensearch.md index eb7aeddc6..dfdfc0fb6 100644 --- a/docs/docs/api-reference/opensearch.md +++ b/docs/docs/api-reference/opensearch.md @@ -57,7 +57,7 @@ OpenSearchSpec defines the desired state of OpenSearch. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -85,11 +85,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`. +Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/postgresql.md b/docs/docs/api-reference/postgresql.md index 5f3dbfc65..3837f1511 100644 --- a/docs/docs/api-reference/postgresql.md +++ b/docs/docs/api-reference/postgresql.md @@ -59,7 +59,7 @@ PostgreSQLSpec defines the desired state of postgres instance. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -87,11 +87,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`. +Information regarding secret creation. Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/project.md b/docs/docs/api-reference/project.md index 252040272..3d813179b 100644 --- a/docs/docs/api-reference/project.md +++ b/docs/docs/api-reference/project.md @@ -83,7 +83,7 @@ Information regarding secret creation. Exposed keys: `PROJECT_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md index 120e7adda..f1542c6fd 100644 --- a/docs/docs/api-reference/redis.md +++ b/docs/docs/api-reference/redis.md @@ -59,7 +59,7 @@ RedisSpec defines the desired state of Redis. - [`authSecretRef`](#spec.authSecretRef-property){: name='spec.authSecretRef-property'} (object). Authentication reference to Aiven token in a secret. See below for [nested schema](#spec.authSecretRef). - [`cloudName`](#spec.cloudName-property){: name='spec.cloudName-property'} (string, MaxLength: 256). Cloud the service runs in. -- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`. See below for [nested schema](#spec.connInfoSecretTarget). +- [`connInfoSecretTarget`](#spec.connInfoSecretTarget-property){: name='spec.connInfoSecretTarget-property'} (object). Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`. See below for [nested schema](#spec.connInfoSecretTarget). - [`connInfoSecretTargetDisabled`](#spec.connInfoSecretTargetDisabled-property){: name='spec.connInfoSecretTargetDisabled-property'} (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation. - [`disk_space`](#spec.disk_space-property){: name='spec.disk_space-property'} (string, Format: `^[1-9][0-9]*(GiB|G)*`). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - [`maintenanceWindowDow`](#spec.maintenanceWindowDow-property){: name='spec.maintenanceWindowDow-property'} (string, Enum: `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `sunday`). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. @@ -87,11 +87,11 @@ Authentication reference to Aiven token in a secret. _Appears on [`spec`](#spec)._ -Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`. +Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`. **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/docs/docs/api-reference/serviceuser.md b/docs/docs/api-reference/serviceuser.md index 964caa171..eac2ef0a9 100644 --- a/docs/docs/api-reference/serviceuser.md +++ b/docs/docs/api-reference/serviceuser.md @@ -74,7 +74,7 @@ Information regarding secret creation. Exposed keys: `SERVICEUSER_HOST`, `SERVIC **Required** -- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, is equal to the resource name. +- [`name`](#spec.connInfoSecretTarget.name-property){: name='spec.connInfoSecretTarget.name-property'} (string). Name of the secret resource to be created. By default, it is equal to the resource name. **Optional** diff --git a/go.mod b/go.mod index 890cc0aa7..04cc917f0 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/aiven/aiven-go-client/v2 v2.12.0 github.com/aiven/go-api-schemas v1.59.0 - github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8 + github.com/aiven/go-client-codegen v0.0.0-20240213112349-71431469935b github.com/dave/jennifer v1.7.0 github.com/docker/go-units v0.5.0 github.com/ghodss/yaml v1.0.0 diff --git a/go.sum b/go.sum index 1d59bdf17..8c023d46f 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,8 @@ github.com/aiven/aiven-go-client/v2 v2.12.0 h1:VxOfn61AtfLjy2B+DdXF2/7OHyyFZ1aQa github.com/aiven/aiven-go-client/v2 v2.12.0/go.mod h1:x0xhzxWEKAwKv0xY5FvECiI6tesWshcPHvjwl0B/1SU= github.com/aiven/go-api-schemas v1.59.0 h1:DEH5KuxCpdtIxcnBubwf/svjExE1KK3DbQHT+tb5aeU= github.com/aiven/go-api-schemas v1.59.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= -github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8 h1:sSdq3/2fF6O3b+ykD7KQrN13zHymijT2sbxnCQjJyI0= -github.com/aiven/go-client-codegen v0.0.0-20240209135349-3182cbc52bc8/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= +github.com/aiven/go-client-codegen v0.0.0-20240213112349-71431469935b h1:B4iTBntthSx0O/CfuTJStrKp0AMXG2XOE/Ste6eF7BI= +github.com/aiven/go-client-codegen v0.0.0-20240213112349-71431469935b/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= diff --git a/tests/cassandra_test.go b/tests/cassandra_test.go index 121d035a3..6e7b6b80d 100644 --- a/tests/cassandra_test.go +++ b/tests/cassandra_test.go @@ -111,4 +111,5 @@ func TestCassandra(t *testing.T) { assert.NotEmpty(t, secret.Data["CASSANDRA_PASSWORD"]) assert.NotEmpty(t, secret.Data["CASSANDRA_URI"]) assert.NotEmpty(t, secret.Data["CASSANDRA_HOSTS"]) + assert.NotEmpty(t, secret.Data["CASSANDRA_CA_CERT"]) } diff --git a/tests/clickhouse_test.go b/tests/clickhouse_test.go index 5a6a3ae9a..ba2dfd1de 100644 --- a/tests/clickhouse_test.go +++ b/tests/clickhouse_test.go @@ -106,4 +106,5 @@ func TestClickhouse(t *testing.T) { assert.NotEmpty(t, secret.Data["CLICKHOUSE_PORT"]) assert.NotEmpty(t, secret.Data["CLICKHOUSE_USER"]) assert.NotEmpty(t, secret.Data["CLICKHOUSE_PASSWORD"]) + assert.NotEmpty(t, secret.Data["CLICKHOUSE_CA_CERT"]) } diff --git a/tests/connectionpool_test.go b/tests/connectionpool_test.go index a35c93aca..c269ed27f 100644 --- a/tests/connectionpool_test.go +++ b/tests/connectionpool_test.go @@ -165,6 +165,7 @@ func TestConnectionPool(t *testing.T) { assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_PASSWORD"]) assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_SSLMODE"]) assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["CONNECTIONPOOL_CA_CERT"]) // URI contains valid values uri := string(secret.Data["CONNECTIONPOOL_DATABASE_URI"]) diff --git a/tests/grafana_test.go b/tests/grafana_test.go index a82754519..cc6bc367a 100644 --- a/tests/grafana_test.go +++ b/tests/grafana_test.go @@ -110,4 +110,5 @@ func TestGrafana(t *testing.T) { assert.NotEmpty(t, secret.Data["GRAFANA_PASSWORD"]) assert.NotEmpty(t, secret.Data["GRAFANA_URI"]) assert.NotEmpty(t, secret.Data["GRAFANA_HOSTS"]) + assert.NotEmpty(t, secret.Data["GRAFANA_CA_CERT"]) } diff --git a/tests/kafka_test.go b/tests/kafka_test.go index 05787b647..dab097ccc 100644 --- a/tests/kafka_test.go +++ b/tests/kafka_test.go @@ -112,6 +112,7 @@ func TestKafka(t *testing.T) { assert.NotEmpty(t, secret.Data["PASSWORD"]) assert.NotEmpty(t, secret.Data["ACCESS_CERT"]) assert.NotEmpty(t, secret.Data["ACCESS_KEY"]) + assert.NotEmpty(t, secret.Data["CA_CERT"]) // New secrets assert.NotEmpty(t, secret.Data["KAFKA_HOST"]) @@ -120,6 +121,7 @@ func TestKafka(t *testing.T) { assert.NotEmpty(t, secret.Data["KAFKA_PASSWORD"]) assert.NotEmpty(t, secret.Data["KAFKA_ACCESS_CERT"]) assert.NotEmpty(t, secret.Data["KAFKA_ACCESS_KEY"]) + assert.NotEmpty(t, secret.Data["KAFKA_CA_CERT"]) // SASL test assert.Equal(t, anyPointer(true), ks.Spec.UserConfig.KafkaAuthenticationMethods.Sasl) diff --git a/tests/mysql_test.go b/tests/mysql_test.go index 2bb6949c5..8576a68aa 100644 --- a/tests/mysql_test.go +++ b/tests/mysql_test.go @@ -111,4 +111,5 @@ func TestMySQL(t *testing.T) { assert.NotEmpty(t, secret.Data["MYSQL_SSL_MODE"]) assert.NotEmpty(t, secret.Data["MYSQL_URI"]) assert.NotEmpty(t, secret.Data["MYSQL_REPLICA_URI"]) // business-4 has replica + assert.NotEmpty(t, secret.Data["MYSQL_CA_CERT"]) } diff --git a/tests/opensearch_test.go b/tests/opensearch_test.go index 085597e9f..0d75ad697 100644 --- a/tests/opensearch_test.go +++ b/tests/opensearch_test.go @@ -114,6 +114,7 @@ func TestOpenSearch(t *testing.T) { assert.NotEmpty(t, secret.Data["OPENSEARCH_PORT"]) assert.NotEmpty(t, secret.Data["OPENSEARCH_USER"]) assert.NotEmpty(t, secret.Data["OPENSEARCH_PASSWORD"]) + assert.NotEmpty(t, secret.Data["OPENSEARCH_CA_CERT"]) assert.Equal(t, map[string]string{"foo": "bar"}, secret.Annotations) assert.Equal(t, map[string]string{"baz": "egg"}, secret.Labels) } diff --git a/tests/postgresql_test.go b/tests/postgresql_test.go index 408ad0dbe..6c0b1982a 100644 --- a/tests/postgresql_test.go +++ b/tests/postgresql_test.go @@ -142,6 +142,7 @@ func TestPgReadReplica(t *testing.T) { assert.NotEmpty(t, secret.Data["POSTGRESQL_PASSWORD"]) assert.NotEmpty(t, secret.Data["POSTGRESQL_SSLMODE"]) assert.NotEmpty(t, secret.Data["POSTGRESQL_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["POSTGRESQL_CA_CERT"]) } } @@ -244,4 +245,5 @@ func TestPgCustomPrefix(t *testing.T) { assert.NotEmpty(t, secret.Data["MY_PG_PASSWORD"]) assert.NotEmpty(t, secret.Data["MY_PG_SSLMODE"]) assert.NotEmpty(t, secret.Data["MY_PG_DATABASE_URI"]) + assert.NotEmpty(t, secret.Data["MY_PG_CA_CERT"]) } diff --git a/tests/redis_test.go b/tests/redis_test.go index 2578ec690..8133ca074 100644 --- a/tests/redis_test.go +++ b/tests/redis_test.go @@ -106,4 +106,5 @@ func TestRedis(t *testing.T) { assert.NotEmpty(t, secret.Data["REDIS_PORT"]) assert.NotEmpty(t, secret.Data["REDIS_USER"]) assert.NotEmpty(t, secret.Data["REDIS_PASSWORD"]) + assert.NotEmpty(t, secret.Data["REDIS_CA_CERT"]) }