marking crd fields as required

api/pom.xml

@@ -23,6 +23,10 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
         </dependency>
+        <dependency>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.junit.jupiter</groupId>

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafka.java

@@ -32,6 +32,22 @@ public class ManagedKafka extends CustomResource<ManagedKafkaSpec, ManagedKafkaS
     public static final String ID = BF2_DOMAIN + "id";
     public static final String PLACEMENT_ID = BF2_DOMAIN + "placementId";
 
+    @Override
+    protected ManagedKafkaSpec initSpec() {
+        return new ManagedKafkaSpec();
+    }
+
+    /**
+     * A null value will be treated as empty instead
+     */
+    @Override
+    public void setSpec(ManagedKafkaSpec spec) {
+        if (spec == null) {
+            spec = initSpec();
+        }
+        super.setSpec(spec);
+    }
+
     @JsonIgnore
     public String getId() {
         return getOrCreateAnnotations().get(ID);

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAgent.java

@@ -18,4 +18,20 @@ public class ManagedKafkaAgent extends CustomResource<ManagedKafkaAgentSpec, Man
         implements Namespaced {
     private static final long serialVersionUID = 1L;
 
+    @Override
+    protected ManagedKafkaAgentSpec initSpec() {
+        return new ManagedKafkaAgentSpec();
+    }
+
+    /**
+     * A null value will be treated as empty instead
+     */
+    @Override
+    public void setSpec(ManagedKafkaAgentSpec spec) {
+        if (spec == null) {
+            spec = initSpec();
+        }
+        super.setSpec(spec);
+    }
+
 }

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAgentSpec.java

@@ -4,13 +4,16 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 @Buildable(
         builderPackage = "io.fabric8.kubernetes.api.builder",
         editableEnabled = false
 )
 @ToString
 @EqualsAndHashCode
 public class ManagedKafkaAgentSpec {
+    @NotNull
     ObservabilityConfiguration observability;
 
     public ObservabilityConfiguration getObservability() {

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAuthenticationOAuth.java

@@ -5,6 +5,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 /**
  * Defines the configuration for the Kafka instance authentication against an OAuth server
  */
@@ -18,6 +20,7 @@
 public class ManagedKafkaAuthenticationOAuth {
 
     private String clientId;
+    @NotNull
     private String clientSecret;
     private String tokenEndpointURI;
     private String jwksEndpointURI;

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaEndpoint.java

@@ -5,6 +5,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 /**
  * Defines the endpoint related information used for reaching the ManagedKafka instance
  */
@@ -17,6 +19,7 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class ManagedKafkaEndpoint {
 
+    @NotNull
     private String bootstrapServerHost;
     private TlsKeyPair tls;
 

api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaSpec.java

@@ -4,6 +4,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 /**
  * Defines the specification of the ManagedKafka instance
  */
@@ -15,17 +17,28 @@
 @EqualsAndHashCode
 public class ManagedKafkaSpec {
 
-    private ManagedKafkaCapacity capacity;
+    private ManagedKafkaCapacity capacity = new ManagedKafkaCapacity();
     private ManagedKafkaAuthenticationOAuth oauth;
+    @NotNull
     private ManagedKafkaEndpoint endpoint;
+    @NotNull
     private Versions versions;
     private boolean deleted;
 
+    /**
+     * Never null
+     */
     public ManagedKafkaCapacity getCapacity() {
         return capacity;
     }
 
+    /**
+     * A null value will be treated as empty instead
+     */
     public void setCapacity(ManagedKafkaCapacity capacity) {
+        if (capacity == null) {
+            capacity = new ManagedKafkaCapacity();
+        }
         this.capacity = capacity;
     }
 

api/src/main/java/org/bf2/operator/resources/v1alpha1/ObservabilityConfiguration.java

@@ -5,6 +5,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 @Buildable(
         builderPackage = "io.fabric8.kubernetes.api.builder",
         editableEnabled = false
@@ -13,9 +15,10 @@
 @EqualsAndHashCode
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class ObservabilityConfiguration {
-
+    @NotNull
     private String accessToken;
     private String channel;
+    @NotNull
     private String repository;
     private String tag;
 

api/src/main/java/org/bf2/operator/resources/v1alpha1/TlsKeyPair.java

@@ -5,6 +5,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 /**
  * Represents a TLS keys pair, both public (signed certificate) and private
  */
@@ -17,7 +19,9 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class TlsKeyPair {
 
+    @NotNull
     private String cert;
+    @NotNull
     private String key;
 
     public String getCert() {

api/src/main/java/org/bf2/operator/resources/v1alpha1/Versions.java

@@ -5,6 +5,8 @@
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
+import javax.validation.constraints.NotNull;
+
 /**
  * Represents different versions supported by the ManagedKafka instance
  */
@@ -17,7 +19,9 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class Versions {
 
+    @NotNull
     private String kafka;
+    @NotNull
     private String strimzi;
 
     public String getKafka() {

operator/src/main/java/org/bf2/operator/operands/AdminServer.java

@@ -83,9 +83,6 @@ public class AdminServer extends AbstractAdminServer {
     @ConfigProperty(name = "adminserver.cors.allowlist")
     Optional<String> corsAllowList;
 
-    @ConfigProperty(name = "kafka.external.certificate.enabled", defaultValue = "false")
-    boolean isKafkaExternalCertificateEnabled;
-
     OpenShiftClient openShiftClient;
 
     @Inject
@@ -172,7 +169,7 @@ protected Service serviceFrom(ManagedKafka managedKafka, Service current) {
                 .editOrNewSpec()
                     .withClusterIP(null) // to prevent 422 errors
                     .withSelector(getSelectorLabels(adminServerName))
-                    .withPorts(getServicePorts())
+                    .withPorts(getServicePorts(managedKafka))
                 .endSpec()
                 .build();
 
@@ -192,7 +189,7 @@ protected Route routeFrom(ManagedKafka managedKafka, Route current) {
         final IntOrString targetPort;
         final TLSConfig tlsConfig;
 
-        if (isKafkaExternalCertificateEnabled) {
+        if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
             targetPort = HTTPS_PORT_TARGET;
             tlsConfig = new TLSConfigBuilder().withTermination("passthrough").build();
         } else {
@@ -231,7 +228,7 @@ protected List<Container> getContainers(ManagedKafka managedKafka) {
                 .withName("admin-server")
                 .withImage(adminApiImage)
                 .withEnv(getEnvVar(managedKafka))
-                .withPorts(getContainerPorts())
+                .withPorts(getContainerPorts(managedKafka))
                 .withResources(getResources())
                 .withReadinessProbe(getProbe())
                 .withLivenessProbe(getProbe())
@@ -298,7 +295,7 @@ private List<EnvVar> getEnvVar(ManagedKafka managedKafka) {
                     .withValue(managedKafka.getMetadata().getName() + "-kafka-bootstrap:9095")
                     .build());
 
-        if (isKafkaExternalCertificateEnabled) {
+        if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
             envVars.add(new EnvVarBuilder()
                         .withName("KAFKA_ADMIN_TLS_CERT")
                         .withNewValueFrom()
@@ -324,11 +321,11 @@ private List<EnvVar> getEnvVar(ManagedKafka managedKafka) {
         return envVars;
     }
 
-    private List<ContainerPort> getContainerPorts() {
+    private List<ContainerPort> getContainerPorts(ManagedKafka managedKafka) {
         final String apiPortName;
         final int apiContainerPort;
 
-        if (isKafkaExternalCertificateEnabled) {
+        if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
             apiPortName = HTTPS_PORT_NAME;
             apiContainerPort = HTTPS_PORT;
         } else {
@@ -346,12 +343,12 @@ private List<ContainerPort> getContainerPorts() {
                            .build());
     }
 
-    private List<ServicePort> getServicePorts() {
+    private List<ServicePort> getServicePorts(ManagedKafka managedKafka) {
         final String apiPortName;
         final int apiPort;
         final IntOrString apiTargetPort;
 
-        if (isKafkaExternalCertificateEnabled) {
+        if (SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
             apiPortName = HTTPS_PORT_NAME;
             apiPort = HTTPS_PORT;
             apiTargetPort = HTTPS_PORT_TARGET;

operator/src/main/java/org/bf2/operator/operands/KafkaCluster.java

@@ -59,7 +59,6 @@
 import org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth;
 import org.bf2.operator.secrets.ImagePullSecretManager;
 import org.bf2.operator.secrets.SecuritySecretManager;
-import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.logging.Logger;
 
 import javax.enterprise.context.ApplicationScoped;
@@ -118,12 +117,6 @@ public class KafkaCluster extends AbstractKafkaCluster {
     @Inject
     protected SecuritySecretManager secretManager;
 
-    @ConfigProperty(name = "kafka.authentication.enabled", defaultValue = "false")
-    protected boolean isKafkaAuthenticationEnabled;
-
-    @ConfigProperty(name = "kafka.external.certificate.enabled", defaultValue = "false")
-    protected boolean isKafkaExternalCertificateEnabled;
-
     @Inject
     protected ImagePullSecretManager imagePullSecretManager;
 
@@ -263,7 +256,7 @@ protected GenericSecretSource getSsoClientGenericSecretSource(ManagedKafka manag
     }
 
     protected CertSecretSource getSsoTlsCertSecretSource(ManagedKafka managedKafka) {
-        if (!isKafkaAuthenticationEnabled || managedKafka.getSpec().getOauth().getTlsTrustedCertificate() == null) {
+        if (!SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka) || managedKafka.getSpec().getOauth().getTlsTrustedCertificate() == null) {
             return null;
         }
         return new CertSecretSourceBuilder()
@@ -273,7 +266,7 @@ protected CertSecretSource getSsoTlsCertSecretSource(ManagedKafka managedKafka)
     }
 
     protected CertAndKeySecretSource getTlsCertAndKeySecretSource(ManagedKafka managedKafka) {
-        if (!isKafkaExternalCertificateEnabled) {
+        if (!SecuritySecretManager.isKafkaExternalCertificateEnabled(managedKafka)) {
             return null;
         }
         return new CertAndKeySecretSourceBuilder()
@@ -448,7 +441,7 @@ private ArrayOrObjectKafkaListeners getKafkaListeners(ManagedKafka managedKafka)
         KafkaListenerAuthentication plainOverOauthAuthenticationListener = null;
         KafkaListenerAuthentication oauthAuthenticationListener = null;
 
-        if (isKafkaAuthenticationEnabled) {
+        if (SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka)) {
             ManagedKafkaAuthenticationOAuth managedKafkaAuthenticationOAuth = managedKafka.getSpec().getOauth();
 
             CertSecretSource ssoTlsCertSecretSource = getSsoTlsCertSecretSource(managedKafka);