Make clientTLS optional and ensure MSSQL_PID is set

Signed-off-by: Neaj Morshad <[email protected]>
kubedb · Nov 19, 2024 · 2e8e22a · 2e8e22a
1 parent 623a761
commit 2e8e22a
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 16 deletions.
diff --git a/apis/kubedb/constants.go b/apis/kubedb/constants.go
@@ -417,6 +417,7 @@ const (
 
 	// environment variables
 	EnvAcceptEula        = "ACCEPT_EULA"
+	EnvMSSQLPid          = "MSSQL_PID"
 	EnvMSSQLEnableHADR   = "MSSQL_ENABLE_HADR"
 	EnvMSSQLAgentEnabled = "MSSQL_AGENT_ENABLED"
 	EnvMSSQLSAUsername   = "MSSQL_SA_USERNAME"

diff --git a/apis/kubedb/v1alpha2/mssqlserver_types.go b/apis/kubedb/v1alpha2/mssqlserver_types.go
@@ -134,7 +134,9 @@ type MSSQLServerSpec struct {
 
 type SQLServerTLSConfig struct {
 	kmapi.TLSConfig `json:",inline"`
-	ClientTLS       bool `json:"clientTLS"`
+
+	// +optional
+	ClientTLS *bool `json:"clientTLS"`
 }
 
 type MSSQLServerTopology struct {

diff --git a/apis/kubedb/v1alpha2/mssqlserver_webhook.go b/apis/kubedb/v1alpha2/mssqlserver_webhook.go
@@ -137,9 +137,15 @@ func (m *MSSQLServer) ValidateCreateOrUpdate() field.ErrorList {
 	if m.Spec.TLS == nil {
 		allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls"),
 			m.Name, "spec.tls is missing"))
-	} else if m.Spec.TLS.IssuerRef == nil {
-		allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("issuerRef"),
-			m.Name, "spec.tls.issuerRef' is missing"))
+	} else {
+		if m.Spec.TLS.IssuerRef == nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("issuerRef"),
+				m.Name, "spec.tls.issuerRef' is missing"))
+		}
+		if m.Spec.TLS.ClientTLS == nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("clientTLS"),
+				m.Name, "spec.tls.clientTLS' is missing"))
+		}
 	}
 
 	if m.Spec.PodTemplate != nil {
@@ -289,11 +295,18 @@ func getMSSQLServerContainerEnvs(m *MSSQLServer) []core.EnvVar {
 }
 
 func ValidateMSSQLServerEnvVar(envs []core.EnvVar, forbiddenEnvs []string, resourceType string) error {
+	presentMSSQL_PID := false
 	for _, env := range envs {
 		present, _ := arrays.Contains(forbiddenEnvs, env.Name)
 		if present {
 			return fmt.Errorf("environment variable %s is forbidden to use in %s spec", env.Name, resourceType)
 		}
+		if env.Name == "MSSQL_PID" {
+			presentMSSQL_PID = true
+		}
+	}
+	if !presentMSSQL_PID {
+		return fmt.Errorf("environment variable %s must be provided in %s spec", kubedb.EnvMSSQLPid, resourceType)
 	}
 	return nil
 }
diff --git a/apis/kubedb/v1alpha2/openapi_generated.go b/apis/kubedb/v1alpha2/openapi_generated.go
diff --git a/apis/kubedb/v1alpha2/zz_generated.deepcopy.go b/apis/kubedb/v1alpha2/zz_generated.deepcopy.go
diff --git a/apis/ops/v1alpha1/openapi_generated.go b/apis/ops/v1alpha1/openapi_generated.go
diff --git a/crds/kubedb.com_mssqlservers.yaml b/crds/kubedb.com_mssqlservers.yaml
@@ -4658,8 +4658,6 @@ spec:
                     - name
                     type: object
                     x-kubernetes-map-type: atomic
-                required:
-                - clientTLS
                 type: object
               topology:
                 properties:

diff --git a/crds/ops.kubedb.com_mssqlserveropsrequests.yaml b/crds/ops.kubedb.com_mssqlserveropsrequests.yaml
@@ -197,8 +197,6 @@ spec:
                     type: boolean
                   rotateCertificates:
                     type: boolean
-                required:
-                - clientTLS
                 type: object
               type:
                 enum: