From 2e8e22a3bfb5e4fd884ee59c5501ce7a633c6fa3 Mon Sep 17 00:00:00 2001 From: Neaj Morshad Date: Mon, 18 Nov 2024 14:47:11 +0600 Subject: [PATCH] Make clientTLS optional and ensure MSSQL_PID is set Signed-off-by: Neaj Morshad --- apis/kubedb/constants.go | 1 + apis/kubedb/v1alpha2/mssqlserver_types.go | 4 +++- apis/kubedb/v1alpha2/mssqlserver_webhook.go | 19 ++++++++++++++++--- apis/kubedb/v1alpha2/openapi_generated.go | 6 ++---- apis/kubedb/v1alpha2/zz_generated.deepcopy.go | 5 +++++ apis/ops/v1alpha1/openapi_generated.go | 6 ++---- crds/kubedb.com_mssqlservers.yaml | 2 -- ...ops.kubedb.com_mssqlserveropsrequests.yaml | 2 -- 8 files changed, 29 insertions(+), 16 deletions(-) diff --git a/apis/kubedb/constants.go b/apis/kubedb/constants.go index 88afd28541..4f8fa0c5fd 100644 --- a/apis/kubedb/constants.go +++ b/apis/kubedb/constants.go @@ -417,6 +417,7 @@ const ( // environment variables EnvAcceptEula = "ACCEPT_EULA" + EnvMSSQLPid = "MSSQL_PID" EnvMSSQLEnableHADR = "MSSQL_ENABLE_HADR" EnvMSSQLAgentEnabled = "MSSQL_AGENT_ENABLED" EnvMSSQLSAUsername = "MSSQL_SA_USERNAME" diff --git a/apis/kubedb/v1alpha2/mssqlserver_types.go b/apis/kubedb/v1alpha2/mssqlserver_types.go index 19138e9bf7..dc37f557c4 100644 --- a/apis/kubedb/v1alpha2/mssqlserver_types.go +++ b/apis/kubedb/v1alpha2/mssqlserver_types.go @@ -134,7 +134,9 @@ type MSSQLServerSpec struct { type SQLServerTLSConfig struct { kmapi.TLSConfig `json:",inline"` - ClientTLS bool `json:"clientTLS"` + + // +optional + ClientTLS *bool `json:"clientTLS"` } type MSSQLServerTopology struct { diff --git a/apis/kubedb/v1alpha2/mssqlserver_webhook.go b/apis/kubedb/v1alpha2/mssqlserver_webhook.go index cbfb46c78d..68443f595e 100644 --- a/apis/kubedb/v1alpha2/mssqlserver_webhook.go +++ b/apis/kubedb/v1alpha2/mssqlserver_webhook.go @@ -137,9 +137,15 @@ func (m *MSSQLServer) ValidateCreateOrUpdate() field.ErrorList { if m.Spec.TLS == nil { allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls"), m.Name, "spec.tls is missing")) - } else if m.Spec.TLS.IssuerRef == nil { - allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("issuerRef"), - m.Name, "spec.tls.issuerRef' is missing")) + } else { + if m.Spec.TLS.IssuerRef == nil { + allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("issuerRef"), + m.Name, "spec.tls.issuerRef' is missing")) + } + if m.Spec.TLS.ClientTLS == nil { + allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("tls").Child("clientTLS"), + m.Name, "spec.tls.clientTLS' is missing")) + } } if m.Spec.PodTemplate != nil { @@ -289,11 +295,18 @@ func getMSSQLServerContainerEnvs(m *MSSQLServer) []core.EnvVar { } func ValidateMSSQLServerEnvVar(envs []core.EnvVar, forbiddenEnvs []string, resourceType string) error { + presentMSSQL_PID := false for _, env := range envs { present, _ := arrays.Contains(forbiddenEnvs, env.Name) if present { return fmt.Errorf("environment variable %s is forbidden to use in %s spec", env.Name, resourceType) } + if env.Name == "MSSQL_PID" { + presentMSSQL_PID = true + } + } + if !presentMSSQL_PID { + return fmt.Errorf("environment variable %s must be provided in %s spec", kubedb.EnvMSSQLPid, resourceType) } return nil } diff --git a/apis/kubedb/v1alpha2/openapi_generated.go b/apis/kubedb/v1alpha2/openapi_generated.go index 54fc1b032b..2b83d6b4d3 100644 --- a/apis/kubedb/v1alpha2/openapi_generated.go +++ b/apis/kubedb/v1alpha2/openapi_generated.go @@ -33976,13 +33976,11 @@ func schema_apimachinery_apis_kubedb_v1alpha2_SQLServerTLSConfig(ref common.Refe }, "clientTLS": { SchemaProps: spec.SchemaProps{ - Default: false, - Type: []string{"boolean"}, - Format: "", + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"clientTLS"}, }, }, Dependencies: []string{ diff --git a/apis/kubedb/v1alpha2/zz_generated.deepcopy.go b/apis/kubedb/v1alpha2/zz_generated.deepcopy.go index 458bb13fcf..f3f0ee66fa 100644 --- a/apis/kubedb/v1alpha2/zz_generated.deepcopy.go +++ b/apis/kubedb/v1alpha2/zz_generated.deepcopy.go @@ -5104,6 +5104,11 @@ func (in *RemoteReplicaSpec) DeepCopy() *RemoteReplicaSpec { func (in *SQLServerTLSConfig) DeepCopyInto(out *SQLServerTLSConfig) { *out = *in in.TLSConfig.DeepCopyInto(&out.TLSConfig) + if in.ClientTLS != nil { + in, out := &in.ClientTLS, &out.ClientTLS + *out = new(bool) + **out = **in + } return } diff --git a/apis/ops/v1alpha1/openapi_generated.go b/apis/ops/v1alpha1/openapi_generated.go index 85ff2f7702..0d12f08387 100644 --- a/apis/ops/v1alpha1/openapi_generated.go +++ b/apis/ops/v1alpha1/openapi_generated.go @@ -28069,9 +28069,8 @@ func schema_apimachinery_apis_ops_v1alpha1_MSSQLServerTLSSpec(ref common.Referen }, "clientTLS": { SchemaProps: spec.SchemaProps{ - Default: false, - Type: []string{"boolean"}, - Format: "", + Type: []string{"boolean"}, + Format: "", }, }, "rotateCertificates": { @@ -28089,7 +28088,6 @@ func schema_apimachinery_apis_ops_v1alpha1_MSSQLServerTLSSpec(ref common.Referen }, }, }, - Required: []string{"clientTLS"}, }, }, Dependencies: []string{ diff --git a/crds/kubedb.com_mssqlservers.yaml b/crds/kubedb.com_mssqlservers.yaml index 9982ca81c4..c61e5d671f 100644 --- a/crds/kubedb.com_mssqlservers.yaml +++ b/crds/kubedb.com_mssqlservers.yaml @@ -4658,8 +4658,6 @@ spec: - name type: object x-kubernetes-map-type: atomic - required: - - clientTLS type: object topology: properties: diff --git a/crds/ops.kubedb.com_mssqlserveropsrequests.yaml b/crds/ops.kubedb.com_mssqlserveropsrequests.yaml index 552725ac1f..70a8d8bf21 100644 --- a/crds/ops.kubedb.com_mssqlserveropsrequests.yaml +++ b/crds/ops.kubedb.com_mssqlserveropsrequests.yaml @@ -197,8 +197,6 @@ spec: type: boolean rotateCertificates: type: boolean - required: - - clientTLS type: object type: enum: