From bbb4182dabf00812b340b70c94764a92a86bd25d Mon Sep 17 00:00:00 2001
From: obaydullahmhs <obaydullah@appscode.com>
Date: Thu, 23 Nov 2023 15:21:27 +0600
Subject: [PATCH] Add security related webhook validator for kafka

Signed-off-by: obaydullahmhs <obaydullah@appscode.com>
---
 apis/kubedb/v1alpha2/kafka_webhook.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apis/kubedb/v1alpha2/kafka_webhook.go b/apis/kubedb/v1alpha2/kafka_webhook.go
index af05f17089..de9354ddfe 100644
--- a/apis/kubedb/v1alpha2/kafka_webhook.go
+++ b/apis/kubedb/v1alpha2/kafka_webhook.go
@@ -86,6 +86,19 @@ func (k *Kafka) ValidateDelete() error {
 func (k *Kafka) ValidateCreateOrUpdate() error {
 	var allErr field.ErrorList
 	// TODO(user): fill in your validation logic upon object creation.
+	if k.Spec.EnableSSL {
+		if k.Spec.TLS == nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.tls can't be nil, if .spec.enableSSL is true"))
+		}
+	} else {
+		if k.Spec.TLS != nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.tls must be nil, if .spec.enableSSL is disabled"))
+		}
+	}
 	if k.Spec.Topology != nil {
 		if k.Spec.Topology.Controller == nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("topology").Child("controller"),