diff --git a/modules/common/tls/tls.go b/modules/common/tls/tls.go index 9d03633c..9e5d9e9f 100644 --- a/modules/common/tls/tls.go +++ b/modules/common/tls/tls.go @@ -22,7 +22,6 @@ import ( "context" "encoding/json" "fmt" - "strings" "time" "github.com/openstack-k8s-operators/lib-common/modules/common/env" @@ -436,35 +435,3 @@ func (c *Ca) CreateVolume() corev1.Volume { return volume } - -// CreateDatabaseClientConfig - connection flags for the MySQL client -// Configures TLS connections for clients that use TLS certificates -// returns a string of mysql config statements -// With the serviceID it is possible to control which certificate -// to be use if there are multiple mounted to the deployment. -func (s *Service) CreateDatabaseClientConfig(serviceID string) string { - conn := []string{} - - if serviceID != "" || (s.CertMount != nil && s.KeyMount != nil) { - certPath := s.getCertMountPath(serviceID) - keyPath := s.getKeyMountPath(serviceID) - - conn = append(conn, - fmt.Sprintf("ssl-cert=%s", certPath), - fmt.Sprintf("ssl-key=%s", keyPath), - ) - } - - // Client uses a CA certificate - caPath := DownstreamTLSCABundlePath - if s.CaMount != nil { - caPath = *s.CaMount - } - conn = append(conn, fmt.Sprintf("ssl-ca=%s", caPath)) - - if len(conn) > 0 { - conn = append([]string{"ssl=1"}, conn...) - } - - return strings.Join(conn, "\n") -} diff --git a/modules/common/tls/tls_test.go b/modules/common/tls/tls_test.go index a4402c55..e4dcff2c 100644 --- a/modules/common/tls/tls_test.go +++ b/modules/common/tls/tls_test.go @@ -343,64 +343,3 @@ func TestCaCreateVolume(t *testing.T) { }) } } - -func TestCreateDatabaseClientConfig(t *testing.T) { - tests := []struct { - name string - service Service - serviceID string - wantStmts []string - excludeStmts []string - }{ - { - name: "Only CA Secret", - service: Service{}, - serviceID: "", - wantStmts: []string{"ssl=1", "ssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}, - excludeStmts: []string{"ssl-cert=", "ssl-key="}, - }, - { - name: "TLS Secret specified", - service: Service{SecretName: "test-tls-secret"}, - serviceID: "foo", - wantStmts: []string{"ssl=1", "ssl-cert=/var/lib/config-data/tls/certs/foo.crt", "ssl-key=/var/lib/config-data/tls/private/foo.key", "ssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}, - excludeStmts: []string{}, - }, - { - name: "TLS and CA custom mount", - service: Service{SecretName: "test-tls-secret", CaMount: ptr.To("/some/path/ca.crt")}, - serviceID: "foo", - wantStmts: []string{"ssl=1", "ssl-cert=/var/lib/config-data/tls/certs/foo.crt", "ssl-key=/var/lib/config-data/tls/private/foo.key", "ssl-ca=/some/path/ca.crt"}, - excludeStmts: []string{}, - }, - { - name: "TLS custom mount", - service: Service{SecretName: "test-tls-secret", CertMount: ptr.To("/some/path/cert.crt"), KeyMount: ptr.To("/some/path/cert.key")}, - serviceID: "", - wantStmts: []string{"ssl=1", "ssl-cert=/some/path/cert.crt", "ssl-key=/some/path/cert.key", "ssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}, - excludeStmts: []string{}, - }, - { - name: "TLS custom mount AND CA custom mount", - service: Service{SecretName: "test-tls-secret", CertMount: ptr.To("/some/path/cert.crt"), KeyMount: ptr.To("/some/path/cert.key"), CaMount: ptr.To("/some/path/ca.crt")}, - serviceID: "", - wantStmts: []string{"ssl=1", "ssl-cert=/some/path/cert.crt", "ssl-key=/some/path/cert.key", "ssl-ca=/some/path/ca.crt"}, - excludeStmts: []string{}, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - g := NewWithT(t) - - configStr := tt.service.CreateDatabaseClientConfig(tt.serviceID) - - for _, stmt := range tt.wantStmts { - g.Expect(configStr).To(ContainSubstring(stmt)) - } - for _, stmt := range tt.excludeStmts { - g.Expect(configStr).ToNot(ContainSubstring(stmt)) - } - }) - } -}