Add security related webhook validator for kafka

Signed-off-by: obaydullahmhs <obaydullah@appscode.com>
kubedb · Nov 23, 2023 · 42f5eb5 · 42f5eb5
1 parent 15523cf
commit 42f5eb5
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/apis/kubedb/v1alpha2/kafka_webhook.go b/apis/kubedb/v1alpha2/kafka_webhook.go
@@ -86,6 +86,20 @@ func (k *Kafka) ValidateDelete() error {
 func (k *Kafka) ValidateCreateOrUpdate() error {
 	var allErr field.ErrorList
 	// TODO(user): fill in your validation logic upon object creation.
+	if k.Spec.DisableSecurity {
+		if k.Spec.EnableSSL {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.enableSSL can't be true, if .spec.disableSecurity is enabled"))
+		}
+	}
+	if k.Spec.EnableSSL {
+		if k.Spec.TLS == nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.tls can't be nil, if .spec.enableSSL is true"))
+		}
+	}
 	if k.Spec.Topology != nil {
 		if k.Spec.Topology.Controller == nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("topology").Child("controller"),