From 42f5eb543f1683a02f60b80ad8a9f3e16f1099ad Mon Sep 17 00:00:00 2001
From: obaydullahmhs <obaydullah@appscode.com>
Date: Thu, 23 Nov 2023 15:21:27 +0600
Subject: [PATCH] Add security related webhook validator for kafka

Signed-off-by: obaydullahmhs <obaydullah@appscode.com>
---
 apis/kubedb/v1alpha2/kafka_webhook.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apis/kubedb/v1alpha2/kafka_webhook.go b/apis/kubedb/v1alpha2/kafka_webhook.go
index af05f17089..774504f339 100644
--- a/apis/kubedb/v1alpha2/kafka_webhook.go
+++ b/apis/kubedb/v1alpha2/kafka_webhook.go
@@ -86,6 +86,20 @@ func (k *Kafka) ValidateDelete() error {
 func (k *Kafka) ValidateCreateOrUpdate() error {
 	var allErr field.ErrorList
 	// TODO(user): fill in your validation logic upon object creation.
+	if k.Spec.DisableSecurity {
+		if k.Spec.EnableSSL {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.enableSSL can't be true, if .spec.disableSecurity is enabled"))
+		}
+	}
+	if k.Spec.EnableSSL {
+		if k.Spec.TLS == nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("enableSSL"),
+				k.Name,
+				".spec.tls can't be nil, if .spec.enableSSL is true"))
+		}
+	}
 	if k.Spec.Topology != nil {
 		if k.Spec.Topology.Controller == nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("topology").Child("controller"),