From b80026c9a1e8ec120ec8901638cce546ae70c021 Mon Sep 17 00:00:00 2001
From: Dhiraj Bokde <dhirajsb@users.noreply.github.com>
Date: Fri, 16 Feb 2024 23:34:26 -0800
Subject: [PATCH] feat: add support for mysql_config_sslcapath option

---
 api/v1alpha1/modelregistry_types.go           |  5 +++-
 api/v1alpha1/zz_generated.deepcopy.go         |  5 ++++
 ...gistry.opendatahub.io_modelregistries.yaml |  7 ++++-
 .../config/templates/deployment.yaml.tmpl     | 26 ++++++++++++++-----
 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/api/v1alpha1/modelregistry_types.go b/api/v1alpha1/modelregistry_types.go
index a548d97..a858328 100644
--- a/api/v1alpha1/modelregistry_types.go
+++ b/api/v1alpha1/modelregistry_types.go
@@ -122,8 +122,11 @@ type MySQLConfig struct {
 	// client private key.
 	SSLKeySecret *SecretKeyValue `json:"sslKeySecret,omitempty"`
 	// This parameter specifies the Kubernetes Secret name and key containing
-	// certificate authority (CA) certificate(s).
+	// certificate authority (CA) certificate.
 	SSLRootCertificateSecret *SecretKeyValue `json:"sslRootCertificateSecret,omitempty"`
+	// This parameter specifies the Kubernetes Secret name containing
+	// multiple certificate authority (CA) certificate(s) as keys.
+	SSLRootCertificatesSecretName *string `json:"sslRootCertificatesSecretName,omitempty"`
 	// This parameter specifies the list of permissible ciphers for SSL encryption.
 	SSLCipher *string `json:"sslCipher,omitempty"`
 	// If set, enable verification of the server certificate against the host
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 58bb600..4a07c02 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -197,6 +197,11 @@ func (in *MySQLConfig) DeepCopyInto(out *MySQLConfig) {
 		*out = new(SecretKeyValue)
 		**out = **in
 	}
+	if in.SSLRootCertificatesSecretName != nil {
+		in, out := &in.SSLRootCertificatesSecretName, &out.SSLRootCertificatesSecretName
+		*out = new(string)
+		**out = **in
+	}
 	if in.SSLCipher != nil {
 		in, out := &in.SSLCipher, &out.SSLCipher
 		*out = new(string)
diff --git a/config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml b/config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml
index 05bacc1..441275e 100644
--- a/config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml
+++ b/config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml
@@ -187,7 +187,7 @@ spec:
                     type: object
                   sslRootCertificateSecret:
                     description: This parameter specifies the Kubernetes Secret name
-                      and key containing certificate authority (CA) certificate(s).
+                      and key containing certificate authority (CA) certificate.
                     properties:
                       key:
                         description: Key name in secret
@@ -199,6 +199,11 @@ spec:
                     - key
                     - name
                     type: object
+                  sslRootCertificatesSecretName:
+                    description: This parameter specifies the Kubernetes Secret name
+                      containing multiple certificate authority (CA) certificate(s)
+                      as keys.
+                    type: string
                   username:
                     description: The MYSQL login id.
                     type: string
diff --git a/internal/controller/config/templates/deployment.yaml.tmpl b/internal/controller/config/templates/deployment.yaml.tmpl
index e5e9285..05c3de9 100644
--- a/internal/controller/config/templates/deployment.yaml.tmpl
+++ b/internal/controller/config/templates/deployment.yaml.tmpl
@@ -72,6 +72,9 @@ spec:
                 {{- end}}
                 {{- if .Spec.MySQL.SSLRootCertificateSecret}}
             - --mysql_config_sslrootcert=/etc/mysql_ssl_rootcert/{{.Spec.MySQL.SSLRootCertificateSecret.Key}}
+                {{- end}}
+                {{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
+            - --mysql_config_sslcapath=/etc/mysql_ssl_rootcerts/
                 {{- end}}
                 {{- if .Spec.MySQL.SSLCipher}}
             - --mysql_config_sslcipher={{.Spec.MySQL.SSLCipher}}
@@ -128,18 +131,23 @@ spec:
             {{- else if .Spec.MySQL}}
                 {{- if .Spec.MySQL.SSLCertificateSecret}}
             - name: mysql-ssl-cert
-            mountPath: /etc/mysql_ssl_cert
-            readOnly: true
+              mountPath: /etc/mysql_ssl_cert
+              readOnly: true
                 {{- end}}
                 {{- if .Spec.MySQL.SSLKeySecret}}
             - name: mysql-ssl-key
-            mountPath: /etc/mysql_ssl_key
-            readOnly: true
+              mountPath: /etc/mysql_ssl_key
+              readOnly: true
                 {{- end}}
                 {{- if .Spec.MySQL.SSLRootCertificateSecret}}
             - name: mysql-ssl-rootcert
-            mountPath: /etc/mysql_ssl_rootcert
-            readOnly: true
+              mountPath: /etc/mysql_ssl_rootcert
+              readOnly: true
+                {{- end}}
+                {{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
+            - name: mysql-ssl-rootcerts
+              mountPath: /etc/mysql_ssl_rootcerts
+              readOnly: true
                 {{- end}}
             {{- end}}
           image: {{.Spec.Grpc.Image}}
@@ -246,4 +254,10 @@ spec:
             secretName: {{.Spec.MySQL.SSLRootCertificateSecret.Name}}
             defaultMode: 0600
             {{- end}}
+            {{- if .Spec.MySQL.SSLRootCertificatesSecretName}}
+        - name: mysql-ssl-rootcerts
+          secret:
+            secretName: {{.Spec.MySQL.SSLRootCertificatesSecretName}}
+            defaultMode: 0600
+            {{- end}}
         {{- end}}