From 8beb95c55437ba98ceb7e256ff48858d7d0b4130 Mon Sep 17 00:00:00 2001
From: raihankhan <raihan@appscode.com>
Date: Mon, 3 Jun 2024 12:35:37 +0600
Subject: [PATCH] Update apimachinery module

Signed-off-by: raihankhan <raihan@appscode.com>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +-
 .../kubedb/v1alpha2/clickhouse_helpers.go     | 20 ++--
 .../kubedb/v1alpha2/clickhouse_webhook.go     | 86 ++++++++--------
 .../apis/kubedb/v1alpha2/constants.go         | 12 ++-
 .../kubedb/v1alpha2/mssqlserver_helpers.go    | 97 +++++++++++++++++--
 .../apis/kubedb/v1alpha2/mssqlserver_types.go |  6 +-
 .../kubedb/v1alpha2/mssqlserver_webhook.go    |  6 +-
 vendor/modules.txt                            |  2 +-
 9 files changed, 161 insertions(+), 74 deletions(-)

diff --git a/go.mod b/go.mod
index c6fca614..d848d65b 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	k8s.io/klog/v2 v2.120.1
 	kmodules.xyz/client-go v0.29.14
 	kmodules.xyz/custom-resources v0.29.1
-	kubedb.dev/apimachinery v0.45.2-0.20240531110354-049490369476
+	kubedb.dev/apimachinery v0.45.2-0.20240531124004-74e7190f0509
 	sigs.k8s.io/controller-runtime v0.17.4
 	xorm.io/xorm v1.3.6
 )
diff --git a/go.sum b/go.sum
index 17e0f806..8030afb8 100644
--- a/go.sum
+++ b/go.sum
@@ -778,8 +778,8 @@ kmodules.xyz/monitoring-agent-api v0.29.0 h1:gpFl6OZrlMLb/ySMHdREI9EwGtnJ91oZBn9
 kmodules.xyz/monitoring-agent-api v0.29.0/go.mod h1:iNbvaMTgVFOI5q2LJtGK91j4Dmjv4ZRiRdasGmWLKQI=
 kmodules.xyz/offshoot-api v0.29.2 h1:akXmvkNqFz1n9p1STVs9iP7ODYET0S7BhcYCMXEjK4A=
 kmodules.xyz/offshoot-api v0.29.2/go.mod h1:Wv7Xo8wbvznI+8bhaylRFHFjkt30xRDOUOnqV8kOAxM=
-kubedb.dev/apimachinery v0.45.2-0.20240531110354-049490369476 h1:suwRPKSUTPJXBLRopWmgxE4U9S7POo5iMROR4tnlQlU=
-kubedb.dev/apimachinery v0.45.2-0.20240531110354-049490369476/go.mod h1:LBoGqbBHFeIRLv1KtkkmVxjK/g9CmQETVpwszFp9Ly0=
+kubedb.dev/apimachinery v0.45.2-0.20240531124004-74e7190f0509 h1:fkvqASIcqzMnUvMCXK5SznLkk3sJdqVIM0TH4AhAG7w=
+kubedb.dev/apimachinery v0.45.2-0.20240531124004-74e7190f0509/go.mod h1:LBoGqbBHFeIRLv1KtkkmVxjK/g9CmQETVpwszFp9Ly0=
 kubeops.dev/petset v0.0.5 h1:VVXi39JhjondlbHyZ98z0MLp6VCmiCMinL59K48Y2zA=
 kubeops.dev/petset v0.0.5/go.mod h1:ijtKT1HlAht2vBEZj5LW7C00XEs3B0d1VdCQgd5V4cA=
 lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_helpers.go
index a433ce26..bc770126 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_helpers.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_helpers.go
@@ -200,16 +200,6 @@ func (c *ClickHouse) ResourceSingular() string {
 }
 
 func (c *ClickHouse) SetDefaults() {
-	if c.Spec.Replicas == nil {
-		c.Spec.Replicas = pointer.Int32P(1)
-	}
-	if c.Spec.TerminationPolicy == "" {
-		c.Spec.TerminationPolicy = TerminationPolicyDelete
-	}
-	if c.Spec.StorageType == "" {
-		c.Spec.StorageType = StorageTypeDurable
-	}
-
 	var chVersion catalog.ClickHouseVersion
 	err := DefaultClient.Get(context.TODO(), types.NamespacedName{
 		Name: c.Spec.Version,
@@ -257,6 +247,16 @@ func (c *ClickHouse) SetDefaults() {
 		}
 		c.Spec.ClusterTopology.Cluster = clusters
 	} else {
+		if c.Spec.Replicas == nil {
+			c.Spec.Replicas = pointer.Int32P(1)
+		}
+		if c.Spec.TerminationPolicy == "" {
+			c.Spec.TerminationPolicy = TerminationPolicyDelete
+		}
+		if c.Spec.StorageType == "" {
+			c.Spec.StorageType = StorageTypeDurable
+		}
+
 		if c.Spec.PodTemplate == nil {
 			c.Spec.PodTemplate = &ofst.PodTemplateSpec{}
 		}
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_webhook.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_webhook.go
index b27090f9..a658f05b 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_webhook.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/clickhouse_webhook.go
@@ -79,6 +79,22 @@ func (r *ClickHouse) ValidateDelete() (admission.Warnings, error) {
 
 func (r *ClickHouse) ValidateCreateOrUpdate() error {
 	var allErr field.ErrorList
+
+	if r.Spec.Version == "" {
+		allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("version"),
+			r.Name,
+			"spec.version' is missing"))
+		return apierrors.NewInvalid(schema.GroupKind{Group: "ClickHouse.kubedb.com", Kind: "ClickHouse"}, r.Name, allErr)
+	} else {
+		err := r.ValidateVersion(r)
+		if err != nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("version"),
+				r.Spec.Version,
+				err.Error()))
+			return apierrors.NewInvalid(schema.GroupKind{Group: "ClickHouse.kubedb.com", Kind: "ClickHouse"}, r.Name, allErr)
+		}
+	}
+
 	if r.Spec.ClusterTopology != nil {
 		clusterName := map[string]bool{}
 		clusters := r.Spec.ClusterTopology.Cluster
@@ -99,6 +115,21 @@ func (r *ClickHouse) ValidateCreateOrUpdate() error {
 					"cluster name is duplicated, use different cluster name"))
 			}
 			clusterName[cluster.Name] = true
+
+			allErr = r.validateClusterStorageType(cluster, allErr)
+
+			err := r.validateVolumes(cluster.PodTemplate)
+			if err != nil {
+				allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("clusterTopology").Child("podTemplate").Child("spec").Child("volumes"),
+					r.Name,
+					err.Error()))
+			}
+			err = r.validateVolumesMountPaths(cluster.PodTemplate)
+			if err != nil {
+				allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("clusterTopology").Child("podTemplate").Child("spec").Child("volumeMounts"),
+					r.Name,
+					err.Error()))
+			}
 		}
 		if r.Spec.PodTemplate != nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("podTemplate"),
@@ -106,6 +137,18 @@ func (r *ClickHouse) ValidateCreateOrUpdate() error {
 				"PodTemplate should be nil in clusterTopology"))
 		}
 
+		if r.Spec.Replicas != nil {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("replica"),
+				r.Name,
+				"replica should be nil in clusterTopology"))
+		}
+
+		if r.Spec.StorageType != "" {
+			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("storageType"),
+				r.Name,
+				"StorageType should be empty in clusterTopology"))
+		}
+
 		if r.Spec.Storage != nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("storage"),
 				r.Name,
@@ -126,22 +169,6 @@ func (r *ClickHouse) ValidateCreateOrUpdate() error {
 				r.Name,
 				"number of replicas can't be greater than 1 in standalone mode"))
 		}
-
-	}
-
-	if r.Spec.Version == "" {
-		allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("version"),
-			r.Name,
-			"spec.version' is missing"))
-	} else {
-		err := r.ValidateVersion(r)
-		if err != nil {
-			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("version"),
-				r.Spec.Version,
-				err.Error()))
-		}
-	}
-	if r.Spec.ClusterTopology == nil {
 		err := r.validateVolumes(r.Spec.PodTemplate)
 		if err != nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("podTemplate").Child("spec").Child("volumes"),
@@ -154,36 +181,10 @@ func (r *ClickHouse) ValidateCreateOrUpdate() error {
 				r.Name,
 				err.Error()))
 		}
-	}
-
-	if r.Spec.ClusterTopology != nil {
-		clusters := r.Spec.ClusterTopology.Cluster
-		for _, cluster := range clusters {
-			allErr = r.validateClusterStorageType(cluster, allErr)
 
-			err := r.validateVolumes(cluster.PodTemplate)
-			if err != nil {
-				allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("clusterTopology").Child("podTemplate").Child("spec").Child("volumes"),
-					r.Name,
-					err.Error()))
-			}
-			err = r.validateVolumesMountPaths(cluster.PodTemplate)
-			if err != nil {
-				allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("clusterTopology").Child("podTemplate").Child("spec").Child("volumeMounts"),
-					r.Name,
-					err.Error()))
-			}
-		}
-	} else {
 		allErr = r.validateStandaloneStorageType(r.Spec.StorageType, r.Spec.Storage, allErr)
 	}
 
-	//if r.Spec.ConfigSecret != nil && r.Spec.ConfigSecret.Name == "" {
-	//	allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("configSecret").Child("name"),
-	//		r.Name,
-	//		"ConfigSecret Name can not be empty"))
-	//}
-
 	if len(allErr) == 0 {
 		return nil
 	}
@@ -302,6 +303,5 @@ func (r *ClickHouse) validateVolumesMountPaths(podTemplate *ofst.PodTemplateSpec
 			}
 		}
 	}
-
 	return nil
 }
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go
index e58a6230..d70d61c3 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/constants.go
@@ -1254,15 +1254,21 @@ const (
 	ClickHouseContainerName     = "clickhouse"
 	ClickHouseInitContainerName = "clickhouse-init"
 
-	ClickHouseClusterConfigFileName = "cluster-config.yaml"
-	ClickHouseTempConfigDir         = "/ch-tmp/config"
-	ClickHouseTempDir               = "/ch-tmp"
+	ClickHouseClusterConfigFile = "cluster-config.yaml"
+	ClickHouseTempConfigDir     = "/ch-tmp/config"
+	ClickHouseTempDir           = "/ch-tmp"
 
 	ClickHouseUserConfigDir  = "/etc/clickhouse-server/user.d"
 	ClickHouseMacrosFileName = "macros.yaml"
 
 	ClickHouseStandalone = "standalone"
 	ClickHouseCluster    = "cluster"
+
+	ClickHouseHealthCheckerDatabase = "kubedb_system_db"
+	ClickHouseHealthCheckerTable    = "kubedb_system_table"
+
+	ClickHouseServerConfigFile = "server-config.yaml"
+	ClickHouseKeeperFileConfig = "keeper-config.yaml"
 )
 
 // Resource kind related constants
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_helpers.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_helpers.go
index 1d4a6eb6..2a1a6cd2 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_helpers.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_helpers.go
@@ -247,24 +247,24 @@ func (m *MSSQLServer) EndpointCertSecretName() string {
 }
 
 // CertificateName returns the default certificate name and/or certificate secret name for a certificate alias
-func (s *MSSQLServer) CertificateName(alias MSSQLServerCertificateAlias) string {
-	return metautil.NameWithSuffix(s.Name, fmt.Sprintf("%s-cert", string(alias)))
+func (m *MSSQLServer) CertificateName(alias MSSQLServerCertificateAlias) string {
+	return metautil.NameWithSuffix(m.Name, fmt.Sprintf("%s-cert", string(alias)))
 }
 
-func (s *MSSQLServer) SecretName(alias MSSQLServerCertificateAlias) string {
-	return metautil.NameWithSuffix(s.Name, string(alias))
+func (m *MSSQLServer) SecretName(alias MSSQLServerCertificateAlias) string {
+	return metautil.NameWithSuffix(m.Name, string(alias))
 }
 
 // GetCertSecretName returns the secret name for a certificate alias if any
 // otherwise returns default certificate secret name for the given alias.
-func (s *MSSQLServer) GetCertSecretName(alias MSSQLServerCertificateAlias) string {
-	if s.Spec.TLS != nil {
-		name, ok := kmapi.GetCertificateSecretName(s.Spec.TLS.Certificates, string(alias))
+func (m *MSSQLServer) GetCertSecretName(alias MSSQLServerCertificateAlias) string {
+	if m.Spec.TLS != nil {
+		name, ok := kmapi.GetCertificateSecretName(m.Spec.TLS.Certificates, string(alias))
 		if ok {
 			return name
 		}
 	}
-	return s.CertificateName(alias)
+	return m.CertificateName(alias)
 }
 
 func (m *MSSQLServer) GetNameSpacedName() string {
@@ -330,6 +330,8 @@ func (m *MSSQLServer) SetDefaults() {
 
 	m.setDefaultContainerSecurityContext(&mssqlVersion, m.Spec.PodTemplate)
 
+	m.SetTLSDefaults()
+
 	m.SetHealthCheckerDefaults()
 
 	m.setDefaultContainerResourceLimits(m.Spec.PodTemplate)
@@ -436,6 +438,85 @@ func (m *MSSQLServer) setDefaultContainerResourceLimits(podTemplate *ofst.PodTem
 	}
 }
 
+func (m *MSSQLServer) SetTLSDefaults() {
+	m.SetTLSDefaultsForInternalAuth()
+
+	if m.Spec.TLS == nil || m.Spec.TLS.IssuerRef == nil {
+		return
+	}
+
+	// Server-cert
+	defaultServerOrg := []string{KubeDBOrganization}
+	defaultServerOrgUnit := []string{string(MSSQLServerServerCert)}
+	_, cert := kmapi.GetCertificate(m.Spec.TLS.Certificates, string(MSSQLServerServerCert))
+	if cert != nil && cert.Subject != nil {
+		if cert.Subject.Organizations != nil {
+			defaultServerOrg = cert.Subject.Organizations
+		}
+		if cert.Subject.OrganizationalUnits != nil {
+			defaultServerOrgUnit = cert.Subject.OrganizationalUnits
+		}
+	}
+
+	m.Spec.TLS.Certificates = kmapi.SetMissingSpecForCertificate(m.Spec.TLS.Certificates, kmapi.CertificateSpec{
+		Alias:      string(MSSQLServerServerCert),
+		SecretName: m.GetCertSecretName(MSSQLServerServerCert),
+		Subject: &kmapi.X509Subject{
+			Organizations:       defaultServerOrg,
+			OrganizationalUnits: defaultServerOrgUnit,
+		},
+	})
+
+	// Client-cert
+	defaultClientOrg := []string{KubeDBOrganization}
+	defaultClientOrgUnit := []string{string(MSSQLServerClientCert)}
+	_, cert = kmapi.GetCertificate(m.Spec.TLS.Certificates, string(MSSQLServerClientCert))
+	if cert != nil && cert.Subject != nil {
+		if cert.Subject.Organizations != nil {
+			defaultClientOrg = cert.Subject.Organizations
+		}
+		if cert.Subject.OrganizationalUnits != nil {
+			defaultClientOrgUnit = cert.Subject.OrganizationalUnits
+		}
+	}
+	m.Spec.TLS.Certificates = kmapi.SetMissingSpecForCertificate(m.Spec.TLS.Certificates, kmapi.CertificateSpec{
+		Alias:      string(MSSQLServerClientCert),
+		SecretName: m.GetCertSecretName(MSSQLServerClientCert),
+		Subject: &kmapi.X509Subject{
+			Organizations:       defaultClientOrg,
+			OrganizationalUnits: defaultClientOrgUnit,
+		},
+	})
+}
+
+func (m *MSSQLServer) SetTLSDefaultsForInternalAuth() {
+	if m.Spec.InternalAuth == nil || m.Spec.InternalAuth.EndpointCert == nil || m.Spec.InternalAuth.EndpointCert.IssuerRef == nil {
+		return
+	}
+
+	// Endpoint-cert
+	defaultServerOrg := []string{KubeDBOrganization}
+	defaultServerOrgUnit := []string{string(MSSQLServerEndpointCert)}
+	_, cert := kmapi.GetCertificate(m.Spec.InternalAuth.EndpointCert.Certificates, string(MSSQLServerEndpointCert))
+	if cert != nil && cert.Subject != nil {
+		if cert.Subject.Organizations != nil {
+			defaultServerOrg = cert.Subject.Organizations
+		}
+		if cert.Subject.OrganizationalUnits != nil {
+			defaultServerOrgUnit = cert.Subject.OrganizationalUnits
+		}
+	}
+
+	m.Spec.InternalAuth.EndpointCert.Certificates = kmapi.SetMissingSpecForCertificate(m.Spec.InternalAuth.EndpointCert.Certificates, kmapi.CertificateSpec{
+		Alias:      string(MSSQLServerEndpointCert),
+		SecretName: m.GetCertSecretName(MSSQLServerEndpointCert),
+		Subject: &kmapi.X509Subject{
+			Organizations:       defaultServerOrg,
+			OrganizationalUnits: defaultServerOrgUnit,
+		},
+	})
+}
+
 func (m *MSSQLServer) ReplicasAreReady(lister pslister.PetSetLister) (bool, string, error) {
 	// Desire number of petSets
 	expectedItems := 1
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_types.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_types.go
index 6829f217..794b8524 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_types.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_types.go
@@ -42,9 +42,9 @@ const (
 type MSSQLServerCertificateAlias string
 
 const (
-	MSSQLServerServerCert MSSQLServerCertificateAlias = "server"
-	MSSQLServerClientCert MSSQLServerCertificateAlias = "client"
-	MSSQLServerEndpoint   MSSQLServerCertificateAlias = "endpoint"
+	MSSQLServerServerCert   MSSQLServerCertificateAlias = "server"
+	MSSQLServerClientCert   MSSQLServerCertificateAlias = "client"
+	MSSQLServerEndpointCert MSSQLServerCertificateAlias = "endpoint"
 )
 
 // MSSQLServer defines a MSSQLServer database.
diff --git a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_webhook.go b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_webhook.go
index cf225afa..e535b622 100644
--- a/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_webhook.go
+++ b/vendor/kubedb.dev/apimachinery/apis/kubedb/v1alpha2/mssqlserver_webhook.go
@@ -132,11 +132,11 @@ func (m *MSSQLServer) ValidateCreateOrUpdate() field.ErrorList {
 
 		if m.Spec.InternalAuth == nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth"),
-				m.Name, "spec.internalAuth, spec.internalAuth.endpointCert, spec.internalAuth.endpointCert.issuerRef' is missing"))
+				m.Name, "spec.internalAuth is missing"))
 		} else if m.Spec.InternalAuth.EndpointCert == nil {
 			allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth").Child("endpointCert"),
-				m.Name, "spec.internalAuth.endpointCert, spec.internalAuth.endpointCert.issuerRef' is missing"))
-		} else if m.Spec.InternalAuth.EndpointCert != nil {
+				m.Name, "spec.internalAuth.endpointCert is missing"))
+		} else {
 			if m.Spec.InternalAuth.EndpointCert.IssuerRef == nil {
 				allErr = append(allErr, field.Invalid(field.NewPath("spec").Child("internalAuth").Child("endpointCert").Child("issuerRef"),
 					m.Name, "spec.internalAuth.endpointCert.issuerRef' is missing"))
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ceb05d32..1ffddad5 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1520,7 +1520,7 @@ kmodules.xyz/monitoring-agent-api/api/v1
 ## explicit; go 1.22.0
 kmodules.xyz/offshoot-api/api/v1
 kmodules.xyz/offshoot-api/api/v2
-# kubedb.dev/apimachinery v0.45.2-0.20240531110354-049490369476
+# kubedb.dev/apimachinery v0.45.2-0.20240531124004-74e7190f0509
 ## explicit; go 1.22.0
 kubedb.dev/apimachinery/apis
 kubedb.dev/apimachinery/apis/catalog