Skip to content

Commit

Permalink
Improve documentation for tLSClientConfig
Browse files Browse the repository at this point in the history
  • Loading branch information
@diegolovison @openshift-merge-bot
diegolovison authored and openshift-merge-bot[bot] committed Nov 8, 2024
1 parent 2f9e362 commit 3cc82bc
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion controllers/database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,22 @@ var mariadbTemplates = []string{
"mariadb/default/tls-config.yaml.tmpl",
}

// tLSClientConfig creates and returns a TLS client configuration that includes
// a set of custom CA certificates for secure communication. It reads CA
// certificates from the environment variable `SSL_CERT_FILE` if it is set,
// and appends any additional certificates passed as input.
//
// Parameters:
//
// pems [][]byte: PEM-encoded certificates to be appended to the
// root certificate pool.
//
// Returns:
//
// *cryptoTls.Config: A TLS configuration with the certificates set to the updated
// certificate pool.
// error: An error if there is a failure in parsing any of the provided PEM
// certificates, or nil if successful.
func tLSClientConfig(pems [][]byte) (*cryptoTls.Config, error) {
rootCertPool := x509.NewCertPool()

Expand Down Expand Up @@ -120,7 +136,6 @@ var ConnectAndQueryDatabase = func(
// don't set anything
case "true":
var err error
// if pemCerts is empty, that is OK, we still add OS certs to the tls config
tlsConfig, err = tLSClientConfig(pemCerts)
if err != nil {
log.Info(fmt.Sprintf("Encountered error when processing custom ca bundle, Error: %v", err))
Expand Down

0 comments on commit 3cc82bc

Please sign in to comment.