Skip to content

K8SPSMDB-1154: disable encryption by default for inMemory #1912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+30 −16
Open

K8SPSMDB-1154: disable encryption by default for inMemory #1912

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fcda99e
K8SPSMDB-1154: disable encryption by default for inMemory
pooknull May 8, 2025
8f992ab
fix
pooknull May 8, 2025
f0d9be5
Merge branch 'main' into K8SPSMDB-1154
hors May 16, 2025
23d9ce0
small improvement
pooknull May 21, 2025
75facc3
Merge remote-tracking branch 'origin/main' into K8SPSMDB-1154
pooknull May 21, 2025
ab1be45
fix manifests
pooknull May 21, 2025
5f9aa7c
Merge branch 'main' into K8SPSMDB-1154
pooknull May 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions pkg/apis/psmdb/v1/psmdb_defaults.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -734,6 +734,16 @@ func (rs *ReplsetSpec) SetDefaults(platform version.Platform, cr *PerconaServerM
}
}

if rs.Storage != nil && rs.Storage.Engine == StorageEngineInMemory {
encryptionEnabled, err := rs.Configuration.IsEncryptionEnabled()
if err != nil {
return errors.Wrap(err, "failed to parse replset configuration")
}
if encryptionEnabled != nil && *encryptionEnabled {
return errors.New("inMemory storage engine doesn't support encryption")
}
}
Copy link
Contributor

@gkech gkech May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we already have the function func isEncryptionEnabled(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec) (bool, error) { . I think we can utilize it for the most part of this logic by returning a verified not nil boolean.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to note, I think that we can move this function in psmdb_defaults and then utilize it elsewhere in the codebase.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

23d9ce0


return nil
}

Expand Down
4 changes: 4 additions & 0 deletions pkg/psmdb/statefulset.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -584,7 +584,11 @@ func isEncryptionEnabled(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec)
if err != nil {
return false, errors.Wrap(err, "failed to parse replset configuration")
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the cr is not used by this function at all, maybe we can remove it from the function signature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

23d9ce0

if enabled == nil {
if replset.Storage.Engine == api.StorageEngineInMemory {
return false, nil // disabled for inMemory engine by default
}
return true, nil // true by default
}
return *enabled, nil
Expand Down
Loading