From fd015ed933076cf673cf3ea78f15d0918ddc38bc Mon Sep 17 00:00:00 2001
From: Ming Wang <miwan@redhat.com>
Date: Tue, 30 Jul 2024 10:44:08 -0400
Subject: [PATCH] tmp without tls

---
 ...yostat-operator.clusterserviceversion.yaml |  2 +-
 internal/controllers/certmanager.go           |  8 +--
 .../resource_definitions/certificates.go      |  2 +
 .../resource_definitions.go                   | 51 ++++++++--------
 internal/controllers/reconciler_test.go       |  2 +-
 internal/test/clients.go                      |  2 +-
 internal/test/resources.go                    | 59 ++++++++++---------
 7 files changed, 66 insertions(+), 60 deletions(-)

diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
index 2006764e..10928f64 100644
--- a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml
@@ -35,7 +35,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
-    createdAt: "2024-07-29T20:48:29Z"
+    createdAt: "2024-07-30T14:31:04Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
diff --git a/internal/controllers/certmanager.go b/internal/controllers/certmanager.go
index 90b32e45..6f2446c5 100644
--- a/internal/controllers/certmanager.go
+++ b/internal/controllers/certmanager.go
@@ -90,6 +90,7 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (
 		return nil, err
 	}
 
+	/**
 	// Create a certificate for the Cryostat database signed by the Cryostat CA
 	databaseCert := resources.NewDatabaseCert(cr)
 	err = r.createOrUpdateCertificate(ctx, databaseCert, cr.Object)
@@ -102,15 +103,14 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (
 	err = r.createOrUpdateCertificate(ctx, storageCert, cr.Object)
 	if err != nil {
 		return nil, err
-	}
+	}**/
+
 	tlsConfig := &resources.TLSConfig{
 		CryostatSecret:     cryostatCert.Spec.SecretName,
 		ReportsSecret:      reportsCert.Spec.SecretName,
-		DatabaseSecret:     databaseCert.Spec.SecretName,
-		StorageSecret:      storageCert.Spec.SecretName,
 		KeystorePassSecret: cryostatCert.Spec.Keystores.PKCS12.PasswordSecretRef.Name,
 	}
-	certificates := []*certv1.Certificate{caCert, cryostatCert, reportsCert, databaseCert, storageCert}
+	certificates := []*certv1.Certificate{caCert, cryostatCert, reportsCert}
 
 	// Update owner references of TLS secrets created by cert-manager to ensure proper cleanup
 	err = r.setCertSecretOwner(ctx, cr.Object, certificates...)
diff --git a/internal/controllers/common/resource_definitions/certificates.go b/internal/controllers/common/resource_definitions/certificates.go
index 5213eeea..31a745fc 100644
--- a/internal/controllers/common/resource_definitions/certificates.go
+++ b/internal/controllers/common/resource_definitions/certificates.go
@@ -132,6 +132,7 @@ func NewReportsCert(cr *model.CryostatInstance) *certv1.Certificate {
 	}
 }
 
+/**
 func NewDatabaseCert(cr *model.CryostatInstance) *certv1.Certificate {
 	return &certv1.Certificate{
 		ObjectMeta: metav1.ObjectMeta{
@@ -179,3 +180,4 @@ func NewStorageCert(cr *model.CryostatInstance) *certv1.Certificate {
 		},
 	}
 }
+**/
diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
index 6c62a43d..37fdd770 100644
--- a/internal/controllers/common/resource_definitions/resource_definitions.go
+++ b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -62,9 +62,9 @@ type TLSConfig struct {
 	// Name of the TLS secret for Reports Generator
 	ReportsSecret string
 	// Name of the TLS secret for Database
-	DatabaseSecret string
+	// DatabaseSecret string
 	// Name of the TLS secret for Storage
-	StorageSecret string
+	// StorageSecret string
 	// Name of the secret containing the password for the keystore in CryostatSecret
 	KeystorePassSecret string
 	// PEM-encoded X.509 certificate for the Cryostat CA
@@ -618,6 +618,7 @@ func NewPodForDatabase(cr *model.CryostatInstance, imageTags *ImageTags, tls *TL
 	container := []corev1.Container{NewDatabaseContainer(cr, imageTags.DatabaseImageTag, tls)}
 
 	volumes := newVolumeForDatabse(cr)
+	/**
 	if tls != nil {
 		secretVolume := corev1.Volume{
 			Name: "database-tls-secret",
@@ -628,7 +629,7 @@ func NewPodForDatabase(cr *model.CryostatInstance, imageTags *ImageTags, tls *TL
 			},
 		}
 		volumes = append(volumes, secretVolume)
-	}
+	}**/
 
 	var podSc *corev1.PodSecurityContext
 	if cr.Spec.SecurityOptions != nil && cr.Spec.SecurityOptions.PodSecurityContext != nil {
@@ -674,6 +675,7 @@ func NewPodForStorage(cr *model.CryostatInstance, imageTags *ImageTags, tls *TLS
 	container := []corev1.Container{NewStorageContainer(cr, imageTags.StorageImageTag, tls)}
 
 	volumes := newVolumeForStorage(cr)
+	/**
 	if tls != nil {
 		secretVolume := corev1.Volume{
 			Name: "storage-tls-secret",
@@ -684,7 +686,7 @@ func NewPodForStorage(cr *model.CryostatInstance, imageTags *ImageTags, tls *TLS
 			},
 		}
 		volumes = append(volumes, secretVolume)
-	}
+	}**/
 
 	var podSc *corev1.PodSecurityContext
 	if cr.Spec.SecurityOptions != nil && cr.Spec.SecurityOptions.PodSecurityContext != nil {
@@ -1213,7 +1215,7 @@ func NewCoreContainer(cr *model.CryostatInstance, specs *ServiceSpecs, imageTag
 		},
 		{
 			Name:  "QUARKUS_DATASOURCE_JDBC_URL",
-			Value: "jdbc:postgresql://localhost:5432/cryostat",
+			Value: fmt.Sprintf("jdbc:postgresql://%s-database:5432/cryostat", cr.Name),
 		},
 		{
 			Name:  "STORAGE_BUCKETS_ARCHIVE_NAME",
@@ -1221,7 +1223,7 @@ func NewCoreContainer(cr *model.CryostatInstance, specs *ServiceSpecs, imageTag
 		},
 		{
 			Name:  "QUARKUS_S3_ENDPOINT_OVERRIDE",
-			Value: "http://localhost:8333",
+			Value: fmt.Sprintf("http://%s-storage:8333", cr.Name),
 		},
 		{
 			Name:  "QUARKUS_S3_PATH_STYLE_ACCESS",
@@ -1607,24 +1609,21 @@ func NewStorageContainer(cr *model.CryostatInstance, imageTag string, tls *TLSCo
 	})
 
 	livenessProbeScheme := corev1.URISchemeHTTP
+	/**
 	if tls != nil {
 		tlsEnvs := []corev1.EnvVar{
 			{
-				Name:  "QUARKUS_HTTP_SSL_PORT",
+				Name:  "S3_PORT_HTTPS",
 				Value: strconv.Itoa(int(constants.StorageContainerPort)),
 			},
 			{
-				Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILES",
+				Name:  "S3_KEY_FILE",
 				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s/%s", tls.StorageSecret, corev1.TLSPrivateKeyKey),
 			},
 			{
-				Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_FILES",
+				Name:  "S3_CERT_FILE",
 				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s/%s", tls.StorageSecret, corev1.TLSCertKey),
 			},
-			{
-				Name:  "QUARKUS_HTTP_INSECURE_REQUESTS",
-				Value: "disabled",
-			},
 		}
 
 		tlsSecretMount := corev1.VolumeMount{
@@ -1641,7 +1640,7 @@ func NewStorageContainer(cr *model.CryostatInstance, imageTag string, tls *TLSCo
 			Name:  "QUARKUS_HTTP_PORT",
 			Value: strconv.Itoa(int(constants.StorageContainerPort)),
 		})
-	}
+	}**/
 
 	if cr.Spec.SecurityOptions != nil && cr.Spec.SecurityOptions.StorageSecurityContext != nil {
 		containerSc = cr.Spec.SecurityOptions.StorageSecurityContext
@@ -1757,26 +1756,26 @@ func NewDatabaseContainer(cr *model.CryostatInstance, imageTag string, tls *TLSC
 		},
 	}
 
+	/**
 	if tls != nil {
 		tlsEnvs := []corev1.EnvVar{
 			{
-				Name:  "QUARKUS_HTTP_SSL_PORT",
-				Value: strconv.Itoa(int(constants.DatabaseContainerPort)),
+				Name:  "QUARKUS_DATASOURCE_REACTIVE_TRUST_ALL",
+				Value: "true",
 			},
 			{
-				Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILES",
-				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s/%s", tls.DatabaseSecret, corev1.TLSPrivateKeyKey),
+				Name:  "QUARKUS_DATASOURCE_REACTIVE_KEY_CERTIFICATE_PEM_KEYS",
+				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-database-tls/tls.key", cr.Name),
 			},
 			{
-				Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_FILES",
-				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s/%s", tls.DatabaseSecret, corev1.TLSCertKey),
+				Name:  "QUARKUS_DATASOURCE_REACTIVE_KEY_CERTIFICATE_PEM_CERTS",
+				Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-database-tls/tls.crt", cr.Name),
 			},
 			{
-				Name:  "QUARKUS_HTTP_INSECURE_REQUESTS",
-				Value: "disabled",
+				Name:  "QUARKUS_DATASOURCE_REACTIVE_URL",
+				Value: fmt.Sprintf("https://%s-database:5432", cr.Name),
 			},
 		}
-
 		tlsSecretMount := corev1.VolumeMount{
 			Name:      "database-tls-secret",
 			MountPath: "/var/run/secrets/operator.cryostat.io/" + tls.DatabaseSecret,
@@ -1787,10 +1786,10 @@ func NewDatabaseContainer(cr *model.CryostatInstance, imageTag string, tls *TLSC
 		mounts = append(mounts, tlsSecretMount)
 	} else {
 		envs = append(envs, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_PORT",
-			Value: strconv.Itoa(int(constants.DatabaseContainerPort)),
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_URL",
+			Value: fmt.Sprintf("http://%s-database:5432", cr.Name),
 		})
-	}
+	}**/
 
 	return corev1.Container{
 		Name:            cr.Name + "-db",
diff --git a/internal/controllers/reconciler_test.go b/internal/controllers/reconciler_test.go
index 37a09bf5..f819aa0b 100644
--- a/internal/controllers/reconciler_test.go
+++ b/internal/controllers/reconciler_test.go
@@ -2289,7 +2289,7 @@ func (t *cryostatTestInput) expectWaitingForCertificate() {
 
 func (t *cryostatTestInput) expectCertificates() {
 	// Check certificates
-	certs := []*certv1.Certificate{t.NewCryostatCert(), t.NewCACert(), t.NewReportsCert(), t.NewDatabaseCert(), t.NewStorageCert()}
+	certs := []*certv1.Certificate{t.NewCryostatCert(), t.NewCACert(), t.NewReportsCert()}
 	for _, expected := range certs {
 		actual := &certv1.Certificate{}
 		err := t.Client.Get(context.Background(), types.NamespacedName{Name: expected.Name, Namespace: expected.Namespace}, actual)
diff --git a/internal/test/clients.go b/internal/test/clients.go
index 4fa92c4c..4a46133e 100644
--- a/internal/test/clients.go
+++ b/internal/test/clients.go
@@ -70,7 +70,7 @@ func (c *testClient) makeCertificatesReady(ctx context.Context, obj runtime.Obje
 	// If this object is one of the operator-managed certificates, mock the behaviour
 	// of cert-manager processing those certificates
 	cert, ok := obj.(*certv1.Certificate)
-	if ok && c.matchesName(cert, c.NewCryostatCert(), c.NewCACert(), c.NewReportsCert(), c.NewDatabaseCert(), c.NewStorageCert()) &&
+	if ok && c.matchesName(cert, c.NewCryostatCert(), c.NewCACert(), c.NewReportsCert()) &&
 		len(cert.Status.Conditions) == 0 {
 		// Create certificate secret
 		c.createCertSecret(ctx, cert)
diff --git a/internal/test/resources.go b/internal/test/resources.go
index 8c6f0e5d..d3a37e97 100644
--- a/internal/test/resources.go
+++ b/internal/test/resources.go
@@ -1066,6 +1066,7 @@ func (r *TestResources) NewReportsCert() *certv1.Certificate {
 	}
 }
 
+/**
 func (r *TestResources) NewDatabaseCert() *certv1.Certificate {
 	return &certv1.Certificate{
 		ObjectMeta: metav1.ObjectMeta{
@@ -1116,7 +1117,7 @@ func (r *TestResources) NewStorageCert() *certv1.Certificate {
 			},
 		},
 	}
-}
+}**/
 
 func (r *TestResources) NewCACert() *certv1.Certificate {
 	return &certv1.Certificate{
@@ -1388,7 +1389,7 @@ func (r *TestResources) NewCoreEnvironmentVariables(reportsUrl string, databaseU
 		},
 		{
 			Name:  "QUARKUS_DATASOURCE_JDBC_URL",
-			Value: "jdbc:postgresql://localhost:5432/cryostat",
+			Value: fmt.Sprintf("jdbc:postgresql://%s-database:5432/cryostat", r.Name),
 		},
 		{
 			Name:  "STORAGE_BUCKETS_ARCHIVE_NAME",
@@ -1396,7 +1397,7 @@ func (r *TestResources) NewCoreEnvironmentVariables(reportsUrl string, databaseU
 		},
 		{
 			Name:  "QUARKUS_S3_ENDPOINT_OVERRIDE",
-			Value: "http://localhost:8333",
+			Value: fmt.Sprintf("http://%s-storage:8333", r.Name),
 		},
 		{
 			Name:  "QUARKUS_S3_PATH_STYLE_ACCESS",
@@ -1654,26 +1655,24 @@ func (r *TestResources) NewStorageEnvironmentVariables() []corev1.EnvVar {
 			},
 		},
 	}
+	/**
 	if r.TLS {
 		envs = append(envs, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_PORT",
+			Name:  "S3_PORT_HTTPS",
 			Value: "8333",
 		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILES",
+			Name:  "S3_KEY_FILE",
 			Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-storage-tls/tls.key", r.Name),
 		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_FILES",
+			Name:  "S3_CERT_FILE",
 			Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-storage-tls/tls.crt", r.Name),
-		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_INSECURE_REQUESTS",
-			Value: "disabled",
 		})
 	} else {
 		envs = append(envs, corev1.EnvVar{
 			Name:  "QUARKUS_HTTP_PORT",
 			Value: "8333",
 		})
-	}
+	}**/
 	return envs
 }
 
@@ -1717,26 +1716,27 @@ func (r *TestResources) NewDatabaseEnvironmentVariables(dbSecretProvided bool) [
 			},
 		},
 	}
+	/**
 	if r.TLS {
 		envs = append(envs, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_PORT",
-			Value: "5432",
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_TRUST_ALL",
+			Value: "true",
 		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILES",
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_KEY_CERTIFICATE_PEM_KEYS",
 			Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-database-tls/tls.key", r.Name),
 		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_SSL_CERTIFICATE_FILES",
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_KEY_CERTIFICATE_PEM_CERTS",
 			Value: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-database-tls/tls.crt", r.Name),
 		}, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_INSECURE_REQUESTS",
-			Value: "disabled",
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_URL",
+			Value: fmt.Sprintf("https://%s-database:5432", r.Name),
 		})
 	} else {
 		envs = append(envs, corev1.EnvVar{
-			Name:  "QUARKUS_HTTP_PORT",
-			Value: "5432",
+			Name:  "QUARKUS_DATASOURCE_REACTIVE_URL",
+			Value: fmt.Sprintf("http://%s-database:5432", r.Name),
 		})
-	}
+	}**/
 	return envs
 }
 
@@ -1976,6 +1976,7 @@ func (r *TestResources) NewStorageVolumeMounts() []corev1.VolumeMount {
 			MountPath: "/data",
 			SubPath:   "seaweed",
 		})
+	/**
 	if r.TLS {
 		mounts = append(mounts,
 			corev1.VolumeMount{
@@ -1983,7 +1984,7 @@ func (r *TestResources) NewStorageVolumeMounts() []corev1.VolumeMount {
 				MountPath: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-storage-tls", r.Name),
 				ReadOnly:  true,
 			})
-	}
+	}**/
 	return mounts
 }
 
@@ -1995,6 +1996,7 @@ func (r *TestResources) NewDatabaseVolumeMounts() []corev1.VolumeMount {
 			MountPath: "/data",
 			SubPath:   "postgres",
 		})
+	/**
 	if r.TLS {
 		mounts = append(mounts,
 			corev1.VolumeMount{
@@ -2002,7 +2004,7 @@ func (r *TestResources) NewDatabaseVolumeMounts() []corev1.VolumeMount {
 				MountPath: fmt.Sprintf("/var/run/secrets/operator.cryostat.io/%s-database-tls", r.Name),
 				ReadOnly:  true,
 			})
-	}
+	}**/
 	return mounts
 }
 
@@ -2127,10 +2129,11 @@ func (r *TestResources) NewDatasourceLivenessProbe() *corev1.Probe {
 }
 
 func (r *TestResources) NewStorageLivenessProbe() *corev1.Probe {
-	protocol := corev1.URISchemeHTTPS
-	if !r.TLS {
-		protocol = corev1.URISchemeHTTP
-	}
+	protocol := corev1.URISchemeHTTP
+	/**
+	if r.TLS {
+		protocol = corev1.URISchemeHTTPS
+	}**/
 	return &corev1.Probe{
 		ProbeHandler: corev1.ProbeHandler{
 			HTTPGet: &corev1.HTTPGetAction{
@@ -2496,6 +2499,7 @@ func (r *TestResources) NewDatabaseVolumes() []corev1.Volume {
 		},
 	}
 
+	/**
 	if r.TLS {
 		volumes = append(volumes, corev1.Volume{
 			Name: "database-tls-secret",
@@ -2505,7 +2509,7 @@ func (r *TestResources) NewDatabaseVolumes() []corev1.Volume {
 				},
 			},
 		})
-	}
+	} **/
 	return volumes
 }
 
@@ -2522,6 +2526,7 @@ func (r *TestResources) NewStorageVolumes() []corev1.Volume {
 		},
 	}
 
+	/**
 	if r.TLS {
 		volumes = append(volumes, corev1.Volume{
 			Name: "storage-tls-secret",
@@ -2531,7 +2536,7 @@ func (r *TestResources) NewStorageVolumes() []corev1.Volume {
 				},
 			},
 		})
-	}
+	}**/
 	return volumes
 }