in controllers/util/solr_tls_util.go [429:471]
func (tls *TLSConfig) clientEnvVars() []corev1.EnvVar {
opts := tls.Options
var envVars []corev1.EnvVar
if opts.MountedTLSDir != nil {
// passwords get exported from files in the TLS dir using an initdb wrapper script if they come from files
keyStorePassword := ""
if opts.MountedTLSDir.KeystoreFile != "" {
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_KEY_STORE", Value: mountedTLSKeystorePath(opts.MountedTLSDir)})
if opts.MountedTLSDir.KeystorePassword != "" && opts.MountedTLSDir.KeystorePasswordFile == "" {
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_KEY_STORE_PASSWORD", Value: opts.MountedTLSDir.KeystorePassword})
keyStorePassword = opts.MountedTLSDir.KeystorePassword
}
}
if opts.MountedTLSDir.TruststoreFile != "" {
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_TRUST_STORE", Value: mountedTLSTruststorePath(opts.MountedTLSDir)})
trustStorePassword := opts.MountedTLSDir.TruststorePassword
if trustStorePassword == "" && keyStorePassword != "" {
trustStorePassword = keyStorePassword
}
if trustStorePassword != "" && opts.MountedTLSDir.TruststorePasswordFile == "" {
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD", Value: trustStorePassword})
}
} else if opts.MountedTLSDir.KeystoreFile != "" {
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_TRUST_STORE", Value: "$(SOLR_SSL_CLIENT_KEY_STORE)"})
envVars = append(envVars, corev1.EnvVar{Name: "SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD", Value: keyStorePassword})
}
}
if opts.PKCS12Secret != nil {
envVars = append(envVars, tls.keystoreEnvVars("SOLR_SSL_CLIENT_KEY_STORE")...)
// if no additional truststore secret provided, just use the keystore for both
if opts.TrustStoreSecret == nil {
envVars = append(envVars, tls.keystoreEnvVars("SOLR_SSL_CLIENT_TRUST_STORE")...)
}
}
if opts.TrustStoreSecret != nil {
envVars = append(envVars, tls.truststoreEnvVars("SOLR_SSL_CLIENT_TRUST_STORE")...)
}
return envVars
}