func()

in controllers/util/solr_tls_util.go [605:661]


func (tls *TLSCerts) generateTLSInitdbScriptInitContainer() corev1.Container {

	exportServerKeystorePassword, exportServerTruststorePassword := "", ""
	if tls.ServerConfig.Options.MountedTLSDir != nil {
		mountedDir := tls.ServerConfig.Options.MountedTLSDir
		if mountedDir.KeystorePasswordFile != "" || mountedDir.KeystorePassword == "" {
			exportServerKeystorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_KEY_STORE_PASSWORD", mountedTLSKeystorePasswordPath(tls.ServerConfig.Options.MountedTLSDir))
			exportServerTruststorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_TRUST_STORE_PASSWORD", "${SOLR_SSL_KEY_STORE_PASSWORD}")
		}
		if mountedDir.TruststorePasswordFile != "" {
			exportServerTruststorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_TRUST_STORE_PASSWORD", mountedTLSTruststorePasswordPath(tls.ServerConfig.Options.MountedTLSDir))
		} else if mountedDir.TruststorePassword != "" {
			exportServerTruststorePassword = ""
		}
	}

	// Might have a client cert too ...
	exportClientKeystorePassword, exportClientTruststorePassword := "", ""
	if tls.ClientConfig != nil && tls.ClientConfig.Options.MountedTLSDir != nil {
		mountedDir := tls.ClientConfig.Options.MountedTLSDir
		if mountedDir.KeystorePasswordFile != "" || mountedDir.KeystorePassword == "" {
			exportClientKeystorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_CLIENT_KEY_STORE_PASSWORD", mountedTLSKeystorePasswordPath(mountedDir))
			exportClientTruststorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD", "${SOLR_SSL_CLIENT_KEY_STORE_PASSWORD}")
		}
		if mountedDir.TruststorePasswordFile != "" {
			exportClientTruststorePassword = exportVarFromFileInInitdbWrapperScript("SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD", mountedTLSTruststorePasswordPath(mountedDir))
		} else if mountedDir.TruststorePassword != "" {
			exportClientTruststorePassword = ""
		}
	} else {
		exportClientKeystorePassword = exportServerKeystorePassword
		exportClientKeystorePassword = exportServerTruststorePassword
	}

	shCmd := fmt.Sprintf("echo -e \"#!/bin/bash\\n%s%s%s%s\"",
		exportServerKeystorePassword, exportServerTruststorePassword, exportClientKeystorePassword, exportClientTruststorePassword)
	shCmd += " > /docker-entrypoint-initdb.d/export-tls-vars.sh"
	/*
	   Init container creates a script like:

	      #!/bin/bash

	      export SOLR_SSL_KEY_STORE_PASSWORD=`cat $MOUNTED_SERVER_TLS_DIR/keystore-password`
	      export SOLR_SSL_TRUST_STORE_PASSWORD=`cat $MOUNTED_SERVER_TLS_DIR/truststore-password`
	      export SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=`cat $MOUNTED_CLIENT_TLS_DIR/keystore-password`
	      export SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=`cat $MOUNTED_CLIENT_TLS_DIR/truststore-password`

	*/

	return corev1.Container{
		Name:            InitdbInitContainer,
		Image:           tls.InitContainerImage.ToImageName(),
		ImagePullPolicy: tls.InitContainerImage.PullPolicy,
		Command:         []string{"sh", "-c", shCmd},
		VolumeMounts:    []corev1.VolumeMount{{Name: "initdb", MountPath: InitdbPath}},
	}
}