func()

in controllers/solrprometheusexporter_controller.go [303:342]

• 29 lines of code
• 10 McCabe index (conditional complexity)

func (r *SolrPrometheusExporterReconciler) reconcileTLSConfig(prometheusExporter *solrv1beta1.SolrPrometheusExporter) (*util.TLSCerts, error) {
	tls := util.TLSCertsForExporter(prometheusExporter)
	opts := tls.ClientConfig.Options

	if opts.PKCS12Secret != nil {
		// Ensure one or the other have been configured, but not both
		if opts.MountedTLSDir != nil {
			return nil, fmt.Errorf("invalid TLS config, either supply `solrTLS.pkcs12Secret` or `solrTLS.mountedTLSDir` but not both")
		}

		// make sure the PKCS12Secret and corresponding keystore password exist and agree with the supplied config
		_, err := tls.ClientConfig.VerifyKeystoreAndTruststoreSecretConfig(&r.Client)
		if err != nil {
			return nil, err
		}
	} else if opts.TrustStoreSecret != nil {
		// no client cert, but we have truststore for the exporter, configure it ...
		// Ensure one or the other have been configured, but not both
		if opts.MountedTLSDir != nil {
			return nil, fmt.Errorf("invalid TLS config, either supply `solrTLS.trustStoreSecret` or `solrTLS.mountedTLSDir` but not both")
		}

		// make sure the TrustStoreSecret and corresponding password exist and agree with the supplied config
		err := tls.ClientConfig.VerifyTruststoreOnly(&r.Client)
		if err != nil {
			return nil, err
		}
	} else {
		// per-pod TLS files get mounted into a dir on the pod dynamically using some external agent / CSI driver type mechanism
		if opts.MountedTLSDir == nil {
			return nil, fmt.Errorf("invalid TLS config, the 'solrTLS.mountedTLSDir' option is required unless you specify a keystore and/or truststore secret")
		}

		if opts.MountedTLSDir.KeystoreFile == "" && opts.MountedTLSDir.TruststoreFile == "" {
			return nil, fmt.Errorf("invalid TLS config, the 'solrTLS.mountedTLSDir' option must specify a keystoreFile and/or truststoreFile")
		}
	}

	return tls, nil
}