Skip to content

fix empty secret name behavior and allow reading PKI from disk#3

Merged
cahillsf merged 2 commits into
v2.2-ddfrom
stephen.cahill/fix-tls-generator
Apr 28, 2026
Merged

fix empty secret name behavior and allow reading PKI from disk#3
cahillsf merged 2 commits into
v2.2-ddfrom
stephen.cahill/fix-tls-generator

Conversation

@cahillsf
Copy link
Copy Markdown

@cahillsf cahillsf commented Jan 12, 2026
edited
Loading

Description of your changes

Fixes crossplane#7008

  • We can see here that the intention is for empty secret names to return nil, but given the envvar default is "" and this is always assigned as the pointer, the == nil will never evaluate as true. This fixes that behavior so the controller does not attempt to generate the bundle and populate the secrets if those values are not configured as envvars
  • Add functionality to allow reading PKI materials from disk, breaks out previous functionality into SecretCAProvider, adds new functionality under FileCAProvider
  • Allows for overriding the filenames of the client and webhook server PKI materials
  • TLS filename overrides fall back to the original constants (initializer.SecretKeyCACert, corev1.TLSCertKey, corev1.TLSPrivateKeyKey) rather than hardcoded string defaults

I have:

@cahillsf cahillsf force-pushed the stephen.cahill/fix-tls-generator branch from 3bf113c to b093afd Compare January 13, 2026 13:50
This was referenced Feb 26, 2026
Closed
Merged
@cahillsf cahillsf changed the title fix empty secret name behavior fix empty secret name behavior and allow reading certificates from disk Mar 13, 2026
@cahillsf cahillsf changed the title fix empty secret name behavior and allow reading certificates from disk fix empty secret name behavior and allow reading PKI from disk Mar 13, 2026
@cahillsf cahillsf force-pushed the stephen.cahill/fix-tls-generator branch 5 times, most recently from 62304b1 to a1314d1 Compare March 16, 2026 18:59
@cahillsf cahillsf marked this pull request as ready for review April 16, 2026 19:33
@cahillsf cahillsf mentioned this pull request Apr 21, 2026
Open
7 tasks
cahillsf and others added 2 commits April 24, 2026 13:38
@cahillsf @claude
fix empty secret name behavior and allow reading PKI from disk
2ccab54 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stephen Cahill <stephen.cahill@datadoghq.com>
@cahillsf @claude
add tests for FileCAProvider, SecretCAProvider, and empty secret name…
d5ca3fa 
… guards

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stephen Cahill <stephen.cahill@datadoghq.com>
@cahillsf cahillsf force-pushed the stephen.cahill/fix-tls-generator branch from a1314d1 to d5ca3fa Compare April 24, 2026 17:38
@cahillsf cahillsf changed the base branch from main to v2.2-dd April 24, 2026 17:39
@cahillsf cahillsf merged commit e161cdd into v2.2-dd Apr 28, 2026
2 checks passed
@cahillsf cahillsf deleted the stephen.cahill/fix-tls-generator branch April 28, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@havenwhitney-dd havenwhitney-dd havenwhitney-dd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Give user full control over TLS materials handling for both core init and start commands

2 participants

@cahillsf @havenwhitney-dd