fix: Auto-create truststore on certificate addition

sbernauer · sbernauer · commit ebd64addcd00 · 2025-09-29T11:53:07.000+02:00
diff --git a/rust/operator-binary/src/authentication/ldap.rs b/rust/operator-binary/src/authentication/ldap.rs
@@ -100,7 +100,7 @@ pub fn prepare_container_commands(
     command: &mut Vec<String>,
 ) {
     if let Some(tls_ca_cert_mount_path) = provider.tls.tls_ca_cert_mount_path() {
-        command.push(add_cert_to_trust_store_cmd(
+        command.extend(add_cert_to_trust_store_cmd(
             &tls_ca_cert_mount_path,
             STACKABLE_TLS_DIR,
             TLS_STORE_PASSWORD,
diff --git a/rust/operator-binary/src/authentication/oidc.rs b/rust/operator-binary/src/authentication/oidc.rs
@@ -111,7 +111,7 @@ pub fn main_container_commands(
     command: &mut Vec<String>,
 ) {
     if let Some(tls_ca_cert_mount_path) = provider.tls.tls_ca_cert_mount_path() {
-        command.push(add_cert_to_jvm_trust_store_cmd(&tls_ca_cert_mount_path))
+        command.extend(add_cert_to_jvm_trust_store_cmd(&tls_ca_cert_mount_path))
     }
 }
 
diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs
@@ -997,7 +997,7 @@ impl DruidRole {
 
         if let Some(s3) = s3 {
             if let Some(ca_cert_file) = s3.tls.tls_ca_cert_mount_path() {
-                commands.push(add_cert_to_jvm_trust_store_cmd(&ca_cert_file));
+                commands.extend(add_cert_to_jvm_trust_store_cmd(&ca_cert_file));
             }
         }
 
diff --git a/rust/operator-binary/src/crd/security.rs b/rust/operator-binary/src/crd/security.rs
@@ -475,14 +475,14 @@ pub fn add_cert_to_trust_store_cmd(
     cert_file: &str,
     destination_directory: &str,
     store_password: &str,
-) -> String {
+) -> Vec<String> {
     let truststore = format!("{destination_directory}/truststore.p12");
-    format!(
-        "cert-tools generate-pkcs12-truststore --pkcs12 {truststore}:{store_password} --pem {cert_file} --out {truststore} --out-password {store_password}"
-    )
+    vec![format!(
+        "if [ -f {truststore} ]; then cert-tools generate-pkcs12-truststore --pkcs12 {truststore}:{store_password} --pem {cert_file} --out {truststore} --out-password {store_password}; else cert-tools generate-pkcs12-truststore --pem {cert_file} --out {truststore} --out-password {store_password}; fi" // "cert-tools generate-pkcs12-truststore --pkcs12 {truststore}:{store_password} --pem {cert_file} --out {truststore} --out-password {store_password}"
+    )]
 }
 
 /// Generate a bash command to add a CA to the truststore that is passed to the JVM
-pub fn add_cert_to_jvm_trust_store_cmd(cert_file: &str) -> String {
+pub fn add_cert_to_jvm_trust_store_cmd(cert_file: &str) -> Vec<String> {
     add_cert_to_trust_store_cmd(cert_file, "/stackable", STACKABLE_TRUST_STORE_PASSWORD)
 }

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ pub fn main_container_commands(`
`111`	`111`	`command: &mut Vec<String>,`
`112`	`112`	`) {`
`113`	`113`	`if let Some(tls_ca_cert_mount_path) = provider.tls.tls_ca_cert_mount_path() {`
`114`		`- command.push(add_cert_to_jvm_trust_store_cmd(&tls_ca_cert_mount_path))`
	`114`	`+ command.extend(add_cert_to_jvm_trust_store_cmd(&tls_ca_cert_mount_path))`
`115`	`115`	`}`
`116`	`116`	`}`
`117`	`117`
Original file line number	Diff line number	Diff line change
`@@ -997,7 +997,7 @@ impl DruidRole {`
`997`	`997`
`998`	`998`	`if let Some(s3) = s3 {`
`999`	`999`	`if let Some(ca_cert_file) = s3.tls.tls_ca_cert_mount_path() {`
`1000`		`- commands.push(add_cert_to_jvm_trust_store_cmd(&ca_cert_file));`
	`1000`	`+ commands.extend(add_cert_to_jvm_trust_store_cmd(&ca_cert_file));`
`1001`	`1001`	`}`
`1002`	`1002`	`}`
`1003`	`1003`