crds 🤦

Signed-off-by: Lukas Kral <lukywill16@gmail.com>

Author: im-konge

packaging/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml

@@ -81,16 +81,31 @@ spec:
                       required:
                         - valueFrom
                       description: "Specify the password for the user. If not set, a new password is generated by the User Operator."
+                    renewalDays:
+                      type: integer
+                      description: "Configures how many days before the certificate expiration should be the user certificate renewed. If not configured, default User Operator value is used."
+                      x-kubernetes-validations:
+                        - rule: self > 0
+                          message: '''renewalDays'' has to be higher than 0.'
                     type:
                       type: string
                       enum:
                         - tls
                         - tls-external
                         - scram-sha-512
                       description: Authentication type.
+                    validityDays:
+                      type: integer
+                      description: "Number of days for which the user certificate should be valid. If not configured, default User Operator value is used."
+                      x-kubernetes-validations:
+                        - rule: self > 0
+                          message: '''validityDays'' has to be higher than 0.'
                   required:
                     - type
                   description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate.   But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n  ACLs and quotas set for this user are configured in the `CN=<username>` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication."
+                  x-kubernetes-validations:
+                    - rule: self.type == 'tls' || (!has(self.validityDays) && !has(self.renewalDays))
+                      message: "'validityDays' and 'renewalDays' can be configured only with 'type: tls'"
                 authorization:
                   type: object
                   properties:

packaging/install/user-operator/04-Crd-kafkauser.yaml

@@ -80,16 +80,31 @@ spec:
                     required:
                     - valueFrom
                     description: "Specify the password for the user. If not set, a new password is generated by the User Operator."
+                  renewalDays:
+                    type: integer
+                    description: "Configures how many days before the certificate expiration should be the user certificate renewed. If not configured, default User Operator value is used."
+                    x-kubernetes-validations:
+                    - rule: self > 0
+                      message: '''renewalDays'' has to be higher than 0.'
                   type:
                     type: string
                     enum:
                     - tls
                     - tls-external
                     - scram-sha-512
                     description: Authentication type.
+                  validityDays:
+                    type: integer
+                    description: "Number of days for which the user certificate should be valid. If not configured, default User Operator value is used."
+                    x-kubernetes-validations:
+                    - rule: self > 0
+                      message: '''validityDays'' has to be higher than 0.'
                 required:
                 - type
                 description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate.   But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n  ACLs and quotas set for this user are configured in the `CN=<username>` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication."
+                x-kubernetes-validations:
+                - rule: self.type == 'tls' || (!has(self.validityDays) && !has(self.renewalDays))
+                  message: "'validityDays' and 'renewalDays' can be configured only with 'type: tls'"
               authorization:
                 type: object
                 properties: