From a8f8582ea66bb8adf4f318cb0f882aeb94f7031d Mon Sep 17 00:00:00 2001
From: Dario Tranchitella <dario@tranchitella.eu>
Date: Sun, 23 Mar 2025 22:29:33 +0100
Subject: [PATCH] fix(datastore): handling datastore with no client certificate
 (#745)

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---
 api/v1alpha1/indexer_datastore_usedsecret.go | 12 +++++++-----
 internal/webhook/handlers/ds_validate.go     | 12 +++++++-----
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/api/v1alpha1/indexer_datastore_usedsecret.go b/api/v1alpha1/indexer_datastore_usedsecret.go
index 45c4262..24987a2 100644
--- a/api/v1alpha1/indexer_datastore_usedsecret.go
+++ b/api/v1alpha1/indexer_datastore_usedsecret.go
@@ -52,12 +52,14 @@ func (d *DatastoreUsedSecret) ExtractValue() client.IndexerFunc {
 				res = append(res, d.namespacedName(*ds.Spec.TLSConfig.CertificateAuthority.PrivateKey.SecretRef))
 			}
 
-			if ds.Spec.TLSConfig.ClientCertificate.Certificate.SecretRef != nil {
-				res = append(res, d.namespacedName(*ds.Spec.TLSConfig.ClientCertificate.Certificate.SecretRef))
-			}
+			if ds.Spec.TLSConfig.ClientCertificate != nil {
+				if ds.Spec.TLSConfig.ClientCertificate.Certificate.SecretRef != nil {
+					res = append(res, d.namespacedName(*ds.Spec.TLSConfig.ClientCertificate.Certificate.SecretRef))
+				}
 
-			if ds.Spec.TLSConfig.ClientCertificate.PrivateKey.SecretRef != nil {
-				res = append(res, d.namespacedName(*ds.Spec.TLSConfig.ClientCertificate.PrivateKey.SecretRef))
+				if ds.Spec.TLSConfig.ClientCertificate.PrivateKey.SecretRef != nil {
+					res = append(res, d.namespacedName(*ds.Spec.TLSConfig.ClientCertificate.PrivateKey.SecretRef))
+				}
 			}
 		}
 
diff --git a/internal/webhook/handlers/ds_validate.go b/internal/webhook/handlers/ds_validate.go
index 3bdf393..446c45c 100644
--- a/internal/webhook/handlers/ds_validate.go
+++ b/internal/webhook/handlers/ds_validate.go
@@ -108,12 +108,14 @@ func (d DataStoreValidation) validateTLSConfig(ctx context.Context, ds kamajiv1a
 		}
 	}
 
-	if err := d.validateContentReference(ctx, ds.Spec.TLSConfig.ClientCertificate.Certificate); err != nil {
-		return fmt.Errorf("client certificate is not valid, %w", err)
-	}
+	if ds.Spec.TLSConfig.ClientCertificate != nil {
+		if err := d.validateContentReference(ctx, ds.Spec.TLSConfig.ClientCertificate.Certificate); err != nil {
+			return fmt.Errorf("client certificate is not valid, %w", err)
+		}
 
-	if err := d.validateContentReference(ctx, ds.Spec.TLSConfig.ClientCertificate.PrivateKey); err != nil {
-		return fmt.Errorf("client private key is not valid, %w", err)
+		if err := d.validateContentReference(ctx, ds.Spec.TLSConfig.ClientCertificate.PrivateKey); err != nil {
+			return fmt.Errorf("client private key is not valid, %w", err)
+		}
 	}
 
 	return nil