@@ -71,24 +71,43 @@ func TestPostgresConfigParametersV1beta1(t *testing.T) {
7171 })
7272 })
7373
74- t .Run ("SSL Settings " , func (t * testing.T ) {
75- t .Run ("Allowed " , func (t * testing.T ) {
74+ t .Run ("ssl_groups and ssl_ecdh_curve " , func (t * testing.T ) {
75+ t .Run ("ssl_groups not allowed for pg17 " , func (t * testing.T ) {
7676 for _ , tt := range []struct {
77- key string
78- value any
79- postgresVersion int
77+ key string
78+ value any
8079 }{
81- // ssl_ecdh_curve is allowed for all supported Postgres versions
82- {key : "ssl_ecdh_curve" , value : "anything" , postgresVersion : 17 },
83- {key : "ssl_ecdh_curve" , value : "anything" , postgresVersion : 18 },
80+ {key : "ssl_groups" , value : "anything" },
81+ } {
82+ t .Run (tt .key , func (t * testing.T ) {
83+ cluster := u .DeepCopy ()
84+ require .UnmarshalIntoField (t , cluster ,
85+ require .Value (yaml .Marshal (17 )),
86+ "spec" , "postgresVersion" )
87+ require .UnmarshalIntoField (t , cluster ,
88+ require .Value (yaml .Marshal (tt .value )),
89+ "spec" , "config" , "parameters" , tt .key )
8490
85- // ssl_groups is only supported for Postgres 18 and greater
86- {key : "ssl_groups" , value : "anything" , postgresVersion : 18 },
91+ err := cc .Create (ctx , cluster , client .DryRunAll )
92+ assert .Assert (t , apierrors .IsInvalid (err ))
93+
94+ details := require .StatusErrorDetails (t , err )
95+ assert .Assert (t , cmp .Len (details .Causes , 1 ))
96+ })
97+ }
98+ })
99+
100+ t .Run ("ssl_groups allowed for pg18" , func (t * testing.T ) {
101+ for _ , tt := range []struct {
102+ key string
103+ value any
104+ }{
105+ {key : "ssl_groups" , value : "anything" },
87106 } {
88107 t .Run (tt .key , func (t * testing.T ) {
89108 cluster := u .DeepCopy ()
90109 require .UnmarshalIntoField (t , cluster ,
91- require .Value (yaml .Marshal (tt . postgresVersion )),
110+ require .Value (yaml .Marshal (18 )),
92111 "spec" , "postgresVersion" )
93112 require .UnmarshalIntoField (t , cluster ,
94113 require .Value (yaml .Marshal (tt .value )),
@@ -99,39 +118,48 @@ func TestPostgresConfigParametersV1beta1(t *testing.T) {
99118 }
100119 })
101120
102- t .Run ("Not Allowed " , func (t * testing.T ) {
121+ t .Run ("ssl_ecdh_curve allowed for both " , func (t * testing.T ) {
103122 for _ , tt := range []struct {
104- key string
105- value any
106- postgresVersion int
123+ key string
124+ value any
107125 }{
108- // setting "ssl" is not allowed for any Postgres version
109- {key : "ssl" , value : "anything" , postgresVersion : 17 },
110- {key : "ssl" , value : "anything" , postgresVersion : 18 },
111-
112- // setting any parameter with an "ssl_" prefix that is not
113- // "ssl_ecdh_curve" or "ssl_groups" is not allowed for any version
114- {key : "ssl_anything" , value : "anything" , postgresVersion : 17 },
115- {key : "ssl_anything" , value : "anything" , postgresVersion : 18 },
116-
117- // setting "ssl_ecdh_curve" with any additional suffix is not
118- // allowed for any version
119- {key : "ssl_ecdh_curve_bad" , value : "anything" , postgresVersion : 17 },
120- {key : "ssl_ecdh_curve_bad" , value : "anything" , postgresVersion : 18 },
121-
122- // setting "ssl_groups" is not allowed for Postgres versions 17
123- // or earlier
124- {key : "ssl_groups" , value : "anything" , postgresVersion : 17 },
125-
126- // setting "ssl_groups" with any additional suffix is not
127- // allowed for any version
128- {key : "ssl_groups_bad" , value : "anything" , postgresVersion : 17 },
129- {key : "ssl_groups_bad" , value : "anything" , postgresVersion : 18 },
126+ {key : "ssl_ecdh_curve" , value : "anything" },
130127 } {
131128 t .Run (tt .key , func (t * testing.T ) {
132129 cluster := u .DeepCopy ()
133130 require .UnmarshalIntoField (t , cluster ,
134- require .Value (yaml .Marshal (tt .postgresVersion )),
131+ require .Value (yaml .Marshal (17 )),
132+ "spec" , "postgresVersion" )
133+ require .UnmarshalIntoField (t , cluster ,
134+ require .Value (yaml .Marshal (tt .value )),
135+ "spec" , "config" , "parameters" , tt .key )
136+
137+ assert .NilError (t , cc .Create (ctx , cluster , client .DryRunAll ))
138+
139+ cluster2 := u .DeepCopy ()
140+ require .UnmarshalIntoField (t , cluster2 ,
141+ require .Value (yaml .Marshal (18 )),
142+ "spec" , "postgresVersion" )
143+ require .UnmarshalIntoField (t , cluster2 ,
144+ require .Value (yaml .Marshal (tt .value )),
145+ "spec" , "config" , "parameters" , tt .key )
146+
147+ assert .NilError (t , cc .Create (ctx , cluster2 , client .DryRunAll ))
148+ })
149+ }
150+ })
151+
152+ t .Run ("other ssl_* parameters not allowed for any pg version" , func (t * testing.T ) {
153+ for _ , tt := range []struct {
154+ key string
155+ value any
156+ }{
157+ {key : "ssl_anything" , value : "anything" },
158+ } {
159+ t .Run (tt .key , func (t * testing.T ) {
160+ cluster := u .DeepCopy ()
161+ require .UnmarshalIntoField (t , cluster ,
162+ require .Value (yaml .Marshal (17 )),
135163 "spec" , "postgresVersion" )
136164 require .UnmarshalIntoField (t , cluster ,
137165 require .Value (yaml .Marshal (tt .value )),
@@ -142,6 +170,20 @@ func TestPostgresConfigParametersV1beta1(t *testing.T) {
142170
143171 details := require .StatusErrorDetails (t , err )
144172 assert .Assert (t , cmp .Len (details .Causes , 1 ))
173+
174+ cluster1 := u .DeepCopy ()
175+ require .UnmarshalIntoField (t , cluster1 ,
176+ require .Value (yaml .Marshal (18 )),
177+ "spec" , "postgresVersion" )
178+ require .UnmarshalIntoField (t , cluster1 ,
179+ require .Value (yaml .Marshal (tt .value )),
180+ "spec" , "config" , "parameters" , tt .key )
181+
182+ err = cc .Create (ctx , cluster1 , client .DryRunAll )
183+ assert .Assert (t , apierrors .IsInvalid (err ))
184+
185+ details = require .StatusErrorDetails (t , err )
186+ assert .Assert (t , cmp .Len (details .Causes , 1 ))
145187 })
146188 }
147189 })
0 commit comments