Apply review feedback

mshitrit · mshitrit · commit c88d870ce949 · 2025-04-29T17:00:30.000+03:00
- Modify SSL Certification to be enum instead of boolean

Signed-off-by: Michael Shitrit &lt;mshitrit@redhat.com&gt;
diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -71,8 +71,15 @@ spec:
                       properties:
                         address:
                           type: string
-                        disableCertificateVerification:
-                          type: boolean
+                        certificateVerification:
+                          default: Enabled
+                          description: |-
+                            CertificateVerification Defines whether ssl certificate verification is required or not.
+                            If omitted, the platform chooses a default, that default is enabled.
+                          enum:
+                          - Enabled
+                          - Disabled
+                          type: string
                         hostName:
                           type: string
                         password:
@@ -81,7 +88,6 @@ spec:
                           type: string
                       required:
                       - address
-                      - disableCertificateVerification
                       - password
                       - username
                       type: object
@@ -1387,8 +1393,15 @@ spec:
                         properties:
                           address:
                             type: string
-                          disableCertificateVerification:
-                            type: boolean
+                          certificateVerification:
+                            default: Enabled
+                            description: |-
+                              CertificateVerification Defines whether ssl certificate verification is required or not.
+                              If omitted, the platform chooses a default, that default is enabled.
+                            enum:
+                            - Enabled
+                            - Disabled
+                            type: string
                           hostName:
                             type: string
                           password:
@@ -1397,7 +1410,6 @@ spec:
                             type: string
                         required:
                         - address
-                        - disableCertificateVerification
                         - password
                         - username
                         type: object
@@ -2642,8 +2654,15 @@ spec:
                       properties:
                         address:
                           type: string
-                        disableCertificateVerification:
-                          type: boolean
+                        certificateVerification:
+                          default: Enabled
+                          description: |-
+                            CertificateVerification Defines whether ssl certificate verification is required or not.
+                            If omitted, the platform chooses a default, that default is enabled.
+                          enum:
+                          - Enabled
+                          - Disabled
+                          type: string
                         hostName:
                           type: string
                         password:
@@ -2652,7 +2671,6 @@ spec:
                           type: string
                       required:
                       - address
-                      - disableCertificateVerification
                       - password
                       - username
                       type: object
diff --git a/pkg/types/machinepools.go b/pkg/types/machinepools.go
@@ -158,11 +158,26 @@ type Fencing struct {
 	Credentials []*Credential `json:"credentials,omitempty"`
 }
 
+// CertificateVerificationPolicy represents the options for CertificateVerification .
+type CertificateVerificationPolicy string
+
+const (
+	// CertificateVerificationEnabled enables ssl certificate verification.
+	CertificateVerificationEnabled CertificateVerificationPolicy = "Enabled"
+	// CertificateVerificationDisabled disables ssl certificate verification.
+	CertificateVerificationDisabled CertificateVerificationPolicy = "Disabled"
+)
+
 // Credential stores the information about a baremetal host's management controller.
 type Credential struct {
-	HostName                       string `json:"hostName,omitempty" validate:"required,uniqueField"`
-	Username                       string `json:"username" validate:"required"`
-	Password                       string `json:"password" validate:"required"`
-	Address                        string `json:"address" validate:"required,uniqueField"`
-	DisableCertificateVerification bool   `json:"disableCertificateVerification"`
+	HostName string `json:"hostName,omitempty" validate:"required,uniqueField"`
+	Username string `json:"username" validate:"required"`
+	Password string `json:"password" validate:"required"`
+	Address  string `json:"address" validate:"required,uniqueField"`
+	// CertificateVerification Defines whether ssl certificate verification is required or not.
+	// If omitted, the platform chooses a default, that default is enabled.
+	// +kubebuilder:default:="Enabled"
+	// +kubebuilder:validation:Enum=Enabled;Disabled
+	// +optional
+	CertificateVerification CertificateVerificationPolicy `json:"certificateVerification,omitempty"`
 }
diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go
@@ -2824,8 +2824,9 @@ func TestValidateTNF(t *testing.T) {
 		},
 		{
 			config: installConfig().
+				PlatformBMWithHosts().
 				MachinePoolCP(machinePool().
-					Credential(c1().DisableCertificateVerification(true), c2())).
+					Credential(c1().CertificateVerification(types.CertificateVerificationDisabled), c2())).
 				CpReplicas(2).
 				build(),
 			name:     "valid_with_disabled_cert_verification",
@@ -3026,8 +3027,8 @@ func (hb *credentialBuilder) BMCPassword(value string) *credentialBuilder {
 	return hb
 }
 
-func (hb *credentialBuilder) DisableCertificateVerification(value bool) *credentialBuilder {
-	hb.Credential.DisableCertificateVerification = value
+func (hb *credentialBuilder) CertificateVerification(value types.CertificateVerificationPolicy) *credentialBuilder {
+	hb.Credential.CertificateVerification = value
 	return hb
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2824,8 +2824,9 @@ func TestValidateTNF(t *testing.T) {`
`2824`	`2824`	`},`
`2825`	`2825`	`{`
`2826`	`2826`	`config: installConfig().`
	`2827`	`+ PlatformBMWithHosts().`
`2827`	`2828`	`MachinePoolCP(machinePool().`
`2828`		`- Credential(c1().DisableCertificateVerification(true), c2())).`
	`2829`	`+ Credential(c1().CertificateVerification(types.CertificateVerificationDisabled), c2())).`
`2829`	`2830`	`CpReplicas(2).`
`2830`	`2831`	`build(),`
`2831`	`2832`	`name: "valid_with_disabled_cert_verification",`
`@@ -3026,8 +3027,8 @@ func (hb credentialBuilder) BMCPassword(value string) credentialBuilder {`
`3026`	`3027`	`return hb`
`3027`	`3028`	`}`
`3028`	`3029`
`3029`		`-func (hb credentialBuilder) DisableCertificateVerification(value bool) credentialBuilder {`
`3030`		`- hb.Credential.DisableCertificateVerification = value`
	`3030`	`+func (hb credentialBuilder) CertificateVerification(value types.CertificateVerificationPolicy) credentialBuilder {`
	`3031`	`+ hb.Credential.CertificateVerification = value`
`3031`	`3032`	`return hb`
`3032`	`3033`	`}`
`3033`	`3034`