From 19aa4ad1987053e15b407e71b6a7ca9ad438c379 Mon Sep 17 00:00:00 2001
From: Tanmay Jain <tjain@aerospike.com>
Date: Tue, 20 Feb 2024 17:47:27 +0530
Subject: [PATCH] adding securityEnabled flag in helm crd

---
 api/v1/aerospikecluster_validating_webhook.go          | 10 +---------
 ...efinition_aerospikeclusters.asdb.aerospike.com.yaml |  5 +++++
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/api/v1/aerospikecluster_validating_webhook.go b/api/v1/aerospikecluster_validating_webhook.go
index 0fa995e08..8dec672f2 100644
--- a/api/v1/aerospikecluster_validating_webhook.go
+++ b/api/v1/aerospikecluster_validating_webhook.go
@@ -1300,17 +1300,9 @@ func validateEnableSecurityConfig(newConfSpec, oldConfSpec *AerospikeConfigSpec)
 		oldSecFlag, oldEnableSecurityFlagFound := oldSec.(map[string]interface{})["enable-security"]
 		newSecFlag, newEnableSecurityFlagFound := newSec.(map[string]interface{})["enable-security"]
 
-		if oldEnableSecurityFlagFound && oldSecFlag.(bool) && !newEnableSecurityFlagFound {
+		if oldEnableSecurityFlagFound && oldSecFlag.(bool) && (!newEnableSecurityFlagFound || !newSecFlag.(bool)) {
 			return fmt.Errorf("cannot disable cluster security in running cluster")
 		}
-
-		if oldEnableSecurityFlagFound && newEnableSecurityFlagFound || !reflect.DeepEqual(
-			oldSecFlag, newSecFlag,
-		) {
-			if oldSecFlag.(bool) && !newSecFlag.(bool) {
-				return fmt.Errorf("cannot disable cluster security in running cluster")
-			}
-		}
 	}
 
 	return nil
diff --git a/helm-charts/aerospike-kubernetes-operator/crds/customresourcedefinition_aerospikeclusters.asdb.aerospike.com.yaml b/helm-charts/aerospike-kubernetes-operator/crds/customresourcedefinition_aerospikeclusters.asdb.aerospike.com.yaml
index 2d462a3a7..070d4e753 100644
--- a/helm-charts/aerospike-kubernetes-operator/crds/customresourcedefinition_aerospikeclusters.asdb.aerospike.com.yaml
+++ b/helm-charts/aerospike-kubernetes-operator/crds/customresourcedefinition_aerospikeclusters.asdb.aerospike.com.yaml
@@ -14209,6 +14209,10 @@ spec:
                       description: PodSpecHash is ripemd160 hash of PodSpec used by
                         this pod
                       type: string
+                    securityEnabled:
+                      description: SecurityEnabled is true if security is enabled
+                        in the pod
+                      type: boolean
                     servicePort:
                       description: ServicePort is the port Aerospike clients outside
                         K8s can connect to.
@@ -14221,6 +14225,7 @@ spec:
                   - podIP
                   - podPort
                   - podSpecHash
+                  - securityEnabled
                   type: object
                 description: Pods has Aerospike specific status of the pods. This
                   is map instead of the conventional map as list convention to allow