From 2d60132bb648600f5464fadc255611a9eb96110e Mon Sep 17 00:00:00 2001
From: Leon <leon@apecloud.com>
Date: Fri, 6 Dec 2024 15:06:46 +0800
Subject: [PATCH] fix: TLS_ENABLED might not be defined

---
 .../config/mysql-scale-vtgate-config.tpl               |  2 +-
 addons/apecloud-mysql/config/mysql8-config.tpl         |  2 +-
 addons/apecloud-postgresql/config/pg14-config.tpl      |  2 +-
 addons/clickhouse/configs/00_default_overrides.xml.tpl |  8 ++++----
 .../configs/ch_keeper_00_default_overrides.xml.tpl     | 10 +++++-----
 addons/clickhouse/configs/client.xml.tpl               |  2 +-
 addons/etcd/config/etcd.conf.yaml.tpl                  |  8 ++++----
 addons/orioledb/config/orioledb-config.tpl             |  2 +-
 addons/postgresql/config/pg12-config.tpl               |  2 +-
 addons/postgresql/config/pg14-config.tpl               |  2 +-
 addons/postgresql/config/pg15-config.tpl               |  2 +-
 addons/postgresql/config/pg16-config.tpl               |  2 +-
 addons/vanilla-postgresql/config/pg12-config.tpl       |  2 +-
 addons/vanilla-postgresql/config/pg14-config.tpl       |  2 +-
 addons/vanilla-postgresql/config/pg15-config.tpl       |  2 +-
 15 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl b/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl
index 6a0a5fb46..7ca579cbb 100644
--- a/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl
+++ b/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl
@@ -24,7 +24,7 @@ enable_display_sql_execution_vttablets=false
 enable_read_write_split_for_read_only_txn=false
 enable_interception_for_dml_without_where=true
 
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 mysql_server_ssl_ca=/etc/pki/tls/ca.pem
 mysql_server_ssl_cert=/etc/pki/tls/cert.pem
 mysql_server_ssl_key=/etc/pki/tls/key.pem
diff --git a/addons/apecloud-mysql/config/mysql8-config.tpl b/addons/apecloud-mysql/config/mysql8-config.tpl
index 8eccf5620..2637224ed 100644
--- a/addons/apecloud-mysql/config/mysql8-config.tpl
+++ b/addons/apecloud-mysql/config/mysql8-config.tpl
@@ -195,7 +195,7 @@ relay_log_index=relay-bin.index
 pid_file=/var/run/mysqld/mysqld.pid
 socket=/var/run/mysqld/mysqld.sock
 
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 # tls
 # require_secure_transport=ON
 ssl_ca=/etc/pki/tls/ca.pem
diff --git a/addons/apecloud-postgresql/config/pg14-config.tpl b/addons/apecloud-postgresql/config/pg14-config.tpl
index 70645dbdb..7bc1f13c9 100644
--- a/addons/apecloud-postgresql/config/pg14-config.tpl
+++ b/addons/apecloud-postgresql/config/pg14-config.tpl
@@ -215,7 +215,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 # shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/clickhouse/configs/00_default_overrides.xml.tpl b/addons/clickhouse/configs/00_default_overrides.xml.tpl
index 20a9cfaed..2ff4a6b0e 100644
--- a/addons/clickhouse/configs/00_default_overrides.xml.tpl
+++ b/addons/clickhouse/configs/00_default_overrides.xml.tpl
@@ -2,7 +2,7 @@
 {{- $namespace := $.cluster.metadata.namespace }}
 <clickhouse>
   <listen_host>0.0.0.0</listen_host>
-  {{- if eq $.TLS_ENABLED "true" }}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
   <https_port replace="replace" from_env="CLICKHOUSE_HTTPS_PORT"/>
   <tcp_port_secure replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
   <interserver_https_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTPS_PORT"/>
@@ -31,7 +31,7 @@
         {{- range $_, $host := splitList "," .CLICKHOUSE_POD_FQDN_LIST }}
         <replica>
           <host>{{ $host }}</host>
-          {{- if eq $.TLS_ENABLED "true" }}
+          {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
           <port replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
           <secure>1</secure>
           {{- else }}
@@ -48,7 +48,7 @@
     {{- range $_, $host := splitList "," .CH_KEEPER_POD_FQDN_LIST }}
     <node>
       <host>{{ $host }}</host>
-      {{- if eq $.TLS_ENABLED "true" }}
+      {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
       <port replace="replace" from_env="CLICKHOUSE_KEEPER_TCP_TLS_PORT"/>
       <secure>1</secure>
       {{- else }}
@@ -67,7 +67,7 @@
     <asynchronous_metrics>true</asynchronous_metrics>
   </prometheus>
   <!-- tls configuration -->
-  {{- if eq $.TLS_ENABLED "true" -}}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem }}
diff --git a/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl b/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl
index f4fc41f89..66c090c17 100644
--- a/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl
+++ b/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl
@@ -2,7 +2,7 @@
 {{- $namespace := $.cluster.metadata.namespace }}
 <clickhouse>
   <listen_host>0.0.0.0</listen_host>
-  {{- if eq $.TLS_ENABLED "true" }}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
   <https_port replace="replace" from_env="CLICKHOUSE_HTTPS_PORT"/>
   <tcp_port_secure replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
   <interserver_https_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTPS_PORT"/>
@@ -15,7 +15,7 @@
   <interserver_http_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTP_PORT"/>
   {{- end }}
   <keeper_server>
-      {{- if eq $.TLS_ENABLED "true" }}
+      {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
       <tcp_port_secure replace="replace" from_env="CLICKHOUSE_KEEPER_TCP_TLS_PORT"/>
       <secure>1</secure>
       {{- else }}
@@ -30,14 +30,14 @@
           <raft_logs_level>warning</raft_logs_level>
       </coordination_settings>
       <raft_configuration>
-      {{- if eq $.TLS_ENABLED "true" }}
+      {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
       <secure>true</secure>
       {{- end }}
       {{- range $id, $host := splitList "," .CH_KEEPER_POD_FQDN_LIST }}
         <server>
           <id>{{ $id }}</id>
           <hostname>{{ $host }}</hostname>
-          {{- if eq $.TLS_ENABLED "true" }}
+          {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
           <port replace="replace" from_env="CLICKHOUSE_KEEPER_RAFT_TLS_PORT"/>
           {{- else }}
           <port replace="replace" from_env="CLICKHOUSE_KEEPER_RAFT_PORT"/>
@@ -55,7 +55,7 @@
     <asynchronous_metrics>true</asynchronous_metrics>
   </prometheus>
   <!-- tls configuration -->
-  {{- if eq $.TLS_ENABLED "true" -}}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem -}}
diff --git a/addons/clickhouse/configs/client.xml.tpl b/addons/clickhouse/configs/client.xml.tpl
index a04a89c9e..7acc0379c 100644
--- a/addons/clickhouse/configs/client.xml.tpl
+++ b/addons/clickhouse/configs/client.xml.tpl
@@ -1,7 +1,7 @@
 <config>
   <user>admin</user>
   <password from_env="CLICKHOUSE_ADMIN_PASSWORD"/>
-  {{- if eq $.TLS_ENABLED "true" -}}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem }}
diff --git a/addons/etcd/config/etcd.conf.yaml.tpl b/addons/etcd/config/etcd.conf.yaml.tpl
index a759a76d9..afc146a03 100644
--- a/addons/etcd/config/etcd.conf.yaml.tpl
+++ b/addons/etcd/config/etcd.conf.yaml.tpl
@@ -3,10 +3,10 @@
 
 {{- $peer_protocol := "http" }}
 {{- $client_protocol := "http" }}
-{{- if and (eq $.TLS_ENABLED "true") (eq .PEER_TLS "true") }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .PEER_TLS "true") }}
   {{- $peer_protocol = "https" }}
 {{- end }}
-{{- if and (eq $.TLS_ENABLED "true") (eq .CLIENT_TLS "true") }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .CLIENT_TLS "true") }}
   {{- $client_protocol = "https" }}
 {{- end }}
 
@@ -69,7 +69,7 @@ discovery-srv:
 
 {{- define "init_peers" }}
   {{- $peer_protocol := "http" }}
-  {{- if and (eq $.TLS_ENABLED "true") (eq .PEER_TLS "true") }}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .PEER_TLS "true") }}
     {{- $peer_protocol = "https" }}
   {{- end }}
   {{- if (index . "PEER_ENDPOINT") }}
@@ -128,7 +128,7 @@ proxy-write-timeout: 5000
 # Time (in milliseconds) for a read to timeout.
 proxy-read-timeout: 0
 
-{{ if eq $.TLS_ENABLED "true" -}}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 {{- if eq $client_protocol "https" }}
 client-transport-security:
   # Path to the client server TLS cert file.
diff --git a/addons/orioledb/config/orioledb-config.tpl b/addons/orioledb/config/orioledb-config.tpl
index bfc7ec278..6a3172f67 100644
--- a/addons/orioledb/config/orioledb-config.tpl
+++ b/addons/orioledb/config/orioledb-config.tpl
@@ -206,7 +206,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'orioledb,pg_stat_statements,auto_explain'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/postgresql/config/pg12-config.tpl b/addons/postgresql/config/pg12-config.tpl
index e6410015b..4b786a72e 100644
--- a/addons/postgresql/config/pg12-config.tpl
+++ b/addons/postgresql/config/pg12-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/postgresql/config/pg14-config.tpl b/addons/postgresql/config/pg14-config.tpl
index a21ce1e71..9cd76ca67 100644
--- a/addons/postgresql/config/pg14-config.tpl
+++ b/addons/postgresql/config/pg14-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/postgresql/config/pg15-config.tpl b/addons/postgresql/config/pg15-config.tpl
index a21ce1e71..9cd76ca67 100644
--- a/addons/postgresql/config/pg15-config.tpl
+++ b/addons/postgresql/config/pg15-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/postgresql/config/pg16-config.tpl b/addons/postgresql/config/pg16-config.tpl
index 1ce575f36..f8f139ead 100644
--- a/addons/postgresql/config/pg16-config.tpl
+++ b/addons/postgresql/config/pg16-config.tpl
@@ -216,7 +216,7 @@
   sql_firewall.firewall = 'disable'
   shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
   shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-  {{- if eq $.TLS_ENABLED "true" }}
+  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
   ssl = 'True'
   ssl_ca_file = '/etc/pki/tls/ca.pem'
   ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/vanilla-postgresql/config/pg12-config.tpl b/addons/vanilla-postgresql/config/pg12-config.tpl
index 9e6743371..d05f99fd2 100644
--- a/addons/vanilla-postgresql/config/pg12-config.tpl
+++ b/addons/vanilla-postgresql/config/pg12-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/vanilla-postgresql/config/pg14-config.tpl b/addons/vanilla-postgresql/config/pg14-config.tpl
index 9f97cf335..cd502571d 100644
--- a/addons/vanilla-postgresql/config/pg14-config.tpl
+++ b/addons/vanilla-postgresql/config/pg14-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'
diff --git a/addons/vanilla-postgresql/config/pg15-config.tpl b/addons/vanilla-postgresql/config/pg15-config.tpl
index d13dd0530..4d6171fe5 100644
--- a/addons/vanilla-postgresql/config/pg15-config.tpl
+++ b/addons/vanilla-postgresql/config/pg15-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if eq $.TLS_ENABLED "true" }}
+{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'