chore: simplify the check for TLS_ENABLED (#1293)

apecloud · Dec 9, 2024 · 6826a1f · 6826a1f
1 parent 2fa7631
commit 6826a1f
Show file tree

Hide file tree

Showing 15 changed files with 25 additions and 25 deletions.
diff --git a/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl b/addons/apecloud-mysql/config/mysql-scale-vtgate-config.tpl
@@ -24,7 +24,7 @@ enable_display_sql_execution_vttablets=false
 enable_read_write_split_for_read_only_txn=false
 enable_interception_for_dml_without_where=true
 
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 mysql_server_ssl_ca=/etc/pki/tls/ca.pem
 mysql_server_ssl_cert=/etc/pki/tls/cert.pem
 mysql_server_ssl_key=/etc/pki/tls/key.pem

diff --git a/addons/apecloud-mysql/config/mysql8-config.tpl b/addons/apecloud-mysql/config/mysql8-config.tpl
@@ -195,7 +195,7 @@ relay_log_index=relay-bin.index
 pid_file=/var/run/mysqld/mysqld.pid
 socket=/var/run/mysqld/mysqld.sock
 
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 # tls
 # require_secure_transport=ON
 ssl_ca=/etc/pki/tls/ca.pem

diff --git a/addons/apecloud-postgresql/config/pg14-config.tpl b/addons/apecloud-postgresql/config/pg14-config.tpl
@@ -215,7 +215,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 # shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/clickhouse/configs/00_default_overrides.xml.tpl b/addons/clickhouse/configs/00_default_overrides.xml.tpl
@@ -2,7 +2,7 @@
 {{- $namespace := $.cluster.metadata.namespace }}
 <clickhouse>
   <listen_host>0.0.0.0</listen_host>
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+  {{- if eq (index $ "TLS_ENABLED") "true" }}
   <https_port replace="replace" from_env="CLICKHOUSE_HTTPS_PORT"/>
   <tcp_port_secure replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
   <interserver_https_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTPS_PORT"/>
@@ -31,7 +31,7 @@
         {{- range $_, $host := splitList "," .CLICKHOUSE_POD_FQDN_LIST }}
         <replica>
           <host>{{ $host }}</host>
-          {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
+          {{- if eq (index $ "TLS_ENABLED") "true" }}
           <port replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
           <secure>1</secure>
           {{- else }}
@@ -48,7 +48,7 @@
     {{- range $_, $host := splitList "," .CH_KEEPER_POD_FQDN_LIST }}
     <node>
       <host>{{ $host }}</host>
-      {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
+      {{- if eq (index $ "TLS_ENABLED") "true" }}
       <port replace="replace" from_env="CLICKHOUSE_KEEPER_TCP_TLS_PORT"/>
       <secure>1</secure>
       {{- else }}
@@ -67,7 +67,7 @@
     <asynchronous_metrics>true</asynchronous_metrics>
   </prometheus>
   <!-- tls configuration -->
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
+  {{- if eq (index $ "TLS_ENABLED") "true" -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem }}

diff --git a/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl b/addons/clickhouse/configs/ch_keeper_00_default_overrides.xml.tpl
@@ -2,7 +2,7 @@
 {{- $namespace := $.cluster.metadata.namespace }}
 <clickhouse>
   <listen_host>0.0.0.0</listen_host>
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+  {{- if eq (index $ "TLS_ENABLED") "true" }}
   <https_port replace="replace" from_env="CLICKHOUSE_HTTPS_PORT"/>
   <tcp_port_secure replace="replace" from_env="CLICKHOUSE_TCP_SECURE_PORT"/>
   <interserver_https_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTPS_PORT"/>
@@ -15,7 +15,7 @@
   <interserver_http_port replace="replace" from_env="CLICKHOUSE_INTERSERVER_HTTP_PORT"/>
   {{- end }}
   <keeper_server>
-      {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+      {{- if eq (index $ "TLS_ENABLED") "true" }}
       <tcp_port_secure replace="replace" from_env="CLICKHOUSE_KEEPER_TCP_TLS_PORT"/>
       <secure>1</secure>
       {{- else }}
@@ -30,14 +30,14 @@
           <raft_logs_level>warning</raft_logs_level>
       </coordination_settings>
       <raft_configuration>
-      {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+      {{- if eq (index $ "TLS_ENABLED") "true" }}
       <secure>true</secure>
       {{- end }}
       {{- range $id, $host := splitList "," .CH_KEEPER_POD_FQDN_LIST }}
         <server>
           <id>{{ $id }}</id>
           <hostname>{{ $host }}</hostname>
-          {{- if and (index $ "TLS_ENABLED") (eq (index $ "TLS_ENABLED") "true") }}
+          {{- if eq (index $ "TLS_ENABLED") "true" }}
           <port replace="replace" from_env="CLICKHOUSE_KEEPER_RAFT_TLS_PORT"/>
           {{- else }}
           <port replace="replace" from_env="CLICKHOUSE_KEEPER_RAFT_PORT"/>
@@ -55,7 +55,7 @@
     <asynchronous_metrics>true</asynchronous_metrics>
   </prometheus>
   <!-- tls configuration -->
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
+  {{- if eq (index $ "TLS_ENABLED") "true" -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem -}}

diff --git a/addons/clickhouse/configs/client.xml.tpl b/addons/clickhouse/configs/client.xml.tpl
@@ -1,7 +1,7 @@
 <config>
   <user>admin</user>
   <password from_env="CLICKHOUSE_ADMIN_PASSWORD"/>
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") -}}
+  {{- if eq (index $ "TLS_ENABLED") "true" -}}
   {{- $CA_FILE := /etc/pki/tls/ca.pem -}}
   {{- $CERT_FILE := /etc/pki/tls/cert.pem -}}
   {{- $KEY_FILE := /etc/pki/tls/key.pem }}

diff --git a/addons/etcd/config/etcd.conf.yaml.tpl b/addons/etcd/config/etcd.conf.yaml.tpl
@@ -3,10 +3,10 @@
 
 {{- $peer_protocol := "http" }}
 {{- $client_protocol := "http" }}
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .PEER_TLS "true") }}
+{{- if and (eq (index $ "TLS_ENABLED") "true") (eq .PEER_TLS "true") }}
   {{- $peer_protocol = "https" }}
 {{- end }}
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .CLIENT_TLS "true") }}
+{{- if and (eq (index $ "TLS_ENABLED") "true") (eq .CLIENT_TLS "true") }}
   {{- $client_protocol = "https" }}
 {{- end }}
 
@@ -69,7 +69,7 @@ discovery-srv:
 
 {{- define "init_peers" }}
   {{- $peer_protocol := "http" }}
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") (eq .PEER_TLS "true") }}
+  {{- if and (eq (index $ "TLS_ENABLED") "true") (eq .PEER_TLS "true") }}
     {{- $peer_protocol = "https" }}
   {{- end }}
   {{- if (index . "PEER_ENDPOINT") }}
@@ -128,7 +128,7 @@ proxy-write-timeout: 5000
 # Time (in milliseconds) for a read to timeout.
 proxy-read-timeout: 0
 
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 {{- if eq $client_protocol "https" }}
 client-transport-security:
   # Path to the client server TLS cert file.

diff --git a/addons/orioledb/config/orioledb-config.tpl b/addons/orioledb/config/orioledb-config.tpl
@@ -206,7 +206,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'orioledb,pg_stat_statements,auto_explain'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/postgresql/config/pg12-config.tpl b/addons/postgresql/config/pg12-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/postgresql/config/pg14-config.tpl b/addons/postgresql/config/pg14-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/postgresql/config/pg15-config.tpl b/addons/postgresql/config/pg15-config.tpl
@@ -217,7 +217,7 @@ session_replication_role = 'origin'
 sql_firewall.firewall = 'disable'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/postgresql/config/pg16-config.tpl b/addons/postgresql/config/pg16-config.tpl
@@ -216,7 +216,7 @@
   sql_firewall.firewall = 'disable'
   shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
   shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache,timescaledb,pgaudit'
-  {{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+  {{- if eq (index $ "TLS_ENABLED") "true" }}
   ssl = 'True'
   ssl_ca_file = '/etc/pki/tls/ca.pem'
   ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/vanilla-postgresql/config/pg12-config.tpl b/addons/vanilla-postgresql/config/pg12-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/vanilla-postgresql/config/pg14-config.tpl b/addons/vanilla-postgresql/config/pg14-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'

diff --git a/addons/vanilla-postgresql/config/pg15-config.tpl b/addons/vanilla-postgresql/config/pg15-config.tpl
@@ -195,7 +195,7 @@ row_security = 'True'
 session_replication_role = 'origin'
 shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
 shared_preload_libraries = 'pg_stat_statements,auto_explain'
-{{- if and (index . "TLS_ENABLED") (eq .TLS_ENABLED "true") }}
+{{- if eq (index $ "TLS_ENABLED") "true" }}
 ssl = 'True'
 ssl_ca_file = '/etc/pki/tls/ca.pem'
 ssl_cert_file = '/etc/pki/tls/cert.pem'