From adad7a00d00166cbc85dfb9ee48fae2b62ae00a7 Mon Sep 17 00:00:00 2001 From: Darren Lau Date: Thu, 11 May 2023 15:52:35 -0400 Subject: [PATCH] Add if check back to avoid hitting edge case --- controllers/kafkauser_controller.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/controllers/kafkauser_controller.go b/controllers/kafkauser_controller.go index 3bd0863d3..ab8314724 100644 --- a/controllers/kafkauser_controller.go +++ b/controllers/kafkauser_controller.go @@ -196,6 +196,13 @@ func (r *KafkaUserReconciler) Reconcile(ctx context.Context, request reconcile.R var kafkaUser string if instance.Spec.GetIfCertShouldBeCreated() { + // Avoid panic if the user wants to create a kafka user but the cluster is in plaintext mode + if cluster.Spec.ListenersConfig.SSLSecrets == nil && instance.Spec.PKIBackendSpec == nil { + // we should never see this scenario due to the KafkaUser validation webhook + // the only edge case is when cluster.Spec.ListenersConfig.SSLSecrets is set to nil during operator upgrade + return requeueWithError(reqLogger, "could not create kafka user since user specific PKI not configured", errors.New("failed to create kafka user")) + } + var backend v1beta1.PKIBackend if instance.Spec.PKIBackendSpec != nil { backend = v1beta1.PKIBackend(instance.Spec.PKIBackendSpec.PKIBackend)