From 3cc82bc3899bec5e6663fe9629660ed03b542be5 Mon Sep 17 00:00:00 2001
From: Diego Lovison <diegolovison@gmail.com>
Date: Thu, 12 Sep 2024 14:40:32 -0300
Subject: [PATCH] Improve documentation for tLSClientConfig

---
 controllers/database.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/controllers/database.go b/controllers/database.go
index 9243d1761..fe08f7145 100644
--- a/controllers/database.go
+++ b/controllers/database.go
@@ -47,6 +47,22 @@ var mariadbTemplates = []string{
 	"mariadb/default/tls-config.yaml.tmpl",
 }
 
+// tLSClientConfig creates and returns a TLS client configuration that includes
+// a set of custom CA certificates for secure communication. It reads CA
+// certificates from the environment variable `SSL_CERT_FILE` if it is set,
+// and appends any additional certificates passed as input.
+//
+// Parameters:
+//
+//	pems [][]byte: PEM-encoded certificates to be appended to the
+//	root certificate pool.
+//
+// Returns:
+//
+//	*cryptoTls.Config: A TLS configuration with the certificates set to the updated
+//	certificate pool.
+//	error: An error if there is a failure in parsing any of the provided PEM
+//	certificates, or nil if successful.
 func tLSClientConfig(pems [][]byte) (*cryptoTls.Config, error) {
 	rootCertPool := x509.NewCertPool()
 
@@ -120,7 +136,6 @@ var ConnectAndQueryDatabase = func(
 		// don't set anything
 	case "true":
 		var err error
-		// if pemCerts is empty, that is OK, we still add OS certs to the tls config
 		tlsConfig, err = tLSClientConfig(pemCerts)
 		if err != nil {
 			log.Info(fmt.Sprintf("Encountered error when processing custom ca bundle, Error: %v", err))