Setting Mysql ProviderConfig spec.tls as true is always rejected by enum validation

[alereca]

What happened?

Setting Mysql ProviderConfig spec.tls as true, both as a string or boolean value, is always rejected by enum validation.

The reason behind this is that kubebuilder enum validation +kubebuilder:validation:Enum=true;skip-verify;preferred is configured wrong, as the value true is taken as a boolean.

type ProviderConfigSpec struct {
	// tls=true enables TLS / SSL encrypted connection to the server.
	// Use skip-verify if you want to use a self-signed or invalid certificate (server side)
	// or use preferred to use TLS only when advertised by the server. This is similar
	// to skip-verify, but additionally allows a fallback to a connection which is
	// not encrypted. Neither skip-verify nor preferred add any reliable security.
	// +kubebuilder:validation:Enum=true;skip-verify;preferred
	// +optional
	TLS *string `json:"tls"`
}

This can be observed in crd ./package/crds/mysql.sql.crossplane.io_providerconfigs.yaml

  tls:
    description: tls=true enables TLS / SSL encrypted connection to the
      server. Use skip-verify if you want to use a self-signed or invalid
      certificate (server side) or use preferred to use TLS only when
      advertised by the server. This is similar to skip-verify, but additionally
      allows a fallback to a connection which is not encrypted. Neither
      skip-verify nor preferred add any reliable security.
    enum:
    - true
    - skip-verify
    - preferred
    type: string

In order to work it should be

type ProviderConfigSpec struct {
	// tls=true enables TLS / SSL encrypted connection to the server.
	// Use skip-verify if you want to use a self-signed or invalid certificate (server side)
	// or use preferred to use TLS only when advertised by the server. This is similar
	// to skip-verify, but additionally allows a fallback to a connection which is
	// not encrypted. Neither skip-verify nor preferred add any reliable security.
	// +kubebuilder:validation:Enum="true";skip-verify;preferred
	// +optional
	TLS *string `json:"tls"`
}

Reflected in crd as

  tls:
    description: tls=true enables TLS / SSL encrypted connection to the
      server. Use skip-verify if you want to use a self-signed or invalid
      certificate (server side) or use preferred to use TLS only when
      advertised by the server. This is similar to skip-verify, but additionally
      allows a fallback to a connection which is not encrypted. Neither
      skip-verify nor preferred add any reliable security.
    enum:
    - "true"
    - skip-verify
    - preferred
    type: string

How can we reproduce it?

apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default2
spec:
  credentials:
    source: MySQLConnectionSecret
    connectionSecretRef:
      namespace: default
      name: db-conn
  # tls one of preferred(default), skip-verify, or true
  tls: true

> kubectl apply -f /home/alejandro/Documents/operators/crossplane/provider-sql/examples/mysql/config.yaml
The ProviderConfig "default2" is invalid: spec.tls: Invalid value: "boolean": spec.tls in body must be of type string: "boolean"

apiVersion: mysql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default2
spec:
  credentials:
    source: MySQLConnectionSecret
    connectionSecretRef:
      namespace: default
      name: db-conn
  # tls one of preferred(default), skip-verify, or true
  tls: "true"

> kubectl apply -f /home/alejandro/Documents/operators/crossplane/provider-sql/examples/mysql/config.yaml
The ProviderConfig "default2" is invalid: spec.tls: Unsupported value: "true": supported values: "true", "skip-verify", "preferred"

What environment did it happen in?

crossplane-1.9.1
crossplane/provider-sql:v0.6.0

I would like to work in a pr