[WIP] Add TLSe Testing

These tests will determine the functionality of TLSe within the barbican-operator.
openstack-k8s-operators · Feb 9, 2024 · 5c479f6 · 5c479f6
1 parent 100a0ea
commit 5c479f6
Show file tree

Hide file tree

Showing 8 changed files with 470 additions and 170 deletions.
diff --git a/controllers/barbican_controller.go b/controllers/barbican_controller.go
@@ -674,7 +674,6 @@ func (r *BarbicanReconciler) workerDeploymentCreateOrUpdate(ctx context.Context,
 }
 
 func (r *BarbicanReconciler) keystoneListenerDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican, helper *helper.Helper) (*barbicanv1beta1.BarbicanKeystoneListener, controllerutil.OperationResult, error) {
-
 	Log := r.GetLogger(ctx)
 	Log.Info(fmt.Sprintf("Creating barbican KeystoneListener spec.  transporturlsecret: '%s'", instance.Status.TransportURLSecret))
 	Log.Info(fmt.Sprintf("database hostname: '%s'", instance.Status.DatabaseHostname))

diff --git a/controllers/barbicanapi_controller.go b/controllers/barbicanapi_controller.go
@@ -303,7 +303,7 @@ func (r *BarbicanAPIReconciler) generateServiceConfigs(
 	httpdVhostConfig := map[string]interface{}{}
 	for _, endpt := range []service.Endpoint{service.EndpointInternal, service.EndpointPublic} {
 		endptConfig := map[string]interface{}{}
-		endptConfig["ServerName"] = fmt.Sprintf("barbican-%s.%s.svc", endpt.String(), instance.Namespace)
+		endptConfig["ServerName"] = fmt.Sprintf("%s-%s.%s.svc", barbican.ServiceName, endpt.String(), instance.Namespace)
 		endptConfig["TLS"] = false // default TLS to false, and set it bellow to true if enabled
 		if instance.Spec.TLS.API.Enabled(endpt) {
 			endptConfig["TLS"] = true
@@ -785,7 +785,6 @@ func (r *BarbicanAPIReconciler) reconcileNormal(ctx context.Context, instance *b
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *BarbicanAPIReconciler) SetupWithManager(mgr ctrl.Manager) error {
-
 	// index passwordSecretField
 	if err := mgr.GetFieldIndexer().IndexField(context.Background(), &barbicanv1beta1.BarbicanAPI{}, passwordSecretField, func(rawObj client.Object) []string {
 		// Extract the secret name from the spec, if one is provided

diff --git a/go.mod b/go.mod
@@ -19,6 +19,7 @@ require (
 	k8s.io/api v0.26.13
 	k8s.io/apimachinery v0.27.1
 	k8s.io/client-go v0.26.13
+	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	sigs.k8s.io/controller-runtime v0.14.7
 )
 

diff --git a/templates/barbican/config/barbican-api-config.json b/templates/barbican/config/barbican-api-config.json
@@ -1,73 +1,89 @@
 {
-    "command": "/usr/sbin/httpd -DFOREGROUND",
-    "config_files": [
-      {
-        "source": "/var/lib/config-data/default/00-default.conf",
-        "dest": "/etc/barbican/barbican.conf.d/00-default.conf",
-        "owner": "barbican",
-        "perm": "0600"
-      },
-      {
-        "source": "/var/lib/config-data/default/02-service.conf",
-        "dest": "/etc/barbican/barbican.conf.d/02-service.conf",
-        "owner": "barbican",
-        "perm": "0600",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/03-secrets.conf",
-        "dest": "/etc/barbican/barbican.conf.d/03-secrets.conf",
-        "owner": "barbican",
-        "perm": "0640",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/10-barbican_wsgi_main.conf",
-        "dest": "/etc/httpd/conf.d/10-barbican_wsgi_main.conf",
-        "owner": "root",
-        "perm": "0640",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/httpd.conf",
-        "dest": "/etc/httpd/conf/httpd.conf",
-        "owner": "root",
-        "perm": "0640",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/main",
-        "dest": "/var/www/cgi-bin/barbican/main",
-        "owner": "barbican",
-        "perm": "0640",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/mime.conf",
-        "dest": "/etc/httpd/conf.modules.d/mime.conf",
-        "owner": "root",
-        "perm": "0640",
-        "optional": true
-      },
-      {
-        "source": "/var/lib/config-data/default/kolla_extend_start",
-        "dest": "/usr/local/bin/kolla_extend_start",
-        "owner": "root",
-        "perm": "0755",
-        "optional": true
-      },
-      {
-	"source": "/var/lib/config-data/default/ssl.conf",
-	"dest": "/etc/httpd/conf.d/ssl.conf",
-	"owner": "root",
-	"perm": "0644"
-      }
-    ],
-    "permissions": [
-        {
-            "path": "/var/log/barbican",
-            "owner": "barbican:barbican",
-            "recurse": true
-        }
-    ]
+  "command": "/usr/sbin/httpd -DFOREGROUND",
+  "config_files": [
+    {
+      "source": "/var/lib/config-data/default/00-default.conf",
+      "dest": "/etc/barbican/barbican.conf.d/00-default.conf",
+      "owner": "barbican",
+      "perm": "0600"
+    },
+    {
+      "source": "/var/lib/config-data/default/02-service.conf",
+      "dest": "/etc/barbican/barbican.conf.d/02-service.conf",
+      "owner": "barbican",
+      "perm": "0600",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/03-secrets.conf",
+      "dest": "/etc/barbican/barbican.conf.d/03-secrets.conf",
+      "owner": "barbican",
+      "perm": "0640",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/10-barbican_wsgi_main.conf",
+      "dest": "/etc/httpd/conf.d/10-barbican_wsgi_main.conf",
+      "owner": "root",
+      "perm": "0640",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/httpd.conf",
+      "dest": "/etc/httpd/conf/httpd.conf",
+      "owner": "root",
+      "perm": "0640",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/main",
+      "dest": "/var/www/cgi-bin/barbican/main",
+      "owner": "barbican",
+      "perm": "0640",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/mime.conf",
+      "dest": "/etc/httpd/conf.modules.d/mime.conf",
+      "owner": "root",
+      "perm": "0640",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/kolla_extend_start",
+      "dest": "/usr/local/bin/kolla_extend_start",
+      "owner": "root",
+      "perm": "0755",
+      "optional": true
+    },
+    {
+      "source": "/var/lib/config-data/default/ssl.conf",
+      "dest": "/etc/httpd/conf.d/ssl.conf",
+      "owner": "root",
+      "perm": "0644"
+    },
+    {
+      "source": "/var/lib/config-data/tls/certs/*",
+      "dest": "/etc/pki/tls/certs/",
+      "owner": "root",
+      "perm": "0640",
+      "optional": true,
+      "merge": true
+    },
+    {
+      "source": "/var/lib/config-data/tls/private/*",
+      "dest": "/etc/pki/tls/private/",
+      "owner": "root",
+      "perm": "0600",
+      "optional": true,
+      "merge": true
+    }
+  ],
+  "permissions": [
+    {
+      "path": "/var/log/barbican",
+      "owner": "barbican:barbican",
+      "recurse": true
+    }
+  ]
 }