Enable deployments to get the CA certs and TLS service certs

Add UpdateInternalDeployment func in deployment package to edit current deployment.
Create AddTlsToDeployment to add the volumes and volumemounts into the specific deployment.

Signed-off-by: Veronika Fisarova <[email protected]>

modules/common/deployment/deployment.go

@@ -127,3 +127,8 @@ func GetDeploymentWithName(
 
 	return depl, nil
 }
+
+// UpdateInternalDeployment - Allows to internally update the state of Deployment
+func (d *Deployment) UpdateInternalDeployment(deployment appsv1.Deployment) {
+	d.deployment = &deployment
+}

modules/common/tls/tls.go

@@ -22,6 +22,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/openstack-k8s-operators/lib-common/modules/common/deployment"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	corev1 "k8s.io/api/core/v1"
@@ -77,6 +78,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount {
 	var volumeMounts []corev1.VolumeMount
 
 	if t.Service != nil && t.Service.SecretName != "" {
+		fmt.Println("Creating tls-certs volume for:", t.Service.SecretName)
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      "tls-crt",
 			MountPath: "/etc/pki/tls/certs/tls.crt",
@@ -92,6 +94,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount {
 	}
 
 	if t.Ca != nil && t.Ca.CaSecretName != "" {
+		fmt.Println("Creating ca-certs volume for:", t.Ca.CaSecretName)
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      "ca-certs",
 			MountPath: "/etc/pki/ca-trust/extracted/pem",
@@ -107,6 +110,7 @@ func (t *TLS) CreateVolumes() []corev1.Volume {
 	var volumes []corev1.Volume
 
 	if t.Service != nil && t.Service.SecretName != "" {
+		fmt.Println("Creating tls-certs volume mount for:", t.Service.SecretName)
 		volumes = append(volumes, corev1.Volume{
 			Name: "tls-certs",
 			VolumeSource: corev1.VolumeSource{
@@ -119,6 +123,8 @@ func (t *TLS) CreateVolumes() []corev1.Volume {
 	}
 
 	if t.Ca != nil && t.Ca.CaSecretName != "" {
+		fmt.Println("Creating ca-certs volume mount for:", t.Ca.CaSecretName)
+
 		volumes = append(volumes, corev1.Volume{
 			Name: "ca-certs",
 			VolumeSource: corev1.VolumeSource{
@@ -132,3 +138,26 @@ func (t *TLS) CreateVolumes() []corev1.Volume {
 
 	return volumes
 }
+
+// AddTLSToDeployment adds the necessary volumes and volume mounts to support TLS in a deployment.
+func (t *TLS) AddTLSToDeployment(d *deployment.Deployment) {
+	fmt.Println("Service SecretName:", t.Service.SecretName)
+	fmt.Println("CA SecretName:", t.Ca.CaSecretName)
+
+	tlsVolumes := t.CreateVolumes()
+	fmt.Println("Generated TLS Volumes:", tlsVolumes)
+
+	tlsVolumeMounts := t.CreateVolumeMounts()
+	fmt.Println("Generated TLS VolumeMounts:", tlsVolumeMounts)
+
+	currentDeployment := d.GetDeployment()
+	currentDeployment.Spec.Template.Spec.Volumes = append(currentDeployment.Spec.Template.Spec.Volumes, tlsVolumes...)
+	for idx := range currentDeployment.Spec.Template.Spec.Containers {
+		currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts = append(currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts, tlsVolumeMounts...)
+	}
+
+	// Use the update method to make changes
+	d.UpdateInternalDeployment(currentDeployment)
+
+	// TBD: additional logic
+}

modules/common/tls/tls_test.go

@@ -17,7 +17,12 @@ limitations under the License.
 package tls
 
 import (
+	"fmt"
 	"testing"
+
+	"github.com/openstack-k8s-operators/lib-common/modules/common/deployment"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 )
 
 func TestCreateVolumeMounts(t *testing.T) {
@@ -107,3 +112,80 @@ func TestCreateVolumes(t *testing.T) {
 		})
 	}
 }
+
+func TestAddTLSToDeployment(t *testing.T) {
+	tests := []struct {
+		name          string
+		service       *Service
+		ca            *Ca
+		wantMountsLen int
+		wantVolLen    int
+	}{
+		{
+			name:          "No Secrets",
+			service:       &Service{},
+			ca:            &Ca{},
+			wantMountsLen: 0,
+			wantVolLen:    0,
+		},
+		{
+			name:          "Only TLS Secret",
+			service:       &Service{SecretName: "test-tls-secret"},
+			ca:            &Ca{},
+			wantMountsLen: 1,
+			wantVolLen:    1,
+		},
+		{
+			name:          "Only CA Secret",
+			service:       &Service{},
+			ca:            &Ca{CaSecretName: "test-ca1"},
+			wantMountsLen: 1,
+			wantVolLen:    1,
+		},
+		{
+			name:          "TLS and CA Secrets",
+			service:       &Service{SecretName: "test-tls-secret"},
+			ca:            &Ca{CaSecretName: "test-ca1"},
+			wantMountsLen: 2,
+			wantVolLen:    2,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create a dummy deployment object
+			dummyDeployment := &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Template: corev1.PodTemplateSpec{
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{
+								{},
+							},
+						},
+					},
+				},
+			}
+			d := deployment.NewDeployment(dummyDeployment, 0)
+
+			tlsInstance := &TLS{Service: tt.service, Ca: tt.ca}
+			fmt.Println("Initial TLS struct:", t)       //Debug
+			fmt.Println("Initial Deployment state:", d) //Debug
+			tlsInstance.AddTLSToDeployment(d)
+
+			kubeDeployment := d.GetDeployment()
+			fmt.Printf("Deployment after TLS addition: %+v\n", kubeDeployment) //Debug
+
+			fmt.Println("Volumes before addition:", d.GetDeployment().Spec.Template.Spec.Volumes) //Debug
+
+			actualMountsLen := len(kubeDeployment.Spec.Template.Spec.Containers[0].VolumeMounts)
+			if actualMountsLen != tt.wantMountsLen {
+				t.Errorf("AddTlsToDeployment() got = %v volume mounts, want %v volume mounts", actualMountsLen, tt.wantMountsLen)
+			}
+
+			actualVolLen := len(kubeDeployment.Spec.Template.Spec.Volumes)
+			if actualVolLen != tt.wantVolLen {
+				t.Errorf("AddTlsToDeployment() got = %v volumes, want %v volumes", actualVolLen, tt.wantVolLen)
+			}
+		})
+	}
+}