diff --git a/modules/common/deployment/deployment.go b/modules/common/deployment/deployment.go index 566eafa6..a2ada126 100644 --- a/modules/common/deployment/deployment.go +++ b/modules/common/deployment/deployment.go @@ -127,3 +127,8 @@ func GetDeploymentWithName( return depl, nil } + +// UpdateInternalDeployment - Allows to internally update the state of Deployment +func (d *Deployment) UpdateInternalDeployment(deployment appsv1.Deployment) { + d.deployment = &deployment +} diff --git a/modules/common/tls/tls.go b/modules/common/tls/tls.go index 57be6da7..d4adc3e0 100644 --- a/modules/common/tls/tls.go +++ b/modules/common/tls/tls.go @@ -22,6 +22,7 @@ import ( "context" "fmt" + "github.com/openstack-k8s-operators/lib-common/modules/common/deployment" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" corev1 "k8s.io/api/core/v1" @@ -77,6 +78,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount { var volumeMounts []corev1.VolumeMount if t.Service != nil && t.Service.SecretName != "" { + fmt.Println("Creating tls-certs volume for:", t.Service.SecretName) volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: "tls-crt", MountPath: "/etc/pki/tls/certs/tls.crt", @@ -92,6 +94,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount { } if t.Ca != nil && t.Ca.CaSecretName != "" { + fmt.Println("Creating ca-certs volume for:", t.Ca.CaSecretName) volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: "ca-certs", MountPath: "/etc/pki/ca-trust/extracted/pem", @@ -107,6 +110,7 @@ func (t *TLS) CreateVolumes() []corev1.Volume { var volumes []corev1.Volume if t.Service != nil && t.Service.SecretName != "" { + fmt.Println("Creating tls-certs volume mount for:", t.Service.SecretName) volumes = append(volumes, corev1.Volume{ Name: "tls-certs", VolumeSource: corev1.VolumeSource{ @@ -119,6 +123,8 @@ func (t *TLS) CreateVolumes() []corev1.Volume { } if t.Ca != nil && t.Ca.CaSecretName != "" { + fmt.Println("Creating ca-certs volume mount for:", t.Ca.CaSecretName) + volumes = append(volumes, corev1.Volume{ Name: "ca-certs", VolumeSource: corev1.VolumeSource{ @@ -132,3 +138,26 @@ func (t *TLS) CreateVolumes() []corev1.Volume { return volumes } + +// AddTLSToDeployment adds the necessary volumes and volume mounts to support TLS in a deployment. +func (t *TLS) AddTLSToDeployment(d *deployment.Deployment) { + fmt.Println("Service SecretName:", t.Service.SecretName) + fmt.Println("CA SecretName:", t.Ca.CaSecretName) + + tlsVolumes := t.CreateVolumes() + fmt.Println("Generated TLS Volumes:", tlsVolumes) + + tlsVolumeMounts := t.CreateVolumeMounts() + fmt.Println("Generated TLS VolumeMounts:", tlsVolumeMounts) + + currentDeployment := d.GetDeployment() + currentDeployment.Spec.Template.Spec.Volumes = append(currentDeployment.Spec.Template.Spec.Volumes, tlsVolumes...) + for idx := range currentDeployment.Spec.Template.Spec.Containers { + currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts = append(currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts, tlsVolumeMounts...) + } + + // Use the update method to make changes + d.UpdateInternalDeployment(currentDeployment) + + // TBD: additional logic +} diff --git a/modules/common/tls/tls_test.go b/modules/common/tls/tls_test.go index 79308bfb..06ba26cc 100644 --- a/modules/common/tls/tls_test.go +++ b/modules/common/tls/tls_test.go @@ -17,7 +17,12 @@ limitations under the License. package tls import ( + "fmt" "testing" + + "github.com/openstack-k8s-operators/lib-common/modules/common/deployment" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" ) func TestCreateVolumeMounts(t *testing.T) { @@ -107,3 +112,80 @@ func TestCreateVolumes(t *testing.T) { }) } } + +func TestAddTLSToDeployment(t *testing.T) { + tests := []struct { + name string + service *Service + ca *Ca + wantMountsLen int + wantVolLen int + }{ + { + name: "No Secrets", + service: &Service{}, + ca: &Ca{}, + wantMountsLen: 0, + wantVolLen: 0, + }, + { + name: "Only TLS Secret", + service: &Service{SecretName: "test-tls-secret"}, + ca: &Ca{}, + wantMountsLen: 1, + wantVolLen: 1, + }, + { + name: "Only CA Secret", + service: &Service{}, + ca: &Ca{CaSecretName: "test-ca1"}, + wantMountsLen: 1, + wantVolLen: 1, + }, + { + name: "TLS and CA Secrets", + service: &Service{SecretName: "test-tls-secret"}, + ca: &Ca{CaSecretName: "test-ca1"}, + wantMountsLen: 2, + wantVolLen: 2, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Create a dummy deployment object + dummyDeployment := &appsv1.Deployment{ + Spec: appsv1.DeploymentSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + {}, + }, + }, + }, + }, + } + d := deployment.NewDeployment(dummyDeployment, 0) + + tlsInstance := &TLS{Service: tt.service, Ca: tt.ca} + fmt.Println("Initial TLS struct:", t) //Debug + fmt.Println("Initial Deployment state:", d) //Debug + tlsInstance.AddTLSToDeployment(d) + + kubeDeployment := d.GetDeployment() + fmt.Printf("Deployment after TLS addition: %+v\n", kubeDeployment) //Debug + + fmt.Println("Volumes before addition:", d.GetDeployment().Spec.Template.Spec.Volumes) //Debug + + actualMountsLen := len(kubeDeployment.Spec.Template.Spec.Containers[0].VolumeMounts) + if actualMountsLen != tt.wantMountsLen { + t.Errorf("AddTlsToDeployment() got = %v volume mounts, want %v volume mounts", actualMountsLen, tt.wantMountsLen) + } + + actualVolLen := len(kubeDeployment.Spec.Template.Spec.Volumes) + if actualVolLen != tt.wantVolLen { + t.Errorf("AddTlsToDeployment() got = %v volumes, want %v volumes", actualVolLen, tt.wantVolLen) + } + }) + } +}