diff --git a/modules/common/go.mod b/modules/common/go.mod index c64419c1..e5a4e79b 100644 --- a/modules/common/go.mod +++ b/modules/common/go.mod @@ -10,6 +10,7 @@ require ( github.com/onsi/gomega v1.28.0 github.com/openshift/api v3.9.0+incompatible github.com/pkg/errors v0.9.1 + github.com/stretchr/testify v1.8.1 go.uber.org/zap v1.26.0 k8s.io/api v0.26.9 k8s.io/apimachinery v0.26.9 @@ -76,6 +77,7 @@ require ( require ( github.com/kr/pretty v0.3.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect ) diff --git a/modules/common/tls/tls.go b/modules/common/tls/tls.go index 16606d29..b8cfab79 100644 --- a/modules/common/tls/tls.go +++ b/modules/common/tls/tls.go @@ -23,6 +23,7 @@ import ( "fmt" "strings" + "github.com/openstack-k8s-operators/lib-common/modules/common/deployment" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" corev1 "k8s.io/api/core/v1" @@ -78,6 +79,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount { var volumeMounts []corev1.VolumeMount if t.Service != nil && t.Service.SecretName != "" { + fmt.Println("Creating tls-certs volume for:", t.Service.SecretName) volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: "tls-crt", MountPath: "/etc/pki/tls/certs/tls.crt", @@ -93,6 +95,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount { } if t.Ca != nil && t.Ca.CaSecretName != "" { + fmt.Println("Creating ca-certs volume for:", t.Ca.CaSecretName) volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: "ca-certs", MountPath: "/etc/pki/ca-trust/extracted/pem", @@ -108,6 +111,7 @@ func (t *TLS) CreateVolumes() []corev1.Volume { var volumes []corev1.Volume if t.Service != nil && t.Service.SecretName != "" { + fmt.Println("Creating tls-certs volume mount for:", t.Service.SecretName) volumes = append(volumes, corev1.Volume{ Name: "tls-certs", VolumeSource: corev1.VolumeSource{ @@ -120,6 +124,8 @@ func (t *TLS) CreateVolumes() []corev1.Volume { } if t.Ca != nil && t.Ca.CaSecretName != "" { + fmt.Println("Creating ca-certs volume mount for:", t.Ca.CaSecretName) + volumes = append(volumes, corev1.Volume{ Name: "ca-certs", VolumeSource: corev1.VolumeSource{ @@ -157,3 +163,28 @@ func (t *TLS) CreateDatabaseClientConfig() string { } return strings.Join(conn, "\n") } + +// UpdateDeploymentWithTLS updates a given deployment with the necessary volumes and volume mounts to support TLS configurations. +func (t *TLS) UpdateDeploymentWithTLS(ctx context.Context, d *deployment.Deployment, h *helper.Helper) error { + // Debug + if t.Service != nil { + fmt.Println("Service SecretName:", t.Service.SecretName) + } else { + fmt.Println("Service is nil") + } + + tlsVolumes := t.CreateVolumes() + fmt.Println("Generated TLS Volumes:", tlsVolumes) // Debug + + tlsVolumeMounts := t.CreateVolumeMounts() + fmt.Println("Generated TLS VolumeMounts:", tlsVolumeMounts) // Debug + + currentDeployment := d.GetDeployment() + currentDeployment.Spec.Template.Spec.Volumes = append(currentDeployment.Spec.Template.Spec.Volumes, tlsVolumes...) + for idx := range currentDeployment.Spec.Template.Spec.Containers { + currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts = append(currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts, tlsVolumeMounts...) + } + + _, err := d.CreateOrPatch(ctx, h) + return err +} diff --git a/modules/common/tls/tls_test.go b/modules/common/tls/tls_test.go index 8b494a12..10a57949 100644 --- a/modules/common/tls/tls_test.go +++ b/modules/common/tls/tls_test.go @@ -17,10 +17,46 @@ limitations under the License. package tls import ( + "context" + "os" "strings" "testing" + "time" + + "github.com/openstack-k8s-operators/lib-common/modules/common/deployment" + "github.com/openstack-k8s-operators/lib-common/modules/common/helper" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +var ( + k8sClient client.Client ) +func TestMain(m *testing.M) { + t := &envtest.Environment{} + + cfg, err := t.Start() + if err != nil { + panic(err) + } + + k8sClient, err = client.New(cfg, client.Options{}) + if err != nil { + panic(err) + } + + code := m.Run() + + t.Stop() + + os.Exit(code) +} + func TestCreateVolumeMounts(t *testing.T) { tests := []struct { name string @@ -171,3 +207,41 @@ func TestGenerateTLSConnectionConfig(t *testing.T) { }) } } + +func TestUpdateDeploymentWithTLS(t *testing.T) { + assert := assert.New(t) + + dep := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-deployment", + Namespace: "default", + }, + } + + customDeployment := deployment.NewDeployment(dep, time.Second*30) + + tlsObj := &TLS{ + Service: &Service{ + SecretName: "tls-secret-name", + }, + Ca: &Ca{ + CaSecretName: "ca-secret-name", + }, + } + + logger := log.Log.WithName("test-logger") + + helperObj, err := helper.NewHelper(dep, k8sClient, nil, k8sClient.Scheme(), logger) + if err != nil { + t.Fatalf("failed to create helper: %v", err) + } + + err = tlsObj.UpdateDeploymentWithTLS(context.Background(), customDeployment, helperObj) + assert.Nil(err, "failed to update deployment with TLS") + + updatedDep := &appsv1.Deployment{} + err = k8sClient.Get(context.Background(), client.ObjectKey{Name: "test-deployment", Namespace: "default"}, updatedDep) + assert.Nil(err, "failed to get updated deployment") + + assert.NotZero(len(updatedDep.Spec.Template.Spec.Volumes), "expected TLS volumes to be added but found none") +}