Enable deployments to get the CA certs and TLS service certs

modules/common/go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/onsi/gomega v1.28.0
 	github.com/openshift/api v3.9.0+incompatible
 	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.8.1
 	go.uber.org/zap v1.26.0
 	k8s.io/api v0.26.9
 	k8s.io/apimachinery v0.26.9
@@ -76,6 +77,7 @@ require (
 
 require (
 	github.com/kr/pretty v0.3.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
 )
 

modules/common/tls/tls.go

@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/openstack-k8s-operators/lib-common/modules/common/deployment"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	corev1 "k8s.io/api/core/v1"
@@ -78,6 +79,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount {
 	var volumeMounts []corev1.VolumeMount
 
 	if t.Service != nil && t.Service.SecretName != "" {
+		fmt.Println("Creating tls-certs volume for:", t.Service.SecretName)
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      "tls-crt",
 			MountPath: "/etc/pki/tls/certs/tls.crt",
@@ -93,6 +95,7 @@ func (t *TLS) CreateVolumeMounts() []corev1.VolumeMount {
 	}
 
 	if t.Ca != nil && t.Ca.CaSecretName != "" {
+		fmt.Println("Creating ca-certs volume for:", t.Ca.CaSecretName)
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      "ca-certs",
 			MountPath: "/etc/pki/ca-trust/extracted/pem",
@@ -108,6 +111,7 @@ func (t *TLS) CreateVolumes() []corev1.Volume {
 	var volumes []corev1.Volume
 
 	if t.Service != nil && t.Service.SecretName != "" {
+		fmt.Println("Creating tls-certs volume mount for:", t.Service.SecretName)
 		volumes = append(volumes, corev1.Volume{
 			Name: "tls-certs",
 			VolumeSource: corev1.VolumeSource{
@@ -120,6 +124,8 @@ func (t *TLS) CreateVolumes() []corev1.Volume {
 	}
 
 	if t.Ca != nil && t.Ca.CaSecretName != "" {
+		fmt.Println("Creating ca-certs volume mount for:", t.Ca.CaSecretName)
+
 		volumes = append(volumes, corev1.Volume{
 			Name: "ca-certs",
 			VolumeSource: corev1.VolumeSource{
@@ -157,3 +163,28 @@ func (t *TLS) CreateDatabaseClientConfig() string {
 	}
 	return strings.Join(conn, "\n")
 }
+
+// UpdateDeploymentWithTLS updates a given deployment with the necessary volumes and volume mounts to support TLS configurations.
+func (t *TLS) UpdateDeploymentWithTLS(ctx context.Context, d *deployment.Deployment, h *helper.Helper) error {
+	// Debug
+	if t.Service != nil {
+		fmt.Println("Service SecretName:", t.Service.SecretName)
+	} else {
+		fmt.Println("Service is nil")
+	}
+
+	tlsVolumes := t.CreateVolumes()
+	fmt.Println("Generated TLS Volumes:", tlsVolumes) // Debug
+
+	tlsVolumeMounts := t.CreateVolumeMounts()
+	fmt.Println("Generated TLS VolumeMounts:", tlsVolumeMounts) // Debug
+
+	currentDeployment := d.GetDeployment()
+	currentDeployment.Spec.Template.Spec.Volumes = append(currentDeployment.Spec.Template.Spec.Volumes, tlsVolumes...)
+	for idx := range currentDeployment.Spec.Template.Spec.Containers {
+		currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts = append(currentDeployment.Spec.Template.Spec.Containers[idx].VolumeMounts, tlsVolumeMounts...)
+	}
+
+	_, err := d.CreateOrPatch(ctx, h)
+	return err
+}

modules/common/tls/tls_test.go

@@ -17,10 +17,46 @@ limitations under the License.
 package tls
 
 import (
+	"context"
+	"os"
 	"strings"
 	"testing"
+	"time"
+
+	"github.com/openstack-k8s-operators/lib-common/modules/common/deployment"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+var (
+	k8sClient client.Client
 )
 
+func TestMain(m *testing.M) {
+	t := &envtest.Environment{}
+
+	cfg, err := t.Start()
+	if err != nil {
+		panic(err)
+	}
+
+	k8sClient, err = client.New(cfg, client.Options{})
+	if err != nil {
+		panic(err)
+	}
+
+	code := m.Run()
+
+	t.Stop()
+
+	os.Exit(code)
+}
+
 func TestCreateVolumeMounts(t *testing.T) {
 	tests := []struct {
 		name          string
@@ -171,3 +207,41 @@ func TestGenerateTLSConnectionConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestUpdateDeploymentWithTLS(t *testing.T) {
+	assert := assert.New(t)
+
+	dep := &appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-deployment",
+			Namespace: "default",
+		},
+	}
+
+	customDeployment := deployment.NewDeployment(dep, time.Second*30)
+
+	tlsObj := &TLS{
+		Service: &Service{
+			SecretName: "tls-secret-name",
+		},
+		Ca: &Ca{
+			CaSecretName: "ca-secret-name",
+		},
+	}
+
+	logger := log.Log.WithName("test-logger")
+
+	helperObj, err := helper.NewHelper(dep, k8sClient, nil, k8sClient.Scheme(), logger)
+	if err != nil {
+		t.Fatalf("failed to create helper: %v", err)
+	}
+
+	err = tlsObj.UpdateDeploymentWithTLS(context.Background(), customDeployment, helperObj)
+	assert.Nil(err, "failed to update deployment with TLS")
+
+	updatedDep := &appsv1.Deployment{}
+	err = k8sClient.Get(context.Background(), client.ObjectKey{Name: "test-deployment", Namespace: "default"}, updatedDep)
+	assert.Nil(err, "failed to get updated deployment")
+
+	assert.NotZero(len(updatedDep.Spec.Template.Spec.Volumes), "expected TLS volumes to be added but found none")
+}