diff --git a/fleetshard/pkg/central/reconciler/reconciler.go b/fleetshard/pkg/central/reconciler/reconciler.go index 37e2aaf93e..4006b57608 100644 --- a/fleetshard/pkg/central/reconciler/reconciler.go +++ b/fleetshard/pkg/central/reconciler/reconciler.go @@ -315,7 +315,11 @@ func (r *CentralReconciler) getInstanceConfig(remoteCentral *private.ManagedCent func (r *CentralReconciler) applyCentralConfig(remoteCentral *private.ManagedCentral, central *v1alpha1.Central) error { r.applyTelemetry(remoteCentral, central) r.applyRoutes(central) - if !r.secureTenantNetwork { + shouldApplyProxyConfig, err := r.shouldApplyProxyConfig(remoteCentral) + if err != nil { + return err + } + if shouldApplyProxyConfig { r.applyProxyConfig(central) } r.applyDeclarativeConfig(central) @@ -323,6 +327,22 @@ func (r *CentralReconciler) applyCentralConfig(remoteCentral *private.ManagedCen return nil } +func (r *CentralReconciler) shouldApplyProxyConfig(remoteCentral *private.ManagedCentral) (bool, error) { + defaultValue := !r.secureTenantNetwork + if len(remoteCentral.Spec.TenantResourcesValues) > 0 { + secureTenantNetworkIntf, ok := remoteCentral.Spec.TenantResourcesValues["secureTenantNetwork"] + if !ok { + return defaultValue, nil + } + secureTenantNetwork, ok := secureTenantNetworkIntf.(bool) + if !ok { + return defaultValue, fmt.Errorf("secureTenantNetwork value is not a boolean") + } + return !secureTenantNetwork, nil + } + return defaultValue, nil +} + func (r *CentralReconciler) applyAnnotations(remoteCentral *private.ManagedCentral, central *v1alpha1.Central) { if central.Spec.Customize == nil { central.Spec.Customize = &v1alpha1.CustomizeSpec{} @@ -1880,7 +1900,9 @@ func (r *CentralReconciler) chartValues(c private.ManagedCentral) (chartutil.Val // includes the tenant resource values, we will use them. Otherwise, defaults to the previous // implementation. if len(c.Spec.TenantResourcesValues) > 0 { - return chartutil.CoalesceTables(c.Spec.TenantResourcesValues, src), nil + values := chartutil.CoalesceTables(c.Spec.TenantResourcesValues, src) + glog.Infof("Values: %v", values) + return values, nil } dst := map[string]interface{}{ diff --git a/fleetshard/pkg/central/reconciler/reconciler_test.go b/fleetshard/pkg/central/reconciler/reconciler_test.go index 126762ebcb..d6dd319a9f 100644 --- a/fleetshard/pkg/central/reconciler/reconciler_test.go +++ b/fleetshard/pkg/central/reconciler/reconciler_test.go @@ -2888,3 +2888,73 @@ func TestChartValues(t *testing.T) { } } + +func Test_shouldApplyProxyConfig(t *testing.T) { + + tests := []struct { + name string + tenantResourceValues map[string]interface{} + flag bool + want bool + wantErr bool + }{ + { + name: "false when secureTenantNetwork is true on helm values", + tenantResourceValues: map[string]interface{}{ + "secureTenantNetwork": true, + }, + want: false, + }, + { + name: "true when secureTenantNetwork is false on helm values", + tenantResourceValues: map[string]interface{}{ + "secureTenantNetwork": false, + }, + want: true, + }, + { + name: "flag (true) when secureTenantNetwork is not provided", + tenantResourceValues: map[string]interface{}{ + "foo": "bar", + }, + want: true, + }, + { + name: "true when no tenantResourcesValues are provided", + want: true, + }, + { + name: "false when secureTenantNetwork flag is true", + flag: true, + want: false, + }, + { + name: "error when bad value from tenantResourcesValues", + tenantResourceValues: map[string]interface{}{ + "secureTenantNetwork": "bad", + }, + wantErr: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + r := &CentralReconciler{ + secureTenantNetwork: tt.flag, + } + got, err := r.shouldApplyProxyConfig(&private.ManagedCentral{ + Spec: private.ManagedCentralAllOfSpec{ + TenantResourcesValues: tt.tenantResourceValues, + }, + }) + if tt.wantErr { + assert.Error(t, err) + } else { + assert.NoError(t, err) + assert.Equal(t, tt.want, got) + } + }) + } + +}