From 7d4162232ccd56a56c5454513c72234925818084 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Tue, 20 Feb 2024 12:03:39 +0100 Subject: [PATCH] [tlse] TLS database connection The my.cnf file gets added to the secret holding the service configs. The content of my.cnf is centrally managed in the mariadb-operator and retrieved calling db.GetDatabaseClientConfig(tlsCfg) Depends-On: https://github.com/openstack-k8s-operators/mariadb-operator/pull/190 Depends-On: https://github.com/openstack-k8s-operators/mariadb-operator/pull/191 Depends-On: https://github.com/openstack-k8s-operators/mariadb-operator/pull/200 Jira: OSPRH-4547 --- controllers/glance_controller.go | 148 ++++++++------- controllers/glanceapi_controller.go | 13 +- go.mod | 2 +- go.sum | 4 +- pkg/glance/cronjob.go | 6 + pkg/glance/dbsync.go | 6 + pkg/glance/volumes.go | 6 + test/functional/glance_controller_test.go | 7 + test/functional/glanceapi_controller_test.go | 180 ++++++++++++++++++- 9 files changed, 303 insertions(+), 69 deletions(-) diff --git a/controllers/glance_controller.go b/controllers/glance_controller.go index b2bcca1a..8cbb5e9f 100644 --- a/controllers/glance_controller.go +++ b/controllers/glance_controller.go @@ -22,6 +22,7 @@ import ( "time" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" rbacv1 "k8s.io/api/rbac/v1" k8s_errors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/fields" @@ -363,67 +364,10 @@ func (r *GlanceReconciler) reconcileInit( ) (ctrl.Result, error) { r.Log.Info(fmt.Sprintf("Reconciling Service '%s' init", instance.Name)) - // - // create service DB instance - // - db := mariadbv1.NewDatabase( - instance.Name, - instance.Spec.DatabaseUser, - instance.Spec.Secret, - map[string]string{ - "dbName": instance.Spec.DatabaseInstance, - }, - ) - // create or patch the DB - ctrlResult, err := db.CreateOrPatchDB( - ctx, - helper, - ) - if err != nil { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.DBReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.DBReadyRunningMessage)) - return ctrlResult, nil - } - // wait for the DB to be setup - ctrlResult, err = db.WaitForDBCreated(ctx, helper) - if err != nil { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.DBReadyErrorMessage, - err.Error())) - return ctrlResult, err - } - if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.DBReadyRunningMessage)) - return ctrlResult, nil - } - // update Status.DatabaseHostname, used to config the service - instance.Status.DatabaseHostname = db.GetDatabaseHostname() - instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage) - // create service DB - end - // // create Keystone service and users - https://docs.openstack.org/Glance/latest/install/install-rdo.html#configure-user-and-endpoints // - _, _, err = oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace) + _, _, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace) if err != nil { if k8s_errors.IsNotFound(err) { return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("OpenStack secret %s not found", instance.Spec.Secret) @@ -442,7 +386,7 @@ func (r *GlanceReconciler) reconcileInit( } ksSvc := keystonev1.NewKeystoneService(ksSvcSpec, instance.Namespace, serviceLabels, time.Duration(10)*time.Second) - ctrlResult, err = ksSvc.CreateOrPatch(ctx, helper) + ctrlResult, err := ksSvc.CreateOrPatch(ctx, helper) if err != nil { return ctrlResult, err } @@ -588,6 +532,13 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) // run check OpenStack secret - end + result, err := r.ensureDB(ctx, helper, instance) + if err != nil { + return ctrl.Result{}, err + } else if (result != ctrl.Result{}) { + return result, nil + } + // // Create Secrets required as input for the Service and calculate an overall hash of hashes // @@ -899,7 +850,7 @@ func (r *GlanceReconciler) generateServiceConfig( // hence only passing the database related parameters templateParameters := map[string]interface{}{ "MinimalConfig": true, // This tells the template to generate a minimal config - "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s", + "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", instance.Spec.DatabaseUser, string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), instance.Status.DatabaseHostname, @@ -919,7 +870,15 @@ func (r *GlanceReconciler) generateServiceConfig( templateParameters["ImageCacheDir"] = glance.ImageCacheDir } - customData := map[string]string{glance.CustomConfigFileName: instance.Spec.CustomServiceConfig} + db, err := mariadbv1.GetDatabaseByName(ctx, h, glance.DatabaseName) + if err != nil { + return err + } + + customData := map[string]string{ + glance.CustomConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(&tls.Service{}), //(mschuppert) for now just get the default my.cnf + } // Generate both default 00-config.conf and -scripts return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, true) @@ -1074,3 +1033,70 @@ func (r *GlanceReconciler) glanceAPICleanup(ctx context.Context, instance *glanc } return nil } + +func (r *GlanceReconciler) ensureDB( + ctx context.Context, + h *helper.Helper, + instance *glancev1.Glance, +) (ctrl.Result, error) { + // + // create service DB instance + // + db := mariadbv1.NewDatabase( + instance.Name, + instance.Spec.DatabaseUser, + instance.Spec.Secret, + map[string]string{ + "dbName": instance.Spec.DatabaseInstance, + }, + ) + + // create or patch the DB + ctrlResult, err := db.CreateOrPatchDBByName( + ctx, + h, + instance.Spec.DatabaseInstance, + ) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.DBReadyErrorMessage, + err.Error())) + return ctrl.Result{}, err + } + if (ctrlResult != ctrl.Result{}) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.DBReadyRunningMessage)) + return ctrlResult, nil + } + // wait for the DB to be setup + // (ksambor) should we use WaitForDBCreatedWithTimeout instead? + ctrlResult, err = db.WaitForDBCreated(ctx, h) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.DBReadyErrorMessage, + err.Error())) + return ctrlResult, err + } + if (ctrlResult != ctrl.Result{}) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.DBReadyRunningMessage)) + return ctrlResult, nil + } + + // update Status.DatabaseHostname, used to config the service + instance.Status.DatabaseHostname = db.GetDatabaseHostname() + instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage) + return ctrlResult, nil +} diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go index 57e6a85d..41f79a6e 100644 --- a/controllers/glanceapi_controller.go +++ b/controllers/glanceapi_controller.go @@ -58,6 +58,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -791,8 +792,16 @@ func (r *GlanceAPIReconciler) generateServiceConfig( ) error { labels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), serviceLabels) + db, err := mariadbv1.GetDatabaseByName(ctx, h, glance.DatabaseName) + if err != nil { + return err + } + // 02-config.conf - customData := map[string]string{glance.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} + customData := map[string]string{ + glance.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(&tls.Service{}), //(mschuppert) for now just get the default my.cnf + } // 03-config.conf customSecrets := "" @@ -845,7 +854,7 @@ func (r *GlanceAPIReconciler) generateServiceConfig( "ServicePassword": string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]), "KeystoneInternalURL": keystoneInternalURL, "KeystonePublicURL": keystonePublicURL, - "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s", + "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", instance.Spec.DatabaseUser, string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), instance.Spec.DatabaseHostname, diff --git a/go.mod b/go.mod index 564f5113..45159de6 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 - github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240215091212-cbf2ad281f43 + github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e k8s.io/api v0.28.3 k8s.io/apimachinery v0.28.3 k8s.io/client-go v0.28.3 diff --git a/go.sum b/go.sum index e82f8609..4a44f285 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,8 @@ github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.202402161 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:sK82mkh2UzITsbNa/y6AKTZftHQnsYigqRx+rFbfZM4= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 h1:ioJ2MO3vAcBkLM+0UBu5IuKW/DPXcyiNSOLq0Xvn+Nw= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240215091212-cbf2ad281f43 h1:azblrnuVV8sLWihuqS7lJMrwpo1dtB1K5vvkug0agw4= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240215091212-cbf2ad281f43/go.mod h1:52Ja/B4RrrytMmKh+Kf+/BPe7Fq40Pi77vcFH4yJeoU= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e h1:6vqp5HZwcGvPH0MII/23iCd97T3/1HJZlONKW6LyNio= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/pkg/glance/cronjob.go b/pkg/glance/cronjob.go index 854c19db..2c9b0e54 100644 --- a/pkg/glance/cronjob.go +++ b/pkg/glance/cronjob.go @@ -95,6 +95,12 @@ func CronJob( MountPath: "/etc/glance/glance.conf.d", ReadOnly: true, }, + { + Name: "db-purge-config-data", + MountPath: "/etc/my.cnf", + SubPath: "my.cnf", + ReadOnly: true, + }, } // add CA cert if defined from the first api diff --git a/pkg/glance/dbsync.go b/pkg/glance/dbsync.go index 872c7f17..c550e504 100644 --- a/pkg/glance/dbsync.go +++ b/pkg/glance/dbsync.go @@ -80,6 +80,12 @@ func DbSyncJob( MountPath: "/etc/glance/glance.conf.d", ReadOnly: true, }, + { + Name: "db-sync-config-data", + MountPath: "/etc/my.cnf", + SubPath: "my.cnf", + ReadOnly: true, + }, { Name: "config-data", MountPath: "/var/lib/kolla/config_files/config.json", diff --git a/pkg/glance/volumes.go b/pkg/glance/volumes.go index dd5a0a1c..2c36ee0c 100644 --- a/pkg/glance/volumes.go +++ b/pkg/glance/volumes.go @@ -131,6 +131,12 @@ func GetVolumeMounts(secretNames []string, hasCinder bool, extraVol []glancev1.G MountPath: "/var/lib/config-data/default", ReadOnly: true, }, + { + Name: "config-data", + MountPath: "/etc/my.cnf", + SubPath: "my.cnf", + ReadOnly: true, + }, { Name: ServiceName, MountPath: "/var/lib/glance", diff --git a/test/functional/glance_controller_test.go b/test/functional/glance_controller_test.go index 304a57b8..3f801678 100644 --- a/test/functional/glance_controller_test.go +++ b/test/functional/glance_controller_test.go @@ -146,6 +146,13 @@ var _ = Describe("Glance controller", func() { th.SimulateJobSuccess(glanceTest.GlanceDBSync) Glance := GetGlance(glanceTest.Instance) Expect(Glance.Status.DatabaseHostname).To(Equal(fmt.Sprintf("hostname-for-openstack.%s.svc", namespace))) + + secretDataMap := th.GetSecret(glanceTest.GlanceConfigMapData) + Expect(secretDataMap).ShouldNot(BeNil()) + myCnf := secretDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) + th.ExpectCondition( glanceName, ConditionGetterFunc(GlanceConditionGetter), diff --git a/test/functional/glanceapi_controller_test.go b/test/functional/glanceapi_controller_test.go index 2acd925f..d7af1613 100644 --- a/test/functional/glanceapi_controller_test.go +++ b/test/functional/glanceapi_controller_test.go @@ -23,6 +23,7 @@ import ( . "github.com/onsi/gomega" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -70,6 +71,20 @@ var _ = Describe("Glanceapi controller", func() { When("the Secret is created with all the expected fields", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) spec := GetDefaultGlanceAPISpec(GlanceAPITypeSingle) spec["customServiceConfig"] = "foo=bar" DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceSingle, spec)) @@ -97,6 +112,11 @@ var _ = Describe("Glanceapi controller", func() { //Double check customServiceConfig has been applied configData := string(secretDataMap.Data["02-config.conf"]) Expect(configData).Should(ContainSubstring("foo=bar")) + + Expect(secretDataMap).ShouldNot(BeNil()) + myCnf := secretDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) }) It("stored the input hash in the Status", func() { Eventually(func(g Gomega) { @@ -108,6 +128,20 @@ var _ = Describe("Glanceapi controller", func() { When("GlanceAPI is generated by the top-level CR", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceInternal, CreateGlanceAPISpec(GlanceAPITypeInternal))) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceExternal, CreateGlanceAPISpec(GlanceAPITypeExternal))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.Instance.Namespace)) @@ -134,7 +168,7 @@ var _ = Describe("Glanceapi controller", func() { Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(3)) container := ss.Spec.Template.Spec.Containers[2] - Expect(container.VolumeMounts).To(HaveLen(5)) + Expect(container.VolumeMounts).To(HaveLen(6)) Expect(container.Image).To(Equal(glanceTest.ContainerImage)) Expect(container.LivenessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) Expect(container.ReadinessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) @@ -152,7 +186,7 @@ var _ = Describe("Glanceapi controller", func() { // Check the glance-api container container := ss.Spec.Template.Spec.Containers[2] - Expect(container.VolumeMounts).To(HaveLen(5)) + Expect(container.VolumeMounts).To(HaveLen(6)) Expect(container.Image).To(Equal(glanceTest.ContainerImage)) Expect(container.LivenessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) Expect(container.ReadinessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) @@ -175,6 +209,20 @@ var _ = Describe("Glanceapi controller", func() { When("GlanceAPI is generated by the top-level CR (single-api)", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceSingle, CreateGlanceAPISpec(GlanceAPITypeSingle))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.Instance.Namespace)) th.ExpectCondition( @@ -193,7 +241,7 @@ var _ = Describe("Glanceapi controller", func() { Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(3)) container := ss.Spec.Template.Spec.Containers[2] - Expect(container.VolumeMounts).To(HaveLen(5)) + Expect(container.VolumeMounts).To(HaveLen(6)) Expect(container.Image).To(Equal(glanceTest.ContainerImage)) Expect(container.LivenessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) Expect(container.ReadinessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) @@ -205,6 +253,21 @@ var _ = Describe("Glanceapi controller", func() { }) When("the StatefulSet has at least one Replica ready - External", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceExternal, CreateGlanceAPISpec(GlanceAPITypeExternal))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.GlanceExternal.Namespace)) th.SimulateStatefulSetReplicaReady(glanceTest.GlanceExternalStatefulSet) @@ -239,6 +302,21 @@ var _ = Describe("Glanceapi controller", func() { }) When("the StatefulSet has at least one Replica ready - Internal", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceInternal, CreateGlanceAPISpec(GlanceAPITypeInternal))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.GlanceInternal.Namespace)) th.SimulateStatefulSetReplicaReady(glanceTest.GlanceInternalStatefulSet) @@ -273,6 +351,21 @@ var _ = Describe("Glanceapi controller", func() { }) When("the StatefulSet has at least one Replica ready - Single", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceSingle, CreateGlanceAPISpec(GlanceAPITypeSingle))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.GlanceSingle.Namespace)) th.SimulateStatefulSetReplicaReady(glanceTest.GlanceSingle) @@ -308,6 +401,21 @@ var _ = Describe("Glanceapi controller", func() { }) When("A GlanceAPI is created with service override", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) spec := CreateGlanceAPISpec(GlanceAPITypeInternal) serviceOverride := map[string]interface{}{} serviceOverride["internal"] = map[string]interface{}{ @@ -372,6 +480,21 @@ var _ = Describe("Glanceapi controller", func() { }) When("A GlanceAPI is created with service override endpointURL set", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBDatabaseCompleted(glanceTest.Instance) spec := CreateGlanceAPISpec(GlanceAPITypeExternal) serviceOverride := map[string]interface{}{} serviceOverride["public"] = map[string]interface{}{ @@ -403,6 +526,21 @@ var _ = Describe("Glanceapi controller", func() { When("A split GlanceAPI with TLS is generated by the top-level CR", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBTLSDatabaseCompleted(glanceTest.Instance) DeferCleanup(k8sClient.Delete, ctx, th.CreateCABundleSecret(glanceTest.CABundleSecret)) DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(glanceTest.InternalCertSecret)) DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(glanceTest.PublicCertSecret)) @@ -505,6 +643,21 @@ var _ = Describe("Glanceapi controller", func() { When("A single GlanceAPI with TLS is generated by the top-level CR (single-api)", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBTLSDatabaseCompleted(glanceTest.Instance) DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceSingle, GetTLSGlanceAPISpec(GlanceAPITypeSingle))) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(glanceTest.Instance.Namespace)) @@ -603,6 +756,12 @@ var _ = Describe("Glanceapi controller", func() { Expect(httpdProxyContainer.ReadinessProbe.HTTPGet.Scheme).To(Equal(corev1.URISchemeHTTPS)) Expect(httpdProxyContainer.LivenessProbe.HTTPGet.Scheme).To(Equal(corev1.URISchemeHTTPS)) + + secretDataMap := th.GetSecret(glanceTest.GlanceSingleConfigMapData) + Expect(secretDataMap).ShouldNot(BeNil()) + myCnf := secretDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("TLS Endpoints are created", func() { @@ -657,6 +816,21 @@ var _ = Describe("Glanceapi controller", func() { When("A GlanceAPI with TLS is created with service override endpointURL", func() { BeforeEach(func() { + DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) + DeferCleanup( + mariadb.DeleteDBService, + mariadb.CreateDBService( + glanceName.Namespace, + GetGlance(glanceTest.Instance).Spec.DatabaseInstance, + corev1.ServiceSpec{ + Ports: []corev1.ServicePort{{Port: 3306}}, + }, + ), + ) + mariadb.CreateMariaDBAccount(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(glanceTest.Instance.Namespace, glanceTest.Instance.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.SimulateMariaDBAccountCompleted(glanceTest.Instance) + mariadb.SimulateMariaDBTLSDatabaseCompleted(glanceTest.Instance) DeferCleanup(k8sClient.Delete, ctx, th.CreateCABundleSecret(glanceTest.CABundleSecret)) DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(glanceTest.InternalCertSecret)) DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(glanceTest.PublicCertSecret))