Skip to content

Commit

Permalink
[BUGFIX] - Authentication From Revision
Browse files Browse the repository at this point in the history
Currently the authentication was not being copied over to the configuration resource. Update the code to default to Revision, and only if the CloudResource is set, allow it to override
  • Loading branch information
gambol99 committed Mar 28, 2024
1 parent 8fed872 commit 31ff217
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 3 deletions.
8 changes: 7 additions & 1 deletion pkg/controller/cloudresource/ensure.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,9 +170,15 @@ func (c *Controller) ensureConfigurationExists(cloudresource *terraformv1alpha1.
},
}

configuration.Spec.Module = revision.Spec.Configuration.Module
// @step: if the revision contains authentication details
configuration.Spec.Auth = revision.Spec.Configuration.Auth
if cloudresource.Spec.Auth != nil {
configuration.Spec.Auth = cloudresource.Spec.Auth
}

configuration.Spec.EnableAutoApproval = cloudresource.Spec.EnableAutoApproval
configuration.Spec.EnableDriftDetection = cloudresource.Spec.EnableDriftDetection
configuration.Spec.Module = revision.Spec.Configuration.Module
configuration.Spec.Plan = &terraformv1alpha1.PlanReference{
Name: cloudresource.Spec.Plan.Name,
Revision: cloudresource.Spec.Plan.Revision,
Expand Down
36 changes: 34 additions & 2 deletions pkg/controller/cloudresource/reconcile_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/sirupsen/logrus"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/ptr"
Expand Down Expand Up @@ -94,6 +95,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
Description: "The name of the database engine",
},
}
revision.Spec.Configuration.Auth = &v1.SecretReference{Name: "mysecret"}
revision.Spec.Configuration.Module = "git::https://github.com/appvia/terranetes-controller.git?ref=master"
revision.Spec.Configuration.Variables = &runtime.RawExtension{
Raw: []byte("{\"test\": \"default\"}"),
Expand All @@ -105,7 +107,6 @@ var _ = Describe("CloudResource Reconcilation", func() {
cloudresource.Spec.WriteConnectionSecretToRef = &terraformv1alpha1.WriteConnectionSecret{
Name: "mysecret",
}

Expect(cc.Create(context.Background(), revision)).To(Succeed())
Expect(cc.Create(context.Background(), plan)).To(Succeed())
Expect(cc.Create(context.Background(), cloudresource)).To(Succeed())
Expand Down Expand Up @@ -240,7 +241,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
Name: revision.Spec.Plan.Name,
Revision: revision.Spec.Plan.Revision,
}))

Expect(configuration.Spec.Auth).To(Equal(revision.Spec.Configuration.Auth))
Expect(configuration.Spec.Module).To(Equal(revision.Spec.Configuration.Module))
Expect(configuration.Spec.EnableAutoApproval).To(Equal(revision.Spec.Configuration.EnableAutoApproval))
Expect(configuration.Spec.EnableDriftDetection).To(Equal(revision.Spec.Configuration.EnableDriftDetection))
Expand Down Expand Up @@ -377,6 +378,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
Revision: revision.Spec.Plan.Revision,
}))

Expect(configuration.Spec.Auth).To(Equal(revision.Spec.Configuration.Auth))
Expect(configuration.Spec.Module).To(Equal(revision.Spec.Configuration.Module))
Expect(configuration.Spec.EnableAutoApproval).To(Equal(revision.Spec.Configuration.EnableAutoApproval))
Expect(configuration.Spec.EnableDriftDetection).To(Equal(revision.Spec.Configuration.EnableDriftDetection))
Expand All @@ -388,6 +390,36 @@ var _ = Describe("CloudResource Reconcilation", func() {
})
})

Context("and the cloudresource has overidden the revision auth", func() {
BeforeEach(func() {
cloudresource.Spec.Auth = &v1.SecretReference{Name: "cloudresource-secret"}
Expect(cc.Update(context.Background(), cloudresource)).To(Succeed())

result, _, rerr = controllertests.Roll(context.TODO(), ctrl, cloudresource, 0)
})

It("should not return an error", func() {
Expect(rerr).ToNot(HaveOccurred())
})

It("should have updated a configuration", func() {
list := &terraformv1alpha1.ConfigurationList{}
Expect(cc.List(context.Background(), list,
client.InNamespace(cloudresource.Namespace),
client.MatchingLabels(map[string]string{
terraformv1alpha1.CloudResourceNameLabel: cloudresource.Name,
terraformv1alpha1.CloudResourcePlanNameLabel: revision.Spec.Plan.Name,
terraformv1alpha1.CloudResourceRevisionLabel: revision.Spec.Plan.Revision,
terraformv1alpha1.CloudResourceRevisionNameLabel: revision.Name,
}))).To(Succeed())
Expect(list.Items).To(HaveLen(1))

configuration := list.Items[0]
Expect(configuration.Spec.Auth).ToNot(Equal(revision.Spec.Configuration.Auth))
Expect(configuration.Spec.Auth).To(Equal(cloudresource.Spec.Auth))
})
})

Context("and the cloud resource does not have an update available", func() {
BeforeEach(func() {
result, _, rerr = controllertests.Roll(context.TODO(), ctrl, cloudresource, 0)
Expand Down

0 comments on commit 31ff217

Please sign in to comment.