Tests on cookies propagation

Signed-off-by: Ruben Vargas <ruben.vp8510@gmail.com>

pkg/inject/oauth_proxy.go

@@ -99,7 +99,7 @@ func getOAuthProxyContainer(jaeger *v1.Jaeger) corev1.Container {
 }
 
 //PropagateOAuthCookieSecret preserve the generated oauth cookie across multiple reconciliations
-func PropagateOAuthCookieSecret(specSrc, specDst *appsv1.DeploymentSpec) appsv1.DeploymentSpec {
+func PropagateOAuthCookieSecret(specSrc, specDst appsv1.DeploymentSpec) appsv1.DeploymentSpec {
 	spec := specDst.DeepCopy()
 	secretArg := ""
 	// Find secretArg from old object
@@ -113,7 +113,7 @@ func PropagateOAuthCookieSecret(specSrc, specDst *appsv1.DeploymentSpec) appsv1.
 	if secretArg != "" {
 		for i, container := range spec.Template.Spec.Containers {
 			if container.Name == "oauth-proxy" {
-				util.ReplaceArgument("--cookie-secret", secretArg, spec.Template.Spec.Containers[i].Args)
+				util.ReplaceArgument("--cookie-secret", secretArg, spec.Template.Spec.Containers[i].Args, true)
 			}
 		}
 	}

pkg/inject/oauth_proxy_test.go

@@ -5,13 +5,15 @@ import (
 	"sort"
 	"testing"
 
+	v1 "github.com/jaegertracing/jaeger-operator/pkg/apis/jaegertracing/v1"
+	"github.com/jaegertracing/jaeger-operator/pkg/util"
+
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/types"
 
-	v1 "github.com/jaegertracing/jaeger-operator/pkg/apis/jaegertracing/v1"
 	"github.com/jaegertracing/jaeger-operator/pkg/deployment"
 	"github.com/jaegertracing/jaeger-operator/pkg/service"
 )
@@ -209,3 +211,25 @@ func TestOAuthProxyResourceLimits(t *testing.T) {
 	assert.Equal(t, *resource.NewQuantity(512, resource.DecimalSI), dep.Spec.Template.Spec.Containers[1].Resources.Limits[corev1.ResourceLimitsEphemeralStorage])
 	assert.Equal(t, *resource.NewQuantity(512, resource.DecimalSI), dep.Spec.Template.Spec.Containers[1].Resources.Requests[corev1.ResourceRequestsEphemeralStorage])
 }
+
+func findCookieSecret(containers []corev1.Container) (string, bool) {
+	for _, container := range containers {
+		if container.Name == "oauth-proxy" {
+			return util.FindItem("--cookie-secret=", container.Args), true
+		}
+	}
+	return "", false
+}
+
+func TestPropagateOAuthCookieSecret(t *testing.T) {
+	jaeger := v1.NewJaeger(types.NamespacedName{Name: "my-instance"})
+	jaeger.Spec.Ingress.Security = v1.IngressSecurityOAuthProxy
+	depSrc := OAuthProxy(jaeger, deployment.NewQuery(jaeger).Get())
+	depDst := OAuthProxy(jaeger, deployment.NewQuery(jaeger).Get())
+	srcSecret, _ := findCookieSecret(depSrc.Spec.Template.Spec.Containers)
+	dstSecret, _ := findCookieSecret(depDst.Spec.Template.Spec.Containers)
+	assert.NotEqual(t, srcSecret, dstSecret)
+	resultSpec := PropagateOAuthCookieSecret(depSrc.Spec, depDst.Spec)
+	resultSecret, _ := findCookieSecret(resultSpec.Template.Spec.Containers)
+	assert.Equal(t, srcSecret, resultSecret)
+}

pkg/inventory/deployment.go

@@ -29,7 +29,7 @@ func ForDeployments(existing []appsv1.Deployment, desired []appsv1.Deployment) D
 
 			// we can't blindly DeepCopyInto, so, we select what we bring from the new to the old object
 			tp.Spec = v.Spec
-			tp.Spec = inject.PropagateOAuthCookieSecret(&t.Spec, &tp.Spec)
+			tp.Spec = inject.PropagateOAuthCookieSecret(t.Spec, v.Spec)
 			tp.ObjectMeta.OwnerReferences = v.ObjectMeta.OwnerReferences
 
 			for k, v := range v.ObjectMeta.Annotations {

pkg/util/util.go

@@ -177,13 +177,18 @@ func FindItem(prefix string, args []string) string {
 }
 
 // ReplaceArgument replace argument value with given value.
-func ReplaceArgument(prefix string, newValue string, args []string) {
+func ReplaceArgument(prefix string, newValue string, args []string, firstOccurrence bool) int {
+	found := 0
 	for argIndex, arg := range args {
 		if strings.HasPrefix(arg, prefix) {
 			args[argIndex] = newValue
-			return
+			found++
+			if firstOccurrence {
+				return found
+			}
 		}
 	}
+	return found
 }
 
 // GetPort returns a port, either from supplied default port, or extracted from supplied arg value

pkg/util/util_test.go

@@ -458,3 +458,83 @@ func TestCreateFromSecret(t *testing.T) {
 		assert.Equal(t, test.expected, exp)
 	}
 }
+
+func TestReplaceArgument(t *testing.T) {
+
+	newValue := "SECRET2"
+	prefix := "--cookie-secret="
+
+	tests := []struct {
+		input           []string
+		expected        []string
+		count           int
+		firstOccurrence bool
+	}{
+		{
+			input: []string{
+				"--cookie-secret=SECRET1",
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			expected: []string{
+				"--cookie-secret=" + newValue,
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			count:           1,
+			firstOccurrence: false,
+		},
+		{
+			input: []string{
+				"--cookie-secret=SECRET1",
+				"--cookie-secret=SECRET3",
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			expected: []string{
+				"--cookie-secret=" + newValue,
+				"--cookie-secret=SECRET3",
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			count:           1,
+			firstOccurrence: true,
+		},
+
+		{
+			input: []string{
+				"--cookie-secret=SECRET1",
+				"--cookie-secret=SECRET3",
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			expected: []string{
+				"--cookie-secret=" + newValue,
+				"--cookie-secret=" + newValue,
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			count:           2,
+			firstOccurrence: false,
+		},
+		{
+			input: []string{
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			expected: []string{
+				"--https-address=:8443",
+				"--provider=openshift",
+			},
+			count:           0,
+			firstOccurrence: false,
+		},
+	}
+
+	for _, test := range tests {
+		counter := ReplaceArgument(prefix, prefix+newValue, test.input, test.firstOccurrence)
+		assert.Equal(t, test.count, counter)
+		assert.Equal(t, test.expected, test.input)
+	}
+
+}