Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DataPlaneNodeSet tls verification #1057

Merged
merged 1 commit into from
Sep 11, 2024
Merged

Fix DataPlaneNodeSet tls verification #1057

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions apis/dataplane/v1beta1/openstackdataplanenodeset_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,15 +335,14 @@ func (r *OpenStackDataPlaneNodeSetSpec) ValidateTLS(namespace string, reconciler
// Do TLS flags match in control plane ingress, pods and data plane
func (r *OpenStackDataPlaneNodeSetSpec) TLSMatch(controlPlane openstackv1.OpenStackControlPlane) *field.Error {

if controlPlane.Spec.TLS.Ingress.Enabled != r.TLSEnabled || controlPlane.Spec.TLS.PodLevel.Enabled != r.TLSEnabled {
if controlPlane.Spec.TLS.PodLevel.Enabled != r.TLSEnabled {

return field.Forbidden(
field.NewPath("spec.tlsEnabled"),
fmt.Sprintf(
"TLS settings on Data Plane node set and Control Plane %s do not match, Node set: %t Control Plane Ingress: %t Control Plane PodLevel: %t",
"TLS settings on Data Plane node set and Control Plane %s do not match, Node set: %t Control Plane PodLevel: %t",
controlPlane.Name,
r.TLSEnabled,
controlPlane.Spec.TLS.Ingress.Enabled,
controlPlane.Spec.TLS.PodLevel.Enabled))
}
return nil
Expand Down
6 changes: 3 additions & 3 deletions tests/functional/dataplane/base_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,7 @@ func CreateOpenStackControlPlane(name types.NamespacedName, spec map[string]inte
return th.CreateUnstructured(raw)
}

func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{} {
func GetDefaultOpenStackControlPlaneSpec(tlsIngress bool, tlsPodlevel bool) map[string]interface{} {
memcachedTemplate := map[string]interface{}{
"memcached": map[string]interface{}{
"replicas": 1,
Expand Down Expand Up @@ -513,7 +513,7 @@ func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{}
},
"tls": map[string]interface{}{
"ingress": map[string]interface{}{
"enabled": enableTLS,
"enabled": tlsIngress,

"ca": map[string]interface{}{
"customIssuer": "custom-issuer",
Expand All @@ -524,7 +524,7 @@ func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{}
},
},
"podLevel": map[string]interface{}{
"enabled": enableTLS,
"enabled": tlsPodlevel,
"internal": map[string]interface{}{
"ca": map[string]interface{}{
"duration": "100h",
Expand Down
8 changes: 4 additions & 4 deletions tests/functional/dataplane/openstackdataplanedeployment_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1563,7 +1563,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
})
})

When("A user sets TLSEnabled to true with control plane TLS disabled", func() {
When("A user sets TLSEnabled to true with control plane with PodLevel TLS disabled", func() {
BeforeEach(func() {
CreateSSHSecret(dataplaneSSHSecretName)
DeferCleanup(th.DeleteInstance, th.CreateSecret(neutronOvnMetadataSecretName, map[string][]byte{
Expand Down Expand Up @@ -1596,7 +1596,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
SimulateIPSetComplete(dataplaneNodeName)
SimulateDNSDataComplete(dataplaneNodeSetName)

DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(false)))
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true, false)))
})

It("Should have Spec fields initialized", func() {
Expand Down Expand Up @@ -1661,7 +1661,7 @@ var _ = Describe("Dataplane Deployment Test", func() {

})

When("A user sets TLSEnabled to true with control plane TLS enabled", func() {
When("A user sets TLSEnabled to true with control plane PodLevel TLS enabled", func() {
BeforeEach(func() {
CreateSSHSecret(dataplaneSSHSecretName)
DeferCleanup(th.DeleteInstance, th.CreateSecret(neutronOvnMetadataSecretName, map[string][]byte{
Expand Down Expand Up @@ -1695,7 +1695,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
SimulateIPSetComplete(dataplaneNodeName)
SimulateDNSDataComplete(dataplaneNodeSetName)

DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true)))
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true, true)))
})

It("Should have Spec fields initialized", func() {
Expand Down
Loading