Skip to content

Commit

Permalink
Add tests about desired volumes and volumeMounts
Browse files Browse the repository at this point in the history
  • Loading branch information
wpjunior committed May 14, 2024
1 parent 6251938 commit 0971ae8
Show file tree
Hide file tree
Showing 5 changed files with 310 additions and 14 deletions.
26 changes: 13 additions & 13 deletions controllers/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ func (r *RpaasInstanceReconciler) reconcileTLSSessionResumption(ctx context.Cont
}

func (r *RpaasInstanceReconciler) reconcileSecretForSessionTickets(ctx context.Context, instance *v1alpha1.RpaasInstance) (hasChanged bool, err error) {
enabled := isTLSSessionTicketEnabled(instance)
enabled := isTLSSessionTicketEnabled(&instance.Spec)

newSecret, err := newSecretForTLSSessionTickets(instance)
if err != nil {
Expand Down Expand Up @@ -297,7 +297,7 @@ func (r *RpaasInstanceReconciler) reconcileSecretForSessionTickets(ctx context.C
}

func (r *RpaasInstanceReconciler) reconcileCronJobForSessionTickets(ctx context.Context, instance *v1alpha1.RpaasInstance) (hasChanged bool, err error) {
enabled := isTLSSessionTicketEnabled(instance)
enabled := isTLSSessionTicketEnabled(&instance.Spec)

newCronJob := newCronJobForSessionTickets(instance)

Expand Down Expand Up @@ -344,7 +344,7 @@ func (r *RpaasInstanceReconciler) reconcileCronJobForSessionTickets(ctx context.
}

func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.CronJob {
enabled := isTLSSessionTicketEnabled(instance)
enabled := isTLSSessionTicketEnabled(&instance.Spec)

keyLength := v1alpha1.DefaultSessionTicketKeyLength
if enabled && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
Expand Down Expand Up @@ -409,7 +409,7 @@ func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.Cron
Env: []corev1.EnvVar{
{
Name: "SECRET_NAME",
Value: secretNameForTLSSessionTickets(instance),
Value: secretNameForTLSSessionTickets(instance.Name),
},
{
Name: "SECRET_NAMESPACE",
Expand Down Expand Up @@ -464,7 +464,7 @@ func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.Cron

func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Secret, error) {
keyLength := v1alpha1.DefaultSessionTicketKeyLength
if isTLSSessionTicketEnabled(instance) && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
if isTLSSessionTicketEnabled(&instance.Spec) && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
keyLength = instance.Spec.TLSSessionResumption.SessionTicket.KeyLength
}

Expand All @@ -484,7 +484,7 @@ func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Se
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: secretNameForTLSSessionTickets(instance),
Name: secretNameForTLSSessionTickets(instance.Name),
Namespace: instance.Namespace,
Labels: instance.GetBaseLabels(nil),
OwnerReferences: []metav1.OwnerReference{
Expand All @@ -499,20 +499,20 @@ func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Se
}, nil
}

func isTLSSessionTicketEnabled(instance *v1alpha1.RpaasInstance) bool {
return instance.Spec.TLSSessionResumption != nil && instance.Spec.TLSSessionResumption.SessionTicket != nil
func isTLSSessionTicketEnabled(spec *v1alpha1.RpaasInstanceSpec) bool {
return spec.TLSSessionResumption != nil && spec.TLSSessionResumption.SessionTicket != nil
}

func tlsSessionTicketKeys(instance *v1alpha1.RpaasInstance) int {
var nkeys int
if isTLSSessionTicketEnabled(instance) {
if isTLSSessionTicketEnabled(&instance.Spec) {
nkeys = int(instance.Spec.TLSSessionResumption.SessionTicket.KeepLastKeys)
}
return nkeys + 1
}

func secretNameForTLSSessionTickets(instance *v1alpha1.RpaasInstance) string {
return fmt.Sprintf("%s%s", instance.Name, sessionTicketsSecretSuffix)
func secretNameForTLSSessionTickets(instanceName string) string {
return fmt.Sprintf("%s%s", instanceName, sessionTicketsSecretSuffix)
}

func generateSessionTicket(keyLength v1alpha1.SessionTicketKeyLength) ([]byte, error) {
Expand Down Expand Up @@ -1168,12 +1168,12 @@ func newNginx(instanceMergedWithFlavors *v1alpha1.RpaasInstance, plan *v1alpha1.
})
}

if isTLSSessionTicketEnabled(instanceMergedWithFlavors) {
if isTLSSessionTicketEnabled(&instanceMergedWithFlavors.Spec) {
n.Spec.PodTemplate.Volumes = append(n.Spec.PodTemplate.Volumes, corev1.Volume{
Name: sessionTicketsVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secretNameForTLSSessionTickets(instanceMergedWithFlavors),
SecretName: secretNameForTLSSessionTickets(instanceMergedWithFlavors.Name),
},
},
})
Expand Down
41 changes: 41 additions & 0 deletions controllers/validation_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package controllers
import (
"context"
"fmt"
"path/filepath"

"github.com/go-logr/logr"
"github.com/tsuru/rpaas-operator/api/v1alpha1"
Expand All @@ -14,6 +15,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/utils/pointer"

Check failure on line 17 in controllers/validation_controller.go

View workflow job for this annotation

GitHub Actions / test

SA1019: "k8s.io/utils/pointer" is deprecated: Use functions in k8s.io/utils/ptr instead: ptr.To to obtain a pointer, ptr.Deref to dereference a pointer, ptr.Equal to compare dereferenced pointers. (staticcheck)
"k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
Expand Down Expand Up @@ -406,6 +408,7 @@ func newValidationPod(validationMergedWithFlavors *v1alpha1.RpaasValidation, val
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: f.ConfigMap.LocalObjectReference,
Optional: pointer.Bool(false),
},
},
})
Expand Down Expand Up @@ -457,6 +460,44 @@ func newValidationPod(validationMergedWithFlavors *v1alpha1.RpaasValidation, val
})
}

for index, t := range validationMergedWithFlavors.Spec.TLS {
volumeName := fmt.Sprintf("nginx-certs-%d", index)

n.Spec.Volumes = append(n.Spec.Volumes, corev1.Volume{
Name: volumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: t.SecretName,
Optional: ptr.To(false),
},
},
})

n.Spec.Containers[0].VolumeMounts = append(n.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
Name: volumeName,
MountPath: filepath.Join(configMountPath, "certs", t.SecretName),
ReadOnly: true,
})
}

if isTLSSessionTicketEnabled(&validationMergedWithFlavors.Spec) {
n.Spec.Volumes = append(n.Spec.Volumes, corev1.Volume{
Name: sessionTicketsVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secretNameForTLSSessionTickets(validationMergedWithFlavors.Name),
Optional: ptr.To(false),
},
},
})

n.Spec.Containers[0].VolumeMounts = append(n.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
Name: sessionTicketsVolumeName,
MountPath: sessionTicketsVolumeMountPath,
ReadOnly: true,
})
}

return n
}

Expand Down
Loading

0 comments on commit 0971ae8

Please sign in to comment.