use new fields and methods for external DNS

api/deployments/component_controller_test.go

@@ -113,8 +113,8 @@ func TestGetComponents_WithExternalAlias_ContainsTLSSecrets(t *testing.T) {
 				WithName("frontend").
 				WithPort("http", 8080).
 				WithPublicPort("http").
-				WithDNSExternalAlias("some.alias.com").
-				WithDNSExternalAlias("another.alias.com")))
+				WithExternalDNS(v1.RadixDeployExternalDNS{FQDN: "some.alias.com"}, v1.RadixDeployExternalDNS{FQDN: "another.alias.com"}),
+		))
 	require.NoError(t, err)
 
 	// Test

api/deployments/deployment_controller_test.go

@@ -359,12 +359,11 @@ func TestGetDeployment_TwoDeploymentsFirstDeployment_ReturnsDeploymentWithCompon
 				WithImage("radixdev.azurecr.io/some-image:imagetag").
 				WithName("frontend").
 				WithPort("http", 8080).
-				WithPublic(true).
+				WithPublicPort("http").
 				WithReplicas(commontest.IntPtr(1)),
 			builders.NewDeployComponentBuilder().
 				WithImage("radixdev.azurecr.io/another-image:imagetag").
 				WithName("backend").
-				WithPublic(false).
 				WithReplicas(commontest.IntPtr(1))))
 	require.NoError(t, err)
 
@@ -387,7 +386,6 @@ func TestGetDeployment_TwoDeploymentsFirstDeployment_ReturnsDeploymentWithCompon
 			builders.NewDeployComponentBuilder().
 				WithImage("radixdev.azurecr.io/another-second-image:imagetag").
 				WithName("backend").
-				WithPublic(false).
 				WithReplicas(commontest.IntPtr(1))))
 	require.NoError(t, err)
 

api/deployments/models/component_builder.go

@@ -104,9 +104,9 @@ func (b *componentBuilder) WithComponent(component v1.RadixCommonDeployComponent
 		b.secrets = []string{}
 	}
 
-	for _, externalAlias := range component.GetDNSExternalAlias() {
-		b.secrets = append(b.secrets, externalAlias+suffix.ExternalDNSTLSCert)
-		b.secrets = append(b.secrets, externalAlias+suffix.ExternalDNSTLSKey)
+	for _, externalAlias := range component.GetExternalDNS() {
+		b.secrets = append(b.secrets, externalAlias.FQDN+suffix.ExternalDNSTLSCert)
+		b.secrets = append(b.secrets, externalAlias.FQDN+suffix.ExternalDNSTLSKey)
 	}
 
 	for _, volumeMount := range component.GetVolumeMounts() {

api/environments/environment_controller_secrets_test.go

@@ -147,7 +147,7 @@ func (s *secretHandlerTestSuite) TestSecretHandler_GetSecrets() {
 			},
 		},
 		{
-			name:       "External alias secrets with no secrets, must build secrets from deploy component",
+			name:       "External alias (using deprected DNSExternalAlias) secrets with no secrets, must build secrets from deploy component",
 			components: []v1.RadixDeployComponent{{Name: componentName1, DNSExternalAlias: []string{"deployed-alias-1", "deployed-alias-2"}}},
 			expectedSecrets: []secretModels.Secret{
 				{
@@ -188,6 +188,54 @@ func (s *secretHandlerTestSuite) TestSecretHandler_GetSecrets() {
 				},
 			},
 		},
+		{
+			name: "External alias secrets with no secrets, must build secrets from deploy component",
+			components: []v1.RadixDeployComponent{{
+				Name: componentName1,
+				ExternalDNS: []v1.RadixDeployExternalDNS{
+					{FQDN: "deployed-alias-1"},
+					{FQDN: "deployed-alias-2", UseCertificateAutomation: false},
+					{FQDN: "deployed-alias-3", UseCertificateAutomation: true},
+				}}},
+			expectedSecrets: []secretModels.Secret{
+				{
+					Name:        "deployed-alias-1-key",
+					DisplayName: "Key",
+					Type:        secretModels.SecretTypeClientCert,
+					Resource:    "deployed-alias-1",
+					Component:   componentName1,
+					Status:      secretModels.Pending.String(),
+					ID:          secretModels.SecretIdKey,
+				},
+				{
+					Name:        "deployed-alias-1-cert",
+					DisplayName: "Certificate",
+					Type:        secretModels.SecretTypeClientCert,
+					Resource:    "deployed-alias-1",
+					Component:   componentName1,
+					Status:      secretModels.Pending.String(),
+					ID:          secretModels.SecretIdCert,
+				},
+				{
+					Name:        "deployed-alias-2-key",
+					DisplayName: "Key",
+					Type:        secretModels.SecretTypeClientCert,
+					Resource:    "deployed-alias-2",
+					Component:   componentName1,
+					Status:      secretModels.Pending.String(),
+					ID:          secretModels.SecretIdKey,
+				},
+				{
+					Name:        "deployed-alias-2-cert",
+					DisplayName: "Certificate",
+					Type:        secretModels.SecretTypeClientCert,
+					Resource:    "deployed-alias-2",
+					Component:   componentName1,
+					Status:      secretModels.Pending.String(),
+					ID:          secretModels.SecretIdCert,
+				},
+			},
+		},
 		{
 			name: "Azure Blob volumes credential secrets with no secrets",
 			components: []v1.RadixDeployComponent{
@@ -878,7 +926,7 @@ func (s *externalDnsAliasSecretTestSuite) SetupTest() {
 		ARadixDeployment().
 		WithAppName(s.appName).
 		WithEnvironment(s.environmentName).
-		WithComponents(operatorutils.NewDeployComponentBuilder().WithName(s.componentName).WithDNSExternalAlias(s.alias)).
+		WithComponents(operatorutils.NewDeployComponentBuilder().WithName(s.componentName).WithExternalDNS(v1.RadixDeployExternalDNS{FQDN: s.alias})).
 		WithImageTag("master"))
 	require.NoError(s.T(), err)
 	s.deployment = deployment

api/environments/environment_controller_test.go

@@ -828,15 +828,15 @@ func TestUpdateSecret_TLSSecretForExternalAlias_UpdatedOk(t *testing.T) {
 		WithRadixApplication(operatorutils.ARadixApplication().
 			WithAppName(anyAppName).
 			WithEnvironment(anyEnvironment, "master").
-			WithDNSExternalAlias("some.alias.com", anyEnvironment, anyComponentName).
-			WithDNSExternalAlias("another.alias.com", anyEnvironment, anyComponentName)).
+			WithDNSExternalAlias("some.alias.com", anyEnvironment, anyComponentName, false).
+			WithDNSExternalAlias("another.alias.com", anyEnvironment, anyComponentName, false)).
 		WithComponents(
 			operatorutils.NewDeployComponentBuilder().
 				WithName(anyComponentName).
 				WithPort("http", 8080).
 				WithPublicPort("http").
-				WithDNSExternalAlias("some.alias.com").
-				WithDNSExternalAlias("another.alias.com")))
+				WithExternalDNS(v1.RadixDeployExternalDNS{FQDN: "some.alias.com"}, v1.RadixDeployExternalDNS{FQDN: "another.alias.com"}),
+		))
 	require.NoError(t, err)
 
 	// Test

api/environments/legacy_job_handler.go

@@ -41,7 +41,7 @@ type legacyJobHandler struct {
 
 // GetJobs Get jobs
 func (h legacyJobHandler) GetJobs(ctx context.Context, appName, envName, jobComponentName string) ([]deploymentModels.
-ScheduledJobSummary, error) {
+	ScheduledJobSummary, error) {
 	namespace := operatorUtils.GetEnvironmentNamespace(appName, envName)
 	jobs, err := h.getSingleJobs(ctx, namespace, jobComponentName)
 	if err != nil {
@@ -63,7 +63,7 @@ ScheduledJobSummary, error) {
 }
 
 func (h legacyJobHandler) GetJob(ctx context.Context, appName, envName, jobComponentName, jobName string) (*deploymentModels.
-ScheduledJobSummary, error) {
+	ScheduledJobSummary, error) {
 	namespace := operatorUtils.GetEnvironmentNamespace(appName, envName)
 	job, err := h.getJob(ctx, namespace, jobComponentName, jobName, kube.RadixJobTypeJobSchedule)
 	if err != nil {
@@ -87,7 +87,7 @@ ScheduledJobSummary, error) {
 
 // GetBatches Get batches
 func (h legacyJobHandler) GetBatches(ctx context.Context, appName, envName, jobComponentName string) ([]deploymentModels.
-ScheduledBatchSummary, error) {
+	ScheduledBatchSummary, error) {
 	namespace := operatorUtils.GetEnvironmentNamespace(appName, envName)
 	batches, err := h.getBatches(ctx, namespace, jobComponentName)
 	if err != nil {
@@ -112,7 +112,7 @@ func (h legacyJobHandler) getScheduledJobSummaryList(jobs []batchv1.Job,
 }
 
 func (h legacyJobHandler) GetBatch(ctx context.Context, appName, envName, jobComponentName, batchName string) (*deploymentModels.
-ScheduledBatchSummary, error) {
+	ScheduledBatchSummary, error) {
 	namespace := operatorUtils.GetEnvironmentNamespace(appName, envName)
 	batch, err := h.getJob(ctx, namespace, jobComponentName, batchName, kube.RadixJobTypeBatchSchedule)
 	if err != nil {
@@ -135,7 +135,8 @@ ScheduledBatchSummary, error) {
 		return nil, err
 	}
 	summary.Status = batchStatus.Status
-	//nolint:staticcheck // SA1019 support old batch scheduler
+	//nolint:staticcheck
+	//lint:ignore SA1019 support old batch scheduler
 	summary.Message = batchStatus.Message
 
 	jobPodsMap, err := h.getJobPodsMap(batchPods)
@@ -144,7 +145,8 @@ ScheduledBatchSummary, error) {
 	}
 	if batchPod, ok := jobPodsMap[batchName]; ok && len(batchPod) > 0 {
 		batchPodSummary := deploymentModels.GetReplicaSummary(batchPod[0])
-		//nolint:staticcheck // SA1019 support old batch scheduler
+		//nolint:staticcheck
+		//lint:ignore SA1019 support old batch scheduler
 		summary.Replica = &batchPodSummary
 	}
 	batchJobSummaryList, err := h.getBatchJobSummaryList(ctx, namespace, jobComponentName, batchName, jobPodsMap)

api/jobs/job_handler_test.go

@@ -181,7 +181,8 @@ func (s *JobHandlerTestSuite) Test_GetApplicationJob() {
 			{Name: comp2Name, Type: comp2Type, Image: comp2Image},
 		}
 
-		//nolint:staticcheck // SA1019 we want to make sure that Components is populated for backward compatibility (at least for a while)
+		//nolint:staticcheck
+		//lint:ignore SA1019 we want to make sure that Components is populated for backward compatibility (at least for a while)
 		s.ElementsMatch(slice.PointersOf(expectedComponents), actualJob.Components)
 		expectedSteps := []jobModels.Step{
 			{Name: step1Name, PodName: step1Pod, Status: string(step1Condition), Started: radixutils.FormatTime(&step1Started), Ended: radixutils.FormatTime(&step1Ended), Components: step1Components},

api/models/secret.go

@@ -25,7 +25,7 @@ const secretDefaultData = "xx"
 func BuildSecrets(secretList []corev1.Secret, secretProviderClassList []secretsstorev1.SecretProviderClass, rd *radixv1.RadixDeployment, tlsValidator tlsvalidator.TLSSecretValidator) []secretModels.Secret {
 	var secrets []secretModels.Secret
 	secrets = append(secrets, getSecretsForDeployment(secretList, rd)...)
-	secrets = append(secrets, getSecretsForTLSCertificates(secretList, rd, tlsValidator)...)
+	secrets = append(secrets, getSecretsForExternalDNS(secretList, rd, tlsValidator)...)
 	secrets = append(secrets, getSecretsForVolumeMounts(secretList, rd)...)
 	secrets = append(secrets, getSecretsForAuthentication(secretList, rd)...)
 	secrets = append(secrets, getSecretsForSecretRefs(secretList, secretProviderClassList, rd)...)
@@ -100,19 +100,23 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy
 	return secretDTOsMap
 }
 
-func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixDeployment, tlsValidator tlsvalidator.TLSSecretValidator) []secretModels.Secret {
+func getSecretsForExternalDNS(secretList []corev1.Secret, rd *radixv1.RadixDeployment, tlsValidator tlsvalidator.TLSSecretValidator) []secretModels.Secret {
 	if tlsValidator == nil {
 		tlsValidator = tlsvalidator.DefaultValidator()
 	}
 
 	var secrets []secretModels.Secret
 	for _, component := range rd.Spec.Components {
-		for _, externalAlias := range component.DNSExternalAlias {
+		for _, externalAlias := range component.GetExternalDNS() {
+			if externalAlias.UseCertificateAutomation {
+				continue
+			}
+
 			var certData, keyData []byte
 			certStatus := secretModels.Consistent
 			keyStatus := secretModels.Consistent
 
-			if secretValue, ok := slice.FindFirst(secretList, isSecretWithName(externalAlias)); ok {
+			if secretValue, ok := slice.FindFirst(secretList, isSecretWithName(externalAlias.FQDN)); ok {
 				certData = secretValue.Data[corev1.TLSCertKey]
 				if certValue := strings.TrimSpace(string(certData)); len(certValue) == 0 || strings.EqualFold(certValue, secretDefaultData) {
 					certStatus = secretModels.Pending
@@ -134,7 +138,7 @@ func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixD
 			if certStatus == secretModels.Consistent {
 				tlsCerts = append(tlsCerts, secretModels.ParseTLSCertificatesFromPEM(certData)...)
 
-				if certIsValid, messages := tlsValidator.ValidateTLSCertificate(certData, keyData, externalAlias); !certIsValid {
+				if certIsValid, messages := tlsValidator.ValidateTLSCertificate(certData, keyData, externalAlias.FQDN); !certIsValid {
 					certStatus = secretModels.Invalid
 					certStatusMessages = append(certStatusMessages, messages...)
 				}
@@ -150,21 +154,21 @@ func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixD
 
 			secrets = append(secrets,
 				secretModels.Secret{
-					Name:            externalAlias + suffix.ExternalDNSTLSCert,
+					Name:            externalAlias.FQDN + suffix.ExternalDNSTLSCert,
 					DisplayName:     "Certificate",
 					Type:            secretModels.SecretTypeClientCert,
-					Resource:        externalAlias,
+					Resource:        externalAlias.FQDN,
 					ID:              secretModels.SecretIdCert,
 					Component:       component.GetName(),
 					Status:          certStatus.String(),
 					StatusMessages:  certStatusMessages,
 					TLSCertificates: tlsCerts,
 				},
 				secretModels.Secret{
-					Name:           externalAlias + suffix.ExternalDNSTLSKey,
+					Name:           externalAlias.FQDN + suffix.ExternalDNSTLSKey,
 					DisplayName:    "Key",
 					Type:           secretModels.SecretTypeClientCert,
-					Resource:       externalAlias,
+					Resource:       externalAlias.FQDN,
 					Component:      component.GetName(),
 					ID:             secretModels.SecretIdKey,
 					Status:         keyStatus.String(),

api/test/utils.go

@@ -105,7 +105,6 @@ func GetErrorResponse(response *httptest.ResponseRecorder) (*radixhttp.Error, er
 func GetResponseBody(response *httptest.ResponseRecorder, target interface{}) error {
 	reader := bytes.NewReader(response.Body.Bytes()) //To allow read from response body multiple times
 	body, _ := io.ReadAll(reader)
-	log.Infof(string(body))
 	return json.Unmarshal(body, target)
 }
 

api/utils/test.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/equinor/radix-operator/pkg/apis/application"
 	"github.com/equinor/radix-operator/pkg/apis/applicationconfig"
+	"github.com/equinor/radix-operator/pkg/apis/config"
 	"github.com/equinor/radix-operator/pkg/apis/config/dnsalias"
 	"github.com/equinor/radix-operator/pkg/apis/deployment"
 	"github.com/equinor/radix-operator/pkg/apis/ingress"
@@ -88,6 +89,6 @@ func ApplyDeploymentWithSync(client kubernetes.Interface, radixclient radixclien
 
 	kubeUtils, _ := kube.New(client, radixclient, secretproviderclient)
 	rd, _ := commonTestUtils.ApplyDeployment(deploymentBuilder)
-	deploymentSyncer := deployment.NewDeploymentSyncer(client, kubeUtils, radixclient, prometheusClient, registrationBuilder.BuildRR(), rd, "123456", 443, 10, []ingress.AnnotationProvider{}, []deployment.AuxiliaryResourceManager{})
+	deploymentSyncer := deployment.NewDeploymentSyncer(client, kubeUtils, radixclient, prometheusClient, registrationBuilder.BuildRR(), rd, []ingress.AnnotationProvider{}, []deployment.AuxiliaryResourceManager{}, &config.Config{})
 	return deploymentSyncer.OnSync()
 }