Add tests about desired volumes and volumeMounts

tsuru · May 14, 2024 · 0971ae8 · 0971ae8
1 parent 6251938
commit 0971ae8
Show file tree

Hide file tree

Showing 5 changed files with 310 additions and 14 deletions.
diff --git a/controllers/controller.go b/controllers/controller.go
@@ -244,7 +244,7 @@ func (r *RpaasInstanceReconciler) reconcileTLSSessionResumption(ctx context.Cont
 }
 
 func (r *RpaasInstanceReconciler) reconcileSecretForSessionTickets(ctx context.Context, instance *v1alpha1.RpaasInstance) (hasChanged bool, err error) {
-	enabled := isTLSSessionTicketEnabled(instance)
+	enabled := isTLSSessionTicketEnabled(&instance.Spec)
 
 	newSecret, err := newSecretForTLSSessionTickets(instance)
 	if err != nil {
@@ -297,7 +297,7 @@ func (r *RpaasInstanceReconciler) reconcileSecretForSessionTickets(ctx context.C
 }
 
 func (r *RpaasInstanceReconciler) reconcileCronJobForSessionTickets(ctx context.Context, instance *v1alpha1.RpaasInstance) (hasChanged bool, err error) {
-	enabled := isTLSSessionTicketEnabled(instance)
+	enabled := isTLSSessionTicketEnabled(&instance.Spec)
 
 	newCronJob := newCronJobForSessionTickets(instance)
 
@@ -344,7 +344,7 @@ func (r *RpaasInstanceReconciler) reconcileCronJobForSessionTickets(ctx context.
 }
 
 func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.CronJob {
-	enabled := isTLSSessionTicketEnabled(instance)
+	enabled := isTLSSessionTicketEnabled(&instance.Spec)
 
 	keyLength := v1alpha1.DefaultSessionTicketKeyLength
 	if enabled && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
@@ -409,7 +409,7 @@ func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.Cron
 									Env: []corev1.EnvVar{
 										{
 											Name:  "SECRET_NAME",
-											Value: secretNameForTLSSessionTickets(instance),
+											Value: secretNameForTLSSessionTickets(instance.Name),
 										},
 										{
 											Name:  "SECRET_NAMESPACE",
@@ -464,7 +464,7 @@ func newCronJobForSessionTickets(instance *v1alpha1.RpaasInstance) *batchv1.Cron
 
 func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Secret, error) {
 	keyLength := v1alpha1.DefaultSessionTicketKeyLength
-	if isTLSSessionTicketEnabled(instance) && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
+	if isTLSSessionTicketEnabled(&instance.Spec) && instance.Spec.TLSSessionResumption.SessionTicket.KeyLength != 0 {
 		keyLength = instance.Spec.TLSSessionResumption.SessionTicket.KeyLength
 	}
 
@@ -484,7 +484,7 @@ func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Se
 			Kind:       "Secret",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      secretNameForTLSSessionTickets(instance),
+			Name:      secretNameForTLSSessionTickets(instance.Name),
 			Namespace: instance.Namespace,
 			Labels:    instance.GetBaseLabels(nil),
 			OwnerReferences: []metav1.OwnerReference{
@@ -499,20 +499,20 @@ func newSecretForTLSSessionTickets(instance *v1alpha1.RpaasInstance) (*corev1.Se
 	}, nil
 }
 
-func isTLSSessionTicketEnabled(instance *v1alpha1.RpaasInstance) bool {
-	return instance.Spec.TLSSessionResumption != nil && instance.Spec.TLSSessionResumption.SessionTicket != nil
+func isTLSSessionTicketEnabled(spec *v1alpha1.RpaasInstanceSpec) bool {
+	return spec.TLSSessionResumption != nil && spec.TLSSessionResumption.SessionTicket != nil
 }
 
 func tlsSessionTicketKeys(instance *v1alpha1.RpaasInstance) int {
 	var nkeys int
-	if isTLSSessionTicketEnabled(instance) {
+	if isTLSSessionTicketEnabled(&instance.Spec) {
 		nkeys = int(instance.Spec.TLSSessionResumption.SessionTicket.KeepLastKeys)
 	}
 	return nkeys + 1
 }
 
-func secretNameForTLSSessionTickets(instance *v1alpha1.RpaasInstance) string {
-	return fmt.Sprintf("%s%s", instance.Name, sessionTicketsSecretSuffix)
+func secretNameForTLSSessionTickets(instanceName string) string {
+	return fmt.Sprintf("%s%s", instanceName, sessionTicketsSecretSuffix)
 }
 
 func generateSessionTicket(keyLength v1alpha1.SessionTicketKeyLength) ([]byte, error) {
@@ -1168,12 +1168,12 @@ func newNginx(instanceMergedWithFlavors *v1alpha1.RpaasInstance, plan *v1alpha1.
 		})
 	}
 
-	if isTLSSessionTicketEnabled(instanceMergedWithFlavors) {
+	if isTLSSessionTicketEnabled(&instanceMergedWithFlavors.Spec) {
 		n.Spec.PodTemplate.Volumes = append(n.Spec.PodTemplate.Volumes, corev1.Volume{
 			Name: sessionTicketsVolumeName,
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
-					SecretName: secretNameForTLSSessionTickets(instanceMergedWithFlavors),
+					SecretName: secretNameForTLSSessionTickets(instanceMergedWithFlavors.Name),
 				},
 			},
 		})

diff --git a/controllers/validation_controller.go b/controllers/validation_controller.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 
 	"github.com/go-logr/logr"
 	"github.com/tsuru/rpaas-operator/api/v1alpha1"
@@ -14,6 +15,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
@@ -406,6 +408,7 @@ func newValidationPod(validationMergedWithFlavors *v1alpha1.RpaasValidation, val
 			VolumeSource: corev1.VolumeSource{
 				ConfigMap: &corev1.ConfigMapVolumeSource{
 					LocalObjectReference: f.ConfigMap.LocalObjectReference,
+					Optional:             pointer.Bool(false),
 				},
 			},
 		})
@@ -457,6 +460,44 @@ func newValidationPod(validationMergedWithFlavors *v1alpha1.RpaasValidation, val
 		})
 	}
 
+	for index, t := range validationMergedWithFlavors.Spec.TLS {
+		volumeName := fmt.Sprintf("nginx-certs-%d", index)
+
+		n.Spec.Volumes = append(n.Spec.Volumes, corev1.Volume{
+			Name: volumeName,
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: t.SecretName,
+					Optional:   ptr.To(false),
+				},
+			},
+		})
+
+		n.Spec.Containers[0].VolumeMounts = append(n.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
+			Name:      volumeName,
+			MountPath: filepath.Join(configMountPath, "certs", t.SecretName),
+			ReadOnly:  true,
+		})
+	}
+
+	if isTLSSessionTicketEnabled(&validationMergedWithFlavors.Spec) {
+		n.Spec.Volumes = append(n.Spec.Volumes, corev1.Volume{
+			Name: sessionTicketsVolumeName,
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: secretNameForTLSSessionTickets(validationMergedWithFlavors.Name),
+					Optional:   ptr.To(false),
+				},
+			},
+		})
+
+		n.Spec.Containers[0].VolumeMounts = append(n.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
+			Name:      sessionTicketsVolumeName,
+			MountPath: sessionTicketsVolumeMountPath,
+			ReadOnly:  true,
+		})
+	}
+
 	return n
 }