diff --git a/controllers/cloud.redhat.com/providers/kafka/appinterface.go b/controllers/cloud.redhat.com/providers/kafka/appinterface.go index eedae1f3b..0a43c2fac 100644 --- a/controllers/cloud.redhat.com/providers/kafka/appinterface.go +++ b/controllers/cloud.redhat.com/providers/kafka/appinterface.go @@ -51,6 +51,15 @@ func (a *appInterface) setKafkaCA(broker *config.BrokerConfig) error { return err } + _, err := a.HashCache.CreateOrUpdateObject(&kafkaCASecret, true) + if err != nil { + return err + } + + if err = a.HashCache.AddClowdObjectToObject(a.Env, &kafkaCASecret); err != nil { + return err + } + broker.Cacert = utils.StringPtr(string(kafkaCASecret.Data["ca.crt"])) broker.Port = utils.IntPtr(9093) broker.SecurityProtocol = utils.StringPtr("SSL") diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml new file mode 100644 index 000000000..37b135fe9 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + finalizers: + - kubernetes diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml new file mode 100644 index 000000000..334bdf558 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJlbmRwb2ludHMiOlt7ImFwaVBhdGgiOiIvYXBpL3B1cHRvby1wcm9jZXNzb3IvIiwiYXBpUGF0aHMiOlsiL2FwaS9wdXB0b28tcHJvY2Vzc29yLyJdLCJhcHAiOiJwdXB0b28iLCJob3N0bmFtZSI6InB1cHRvby1wcm9jZXNzb3IudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwibmFtZSI6InByb2Nlc3NvciIsInBvcnQiOjgwMDAsInRsc1BvcnQiOjB9XSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NWJhNmQ0MDdlNjFlNmQzMTgzNjY3NDc0Y2U5ZjNmMzY5YTI3NzUzODEwZjM4NmJhNDhhOWQyNGM4OTI4NmU0NGEiLCJrYWZrYSI6eyJicm9rZXJzIjpbeyJjYWNlcnQiOiJjYWNlcnQiLCJob3N0bmFtZSI6InRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhLWthZmthLWJvb3RzdHJhcC50ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS5zdmMiLCJwb3J0Ijo5MDkzLCJzZWN1cml0eVByb3RvY29sIjoiU1NMIn1dLCJ0b3BpY3MiOlt7Im5hbWUiOiJib2IiLCJyZXF1ZXN0ZWROYW1lIjoiYm9iIn1dfSwibG9nZ2luZyI6eyJjbG91ZHdhdGNoIjp7ImFjY2Vzc0tleUlkIjoiIiwibG9nR3JvdXAiOiIiLCJyZWdpb24iOiIiLCJzZWNyZXRBY2Nlc3NLZXkiOiIifSwidHlwZSI6Im51bGwifSwibWV0YWRhdGEiOnsiZGVwbG95bWVudHMiOlt7ImltYWdlIjoicXVheS5pby9wc2F2L2Nsb3dkZXItaGVsbG8iLCJuYW1lIjoicHJvY2Vzc29yIn1dLCJlbnZOYW1lIjoidGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2EiLCJuYW1lIjoicHVwdG9vIn0sIm1ldHJpY3NQYXRoIjoiL21ldHJpY3MiLCJtZXRyaWNzUG9ydCI6OTAwMCwicHJpdmF0ZUVuZHBvaW50cyI6W3siYXBwIjoicHVwdG9vIiwiaG9zdG5hbWUiOiJwdXB0b28tcHJvY2Vzc29yLnRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhLnN2YyIsIm5hbWUiOiJwcm9jZXNzb3IiLCJwb3J0IjoxMDAwMCwidGxzUG9ydCI6MH1dLCJwcml2YXRlUG9ydCI6MTAwMDAsInB1YmxpY1BvcnQiOjgwMDAsIndlYlBvcnQiOjgwMDB9 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ENV_VAR_2 + value: "env_var_2" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + initContainers: + - env: + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + - name: ENV_VAR_1 + value: "override_1" + - name: ENV_VAR_3 + value: "env_var_3" +--- +apiVersion: v1 +kind: Service +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + pod: puptoo-processor + ports: + - port: 8000 + targetPort: 8000 + name: public + appProtocol: http + - port: 10000 + targetPort: 10000 + name: private + appProtocol: http + - port: 9000 + targetPort: 9000 + name: metrics + appProtocol: http +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +status: + apps: + - name: puptoo + deployments: + - hostname: puptoo-processor.test-clowdapp-watcher-kafka-app-interface-ca.svc + name: puptoo-processor + port: 8000 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-kafka-app-interface-ca diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml new file mode 100644 index 000000000..a59e3ab43 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + targetNamespace: test-clowdapp-watcher-kafka-app-interface-ca + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + forceTLS: true + mode: app-interface + cluster: + name: test-clowdapp-watcher-kafka-app-interface-ca + namespace: test-clowdapp-watcher-kafka-app-interface-ca + forceTLS: true + connect: + namespace: test-clowdapp-watcher-kafka-app-interface-ca + name: test-clowdapp-watcher-kafka-app-interface-ca + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + envName: test-clowdapp-watcher-kafka-app-interface-ca + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + - name: ENV_VAR_2 + value: env_var_2 + initContainers: + - env: + - name: ENV_VAR_1 + value: override_1 + - name: ENV_VAR_3 + value: env_var_3 + webServices: + public: + enabled: true + private: + enabled: true + kafkaTopics: + - topicName: bob +--- +apiVersion: v1 +kind: Service +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-kafka-bootstrap + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + app: myapp + ports: + - port: 9003 + targetPort: 9003 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: bob + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + config: {} + partitions: 3 + replicas: 1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-cluster-ca-cert + namespace: test-clowdapp-watcher-kafka-app-interface-ca +type: Opaque +stringData: + ca.crt: cacert diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml new file mode 100644 index 000000000..f8406db3a --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-app-interface-ca puptoo -o json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-app-interface-ca | base64 -d > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json + +- script: jq -r '.kafka.brokers[0].cacert == "cacert"' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml new file mode 100644 index 000000000..47973d28b --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJlbmRwb2ludHMiOlt7ImFwaVBhdGgiOiIvYXBpL3B1cHRvby1wcm9jZXNzb3IvIiwiYXBpUGF0aHMiOlsiL2FwaS9wdXB0b28tcHJvY2Vzc29yLyJdLCJhcHAiOiJwdXB0b28iLCJob3N0bmFtZSI6InB1cHRvby1wcm9jZXNzb3IudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwibmFtZSI6InByb2Nlc3NvciIsInBvcnQiOjgwMDAsInRsc1BvcnQiOjB9XSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NTIzNzMxNTZkYzU2OWUxMDVkNmZkY2MzZDZkMThjZTI1NzU5ODI1ZGM3M2E5ZWVmZTU1NGIyYmI4OTkyNTNlYmEiLCJrYWZrYSI6eyJicm9rZXJzIjpbeyJjYWNlcnQiOiJuZXctY2FjZXJ0IiwiaG9zdG5hbWUiOiJ0ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS1rYWZrYS1ib290c3RyYXAudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwicG9ydCI6OTA5Mywic2VjdXJpdHlQcm90b2NvbCI6IlNTTCJ9XSwidG9waWNzIjpbeyJuYW1lIjoiYm9iIiwicmVxdWVzdGVkTmFtZSI6ImJvYiJ9XX0sImxvZ2dpbmciOnsiY2xvdWR3YXRjaCI6eyJhY2Nlc3NLZXlJZCI6IiIsImxvZ0dyb3VwIjoiIiwicmVnaW9uIjoiIiwic2VjcmV0QWNjZXNzS2V5IjoiIn0sInR5cGUiOiJudWxsIn0sIm1ldGFkYXRhIjp7ImRlcGxveW1lbnRzIjpbeyJpbWFnZSI6InF1YXkuaW8vcHNhdi9jbG93ZGVyLWhlbGxvIiwibmFtZSI6InByb2Nlc3NvciJ9XSwiZW52TmFtZSI6InRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhIiwibmFtZSI6InB1cHRvbyJ9LCJtZXRyaWNzUGF0aCI6Ii9tZXRyaWNzIiwibWV0cmljc1BvcnQiOjkwMDAsInByaXZhdGVFbmRwb2ludHMiOlt7ImFwcCI6InB1cHRvbyIsImhvc3RuYW1lIjoicHVwdG9vLXByb2Nlc3Nvci50ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS5zdmMiLCJuYW1lIjoicHJvY2Vzc29yIiwicG9ydCI6MTAwMDAsInRsc1BvcnQiOjB9XSwicHJpdmF0ZVBvcnQiOjEwMDAwLCJwdWJsaWNQb3J0Ijo4MDAwLCJ3ZWJQb3J0Ijo4MDAwfQ== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ENV_VAR_2 + value: "env_var_2" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + initContainers: + - env: + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + - name: ENV_VAR_1 + value: "override_1" + - name: ENV_VAR_3 + value: "env_var_3" +--- +apiVersion: v1 +kind: Service +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + pod: puptoo-processor + ports: + - port: 8000 + targetPort: 8000 + name: public + appProtocol: http + - port: 10000 + targetPort: 10000 + name: private + appProtocol: http + - port: 9000 + targetPort: 9000 + name: metrics + appProtocol: http +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +status: + apps: + - name: puptoo + deployments: + - hostname: puptoo-processor.test-clowdapp-watcher-kafka-app-interface-ca.svc + name: puptoo-processor + port: 8000 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-kafka-app-interface-ca diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml new file mode 100644 index 000000000..5a557fc95 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + targetNamespace: test-clowdapp-watcher-kafka-app-interface-ca + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + forceTLS: true + mode: app-interface + cluster: + name: test-clowdapp-watcher-kafka-app-interface-ca + namespace: test-clowdapp-watcher-kafka-app-interface-ca + forceTLS: true + connect: + namespace: test-clowdapp-watcher-kafka-app-interface-ca + name: test-clowdapp-watcher-kafka-app-interface-ca + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + envName: test-clowdapp-watcher-kafka-app-interface-ca + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + - name: ENV_VAR_2 + value: env_var_2 + initContainers: + - env: + - name: ENV_VAR_1 + value: override_1 + - name: ENV_VAR_3 + value: env_var_3 + webServices: + public: + enabled: true + private: + enabled: true + kafkaTopics: + - topicName: bob +--- +apiVersion: v1 +kind: Service +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-kafka-bootstrap + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + app: myapp + ports: + - port: 9003 + targetPort: 9003 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: bob + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + config: {} + partitions: 3 + replicas: 1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-cluster-ca-cert + namespace: test-clowdapp-watcher-kafka-app-interface-ca +type: Opaque +stringData: + ca.crt: new-cacert diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml new file mode 100644 index 000000000..13f427564 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-app-interface-ca puptoo -o json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-app-interface-ca | base64 -d > /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json + +- script: jq -r '.kafka.brokers[0].cacert == "new-cacert"' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json + +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache2 + +- script: diff /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache2 > /dev/null || exit 0 && exit 1 diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml new file mode 100644 index 000000000..1035a22fc --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-kafka-app-interface-ca +- apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdEnvironment + name: test-clowdapp-watcher-kafka-app-interface-ca