From fe51714d3075fb65f3aae94c4438042050c9a85b Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Wed, 15 Jan 2025 18:31:54 +0100 Subject: [PATCH 1/7] feat: update Clowder to reconcile on changes to non-app secrets/configmaps * Add hashCache to the ClowdEnvironmentReconciliation * Remove all Secrets/ConfigMaps from Environment at start of reconciliation cycle * Embue HashObject with the always flag * Change updateHashCacheForConfigMapAndSecret to try to read in the sec/config and return true if always set * Make managed_kafka add the secret to the cache at the start of reconciliation * Update HashCache tests * Add kuttl tests for managed kafka secrets cc: @psav --- .../clowdenvironment_controller.go | 1 + .../clowdenvironment_reconciliation.go | 4 ++ controllers/cloud.redhat.com/handlers.go | 10 ++- .../cloud.redhat.com/hashcache/hashcache.go | 19 ++--- .../hashcache/hashcache_test.go | 16 ++--- .../providers/kafka/managed.go | 9 +++ .../00-install.yaml | 8 +++ .../01-assert.yaml | 50 +++++++++++++ .../01-pods.yaml | 71 +++++++++++++++++++ .../02-json-asserts.yaml | 9 +++ .../03-assert.yaml | 15 ++++ .../03-pods.yaml | 13 ++++ .../04-json-asserts.yaml | 9 +++ .../05-delete.yaml | 10 +++ 14 files changed, 227 insertions(+), 17 deletions(-) create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/00-install.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/05-delete.yaml diff --git a/controllers/cloud.redhat.com/clowdenvironment_controller.go b/controllers/cloud.redhat.com/clowdenvironment_controller.go index 38dd1744b..d47098a54 100644 --- a/controllers/cloud.redhat.com/clowdenvironment_controller.go +++ b/controllers/cloud.redhat.com/clowdenvironment_controller.go @@ -165,6 +165,7 @@ func (r *ClowdEnvironmentReconciler) Reconcile(ctx context.Context, req ctrl.Req env: &env, log: &log, oldStatus: env.Status.DeepCopy(), + hashCache: r.HashCache, } result, resErr := reconciliation.Reconcile() diff --git a/controllers/cloud.redhat.com/clowdenvironment_reconciliation.go b/controllers/cloud.redhat.com/clowdenvironment_reconciliation.go index 3b215aabb..916f03928 100644 --- a/controllers/cloud.redhat.com/clowdenvironment_reconciliation.go +++ b/controllers/cloud.redhat.com/clowdenvironment_reconciliation.go @@ -7,6 +7,7 @@ import ( crd "github.com/RedHatInsights/clowder/apis/cloud.redhat.com/v1alpha1" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/clowderconfig" + "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/hashcache" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers" rc "github.com/RedHatInsights/rhc-osdk-utils/resourceCache" "github.com/go-logr/logr" @@ -57,6 +58,7 @@ type ClowdEnvironmentReconciliation struct { env *crd.ClowdEnvironment log *logr.Logger oldStatus *crd.ClowdEnvironmentStatus + hashCache *hashcache.HashCache } // Returns a list of step methods that should be run during reconciliation @@ -285,6 +287,8 @@ func (r *ClowdEnvironmentReconciliation) isTargetNamespaceMarkedForDeletion() (c } func (r *ClowdEnvironmentReconciliation) runProviders() (ctrl.Result, error) { + r.hashCache.RemoveClowdObjectFromObjects(r.env) + provider := providers.Provider{ Ctx: r.ctx, Client: r.client, diff --git a/controllers/cloud.redhat.com/handlers.go b/controllers/cloud.redhat.com/handlers.go index 0e9ba89c8..cc73d6182 100644 --- a/controllers/cloud.redhat.com/handlers.go +++ b/controllers/cloud.redhat.com/handlers.go @@ -106,7 +106,15 @@ func (e *enqueueRequestForObjectCustom) updateHashCacheForConfigMapAndSecret(obj switch obj.(type) { case *core.ConfigMap, *core.Secret: if obj.GetAnnotations()[clowderconfig.LoadedConfig.Settings.RestarterAnnotationName] == "true" { - return e.hashCache.CreateOrUpdateObject(obj) + return e.hashCache.CreateOrUpdateObject(obj, false) + } else { + hcOjb, err := e.hashCache.Read(obj) + if err != nil { + return false, err + } + if hcOjb.Always { + return e.hashCache.CreateOrUpdateObject(obj, false) + } } } return false, nil diff --git a/controllers/cloud.redhat.com/hashcache/hashcache.go b/controllers/cloud.redhat.com/hashcache/hashcache.go index 3d152042a..316feba69 100644 --- a/controllers/cloud.redhat.com/hashcache/hashcache.go +++ b/controllers/cloud.redhat.com/hashcache/hashcache.go @@ -32,6 +32,7 @@ type HashObject struct { Hash string ClowdApps map[types.NamespacedName]bool ClowdEnvs map[types.NamespacedName]bool + Always bool // Secret/ConfigMap should be always updated } type HashCache struct { @@ -46,11 +47,12 @@ func NewHashCache() HashCache { } } -func NewHashObject(hash string) HashObject { +func NewHashObject(hash string, always bool) HashObject { return HashObject{ Hash: hash, ClowdApps: map[types.NamespacedName]bool{}, ClowdEnvs: map[types.NamespacedName]bool{}, + Always: always, } } @@ -101,7 +103,9 @@ func (hc *HashCache) RemoveClowdObjectFromObjects(obj client.Object) { } } -func (hc *HashCache) CreateOrUpdateObject(obj client.Object) (bool, error) { +// CreatesOrUpdates HashObject and adding attribute alwaysUpdate. +// This function returns a boolean indicating whether the hashCache should be updated. +func (hc *HashCache) CreateOrUpdateObject(obj client.Object, alwaysUpdate bool) (bool, error) { hc.lock.Lock() defer hc.lock.Unlock() @@ -129,7 +133,7 @@ func (hc *HashCache) CreateOrUpdateObject(obj client.Object) (bool, error) { hashObject, ok := hc.data[id] if !ok { - hashObj := NewHashObject(hash) + hashObj := NewHashObject(hash, alwaysUpdate) hc.data[id] = &hashObj return true, nil } @@ -177,11 +181,6 @@ func (hc *HashCache) GetSuperHashForClowdObject(clowdObj object.ClowdObject) str } func (hc *HashCache) AddClowdObjectToObject(clowdObj object.ClowdObject, obj client.Object) error { - - if obj.GetAnnotations()[clowderconfig.LoadedConfig.Settings.RestarterAnnotationName] != "true" { - return nil - } - var oType string switch obj.(type) { @@ -198,6 +197,10 @@ func (hc *HashCache) AddClowdObjectToObject(clowdObj object.ClowdObject, obj cli if !ok { return ItemNotFoundError{item: fmt.Sprintf("%s/%s", id.NN.Name, id.NN.Namespace)} } + if obj.GetAnnotations()[clowderconfig.LoadedConfig.Settings.RestarterAnnotationName] != "true" && !hc.data[id].Always { + return nil + } + hc.lock.Lock() defer hc.lock.Unlock() diff --git a/controllers/cloud.redhat.com/hashcache/hashcache_test.go b/controllers/cloud.redhat.com/hashcache/hashcache_test.go index 118e122df..d63d464ad 100644 --- a/controllers/cloud.redhat.com/hashcache/hashcache_test.go +++ b/controllers/cloud.redhat.com/hashcache/hashcache_test.go @@ -21,7 +21,7 @@ func TestHashCacheAddItemAndRetrieve(t *testing.T) { } hc := NewHashCache() - update, err := hc.CreateOrUpdateObject(sec) + update, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) assert.True(t, update) obj, err := hc.Read(sec) @@ -39,7 +39,7 @@ func TestHashCacheDeleteItem(t *testing.T) { } hc := NewHashCache() - shouldUpdate, err := hc.CreateOrUpdateObject(sec) + shouldUpdate, err := hc.CreateOrUpdateObject(sec, false) assert.True(t, shouldUpdate) assert.NoError(t, err) obj, err := hc.Read(sec) @@ -63,7 +63,7 @@ func TestHashCacheUpdateItem(t *testing.T) { } hc := NewHashCache() - _, err := hc.CreateOrUpdateObject(sec) + _, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) obj, err := hc.Read(sec) @@ -75,7 +75,7 @@ func TestHashCacheUpdateItem(t *testing.T) { "test2": []byte("test2"), } - update, err := hc.CreateOrUpdateObject(sec) + update, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) assert.True(t, update) obj, err = hc.Read(sec) @@ -120,7 +120,7 @@ func TestHashCacheAddClowdObj(t *testing.T) { } hc := NewHashCache() - _, err := hc.CreateOrUpdateObject(sec) + _, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) err = hc.AddClowdObjectToObject(capp, sec) @@ -152,7 +152,7 @@ func TestHashCacheDeleteClowdObj(t *testing.T) { } hc := NewHashCache() - _, err := hc.CreateOrUpdateObject(sec) + _, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) err = hc.AddClowdObjectToObject(capp, sec) @@ -196,7 +196,7 @@ func TestHashCacheSuperCache(t *testing.T) { } hc := NewHashCache() - _, err := hc.CreateOrUpdateObject(sec) + _, err := hc.CreateOrUpdateObject(sec, false) assert.NoError(t, err) err = hc.AddClowdObjectToObject(capp, sec) assert.NoError(t, err) @@ -204,7 +204,7 @@ func TestHashCacheSuperCache(t *testing.T) { assert.NoError(t, err) assert.Contains(t, obj.ClowdApps, clowdObjNamespaceName) - _, err = hc.CreateOrUpdateObject(sec2) + _, err = hc.CreateOrUpdateObject(sec2, false) assert.NoError(t, err) err = hc.AddClowdObjectToObject(capp, sec2) assert.NoError(t, err) diff --git a/controllers/cloud.redhat.com/providers/kafka/managed.go b/controllers/cloud.redhat.com/providers/kafka/managed.go index 01c57156a..fba21b261 100644 --- a/controllers/cloud.redhat.com/providers/kafka/managed.go +++ b/controllers/cloud.redhat.com/providers/kafka/managed.go @@ -154,6 +154,15 @@ func (k *managedKafkaProvider) getSecret() (*core.Secret, error) { return nil, err } + _, err = k.HashCache.CreateOrUpdateObject(secret, true) + if err != nil { + return nil, err + } + + if err = k.HashCache.AddClowdObjectToObject(k.Env, secret); err != nil { + return nil, err + } + return secret, nil } diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/00-install.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/00-install.yaml new file mode 100644 index 000000000..27f977baa --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/00-install.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-managed-secret +spec: + finalizers: + - kubernetes diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-assert.yaml new file mode 100644 index 000000000..013ecaf4d --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-assert.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-managed-secret + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJoYXNoQ2FjaGUiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1OTRiNzlkNjczZjdlZTI1MjNmMzI2YjdjMTBmYTQyYTU2Y2EyNWY2YzEwM2NmZWM1NGRlY2MxODYxNDRlYzE3ZSIsImthZmthIjp7ImJyb2tlcnMiOlt7ImF1dGh0eXBlIjoic2FzbCIsImNhY2VydCI6InNvbWUtcGVtIiwiaG9zdG5hbWUiOiJrYWZrYS1ob3N0LW5hbWUiLCJwb3J0IjoyNzAxNSwic2FzbCI6eyJwYXNzd29yZCI6ImthZmthLXBhc3N3b3JkIiwic2FzbE1lY2hhbmlzbSI6IlBMQUlOIiwic2VjdXJpdHlQcm90b2NvbCI6IlNBU0xfU1NMIiwidXNlcm5hbWUiOiJrYWZrYS11c2VybmFtZSJ9LCJzZWN1cml0eVByb3RvY29sIjoiU0FTTF9TU0wifV0sInRvcGljcyI6W3sibmFtZSI6InRvcGljT25lIiwicmVxdWVzdGVkTmFtZSI6InRvcGljT25lIn0seyJuYW1lIjoidG9waWNUd28iLCJyZXF1ZXN0ZWROYW1lIjoidG9waWNUd28ifV19LCJsb2dnaW5nIjp7ImNsb3Vkd2F0Y2giOnsiYWNjZXNzS2V5SWQiOiIiLCJsb2dHcm91cCI6IiIsInJlZ2lvbiI6IiIsInNlY3JldEFjY2Vzc0tleSI6IiJ9LCJ0eXBlIjoibnVsbCJ9LCJtZXRhZGF0YSI6eyJkZXBsb3ltZW50cyI6W3siaW1hZ2UiOiJxdWF5LmlvL3BzYXYvY2xvd2Rlci1oZWxsbyIsIm5hbWUiOiJwcm9jZXNzb3IifV0sImVudk5hbWUiOiJ0ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtbWFuYWdlZC1zZWNyZXQiLCJuYW1lIjoicHVwdG9vIn0sIm1ldHJpY3NQYXRoIjoiL21ldHJpY3MiLCJtZXRyaWNzUG9ydCI6OTAwMCwicHJpdmF0ZVBvcnQiOjEwMDAwLCJwdWJsaWNQb3J0Ijo4MDAwLCJ3ZWJQb3J0Ijo4MDAwfQ== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-managed-secret +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-managed-secret +status: + apps: + - name: puptoo + deployments: + - name: puptoo-processor +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-managed-secret + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-kafka-managed-secret diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-pods.yaml new file mode 100644 index 000000000..b9675d682 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/01-pods.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: v1 +data: + hostname: a2Fma2EtaG9zdC1uYW1l # kafka-host-name + port: MjcwMTU= # 27015 + username: a2Fma2EtdXNlcm5hbWU= # kafka-username + password: a2Fma2EtcGFzc3dvcmQ= # kafka-password + cacert: c29tZS1wZW0= +kind: Secret +metadata: + name: managed-secret + namespace: test-clowdapp-watcher-kafka-managed-secret +type: Opaque +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-managed-secret +spec: + targetNamespace: test-clowdapp-watcher-kafka-managed-secret + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + mode: managed + managedSecretRef: + name: managed-secret + namespace: test-clowdapp-watcher-kafka-managed-secret + managedPrefix: "" + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-managed-secret +spec: + envName: test-clowdapp-watcher-kafka-managed-secret + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + kafkaTopics: + - replicas: 3 + partitions: 64 + topicName: topicOne + - replicas: 5 + partitions: 32 + topicName: topicTwo diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml new file mode 100644 index 000000000..933fa1923 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-managed-secret puptoo -o json > /tmp/test-clowdapp-watcher-kafka-managed-secret +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-managed-secret | base64 -d > /tmp/test-clowdapp-watcher-kafka-managed-secret-json + + +- script: jq -r '.kafka.brokers[0].sasl.password == "kafka-password"' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret-json diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-assert.yaml new file mode 100644 index 000000000..bb977200a --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-assert.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-managed-secret + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJoYXNoQ2FjaGUiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1ZTNlZTVkZTI0MDM4MTFhODI5MzQxMjk0NGZkYzExN2MwMGFlMDk3ZjcxNzZlYjZmZWExNWM0YTgxZjAzYWE0NCIsImthZmthIjp7ImJyb2tlcnMiOlt7ImF1dGh0eXBlIjoic2FzbCIsImNhY2VydCI6InNvbWUtcGVtIiwiaG9zdG5hbWUiOiJrYWZrYS1ob3N0LW5hbWUiLCJwb3J0IjoyNzAxNSwic2FzbCI6eyJwYXNzd29yZCI6ImthZmthLW5ldy1wYXNzd29yZCIsInNhc2xNZWNoYW5pc20iOiJQTEFJTiIsInNlY3VyaXR5UHJvdG9jb2wiOiJTQVNMX1NTTCIsInVzZXJuYW1lIjoia2Fma2EtdXNlcm5hbWUifSwic2VjdXJpdHlQcm90b2NvbCI6IlNBU0xfU1NMIn1dLCJ0b3BpY3MiOlt7Im5hbWUiOiJ0b3BpY09uZSIsInJlcXVlc3RlZE5hbWUiOiJ0b3BpY09uZSJ9LHsibmFtZSI6InRvcGljVHdvIiwicmVxdWVzdGVkTmFtZSI6InRvcGljVHdvIn1dfSwibG9nZ2luZyI6eyJjbG91ZHdhdGNoIjp7ImFjY2Vzc0tleUlkIjoiIiwibG9nR3JvdXAiOiIiLCJyZWdpb24iOiIiLCJzZWNyZXRBY2Nlc3NLZXkiOiIifSwidHlwZSI6Im51bGwifSwibWV0YWRhdGEiOnsiZGVwbG95bWVudHMiOlt7ImltYWdlIjoicXVheS5pby9wc2F2L2Nsb3dkZXItaGVsbG8iLCJuYW1lIjoicHJvY2Vzc29yIn1dLCJlbnZOYW1lIjoidGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLW1hbmFnZWQtc2VjcmV0IiwibmFtZSI6InB1cHRvbyJ9LCJtZXRyaWNzUGF0aCI6Ii9tZXRyaWNzIiwibWV0cmljc1BvcnQiOjkwMDAsInByaXZhdGVQb3J0IjoxMDAwMCwicHVibGljUG9ydCI6ODAwMCwid2ViUG9ydCI6ODAwMH0= diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-pods.yaml new file mode 100644 index 000000000..b2e538959 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/03-pods.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +data: + hostname: a2Fma2EtaG9zdC1uYW1l # kafka-host-name + port: MjcwMTU= # 27015 + username: a2Fma2EtdXNlcm5hbWU= # kafka-username + password: a2Fma2EtbmV3LXBhc3N3b3Jk # kafka-new-password + cacert: c29tZS1wZW0= +kind: Secret +metadata: + name: managed-secret + namespace: test-clowdapp-watcher-kafka-managed-secret +type: Opaque diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml new file mode 100644 index 000000000..65e215cd7 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: sleep 5 +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-managed-secret puptoo -o json > /tmp/test-clowdapp-watcher-kafka-managed-secret2 +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-managed-secret2 | base64 -d > /tmp/test-clowdapp-watcher-kafka-managed-secret2-json + +- script: jq -r '.kafka.brokers[0].sasl.password == "kafka-new-password"' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret2-json diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/05-delete.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/05-delete.yaml new file mode 100644 index 000000000..25b9ad54d --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/05-delete.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-kafka-managed-secret +- apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdEnvironment + name: test-clowdapp-watcher-kafka-managed-secret From 83590a141602fb9ee4bef0e25d1bbda461b82974 Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Thu, 16 Jan 2025 12:04:08 +0100 Subject: [PATCH 2/7] fix: update HashCache with CreateOrUpdateObject calls before calling AddClowdObjectToObject --- .../providers/confighash/config.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/controllers/cloud.redhat.com/providers/confighash/config.go b/controllers/cloud.redhat.com/providers/confighash/config.go index d7769c8fc..481d0e9d3 100644 --- a/controllers/cloud.redhat.com/providers/confighash/config.go +++ b/controllers/cloud.redhat.com/providers/confighash/config.go @@ -36,6 +36,11 @@ func (ch *confighashProvider) envConfigMap(app *crd.ClowdApp, env core.EnvVar) e } return fmt.Errorf("could not get env configmap: %w", err) } + _, err := ch.HashCache.CreateOrUpdateObject(cf, false) + if err != nil { + return nil + } + return ch.HashCache.AddClowdObjectToObject(app, cf) } @@ -60,6 +65,10 @@ func (ch *confighashProvider) envSecret(app *crd.ClowdApp, env core.EnvVar) erro } return fmt.Errorf("could not get env secret: %w", err) } + _, err := ch.HashCache.CreateOrUpdateObject(sec, false) + if err != nil { + return nil + } return ch.HashCache.AddClowdObjectToObject(app, sec) } @@ -81,6 +90,10 @@ func (ch *confighashProvider) volConfigMap(app *crd.ClowdApp, volume core.Volume } return fmt.Errorf("could not get vol configmap: %w", err) } + _, err := ch.HashCache.CreateOrUpdateObject(cf, false) + if err != nil { + return nil + } return ch.HashCache.AddClowdObjectToObject(app, cf) } @@ -102,6 +115,10 @@ func (ch *confighashProvider) volSecret(app *crd.ClowdApp, volume core.Volume) e } return fmt.Errorf("could not get vol secret: %w", err) } + _, err := ch.HashCache.CreateOrUpdateObject(sec, false) + if err != nil { + return nil + } return ch.HashCache.AddClowdObjectToObject(app, sec) } From 5867e53bfba91542850cff31c2bb088716c4c42c Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Thu, 16 Jan 2025 14:25:46 +0100 Subject: [PATCH 3/7] removing sleep from kuttl test --- .../02-json-asserts.yaml | 1 - .../04-json-asserts.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml index 933fa1923..58cb946ac 100644 --- a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/02-json-asserts.yaml @@ -5,5 +5,4 @@ commands: - script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-managed-secret puptoo -o json > /tmp/test-clowdapp-watcher-kafka-managed-secret - script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-managed-secret | base64 -d > /tmp/test-clowdapp-watcher-kafka-managed-secret-json - - script: jq -r '.kafka.brokers[0].sasl.password == "kafka-password"' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret-json diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml index 65e215cd7..a433d7c2b 100644 --- a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml @@ -2,7 +2,6 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: -- script: sleep 5 - script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-managed-secret puptoo -o json > /tmp/test-clowdapp-watcher-kafka-managed-secret2 - script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-managed-secret2 | base64 -d > /tmp/test-clowdapp-watcher-kafka-managed-secret2-json From 8d472429995fb7c88cf1220b59323185ee4605fe Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Thu, 16 Jan 2025 14:36:19 +0100 Subject: [PATCH 4/7] compare is hashCache in cdappconfig changed --- .../04-json-asserts.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml index a433d7c2b..e76d094e3 100644 --- a/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml +++ b/tests/kuttl/test-clowdapp-watcher-kafka-managed-secret/04-json-asserts.yaml @@ -5,4 +5,9 @@ commands: - script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-managed-secret puptoo -o json > /tmp/test-clowdapp-watcher-kafka-managed-secret2 - script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-managed-secret2 | base64 -d > /tmp/test-clowdapp-watcher-kafka-managed-secret2-json -- script: jq -r '.kafka.brokers[0].sasl.password == "kafka-new-password"' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret2-json +- script: jq -r '.kafka.brokers[0].sasl.password == "kafka-new-password"' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret2-json + +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret-json > /tmp/test-clowdapp-watcher-kafka-managed-secret-hash-cache +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-managed-secret2-json > /tmp/test-clowdapp-watcher-kafka-managed-secret-hash-cache2 + +- script: diff /tmp/test-clowdapp-watcher-kafka-managed-secret-hash-cache /tmp/test-clowdapp-watcher-kafka-managed-secret-hash-cache2 > /dev/null || exit 0 && exit 1 From 91c0464894040a287da03dde9cb862fded30e1e3 Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Thu, 16 Jan 2025 14:42:09 +0100 Subject: [PATCH 5/7] add kafka app interface cacert to the cache at the start of reconciliation --- .../providers/kafka/appinterface.go | 9 ++ .../00-install.yaml | 8 ++ .../01-assert.yaml | 84 +++++++++++++++ .../01-pods.yaml | 101 ++++++++++++++++++ .../02-json-asserts.yaml | 8 ++ .../03-assert.yaml | 84 +++++++++++++++ .../03-pods.yaml | 101 ++++++++++++++++++ .../04-json-asserts.yaml | 13 +++ .../05-delete.yaml | 10 ++ 9 files changed, 418 insertions(+) create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml diff --git a/controllers/cloud.redhat.com/providers/kafka/appinterface.go b/controllers/cloud.redhat.com/providers/kafka/appinterface.go index eedae1f3b..0a43c2fac 100644 --- a/controllers/cloud.redhat.com/providers/kafka/appinterface.go +++ b/controllers/cloud.redhat.com/providers/kafka/appinterface.go @@ -51,6 +51,15 @@ func (a *appInterface) setKafkaCA(broker *config.BrokerConfig) error { return err } + _, err := a.HashCache.CreateOrUpdateObject(&kafkaCASecret, true) + if err != nil { + return err + } + + if err = a.HashCache.AddClowdObjectToObject(a.Env, &kafkaCASecret); err != nil { + return err + } + broker.Cacert = utils.StringPtr(string(kafkaCASecret.Data["ca.crt"])) broker.Port = utils.IntPtr(9093) broker.SecurityProtocol = utils.StringPtr("SSL") diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml new file mode 100644 index 000000000..37b135fe9 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/00-install.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + finalizers: + - kubernetes diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml new file mode 100644 index 000000000..334bdf558 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-assert.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJlbmRwb2ludHMiOlt7ImFwaVBhdGgiOiIvYXBpL3B1cHRvby1wcm9jZXNzb3IvIiwiYXBpUGF0aHMiOlsiL2FwaS9wdXB0b28tcHJvY2Vzc29yLyJdLCJhcHAiOiJwdXB0b28iLCJob3N0bmFtZSI6InB1cHRvby1wcm9jZXNzb3IudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwibmFtZSI6InByb2Nlc3NvciIsInBvcnQiOjgwMDAsInRsc1BvcnQiOjB9XSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NWJhNmQ0MDdlNjFlNmQzMTgzNjY3NDc0Y2U5ZjNmMzY5YTI3NzUzODEwZjM4NmJhNDhhOWQyNGM4OTI4NmU0NGEiLCJrYWZrYSI6eyJicm9rZXJzIjpbeyJjYWNlcnQiOiJjYWNlcnQiLCJob3N0bmFtZSI6InRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhLWthZmthLWJvb3RzdHJhcC50ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS5zdmMiLCJwb3J0Ijo5MDkzLCJzZWN1cml0eVByb3RvY29sIjoiU1NMIn1dLCJ0b3BpY3MiOlt7Im5hbWUiOiJib2IiLCJyZXF1ZXN0ZWROYW1lIjoiYm9iIn1dfSwibG9nZ2luZyI6eyJjbG91ZHdhdGNoIjp7ImFjY2Vzc0tleUlkIjoiIiwibG9nR3JvdXAiOiIiLCJyZWdpb24iOiIiLCJzZWNyZXRBY2Nlc3NLZXkiOiIifSwidHlwZSI6Im51bGwifSwibWV0YWRhdGEiOnsiZGVwbG95bWVudHMiOlt7ImltYWdlIjoicXVheS5pby9wc2F2L2Nsb3dkZXItaGVsbG8iLCJuYW1lIjoicHJvY2Vzc29yIn1dLCJlbnZOYW1lIjoidGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2EiLCJuYW1lIjoicHVwdG9vIn0sIm1ldHJpY3NQYXRoIjoiL21ldHJpY3MiLCJtZXRyaWNzUG9ydCI6OTAwMCwicHJpdmF0ZUVuZHBvaW50cyI6W3siYXBwIjoicHVwdG9vIiwiaG9zdG5hbWUiOiJwdXB0b28tcHJvY2Vzc29yLnRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhLnN2YyIsIm5hbWUiOiJwcm9jZXNzb3IiLCJwb3J0IjoxMDAwMCwidGxzUG9ydCI6MH1dLCJwcml2YXRlUG9ydCI6MTAwMDAsInB1YmxpY1BvcnQiOjgwMDAsIndlYlBvcnQiOjgwMDB9 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ENV_VAR_2 + value: "env_var_2" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + initContainers: + - env: + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + - name: ENV_VAR_1 + value: "override_1" + - name: ENV_VAR_3 + value: "env_var_3" +--- +apiVersion: v1 +kind: Service +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + pod: puptoo-processor + ports: + - port: 8000 + targetPort: 8000 + name: public + appProtocol: http + - port: 10000 + targetPort: 10000 + name: private + appProtocol: http + - port: 9000 + targetPort: 9000 + name: metrics + appProtocol: http +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +status: + apps: + - name: puptoo + deployments: + - hostname: puptoo-processor.test-clowdapp-watcher-kafka-app-interface-ca.svc + name: puptoo-processor + port: 8000 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-kafka-app-interface-ca diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml new file mode 100644 index 000000000..a59e3ab43 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/01-pods.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + targetNamespace: test-clowdapp-watcher-kafka-app-interface-ca + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + forceTLS: true + mode: app-interface + cluster: + name: test-clowdapp-watcher-kafka-app-interface-ca + namespace: test-clowdapp-watcher-kafka-app-interface-ca + forceTLS: true + connect: + namespace: test-clowdapp-watcher-kafka-app-interface-ca + name: test-clowdapp-watcher-kafka-app-interface-ca + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + envName: test-clowdapp-watcher-kafka-app-interface-ca + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + - name: ENV_VAR_2 + value: env_var_2 + initContainers: + - env: + - name: ENV_VAR_1 + value: override_1 + - name: ENV_VAR_3 + value: env_var_3 + webServices: + public: + enabled: true + private: + enabled: true + kafkaTopics: + - topicName: bob +--- +apiVersion: v1 +kind: Service +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-kafka-bootstrap + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + app: myapp + ports: + - port: 9003 + targetPort: 9003 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: bob + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + config: {} + partitions: 3 + replicas: 1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-cluster-ca-cert + namespace: test-clowdapp-watcher-kafka-app-interface-ca +type: Opaque +stringData: + ca.crt: cacert diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml new file mode 100644 index 000000000..f8406db3a --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/02-json-asserts.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-app-interface-ca puptoo -o json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-app-interface-ca | base64 -d > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json + +- script: jq -r '.kafka.brokers[0].cacert == "cacert"' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml new file mode 100644 index 000000000..47973d28b --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-assert.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJlbmRwb2ludHMiOlt7ImFwaVBhdGgiOiIvYXBpL3B1cHRvby1wcm9jZXNzb3IvIiwiYXBpUGF0aHMiOlsiL2FwaS9wdXB0b28tcHJvY2Vzc29yLyJdLCJhcHAiOiJwdXB0b28iLCJob3N0bmFtZSI6InB1cHRvby1wcm9jZXNzb3IudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwibmFtZSI6InByb2Nlc3NvciIsInBvcnQiOjgwMDAsInRsc1BvcnQiOjB9XSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NTIzNzMxNTZkYzU2OWUxMDVkNmZkY2MzZDZkMThjZTI1NzU5ODI1ZGM3M2E5ZWVmZTU1NGIyYmI4OTkyNTNlYmEiLCJrYWZrYSI6eyJicm9rZXJzIjpbeyJjYWNlcnQiOiJuZXctY2FjZXJ0IiwiaG9zdG5hbWUiOiJ0ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS1rYWZrYS1ib290c3RyYXAudGVzdC1jbG93ZGFwcC13YXRjaGVyLWthZmthLWFwcC1pbnRlcmZhY2UtY2Euc3ZjIiwicG9ydCI6OTA5Mywic2VjdXJpdHlQcm90b2NvbCI6IlNTTCJ9XSwidG9waWNzIjpbeyJuYW1lIjoiYm9iIiwicmVxdWVzdGVkTmFtZSI6ImJvYiJ9XX0sImxvZ2dpbmciOnsiY2xvdWR3YXRjaCI6eyJhY2Nlc3NLZXlJZCI6IiIsImxvZ0dyb3VwIjoiIiwicmVnaW9uIjoiIiwic2VjcmV0QWNjZXNzS2V5IjoiIn0sInR5cGUiOiJudWxsIn0sIm1ldGFkYXRhIjp7ImRlcGxveW1lbnRzIjpbeyJpbWFnZSI6InF1YXkuaW8vcHNhdi9jbG93ZGVyLWhlbGxvIiwibmFtZSI6InByb2Nlc3NvciJ9XSwiZW52TmFtZSI6InRlc3QtY2xvd2RhcHAtd2F0Y2hlci1rYWZrYS1hcHAtaW50ZXJmYWNlLWNhIiwibmFtZSI6InB1cHRvbyJ9LCJtZXRyaWNzUGF0aCI6Ii9tZXRyaWNzIiwibWV0cmljc1BvcnQiOjkwMDAsInByaXZhdGVFbmRwb2ludHMiOlt7ImFwcCI6InB1cHRvbyIsImhvc3RuYW1lIjoicHVwdG9vLXByb2Nlc3Nvci50ZXN0LWNsb3dkYXBwLXdhdGNoZXIta2Fma2EtYXBwLWludGVyZmFjZS1jYS5zdmMiLCJuYW1lIjoicHJvY2Vzc29yIiwicG9ydCI6MTAwMDAsInRsc1BvcnQiOjB9XSwicHJpdmF0ZVBvcnQiOjEwMDAwLCJwdWJsaWNQb3J0Ijo4MDAwLCJ3ZWJQb3J0Ijo4MDAwfQ== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ENV_VAR_2 + value: "env_var_2" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + initContainers: + - env: + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json + - name: ENV_VAR_1 + value: "override_1" + - name: ENV_VAR_3 + value: "env_var_3" +--- +apiVersion: v1 +kind: Service +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + pod: puptoo-processor + ports: + - port: 8000 + targetPort: 8000 + name: public + appProtocol: http + - port: 10000 + targetPort: 10000 + name: private + appProtocol: http + - port: 9000 + targetPort: 9000 + name: metrics + appProtocol: http +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +status: + apps: + - name: puptoo + deployments: + - hostname: puptoo-processor.test-clowdapp-watcher-kafka-app-interface-ca.svc + name: puptoo-processor + port: 8000 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-kafka-app-interface-ca diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml new file mode 100644 index 000000000..5a557fc95 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/03-pods.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca +spec: + targetNamespace: test-clowdapp-watcher-kafka-app-interface-ca + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + forceTLS: true + mode: app-interface + cluster: + name: test-clowdapp-watcher-kafka-app-interface-ca + namespace: test-clowdapp-watcher-kafka-app-interface-ca + forceTLS: true + connect: + namespace: test-clowdapp-watcher-kafka-app-interface-ca + name: test-clowdapp-watcher-kafka-app-interface-ca + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + envName: test-clowdapp-watcher-kafka-app-interface-ca + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + - name: ENV_VAR_2 + value: env_var_2 + initContainers: + - env: + - name: ENV_VAR_1 + value: override_1 + - name: ENV_VAR_3 + value: env_var_3 + webServices: + public: + enabled: true + private: + enabled: true + kafkaTopics: + - topicName: bob +--- +apiVersion: v1 +kind: Service +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-kafka-bootstrap + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + selector: + app: myapp + ports: + - port: 9003 + targetPort: 9003 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: bob + namespace: test-clowdapp-watcher-kafka-app-interface-ca +spec: + config: {} + partitions: 3 + replicas: 1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: test-clowdapp-watcher-kafka-app-interface-ca-cluster-ca-cert + namespace: test-clowdapp-watcher-kafka-app-interface-ca +type: Opaque +stringData: + ca.crt: new-cacert diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml new file mode 100644 index 000000000..13f427564 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/04-json-asserts.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-kafka-app-interface-ca puptoo -o json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-kafka-app-interface-ca | base64 -d > /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json + +- script: jq -r '.kafka.brokers[0].cacert == "new-cacert"' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json + +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca-json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-kafka-app-interface-ca2-json > /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache2 + +- script: diff /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache /tmp/test-clowdapp-watcher-kafka-app-interface-ca-hash-cache2 > /dev/null || exit 0 && exit 1 diff --git a/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml new file mode 100644 index 000000000..1035a22fc --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-kafka-app-interface-ca/05-delete.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-kafka-app-interface-ca +- apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdEnvironment + name: test-clowdapp-watcher-kafka-app-interface-ca From 5e9590bf92a6a9b6971cfb1fe3f0717ff1818e86 Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Fri, 17 Jan 2025 13:00:18 +0100 Subject: [PATCH 6/7] add feature flags app interface secret to the cache at the start of reconciliation --- .../providers/featureflags/appinterface.go | 8 +++ .../00-install.yaml | 16 +++++ .../01-assert.yaml | 50 +++++++++++++++ .../01-pods.yaml | 64 +++++++++++++++++++ .../02-json-asserts.yaml | 8 +++ .../03-assert.yaml | 15 +++++ .../03-pods.yaml | 9 +++ .../04-json-asserts.yaml | 13 ++++ .../05-delete.yaml | 13 ++++ 9 files changed, 196 insertions(+) create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/00-install.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/02-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/04-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-ff-app-interface/05-delete.yaml diff --git a/controllers/cloud.redhat.com/providers/featureflags/appinterface.go b/controllers/cloud.redhat.com/providers/featureflags/appinterface.go index 32781efaa..fc2ac2a32 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/appinterface.go +++ b/controllers/cloud.redhat.com/providers/featureflags/appinterface.go @@ -45,6 +45,14 @@ func (ff *appInterfaceFeatureFlagProvider) Provide(_ *crd.ClowdApp) error { return err } + if _, err := ff.HashCache.CreateOrUpdateObject(sec, true); err != nil { + return err + } + + if err := ff.HashCache.AddClowdObjectToObject(ff.Env, sec); err != nil { + return err + } + accessToken, ok := sec.Data["CLIENT_ACCESS_TOKEN"] if !ok { return errors.NewClowderError("Missing data") diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/00-install.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/00-install.yaml new file mode 100644 index 000000000..8f8ecc105 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/00-install.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-ff-app-interface +spec: + finalizers: + - kubernetes +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-ff-app-interface-ff-location +spec: + finalizers: + - kubernetes \ No newline at end of file diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-assert.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-assert.yaml new file mode 100644 index 000000000..0f9307120 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-assert.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-ff-app-interface + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJmZWF0dXJlRmxhZ3MiOnsiY2xpZW50QWNjZXNzVG9rZW4iOiJhcHAtYi1zdGFnZS5yZHMuZXhhbXBsZS5jb20iLCJob3N0bmFtZSI6InRlc3QuZmVhdHVyZWZsYWdzLnJlZGhhdC5jb20iLCJwb3J0IjoxMjM0NSwic2NoZW1lIjoiaHR0cHMifSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NTBmNzI4NDFiMzQyNDA0ZDFhYjAzNGIwYjdlY2IzZmE2YjI5ODAyYzc4ZjBlYzBiYjc1MWU0YjQyMTAxNjJhMjUiLCJsb2dnaW5nIjp7ImNsb3Vkd2F0Y2giOnsiYWNjZXNzS2V5SWQiOiIiLCJsb2dHcm91cCI6IiIsInJlZ2lvbiI6IiIsInNlY3JldEFjY2Vzc0tleSI6IiJ9LCJ0eXBlIjoibnVsbCJ9LCJtZXRhZGF0YSI6eyJkZXBsb3ltZW50cyI6W3siaW1hZ2UiOiJxdWF5LmlvL3BzYXYvY2xvd2Rlci1oZWxsbyIsIm5hbWUiOiJwcm9jZXNzb3IifV0sImVudk5hbWUiOiJ0ZXN0LWNsb3dkYXBwLXdhdGNoZXItZmYtYXBwLWludGVyZmFjZSIsIm5hbWUiOiJwdXB0b28ifSwibWV0cmljc1BhdGgiOiIvbWV0cmljcyIsIm1ldHJpY3NQb3J0Ijo5MDAwLCJwcml2YXRlUG9ydCI6MTAwMDAsInB1YmxpY1BvcnQiOjgwMDAsIndlYlBvcnQiOjgwMDB9 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-ff-app-interface +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-ff-app-interface +status: + apps: + - name: puptoo + deployments: + - name: puptoo-processor +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-ff-app-interface + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-ff-app-interface diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-pods.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-pods.yaml new file mode 100644 index 000000000..0eca6ec66 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/01-pods.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ff-server + namespace: test-clowdapp-watcher-ff-app-interface-ff-location +type: Opaque +data: + CLIENT_ACCESS_TOKEN: YXBwLWItc3RhZ2UucmRzLmV4YW1wbGUuY29t # app-b-stage.rds.example.com +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-ff-app-interface +spec: + targetNamespace: test-clowdapp-watcher-ff-app-interface + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + mode: none + db: + mode: none + logging: + mode: none + objectStore: + mode: none + inMemoryDb: + mode: none + featureFlags: + mode: app-interface + hostname: test.featureflags.redhat.com + port: 12345 + credentialRef: + name: ff-server + namespace: test-clowdapp-watcher-ff-app-interface-ff-location + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-ff-app-interface +spec: + envName: test-clowdapp-watcher-ff-app-interface + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 + featureFlags: true diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/02-json-asserts.yaml new file mode 100644 index 000000000..0392f1788 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/02-json-asserts.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-ff-app-interface puptoo -o json > /tmp/test-clowdapp-watcher-ff-app-interface +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-ff-app-interface | base64 -d > /tmp/test-clowdapp-watcher-ff-app-interface-json + +- script: jq -r '.featureFlags.clientAccessToken == "app-b-stage.rds.example.com"' -e < /tmp/test-clowdapp-watcher-ff-app-interface-json diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-assert.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-assert.yaml new file mode 100644 index 000000000..ea37927de --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-assert.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-ff-app-interface + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJmZWF0dXJlRmxhZ3MiOnsiY2xpZW50QWNjZXNzVG9rZW4iOiJhcHAtYS1zdGFnZS5yZHMuZXhhbXBsZS5jb20iLCJob3N0bmFtZSI6InRlc3QuZmVhdHVyZWZsYWdzLnJlZGhhdC5jb20iLCJwb3J0IjoxMjM0NSwic2NoZW1lIjoiaHR0cHMifSwiaGFzaENhY2hlIjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NWQ2ZDNlMGZmNTc5Y2FmM2YyMDNjNTIwOTg3NmI2YTQ0N2Y2NjJlNTQ1NDg1OGVkM2UwY2Y2ODczNzVkYzg2NDMiLCJsb2dnaW5nIjp7ImNsb3Vkd2F0Y2giOnsiYWNjZXNzS2V5SWQiOiIiLCJsb2dHcm91cCI6IiIsInJlZ2lvbiI6IiIsInNlY3JldEFjY2Vzc0tleSI6IiJ9LCJ0eXBlIjoibnVsbCJ9LCJtZXRhZGF0YSI6eyJkZXBsb3ltZW50cyI6W3siaW1hZ2UiOiJxdWF5LmlvL3BzYXYvY2xvd2Rlci1oZWxsbyIsIm5hbWUiOiJwcm9jZXNzb3IifV0sImVudk5hbWUiOiJ0ZXN0LWNsb3dkYXBwLXdhdGNoZXItZmYtYXBwLWludGVyZmFjZSIsIm5hbWUiOiJwdXB0b28ifSwibWV0cmljc1BhdGgiOiIvbWV0cmljcyIsIm1ldHJpY3NQb3J0Ijo5MDAwLCJwcml2YXRlUG9ydCI6MTAwMDAsInB1YmxpY1BvcnQiOjgwMDAsIndlYlBvcnQiOjgwMDB9 diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-pods.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-pods.yaml new file mode 100644 index 000000000..dd085b796 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/03-pods.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ff-server + namespace: test-clowdapp-watcher-ff-app-interface-ff-location +type: Opaque +data: + CLIENT_ACCESS_TOKEN: YXBwLWEtc3RhZ2UucmRzLmV4YW1wbGUuY29t # app-a-stage.rds.example.com diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/04-json-asserts.yaml new file mode 100644 index 000000000..e243cfd00 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/04-json-asserts.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-ff-app-interface puptoo -o json > /tmp/test-clowdapp-watcher-ff-app-interface2 +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-ff-app-interface2 | base64 -d > /tmp/test-clowdapp-watcher-ff-app-interface2-json + +- script: jq -r '.featureFlags.clientAccessToken == "app-a-stage.rds.example.com"' -e < /tmp/test-clowdapp-watcher-ff-app-interface2-json + +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-ff-app-interface-json > /tmp/test-clowdapp-watcher-ff-app-interface-hash-cache +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-ff-app-interface2-json > /tmp/test-clowdapp-watcher-ff-app-interface-hash-cache2 + +- script: diff /tmp/test-clowdapp-watcher-ff-app-interface-hash-cache /tmp/test-clowdapp-watcher-ff-app-interface-hash-cache2 > /dev/null || exit 0 && exit 1 diff --git a/tests/kuttl/test-clowdapp-watcher-ff-app-interface/05-delete.yaml b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/05-delete.yaml new file mode 100644 index 000000000..3df16a101 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-ff-app-interface/05-delete.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-ff-app-interface +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-ff-app-interface-ff-location +- apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdEnvironment + name: test-clowdapp-watcher-ff-app-interface From bbb031d372c4819d42d378ebcbfc4809c9670c1b Mon Sep 17 00:00:00 2001 From: Vojtech Kronika Date: Mon, 20 Jan 2025 10:21:35 +0100 Subject: [PATCH 7/7] add logging app interface cloudwatch to the cache at the start of reconciliation --- .../providers/logging/appinterface.go | 8 +++ .../00-install.yaml | 8 +++ .../01-assert.yaml | 50 ++++++++++++++++ .../01-pods.yaml | 59 +++++++++++++++++++ .../02-json-asserts.yaml | 8 +++ .../03-assert.yaml | 15 +++++ .../03-pods.yaml | 12 ++++ .../04-json-asserts.yaml | 16 +++++ .../05-delete.yaml | 10 ++++ 9 files changed, 186 insertions(+) create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/00-install.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/02-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-assert.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-pods.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/04-json-asserts.yaml create mode 100644 tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/05-delete.yaml diff --git a/controllers/cloud.redhat.com/providers/logging/appinterface.go b/controllers/cloud.redhat.com/providers/logging/appinterface.go index 481b0549a..a932e3151 100644 --- a/controllers/cloud.redhat.com/providers/logging/appinterface.go +++ b/controllers/cloud.redhat.com/providers/logging/appinterface.go @@ -42,6 +42,14 @@ func setCloudwatchSecret(ns string, p *providers.Provider, c *config.LoggingConf return errors.Wrap("Failed to fetch cloudwatch secret", err) } + if _, err := p.HashCache.CreateOrUpdateObject(&secret, true); err != nil { + return err + } + + if err := p.HashCache.AddClowdObjectToObject(p.Env, &secret); err != nil { + return err + } + c.Cloudwatch = &config.CloudWatchConfig{ AccessKeyId: string(secret.Data["aws_access_key_id"]), SecretAccessKey: string(secret.Data["aws_secret_access_key"]), diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/00-install.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/00-install.yaml new file mode 100644 index 000000000..65483164d --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/00-install.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-logging-app-interface-clowdwatch +spec: + finalizers: + - kubernetes diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-assert.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-assert.yaml new file mode 100644 index 000000000..c6c7e8131 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-assert.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJoYXNoQ2FjaGUiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1OGRlMGJhZjAzY2NhOTRhZjBhMzdjZmYwYmFjMzE1NjdkZDI2ODhiZDYzMDZjYjZjMDM5MGVlYjYzMTA2ZjIyYiIsImxvZ2dpbmciOnsiY2xvdWR3YXRjaCI6eyJhY2Nlc3NLZXlJZCI6ImFjY2Vzcy1rZXktaWQiLCJsb2dHcm91cCI6IkxvZ3NfU3RhZ2UiLCJyZWdpb24iOiJldS1jZW50cmFsLTEiLCJzZWNyZXRBY2Nlc3NLZXkiOiJ0b3Atc2VjcmV0In0sInR5cGUiOiIifSwibWV0YWRhdGEiOnsiZGVwbG95bWVudHMiOlt7ImltYWdlIjoicXVheS5pby9wc2F2L2Nsb3dkZXItaGVsbG8iLCJuYW1lIjoicHJvY2Vzc29yIn1dLCJlbnZOYW1lIjoidGVzdC1jbG93ZGFwcC13YXRjaGVyLWxvZ2dpbmctYXBwLWludGVyZmFjZS1jbG93ZHdhdGNoIiwibmFtZSI6InB1cHRvbyJ9LCJtZXRyaWNzUGF0aCI6Ii9tZXRyaWNzIiwibWV0cmljc1BvcnQiOjkwMDAsInByaXZhdGVQb3J0IjoxMDAwMCwicHVibGljUG9ydCI6ODAwMCwid2ViUG9ydCI6ODAwMH0= +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: puptoo-processor + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch +spec: + strategy: + type: RollingUpdate + template: + spec: + serviceAccountName: puptoo-processor + containers: + - env: + - name: ENV_VAR_1 + value: "env_var_1" + - name: ACG_CONFIG + value: /cdapp/cdappconfig.json +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-logging-app-interface-clowdwatch +status: + apps: + - name: puptoo + deployments: + - name: puptoo-processor +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-clowdapp-watcher-logging-app-interface-clowdwatch + labels: + kubernetes.io/metadata.name: test-clowdapp-watcher-logging-app-interface-clowdwatch diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-pods.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-pods.yaml new file mode 100644 index 000000000..9b631a357 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/01-pods.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: v1 +data: + aws_access_key_id: YWNjZXNzLWtleS1pZA== # access-key-id + aws_secret_access_key: dG9wLXNlY3JldA== # top-secret + aws_region: ZXUtY2VudHJhbC0x # eu-central-1 + log_group_name: TG9nc19TdGFnZQ== # Logs_Stage +kind: Secret +metadata: + name: cloudwatch + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch +type: Opaque +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdEnvironment +metadata: + name: test-clowdapp-watcher-logging-app-interface-clowdwatch +spec: + targetNamespace: test-clowdapp-watcher-logging-app-interface-clowdwatch + providers: + web: + port: 8000 + mode: operator + metrics: + port: 9000 + mode: operator + path: "/metrics" + kafka: + mode: none + db: + mode: none + logging: + mode: app-interface + objectStore: + mode: none + inMemoryDb: + mode: none + resourceDefaults: + limits: + cpu: 400m + memory: 1024Mi + requests: + cpu: 30m + memory: 512Mi +--- +apiVersion: cloud.redhat.com/v1alpha1 +kind: ClowdApp +metadata: + name: puptoo + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch +spec: + envName: test-clowdapp-watcher-logging-app-interface-clowdwatch + deployments: + - name: processor + podSpec: + image: quay.io/psav/clowder-hello + env: + - name: ENV_VAR_1 + value: env_var_1 diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/02-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/02-json-asserts.yaml new file mode 100644 index 000000000..7a98e7abf --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/02-json-asserts.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-logging-app-interface-clowdwatch puptoo -o json > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch | base64 -d > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-json + +- script: jq -r '.logging.cloudwatch.secretAccessKey == "top-secret"' -e < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-json diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-assert.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-assert.yaml new file mode 100644 index 000000000..5f2c98ee6 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-assert.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: puptoo + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch + labels: + app: puptoo + ownerReferences: + - apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdApp + name: puptoo +type: Opaque +data: + cdappconfig.json: eyJoYXNoQ2FjaGUiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1YzgwZDIwNmI0NDA4MmYyMWFlNjI4ZTA5OGU4OWEyMzUxNDI1ZGJjZTRkZjViOWIyNzAzOGI5MDQ1NDU0MTVjZiIsImxvZ2dpbmciOnsiY2xvdWR3YXRjaCI6eyJhY2Nlc3NLZXlJZCI6ImFjY2Vzcy1rZXktaWQiLCJsb2dHcm91cCI6IkxvZ3NfU3RhZ2UiLCJyZWdpb24iOiJldS1jZW50cmFsLTEiLCJzZWNyZXRBY2Nlc3NLZXkiOiJzdHJvbmctdG9wLXNlY3JldCJ9LCJ0eXBlIjoiIn0sIm1ldGFkYXRhIjp7ImRlcGxveW1lbnRzIjpbeyJpbWFnZSI6InF1YXkuaW8vcHNhdi9jbG93ZGVyLWhlbGxvIiwibmFtZSI6InByb2Nlc3NvciJ9XSwiZW52TmFtZSI6InRlc3QtY2xvd2RhcHAtd2F0Y2hlci1sb2dnaW5nLWFwcC1pbnRlcmZhY2UtY2xvd2R3YXRjaCIsIm5hbWUiOiJwdXB0b28ifSwibWV0cmljc1BhdGgiOiIvbWV0cmljcyIsIm1ldHJpY3NQb3J0Ijo5MDAwLCJwcml2YXRlUG9ydCI6MTAwMDAsInB1YmxpY1BvcnQiOjgwMDAsIndlYlBvcnQiOjgwMDB9 diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-pods.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-pods.yaml new file mode 100644 index 000000000..60dbbca39 --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/03-pods.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +data: + aws_access_key_id: YWNjZXNzLWtleS1pZA== # access-key-id + aws_secret_access_key: c3Ryb25nLXRvcC1zZWNyZXQ= # strong-top-secret + aws_region: ZXUtY2VudHJhbC0x # eu-central-1 + log_group_name: TG9nc19TdGFnZQ== # Logs_Stage +kind: Secret +metadata: + name: cloudwatch + namespace: test-clowdapp-watcher-logging-app-interface-clowdwatch +type: Opaque \ No newline at end of file diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/04-json-asserts.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/04-json-asserts.yaml new file mode 100644 index 000000000..20e5f1cea --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/04-json-asserts.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: kubectl get secret --namespace=test-clowdapp-watcher-logging-app-interface-clowdwatch puptoo -o json > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2 +- script: jq -r '.data["cdappconfig.json"]' < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2 | base64 -d > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2-json + +- script: cat /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-json +- script: cat /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2-json + +- script: jq -r '.logging.cloudwatch.secretAccessKey == "strong-top-secret"' -e < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2-json + +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-json > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-hash-cache +- script: jq -r '.hashCache' -e < /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch2-json > /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-hash-cache2 + +- script: diff /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-hash-cache /tmp/test-clowdapp-watcher-logging-app-interface-clowdwatch-hash-cache2 > /dev/null || exit 0 && exit 1 diff --git a/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/05-delete.yaml b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/05-delete.yaml new file mode 100644 index 000000000..6aa9e122f --- /dev/null +++ b/tests/kuttl/test-clowdapp-watcher-logging-app-interface-cloudwatch/05-delete.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Namespace + name: test-clowdapp-watcher-logging-app-interface-clowdwatch +- apiVersion: cloud.redhat.com/v1alpha1 + kind: ClowdEnvironment + name: test-clowdapp-watcher-logging-app-interface-clowdwatch