Skip to content

Commit

Permalink
Added checking for kubeCluster is Openshift to be used by Vault insta…
Browse files Browse the repository at this point in the history
…nce (kroxylicious#1023)

* added isOpenshift for kubeCluster to be used by Vault instance

* added suggested changes

* imp sort

* improved error log

* renamed isOpenshift variable and fixed log error
  • Loading branch information
franvila authored Feb 20, 2024
1 parent 70fedad commit 4279baf
Show file tree
Hide file tree
Showing 7 changed files with 57 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -44,16 +44,19 @@ public class Vault {
private static final String VAULT_CMD = "vault";
private final String deploymentNamespace;
private final String vaultRootToken;
private final boolean openshiftCluster;

/**
* Instantiates a new Vault.
*
* @param deploymentNamespace the deployment namespace
* @param vaultRootToken root token to be used for the vault install
* @param openshiftCluster the boolean for openshift cluster
*/
public Vault(String deploymentNamespace, String vaultRootToken) {
public Vault(String deploymentNamespace, String vaultRootToken, boolean openshiftCluster) {
this.deploymentNamespace = deploymentNamespace;
this.vaultRootToken = vaultRootToken;
this.openshiftCluster = openshiftCluster;
}

/**
Expand Down Expand Up @@ -124,7 +127,7 @@ public String getVersionInstalled() {
*
*/
public void deploy() {
LOGGER.info("Deploy HashiCorp Vault in {} namespace", deploymentNamespace);
LOGGER.info("Deploy HashiCorp Vault in {} namespace, openshift: {}", deploymentNamespace, openshiftCluster);
if (isDeployed()) {
LOGGER.warn("Skipping Vault deployment. It is already deployed!");
return;
Expand All @@ -134,7 +137,8 @@ public void deploy() {
ResourceManager.helmClient().namespace(deploymentNamespace).install(VAULT_HELM_CHART_NAME, VAULT_SERVICE_NAME,
Optional.of(Environment.VAULT_CHART_VERSION),
Optional.of(getHelmOverridePath()),
Optional.of(Map.of("server.dev.devRootToken", vaultRootToken)));
Optional.of(Map.of("server.dev.devRootToken", vaultRootToken,
"global.openshift", String.valueOf(openshiftCluster))));

DeploymentUtils.waitForDeploymentRunning(deploymentNamespace, VAULT_POD_NAME, Duration.ofMinutes(1));
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -152,4 +152,13 @@ public synchronized KubeCluster cluster() {
}
return kubeCluster;
}

/**
* Return true if this kind of cluster is openshift.
*
* @return the boolean
*/
public boolean isOpenshift() {
return kubeCluster.isOpenshift();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,25 @@ public interface KubeCluster {
Config CONFIG = Config.autoConfigure(null);

/** Return true iff this kind of cluster installed on the local machine.
* @return the boolean
* */
* @return the boolean
*/
boolean isAvailable();

/** Return true iff this kind of cluster is running on the local machine
* @return the boolean
* */
*/
boolean isClusterUp();

/**
* Return true if this kind of cluster is openshift
*
* @return the boolean
*/
boolean isOpenshift();

/** Return a default CMD cmdClient for this kind of cluster.
* @return the kube cmd client
* */
*/
KubeCmdClient defaultCmdClient();

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.slf4j.LoggerFactory;

import io.kroxylicious.systemtests.executor.Exec;
import io.kroxylicious.systemtests.executor.ExecResult;
import io.kroxylicious.systemtests.k8s.cmd.KubeCmdClient;
import io.kroxylicious.systemtests.k8s.cmd.Kubectl;
import io.kroxylicious.systemtests.k8s.exception.KubeClusterException;
Expand Down Expand Up @@ -54,4 +55,19 @@ public KubeCmdClient defaultCmdClient() {
public String toString() {
return CMD;
}

public boolean isOpenshift() {
List<String> cmd = Arrays.asList(CMD, "api-versions");
try {
ExecResult result = Exec.exec(cmd);
if (!result.isSuccess()) {
throw new KubeClusterException("Something went wrong when executing " + cmd + " command: " + result.err());
}
return result.out().contains("openshift.io");
}
catch (KubeClusterException e) {
LOGGER.error("Failed whilst sniffing for OpenShift: ", e);
throw e;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,12 @@ public class KubeVaultTestKmsFacade extends AbstractVaultTestKmsFacade {
*
* @param namespace the namespace
* @param podName the pod name
* @param openshiftCluster the boolean for openshift cluster
*/
public KubeVaultTestKmsFacade(String namespace, String podName) {
public KubeVaultTestKmsFacade(String namespace, String podName, boolean openshiftCluster) {
this.namespace = namespace;
this.podName = podName;
this.vault = new Vault(namespace, VAULT_ROOT_TOKEN);
this.vault = new Vault(namespace, VAULT_ROOT_TOKEN, openshiftCluster);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,16 @@
*/
public class KubeVaultTestKmsFacadeFactory extends AbstractVaultTestKmsFacadeFactory {

public KubeVaultTestKmsFacade build(String namespace, String podName) {
return new KubeVaultTestKmsFacade(namespace, podName);
/**
* Build kube vault test kms facade.
*
* @param namespace the namespace
* @param podName the pod name
* @param openshiftCluster the boolean for openshift cluster
* @return the kube vault test kms facade
*/
public KubeVaultTestKmsFacade build(String namespace, String podName, boolean openshiftCluster) {
return new KubeVaultTestKmsFacade(namespace, podName, openshiftCluster);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ class EnvelopeEncryptionST extends AbstractST {

@BeforeAll
void setUp() {
kubeVaultTestKmsFacade = new KubeVaultTestKmsFacadeFactory().build(Vault.VAULT_DEFAULT_NAMESPACE, Vault.VAULT_POD_NAME);
kubeVaultTestKmsFacade = new KubeVaultTestKmsFacadeFactory().build(Vault.VAULT_DEFAULT_NAMESPACE, Vault.VAULT_POD_NAME, cluster.isOpenshift());
List<Pod> vaultPods = kubeClient().listPodsByPrefixInName(Vault.VAULT_DEFAULT_NAMESPACE, Vault.VAULT_SERVICE_NAME);
if (!vaultPods.isEmpty()) {
LOGGER.warn("Skipping vault deployment. It is already deployed!");
Expand Down

0 comments on commit 4279baf

Please sign in to comment.