Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update tls cert secret validation due VerifyCertSecrets() change #618

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions api/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.20

require (
github.com/google/go-cmp v0.6.0
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6
github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059
k8s.io/api v0.28.13
k8s.io/apimachinery v0.28.13
Expand Down Expand Up @@ -36,7 +36,6 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/onsi/ginkgo/v2 v2.20.1 // indirect
github.com/openshift/api v3.9.0+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.18.0 // indirect
Expand Down
5 changes: 2 additions & 3 deletions api/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,11 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI=
github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU=
github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE=
github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:u8JnCwm6XfPaJJrtOJFNDGI30AohRMY1gGau9m2Ruzg=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
Expand Down
44 changes: 21 additions & 23 deletions controllers/glanceapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -691,7 +691,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(
//
// Validate the CA cert secret if provided
if instance.Spec.TLS.CaBundleSecretName != "" {
hash, ctrlResult, err := tls.ValidateCACertSecret(
hash, err := tls.ValidateCACertSecret(
ctx,
helper.GetClient(),
types.NamespacedName{
Expand All @@ -700,55 +700,53 @@ func (r *GlanceAPIReconciler) reconcileNormal(
},
)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.TLSInputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
fmt.Sprintf(condition.TLSInputReadyWaitingMessage, instance.Spec.TLS.CaBundleSecretName)))
return ctrl.Result{}, nil
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.TLSInputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.TLSInputErrorMessage,
err.Error()))
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
// Marking the condition as Unknown because we are not returining
// an err, but comparing the ctrlResult: this represents an in
// progress operation rather than something that failed
instance.Status.Conditions.MarkUnknown(
condition.TLSInputReadyCondition,
condition.RequestedReason,
condition.InputReadyWaitingMessage)
return ctrlResult, nil
return ctrl.Result{}, err
}
if hash != "" {
configVars[tls.CABundleKey] = env.SetValue(hash)
}
}

// Validate API service certs secrets
certsHash, ctrlResult, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace)
certsHash, err := instance.Spec.TLS.API.ValidateCertSecrets(ctx, helper, instance.Namespace)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.TLSInputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
fmt.Sprintf(condition.TLSInputReadyWaitingMessage, err.Error())))
return ctrl.Result{}, nil
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.TLSInputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.TLSInputErrorMessage,
err.Error()))
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
// Marking the condition as Unknown because we are not returining
// an err, but comparing the ctrlResult: this represents an in
// progress operation rather than something that failed
instance.Status.Conditions.MarkUnknown(
condition.TLSInputReadyCondition,
condition.RequestedReason,
condition.InputReadyWaitingMessage)
return ctrlResult, nil
return ctrl.Result{}, err
}
configVars[tls.TLSHashName] = env.SetValue(certsHash)
// all cert input checks out so report InputReady
instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage)

var serviceAnnotations map[string]string
// networks to attach to
serviceAnnotations, ctrlResult, err = ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
serviceAnnotations, ctrlResult, err := ensureNAD(ctx, &instance.Status.Conditions, instance.Spec.NetworkAttachments, helper)
if err != nil {
instance.Status.Conditions.MarkFalse(
condition.NetworkAttachmentsReadyCondition,
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require (
github.com/openstack-k8s-operators/glance-operator/api v0.0.0-00010101000000-000000000000
github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e
github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6
github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059
github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059
github.com/openstack-k8s-operators/lib-common/modules/test v0.4.1-0.20240814075458-0ae9f7f9e059
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-7
github.com/openstack-k8s-operators/infra-operator/apis v0.4.1-0.20240813061654-72bf12d9b73e/go.mod h1:0DYz6gT2jQtQe4HvtVHB//41PpyTSpWpzcFrdxn1eww=
github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef h1:DYmNZLkoYeT2NOoMN9XPiZS25EMXru6vMNZwwnEW5Og=
github.com/openstack-k8s-operators/keystone-operator/api v0.4.1-0.20240812074544-7379da550fef/go.mod h1:MkvxXyvpUhfeKy4QDmzPMn6YH5eRu24uOgpLo9SBlwc=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059 h1:AQi/mrFBLRnus+lie6GDUokC7qT0y4OpiIkT4WRmpy4=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:68390qkx7+crmuqpbkTE/Am48nzO98Y9LdPT5XwOv30=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6 h1:VSbVNzUa41hybq/lZi0L8bNv/yzYyNylc8yKSEO+ZCA=
github.com/openstack-k8s-operators/lib-common/modules/common v0.4.1-0.20240905123813-174296c09ec6/go.mod h1:6zxa5xg9uvpObVKFSJa/SA+vDDlgh0Q1aswxDB2XbxU=
github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059 h1:Ol1P8vPxIHWzTaL6RfENRiAxp2XrMQUYtnP5Ceek53A=
github.com/openstack-k8s-operators/lib-common/modules/openstack v0.4.1-0.20240814075458-0ae9f7f9e059/go.mod h1:CfMx4bwBVQEYMRt2dIcyqJjR3ToZxFEOPS+0Uy2Mm68=
github.com/openstack-k8s-operators/lib-common/modules/storage v0.4.1-0.20240814075458-0ae9f7f9e059 h1:HzvUWSO61v7RvJsteIAdyTycMIIJpr0Kk6FER6d1XAE=
Expand Down
22 changes: 13 additions & 9 deletions test/functional/glanceapi_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ limitations under the License.
package functional

import (
"fmt"

. "github.com/onsi/ginkgo/v2" //revive:disable:dot-imports
. "github.com/onsi/gomega" //revive:disable:dot-imports
memcachedv1 "github.com/openstack-k8s-operators/infra-operator/apis/memcached/v1beta1"
Expand Down Expand Up @@ -761,15 +763,15 @@ var _ = Describe("Glanceapi controller", func() {
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.TLSInputReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
condition.RequestedReason,
condition.InputReadyWaitingMessage,
fmt.Sprintf("TLSInput is missing: %s", CABundleSecretName),
)
th.ExpectCondition(
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.ReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
)
})

Expand All @@ -779,15 +781,16 @@ var _ = Describe("Glanceapi controller", func() {
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.TLSInputReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
condition.RequestedReason,
condition.InputReadyWaitingMessage,
fmt.Sprintf("TLSInput is missing: secrets \"%s in namespace %s\" not found",
glanceTest.InternalCertSecret.Name, glanceTest.InternalCertSecret.Namespace),
)
th.ExpectCondition(
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.ReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
)
})

Expand All @@ -798,15 +801,16 @@ var _ = Describe("Glanceapi controller", func() {
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.TLSInputReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
condition.RequestedReason,
condition.InputReadyWaitingMessage,
fmt.Sprintf("TLSInput is missing: secrets \"%s in namespace %s\" not found",
glanceTest.PublicCertSecret.Name, glanceTest.PublicCertSecret.Namespace),
)
th.ExpectCondition(
glanceTest.GlanceSingle,
ConditionGetterFunc(GlanceAPIConditionGetter),
condition.ReadyCondition,
corev1.ConditionUnknown,
corev1.ConditionFalse,
)
})

Expand Down
Loading