From 456c7034a471400370435133e4a1a05bc58a62cc Mon Sep 17 00:00:00 2001 From: spilchen Date: Fri, 10 Sep 2021 08:17:09 -0400 Subject: [PATCH] Add ability to mount custom certs (#54) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This provides the ability to mount any number of custom certs in the Vertica container. Each cert will be mounted in a well defined location within the container (/certs//). This will be available with a new parameter called spec.certSecrets. A list of Secret names can be specified. Here is an example of a CR that takes advantage of that: apiVersion: vertica.com/v1beta1 kind: VerticaDB metadata: name: verticadb-sample spec: communal: {…} certSecrets: - name: mtls - name: aws-cert It specifies two secrets: mtls and aws-cert. The keys within these Secrets will be mounted at /certs/mtls and /certs/aws-cret respectively. If the keys of the secret change, the mount points will be automatically updated to reflect the new value without having to restart the pod. --- .gitignore | 2 +- api/v1beta1/verticadb_types.go | 8 + api/v1beta1/zz_generated.deepcopy.go | 313 ------------------ pkg/controllers/builder.go | 29 ++ pkg/paths/paths.go | 1 + tests/e2e/mount-certs/00-minio.yaml | 18 + tests/e2e/mount-certs/05-assert.yaml | 23 ++ tests/e2e/mount-certs/05-create-bucket.yaml | 17 + tests/e2e/mount-certs/10-assert.yaml | 21 ++ tests/e2e/mount-certs/10-deploy-operator.yaml | 17 + tests/e2e/mount-certs/15-create-secrets.yaml | 36 ++ tests/e2e/mount-certs/20-assert.yaml | 19 ++ tests/e2e/mount-certs/20-setup-vdb.yaml | 17 + tests/e2e/mount-certs/23-rbac.yaml | 44 +++ tests/e2e/mount-certs/25-assert.yaml | 23 ++ .../mount-certs/25-verify-cert-contents.yaml | 64 ++++ tests/e2e/mount-certs/30-change-secret.yaml | 21 ++ tests/e2e/mount-certs/35-assert.yaml | 27 ++ .../35-verify-new-cert-contents.yaml | 63 ++++ tests/e2e/mount-certs/40-assert.yaml | 22 ++ .../e2e/mount-certs/40-wait-for-createdb.yaml | 1 + .../mount-certs/45-create-another-secret.yaml | 25 ++ tests/e2e/mount-certs/50-add-cert-to-vdb.yaml | 22 ++ tests/e2e/mount-certs/50-assert.yaml | 35 ++ tests/e2e/mount-certs/52-assert.yaml | 22 ++ tests/e2e/mount-certs/52-delete-pod.yaml | 18 + tests/e2e/mount-certs/53-assert.yaml | 22 ++ tests/e2e/mount-certs/53-wait-for-upnode.yaml | 1 + tests/e2e/mount-certs/55-assert.yaml | 27 ++ .../e2e/mount-certs/55-verify-added-cert.yaml | 61 ++++ tests/e2e/mount-certs/90-errors.yaml | 18 + .../mount-certs/90-uninstall-operator.yaml | 17 + tests/e2e/mount-certs/95-delete-crd.yaml | 22 ++ tests/e2e/mount-certs/95-errors.yaml | 21 ++ .../setup-vdb/base/kustomization.yaml | 18 + .../mount-certs/setup-vdb/base/setup-vdb.yaml | 33 ++ 36 files changed, 834 insertions(+), 314 deletions(-) delete mode 100644 api/v1beta1/zz_generated.deepcopy.go create mode 100644 tests/e2e/mount-certs/00-minio.yaml create mode 100644 tests/e2e/mount-certs/05-assert.yaml create mode 100644 tests/e2e/mount-certs/05-create-bucket.yaml create mode 100644 tests/e2e/mount-certs/10-assert.yaml create mode 100644 tests/e2e/mount-certs/10-deploy-operator.yaml create mode 100644 tests/e2e/mount-certs/15-create-secrets.yaml create mode 100644 tests/e2e/mount-certs/20-assert.yaml create mode 100644 tests/e2e/mount-certs/20-setup-vdb.yaml create mode 100644 tests/e2e/mount-certs/23-rbac.yaml create mode 100644 tests/e2e/mount-certs/25-assert.yaml create mode 100644 tests/e2e/mount-certs/25-verify-cert-contents.yaml create mode 100644 tests/e2e/mount-certs/30-change-secret.yaml create mode 100644 tests/e2e/mount-certs/35-assert.yaml create mode 100644 tests/e2e/mount-certs/35-verify-new-cert-contents.yaml create mode 100644 tests/e2e/mount-certs/40-assert.yaml create mode 100644 tests/e2e/mount-certs/40-wait-for-createdb.yaml create mode 100644 tests/e2e/mount-certs/45-create-another-secret.yaml create mode 100644 tests/e2e/mount-certs/50-add-cert-to-vdb.yaml create mode 100644 tests/e2e/mount-certs/50-assert.yaml create mode 100644 tests/e2e/mount-certs/52-assert.yaml create mode 100644 tests/e2e/mount-certs/52-delete-pod.yaml create mode 100644 tests/e2e/mount-certs/53-assert.yaml create mode 100644 tests/e2e/mount-certs/53-wait-for-upnode.yaml create mode 100644 tests/e2e/mount-certs/55-assert.yaml create mode 100644 tests/e2e/mount-certs/55-verify-added-cert.yaml create mode 100644 tests/e2e/mount-certs/90-errors.yaml create mode 100644 tests/e2e/mount-certs/90-uninstall-operator.yaml create mode 100644 tests/e2e/mount-certs/95-delete-crd.yaml create mode 100644 tests/e2e/mount-certs/95-errors.yaml create mode 100644 tests/e2e/mount-certs/setup-vdb/base/kustomization.yaml create mode 100644 tests/e2e/mount-certs/setup-vdb/base/setup-vdb.yaml diff --git a/.gitignore b/.gitignore index 1c667983d..1100b95a1 100644 --- a/.gitignore +++ b/.gitignore @@ -42,7 +42,7 @@ testbin/* # Omit some fully generated files config/crd/bases/vertica.com_verticadbs.yaml config/rbac/role.yaml -api/v1alpha1/zz_generated.deepcopy.go +api/v1beta1/zz_generated.deepcopy.go # Omit generated files for helm verticadb-operator helm-charts/verticadb-operator/templates/*.yaml diff --git a/api/v1beta1/verticadb_types.go b/api/v1beta1/verticadb_types.go index 3c66e445c..5d6361712 100644 --- a/api/v1beta1/verticadb_types.go +++ b/api/v1beta1/verticadb_types.go @@ -183,6 +183,14 @@ type VerticaDBSpec struct { // accepts any valid volume type. A unique name must be given for each // volume and it cannot conflict with any of the internally generated volumes. Volumes []corev1.Volume `json:"volumes,omitempty"` + + // +kubebuilder:validation:Optional + // Secrets that will be mounted in the vertica container. The purpose of + // this is to allow custom certs to be available. The full path is: + // /certs// + // Where is the name provided in the secret and is one + // of the keys in the secret. + CertSecrets []corev1.LocalObjectReference `json:"certSecrets,omitempty"` } type CommunalInitPolicy string diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 4147bb735..000000000 --- a/api/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,313 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright 2021. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CommunalStorage) DeepCopyInto(out *CommunalStorage) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommunalStorage. -func (in *CommunalStorage) DeepCopy() *CommunalStorage { - if in == nil { - return nil - } - out := new(CommunalStorage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LocalStorage) DeepCopyInto(out *LocalStorage) { - *out = *in - out.RequestSize = in.RequestSize.DeepCopy() -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalStorage. -func (in *LocalStorage) DeepCopy() *LocalStorage { - if in == nil { - return nil - } - out := new(LocalStorage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subcluster) DeepCopyInto(out *Subcluster) { - *out = *in - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Affinity != nil { - in, out := &in.Affinity, &out.Affinity - *out = new(v1.Affinity) - (*in).DeepCopyInto(*out) - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.Resources.DeepCopyInto(&out.Resources) - if in.ExternalIPs != nil { - in, out := &in.ExternalIPs, &out.ExternalIPs - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subcluster. -func (in *Subcluster) DeepCopy() *Subcluster { - if in == nil { - return nil - } - out := new(Subcluster) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubclusterPodCount) DeepCopyInto(out *SubclusterPodCount) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubclusterPodCount. -func (in *SubclusterPodCount) DeepCopy() *SubclusterPodCount { - if in == nil { - return nil - } - out := new(SubclusterPodCount) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubclusterStatus) DeepCopyInto(out *SubclusterStatus) { - *out = *in - if in.Detail != nil { - in, out := &in.Detail, &out.Detail - *out = make([]VerticaDBPodStatus, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubclusterStatus. -func (in *SubclusterStatus) DeepCopy() *SubclusterStatus { - if in == nil { - return nil - } - out := new(SubclusterStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDB) DeepCopyInto(out *VerticaDB) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDB. -func (in *VerticaDB) DeepCopy() *VerticaDB { - if in == nil { - return nil - } - out := new(VerticaDB) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VerticaDB) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDBCondition) DeepCopyInto(out *VerticaDBCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDBCondition. -func (in *VerticaDBCondition) DeepCopy() *VerticaDBCondition { - if in == nil { - return nil - } - out := new(VerticaDBCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDBList) DeepCopyInto(out *VerticaDBList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]VerticaDB, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDBList. -func (in *VerticaDBList) DeepCopy() *VerticaDBList { - if in == nil { - return nil - } - out := new(VerticaDBList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VerticaDBList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDBPodStatus) DeepCopyInto(out *VerticaDBPodStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDBPodStatus. -func (in *VerticaDBPodStatus) DeepCopy() *VerticaDBPodStatus { - if in == nil { - return nil - } - out := new(VerticaDBPodStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDBSpec) DeepCopyInto(out *VerticaDBSpec) { - *out = *in - if in.ImagePullSecrets != nil { - in, out := &in.ImagePullSecrets, &out.ImagePullSecrets - *out = make([]v1.LocalObjectReference, len(*in)) - copy(*out, *in) - } - if in.Labels != nil { - in, out := &in.Labels, &out.Labels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Annotations != nil { - in, out := &in.Annotations, &out.Annotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.ReviveOrder != nil { - in, out := &in.ReviveOrder, &out.ReviveOrder - *out = make([]SubclusterPodCount, len(*in)) - copy(*out, *in) - } - out.Communal = in.Communal - in.Local.DeepCopyInto(&out.Local) - if in.Subclusters != nil { - in, out := &in.Subclusters, &out.Subclusters - *out = make([]Subcluster, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Sidecars != nil { - in, out := &in.Sidecars, &out.Sidecars - *out = make([]v1.Container, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]v1.Volume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDBSpec. -func (in *VerticaDBSpec) DeepCopy() *VerticaDBSpec { - if in == nil { - return nil - } - out := new(VerticaDBSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VerticaDBStatus) DeepCopyInto(out *VerticaDBStatus) { - *out = *in - if in.Subclusters != nil { - in, out := &in.Subclusters, &out.Subclusters - *out = make([]SubclusterStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]VerticaDBCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VerticaDBStatus. -func (in *VerticaDBStatus) DeepCopy() *VerticaDBStatus { - if in == nil { - return nil - } - out := new(VerticaDBStatus) - in.DeepCopyInto(out) - return out -} diff --git a/pkg/controllers/builder.go b/pkg/controllers/builder.go index 715838d38..b86138d76 100644 --- a/pkg/controllers/builder.go +++ b/pkg/controllers/builder.go @@ -89,9 +89,23 @@ func buildVolumeMounts(vdb *vapi.VerticaDB) []corev1.VolumeMount { }) } + volMnts = append(volMnts, buildCertSecretVolumeMounts(vdb)...) + return volMnts } +// buildCertSecretVolumeMounts returns the volume mounts for any cert secrets that are in the vdb +func buildCertSecretVolumeMounts(vdb *vapi.VerticaDB) []corev1.VolumeMount { + mnts := []corev1.VolumeMount{} + for _, s := range vdb.Spec.CertSecrets { + mnts = append(mnts, corev1.VolumeMount{ + Name: s.Name, + MountPath: fmt.Sprintf("%s/%s", paths.CertsRoot, s.Name), + }) + } + return mnts +} + // buildVolumes builds up a list of volumes to include in the sts func buildVolumes(vdb *vapi.VerticaDB) []corev1.Volume { vols := []corev1.Volume{} @@ -99,6 +113,7 @@ func buildVolumes(vdb *vapi.VerticaDB) []corev1.Volume { if vdb.Spec.LicenseSecret != "" { vols = append(vols, buildLicenseVolume(vdb)) } + vols = append(vols, buildCertSecretVolumes(vdb)...) vols = append(vols, vdb.Spec.Volumes...) return vols } @@ -187,6 +202,20 @@ func buildPodInfoVolume(vdb *vapi.VerticaDB) corev1.Volume { } } +// buildCertSecretVolumes returns a list of volumes, one for each secret in certSecrets. +func buildCertSecretVolumes(vdb *vapi.VerticaDB) []corev1.Volume { + vols := []corev1.Volume{} + for _, s := range vdb.Spec.CertSecrets { + vols = append(vols, corev1.Volume{ + Name: s.Name, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{SecretName: s.Name}, + }, + }) + } + return vols +} + // buildPodSpec creates a PodSpec for the statefulset func buildPodSpec(vdb *vapi.VerticaDB, sc *vapi.Subcluster) corev1.PodSpec { termGracePeriod := int64(0) diff --git a/pkg/paths/paths.go b/pkg/paths/paths.go index 2232a3212..b1d10f44f 100644 --- a/pkg/paths/paths.go +++ b/pkg/paths/paths.go @@ -38,6 +38,7 @@ const ( AuthParmsFile = "/home/dbadmin/auth_parms.conf" EulaAcceptanceFile = "/opt/vertica/config/d5415f948449e9d4c421b568f2411140.dat" EulaAcceptanceScript = "/opt/vertica/config/accept_eula.py" + CertsRoot = "/certs" ) // GenInstallerIndicatorFileName returns the name of the installer indicator file. diff --git a/tests/e2e/mount-certs/00-minio.yaml b/tests/e2e/mount-certs/00-minio.yaml new file mode 100644 index 000000000..f4ff54e3e --- /dev/null +++ b/tests/e2e/mount-certs/00-minio.yaml @@ -0,0 +1,18 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl apply -f ../../manifests/minio/01-creds.yaml + namespaced: true \ No newline at end of file diff --git a/tests/e2e/mount-certs/05-assert.yaml b/tests/e2e/mount-certs/05-assert.yaml new file mode 100644 index 000000000..2f63940cb --- /dev/null +++ b/tests/e2e/mount-certs/05-assert.yaml @@ -0,0 +1,23 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Pod +metadata: + name: create-s3-bucket +status: + containerStatuses: + - name: aws + state: + terminated: + exitCode: 0 diff --git a/tests/e2e/mount-certs/05-create-bucket.yaml b/tests/e2e/mount-certs/05-create-bucket.yaml new file mode 100644 index 000000000..a6853aea5 --- /dev/null +++ b/tests/e2e/mount-certs/05-create-bucket.yaml @@ -0,0 +1,17 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: bash -c "kustomize build create-s3-bucket/overlay | kubectl -n $NAMESPACE apply -f - " diff --git a/tests/e2e/mount-certs/10-assert.yaml b/tests/e2e/mount-certs/10-assert.yaml new file mode 100644 index 000000000..7b6c05e25 --- /dev/null +++ b/tests/e2e/mount-certs/10-assert.yaml @@ -0,0 +1,21 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager +status: + replicas: 1 + readyReplicas: 1 diff --git a/tests/e2e/mount-certs/10-deploy-operator.yaml b/tests/e2e/mount-certs/10-deploy-operator.yaml new file mode 100644 index 000000000..63b972a2c --- /dev/null +++ b/tests/e2e/mount-certs/10-deploy-operator.yaml @@ -0,0 +1,17 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sh -c "cd ../../.. && make deploy-operator NAMESPACE=$NAMESPACE" diff --git a/tests/e2e/mount-certs/15-create-secrets.yaml b/tests/e2e/mount-certs/15-create-secrets.yaml new file mode 100644 index 000000000..6a86c09de --- /dev/null +++ b/tests/e2e/mount-certs/15-create-secrets.yaml @@ -0,0 +1,36 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Secret to be mounted in the container in /certs + +apiVersion: v1 +kind: Secret +metadata: + name: my-cert-1 +type: Opaque +data: + # echo -n 'secret' | base64 + file1: c2VjcmV0 + # echo -n 'ca pem' | base64 + anotherFile: Y2EgcGVt +--- +apiVersion: v1 +kind: Secret +metadata: + name: my-cert-2 +type: Opaque +data: + # echo -n 'cucumber' | base64 + tls.crt: Y3VjdW1iZXI= + # echo -n 'salad' | base64 + tls.ca: c2FsYWQ= diff --git a/tests/e2e/mount-certs/20-assert.yaml b/tests/e2e/mount-certs/20-assert.yaml new file mode 100644 index 000000000..172e3c303 --- /dev/null +++ b/tests/e2e/mount-certs/20-assert.yaml @@ -0,0 +1,19 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Pod +metadata: + name: v-mount-certs-sc1-0 +status: + phase: Running diff --git a/tests/e2e/mount-certs/20-setup-vdb.yaml b/tests/e2e/mount-certs/20-setup-vdb.yaml new file mode 100644 index 000000000..6cbdb0088 --- /dev/null +++ b/tests/e2e/mount-certs/20-setup-vdb.yaml @@ -0,0 +1,17 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: bash -c "kustomize build setup-vdb/overlay | kubectl -n $NAMESPACE apply -f - " diff --git a/tests/e2e/mount-certs/23-rbac.yaml b/tests/e2e/mount-certs/23-rbac.yaml new file mode 100644 index 000000000..3267a29b7 --- /dev/null +++ b/tests/e2e/mount-certs/23-rbac.yaml @@ -0,0 +1,44 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: integration-test-role +rules: + - apiGroups: + - "" + resources: + - services + - pods + - pods/exec + - pods/log + - configmaps + - secrets + verbs: + - get + - list + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: integration-test-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: integration-test-role +subjects: + - kind: ServiceAccount + name: default diff --git a/tests/e2e/mount-certs/25-assert.yaml b/tests/e2e/mount-certs/25-assert.yaml new file mode 100644 index 000000000..1fa64c068 --- /dev/null +++ b/tests/e2e/mount-certs/25-assert.yaml @@ -0,0 +1,23 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-1 +status: + containerStatuses: + - name: test + state: + terminated: + exitCode: 0 diff --git a/tests/e2e/mount-certs/25-verify-cert-contents.yaml b/tests/e2e/mount-certs/25-verify-cert-contents.yaml new file mode 100644 index 000000000..21812bd29 --- /dev/null +++ b/tests/e2e/mount-certs/25-verify-cert-contents.yaml @@ -0,0 +1,64 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Verifies external access through the service to the agent port 5444. It +# does this by invoking the REST API and doing basic sanity on what it +# received. + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: script-verify-cert-contents-1 +data: + entrypoint.sh: |- + #!/bin/bash + set -o errexit + set -o xtrace + set -o pipefail + + POD_NAME=v-mount-certs-sc1-0 + + verify_secret() { + SECRET_AND_KEY=$1 + EXPECTED_OP=$2 + kubectl exec $POD_NAME -i -- cat /certs/$SECRET_AND_KEY | grep --quiet "$EXPECTED_OP" + } + + verify_secret my-cert-1/file1 secret + verify_secret my-cert-1/anotherFile 'ca pem' + verify_secret my-cert-2/tls.crt cucumber + verify_secret my-cert-2/tls.ca salad +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-1 + labels: + stern: include +spec: + restartPolicy: Never + containers: + - name: test + image: bitnami/kubectl:1.20.4 + command: ["/bin/entrypoint.sh"] + volumeMounts: + - name: entrypoint-volume + mountPath: /bin/entrypoint.sh + readOnly: true + subPath: entrypoint.sh + volumes: + - name: entrypoint-volume + configMap: + defaultMode: 0777 + name: script-verify-cert-contents-1 diff --git a/tests/e2e/mount-certs/30-change-secret.yaml b/tests/e2e/mount-certs/30-change-secret.yaml new file mode 100644 index 000000000..eba998912 --- /dev/null +++ b/tests/e2e/mount-certs/30-change-secret.yaml @@ -0,0 +1,21 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: my-cert-2 +type: Opaque +data: + # echo -n 'pickles' | base64 + tls.crt: cGlja2xlcw== diff --git a/tests/e2e/mount-certs/35-assert.yaml b/tests/e2e/mount-certs/35-assert.yaml new file mode 100644 index 000000000..7e9d48844 --- /dev/null +++ b/tests/e2e/mount-certs/35-assert.yaml @@ -0,0 +1,27 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 180 +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-2 +status: + containerStatuses: + - name: test + state: + terminated: + exitCode: 0 diff --git a/tests/e2e/mount-certs/35-verify-new-cert-contents.yaml b/tests/e2e/mount-certs/35-verify-new-cert-contents.yaml new file mode 100644 index 000000000..4740a5754 --- /dev/null +++ b/tests/e2e/mount-certs/35-verify-new-cert-contents.yaml @@ -0,0 +1,63 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Verifies external access through the service to the agent port 5444. It +# does this by invoking the REST API and doing basic sanity on what it +# received. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: script-verify-cert-contents-2 +data: + entrypoint.sh: |- + #!/bin/bash + set -o errexit + set -o xtrace + set -o pipefail + + POD_NAME=v-mount-certs-sc1-0 + + verify_secret() { + SECRET_AND_KEY=$1 + EXPECTED_OP=$2 + kubectl exec $POD_NAME -i -- cat /certs/$SECRET_AND_KEY | grep --quiet "$EXPECTED_OP" + } + + verify_secret my-cert-2/tls.crt pickles + verify_secret my-cert-2/tls.ca salad +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-2 + labels: + stern: include +spec: + # There is a delay between updating of the secret and the mounted file in the + # container. We will restart this pod until it succeeds. + restartPolicy: Always + containers: + - name: test + image: bitnami/kubectl:1.20.4 + command: ["/bin/entrypoint.sh"] + volumeMounts: + - name: entrypoint-volume + mountPath: /bin/entrypoint.sh + readOnly: true + subPath: entrypoint.sh + volumes: + - name: entrypoint-volume + configMap: + defaultMode: 0777 + name: script-verify-cert-contents-2 diff --git a/tests/e2e/mount-certs/40-assert.yaml b/tests/e2e/mount-certs/40-assert.yaml new file mode 100644 index 000000000..64287f784 --- /dev/null +++ b/tests/e2e/mount-certs/40-assert.yaml @@ -0,0 +1,22 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: vertica.com/v1beta1 +kind: VerticaDB +metadata: + name: v-mount-certs +status: + subclusters: + - installCount: 1 + addedToDBCount: 1 + upNodeCount: 1 diff --git a/tests/e2e/mount-certs/40-wait-for-createdb.yaml b/tests/e2e/mount-certs/40-wait-for-createdb.yaml new file mode 100644 index 000000000..bf3726035 --- /dev/null +++ b/tests/e2e/mount-certs/40-wait-for-createdb.yaml @@ -0,0 +1 @@ +# Intentionally empty to give this step a name in kuttl \ No newline at end of file diff --git a/tests/e2e/mount-certs/45-create-another-secret.yaml b/tests/e2e/mount-certs/45-create-another-secret.yaml new file mode 100644 index 000000000..25d973dc5 --- /dev/null +++ b/tests/e2e/mount-certs/45-create-another-secret.yaml @@ -0,0 +1,25 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Secret to be mounted in the container in /certs + +apiVersion: v1 +kind: Secret +metadata: + name: my-cert-3 +type: Opaque +data: + # echo -n 'pei' | base64 + province: cGVp + # echo -n 'Stratford' | base64 + city: U3RyYXRmb3Jk diff --git a/tests/e2e/mount-certs/50-add-cert-to-vdb.yaml b/tests/e2e/mount-certs/50-add-cert-to-vdb.yaml new file mode 100644 index 000000000..be3f46984 --- /dev/null +++ b/tests/e2e/mount-certs/50-add-cert-to-vdb.yaml @@ -0,0 +1,22 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: vertica.com/v1beta1 +kind: VerticaDB +metadata: + name: v-mount-certs +spec: + certSecrets: + - name: my-cert-1 + - name: my-cert-2 + - name: my-cert-3 diff --git a/tests/e2e/mount-certs/50-assert.yaml b/tests/e2e/mount-certs/50-assert.yaml new file mode 100644 index 000000000..e06519100 --- /dev/null +++ b/tests/e2e/mount-certs/50-assert.yaml @@ -0,0 +1,35 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: v-mount-certs-sc1 +spec: + template: + spec: + containers: + - name: server + volumeMounts: + - name: local-data + - name: local-data + - name: local-data + - name: local-data + - name: local-data + - name: podinfo + - mountPath: /certs/my-cert-1 + name: my-cert-1 + - mountPath: /certs/my-cert-2 + name: my-cert-2 + - mountPath: /certs/my-cert-3 + name: my-cert-3 diff --git a/tests/e2e/mount-certs/52-assert.yaml b/tests/e2e/mount-certs/52-assert.yaml new file mode 100644 index 000000000..d0510dd6a --- /dev/null +++ b/tests/e2e/mount-certs/52-assert.yaml @@ -0,0 +1,22 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: vertica.com/v1beta1 +kind: VerticaDB +metadata: + name: v-mount-certs +status: + subclusters: + - installCount: 1 + addedToDBCount: 1 + upNodeCount: 0 diff --git a/tests/e2e/mount-certs/52-delete-pod.yaml b/tests/e2e/mount-certs/52-delete-pod.yaml new file mode 100644 index 000000000..acea91c7a --- /dev/null +++ b/tests/e2e/mount-certs/52-delete-pod.yaml @@ -0,0 +1,18 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete pod v-mount-certs-sc1-0 + namespaced: true diff --git a/tests/e2e/mount-certs/53-assert.yaml b/tests/e2e/mount-certs/53-assert.yaml new file mode 100644 index 000000000..64287f784 --- /dev/null +++ b/tests/e2e/mount-certs/53-assert.yaml @@ -0,0 +1,22 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: vertica.com/v1beta1 +kind: VerticaDB +metadata: + name: v-mount-certs +status: + subclusters: + - installCount: 1 + addedToDBCount: 1 + upNodeCount: 1 diff --git a/tests/e2e/mount-certs/53-wait-for-upnode.yaml b/tests/e2e/mount-certs/53-wait-for-upnode.yaml new file mode 100644 index 000000000..bf3726035 --- /dev/null +++ b/tests/e2e/mount-certs/53-wait-for-upnode.yaml @@ -0,0 +1 @@ +# Intentionally empty to give this step a name in kuttl \ No newline at end of file diff --git a/tests/e2e/mount-certs/55-assert.yaml b/tests/e2e/mount-certs/55-assert.yaml new file mode 100644 index 000000000..de13c3a0e --- /dev/null +++ b/tests/e2e/mount-certs/55-assert.yaml @@ -0,0 +1,27 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 180 +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-3 +status: + containerStatuses: + - name: test + state: + terminated: + exitCode: 0 diff --git a/tests/e2e/mount-certs/55-verify-added-cert.yaml b/tests/e2e/mount-certs/55-verify-added-cert.yaml new file mode 100644 index 000000000..fdcead460 --- /dev/null +++ b/tests/e2e/mount-certs/55-verify-added-cert.yaml @@ -0,0 +1,61 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Verifies external access through the service to the agent port 5444. It +# does this by invoking the REST API and doing basic sanity on what it +# received. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: script-verify-cert-contents-3 +data: + entrypoint.sh: |- + #!/bin/bash + set -o errexit + set -o xtrace + set -o pipefail + + POD_NAME=v-mount-certs-sc1-0 + + verify_secret() { + SECRET_AND_KEY=$1 + EXPECTED_OP=$2 + kubectl exec $POD_NAME -i -- cat /certs/$SECRET_AND_KEY | grep --quiet "$EXPECTED_OP" + } + + verify_secret my-cert-3/province pei + verify_secret my-cert-3/city Stratford +--- +apiVersion: v1 +kind: Pod +metadata: + name: test-verify-cert-contents-3 + labels: + stern: include +spec: + restartPolicy: Never + containers: + - name: test + image: bitnami/kubectl:1.20.4 + command: ["/bin/entrypoint.sh"] + volumeMounts: + - name: entrypoint-volume + mountPath: /bin/entrypoint.sh + readOnly: true + subPath: entrypoint.sh + volumes: + - name: entrypoint-volume + configMap: + defaultMode: 0777 + name: script-verify-cert-contents-3 diff --git a/tests/e2e/mount-certs/90-errors.yaml b/tests/e2e/mount-certs/90-errors.yaml new file mode 100644 index 000000000..42a9b703c --- /dev/null +++ b/tests/e2e/mount-certs/90-errors.yaml @@ -0,0 +1,18 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager diff --git a/tests/e2e/mount-certs/90-uninstall-operator.yaml b/tests/e2e/mount-certs/90-uninstall-operator.yaml new file mode 100644 index 000000000..dc013f88d --- /dev/null +++ b/tests/e2e/mount-certs/90-uninstall-operator.yaml @@ -0,0 +1,17 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sh -c "cd ../../.. && make undeploy-operator NAMESPACE=$NAMESPACE" diff --git a/tests/e2e/mount-certs/95-delete-crd.yaml b/tests/e2e/mount-certs/95-delete-crd.yaml new file mode 100644 index 000000000..8f2e729a3 --- /dev/null +++ b/tests/e2e/mount-certs/95-delete-crd.yaml @@ -0,0 +1,22 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: + - apiVersion: vertica.com/v1beta1 + kind: VerticaDB + - apiVersion: v1 + kind: PersistentVolumeClaim +commands: + - command: bash -c "kustomize build delete-s3-bucket/overlay | kubectl -n $NAMESPACE apply -f - " diff --git a/tests/e2e/mount-certs/95-errors.yaml b/tests/e2e/mount-certs/95-errors.yaml new file mode 100644 index 000000000..bde08d119 --- /dev/null +++ b/tests/e2e/mount-certs/95-errors.yaml @@ -0,0 +1,21 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +--- +apiVersion: v1 +kind: Service +--- +apiVersion: vertica.com/v1beta1 +kind: VerticaDB diff --git a/tests/e2e/mount-certs/setup-vdb/base/kustomization.yaml b/tests/e2e/mount-certs/setup-vdb/base/kustomization.yaml new file mode 100644 index 000000000..916be7608 --- /dev/null +++ b/tests/e2e/mount-certs/setup-vdb/base/kustomization.yaml @@ -0,0 +1,18 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bases: + - ../../../../kustomize-base + +resources: + - setup-vdb.yaml diff --git a/tests/e2e/mount-certs/setup-vdb/base/setup-vdb.yaml b/tests/e2e/mount-certs/setup-vdb/base/setup-vdb.yaml new file mode 100644 index 000000000..e78117de7 --- /dev/null +++ b/tests/e2e/mount-certs/setup-vdb/base/setup-vdb.yaml @@ -0,0 +1,33 @@ +# (c) Copyright [2021] Micro Focus or one of its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# You may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: vertica.com/v1beta1 +kind: VerticaDB +metadata: + name: v-mount-certs +spec: + image: kustomize-vertica-image + communal: + path: "s3://mount-certs" + endpoint: "http://minio.kuttl-e2e-communal" + credentialSecret: minio-creds-secret + includeUIDInPath: true + local: + requestSize: 100Mi + subclusters: + - name: sc1 + size: 1 + kSafety: "0" + certSecrets: + - name: my-cert-1 + - name: my-cert-2