From fe95682a6ef8dc5351f79ecf291cbe99695821d9 Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Thu, 23 May 2024 17:35:43 +0000 Subject: [PATCH 1/3] remove storage secret --- go.mod | 1 + go.sum | 2 + .../v2.0.0-alpha/deployment.yaml | 5 -- pkg/modules/authorization.go | 11 ++- pkg/modules/authorization_test.go | 77 ++++++++++++++++--- 5 files changed, 80 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 339dc305c..25c5da157 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/stretchr/testify v1.8.2 github.com/vmware-tanzu/velero v1.12.0 go.uber.org/zap v1.24.0 + golang.org/x/mod v0.10.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.27.2 k8s.io/apiextensions-apiserver v0.27.2 diff --git a/go.sum b/go.sum index 5637c93f2..075fae634 100644 --- a/go.sum +++ b/go.sum @@ -190,6 +190,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml index 5d6bd53eb..690ae0ee6 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml @@ -81,8 +81,6 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - name: csm-config-params mountPath: /etc/karavi-authorization/csm-config-params - name: opa @@ -106,9 +104,6 @@ spec: - name: config-volume secret: secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - name: csm-config-params configMap: name: csm-config-params diff --git a/pkg/modules/authorization.go b/pkg/modules/authorization.go index 3f9eef58a..e8b6c7219 100644 --- a/pkg/modules/authorization.go +++ b/pkg/modules/authorization.go @@ -30,6 +30,7 @@ import ( drivers "github.com/dell/csm-operator/pkg/drivers" "github.com/dell/csm-operator/pkg/logger" utils "github.com/dell/csm-operator/pkg/utils" + "golang.org/x/mod/semver" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" @@ -490,7 +491,15 @@ func AuthorizationServerPrecheck(ctx context.Context, op utils.OperatorConfig, a } // Check for secrets - proxyServerSecrets := []string{"karavi-config-secret", "karavi-storage-secret"} + var proxyServerSecrets []string + switch semver.Major(auth.ConfigVersion) { + case "v2": + proxyServerSecrets = []string{"karavi-config-secret"} + case "v1": + proxyServerSecrets = []string{"karavi-config-secret", "karavi-storage-secret"} + default: + return fmt.Errorf("authorization major version %s not supported", semver.Major(auth.ConfigVersion)) + } for _, name := range proxyServerSecrets { found := &corev1.Secret{} err := r.GetClient().Get(ctx, types.NamespacedName{Name: name, Namespace: cr.GetNamespace()}, found) diff --git a/pkg/modules/authorization_test.go b/pkg/modules/authorization_test.go index 415f67c55..eaedd0ff8 100644 --- a/pkg/modules/authorization_test.go +++ b/pkg/modules/authorization_test.go @@ -10,6 +10,7 @@ package modules import ( "context" + "fmt" "os" "testing" @@ -427,8 +428,8 @@ func TestAuthorizationServerPreCheck(t *testing.T) { type fakeControllerRuntimeClientWrapper func(clusterConfigData []byte) (ctrlClient.Client, error) tests := map[string]func(t *testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper){ - "success": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { - customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") + "success v1": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { + customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml") if err != nil { panic(err) } @@ -449,6 +450,27 @@ func TestAuthorizationServerPreCheck(t *testing.T) { return true, auth, tmpCR, sourceClient, fakeControllerRuntimeClient }, + "success v2": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { + customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + auth := tmpCR.Spec.Modules[0] + + karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") + karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() + + fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { + clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() + return clusterClient, nil + } + + return true, auth, tmpCR, sourceClient, fakeControllerRuntimeClient + }, "success - version provided": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") if err != nil { @@ -488,23 +510,57 @@ func TestAuthorizationServerPreCheck(t *testing.T) { return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient }, - "fail - empty proxy host": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { - customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") + "fail v1 - karavi-config-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { + customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml") if err != nil { panic(err) } tmpCR := customResource auth := tmpCR.Spec.Modules[0] - for i, env := range auth.Components[0].Envs { - if env.Name == "PROXY_HOST" { - auth.Components[0].Envs[i].Value = "" - } + karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret") + karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviStorage, karaviTLS).Build() + + fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { + clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviStorage, karaviTLS).Build() + return clusterClient, nil } - sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient + }, + "fail v1 - karavi-storage-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { + customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml") + if err != nil { + panic(err) + } + tmpCR := customResource + auth := tmpCR.Spec.Modules[0] + + karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") + karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() + + fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { + clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() + return clusterClient, nil + } + + return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient + }, + "fail v2 - karavi-config-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) { + customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") + if err != nil { + panic(err) + } + tmpCR := customResource + auth := tmpCR.Spec.Modules[0] + + karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviTLS).Build() fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { - clusterClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviTLS).Build() return clusterClient, nil } @@ -535,6 +591,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { if success { assert.NoError(t, err) } else { + fmt.Println(err) assert.Error(t, err) } }) From 5381c4ab0a149aab7afdcdbea12b4c481b05d484 Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Thu, 23 May 2024 18:25:05 +0000 Subject: [PATCH 2/3] remove print --- pkg/modules/authorization_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/modules/authorization_test.go b/pkg/modules/authorization_test.go index eaedd0ff8..2e8a0629e 100644 --- a/pkg/modules/authorization_test.go +++ b/pkg/modules/authorization_test.go @@ -10,7 +10,6 @@ package modules import ( "context" - "fmt" "os" "testing" @@ -591,7 +590,6 @@ func TestAuthorizationServerPreCheck(t *testing.T) { if success { assert.NoError(t, err) } else { - fmt.Println(err) assert.Error(t, err) } }) From e4bf4080fba91c33a9885b35069a92894f203c1f Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Thu, 23 May 2024 18:56:27 +0000 Subject: [PATCH 3/3] update tls name --- pkg/modules/authorization_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/modules/authorization_test.go b/pkg/modules/authorization_test.go index 2e8a0629e..43d4b27d7 100644 --- a/pkg/modules/authorization_test.go +++ b/pkg/modules/authorization_test.go @@ -438,7 +438,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret") - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviStorage, karaviTLS).Build() @@ -459,7 +459,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { auth := tmpCR.Spec.Modules[0] karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() @@ -481,7 +481,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { auth.ConfigVersion = "v2.0.0-alpha" karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret") - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviStorage, karaviTLS).Build() fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { @@ -518,7 +518,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { auth := tmpCR.Spec.Modules[0] karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret") - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviStorage, karaviTLS).Build() fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { @@ -537,7 +537,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { auth := tmpCR.Spec.Modules[0] karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret") - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build() fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) { @@ -555,7 +555,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) { tmpCR := customResource auth := tmpCR.Spec.Modules[0] - karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls") + karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls") sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviTLS).Build() fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {