Remove Karavi Storage Secret for v2

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/vmware-tanzu/velero v1.12.0
 	go.uber.org/zap v1.24.0
+	golang.org/x/mod v0.10.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.27.2
 	k8s.io/apiextensions-apiserver v0.27.2

go.sum

@@ -190,6 +190,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml

@@ -81,8 +81,6 @@ spec:
         volumeMounts:
         - name: config-volume
           mountPath: /etc/karavi-authorization/config
-        - name: storage-volume
-          mountPath: /etc/karavi-authorization/storage
         - name: csm-config-params
           mountPath: /etc/karavi-authorization/csm-config-params
       - name: opa
@@ -106,9 +104,6 @@ spec:
       - name: config-volume
         secret:
           secretName: karavi-config-secret
-      - name: storage-volume
-        secret:
-          secretName: karavi-storage-secret
       - name: csm-config-params
         configMap:
           name: csm-config-params

pkg/modules/authorization.go

@@ -30,6 +30,7 @@ import (
 	drivers "github.com/dell/csm-operator/pkg/drivers"
 	"github.com/dell/csm-operator/pkg/logger"
 	utils "github.com/dell/csm-operator/pkg/utils"
+	"golang.org/x/mod/semver"
 	corev1 "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -490,7 +491,15 @@ func AuthorizationServerPrecheck(ctx context.Context, op utils.OperatorConfig, a
 	}
 
 	// Check for secrets
-	proxyServerSecrets := []string{"karavi-config-secret", "karavi-storage-secret"}
+	var proxyServerSecrets []string
+	switch semver.Major(auth.ConfigVersion) {
+	case "v2":
+		proxyServerSecrets = []string{"karavi-config-secret"}
+	case "v1":
+		proxyServerSecrets = []string{"karavi-config-secret", "karavi-storage-secret"}
+	default:
+		return fmt.Errorf("authorization major version %s not supported", semver.Major(auth.ConfigVersion))
+	}
 	for _, name := range proxyServerSecrets {
 		found := &corev1.Secret{}
 		err := r.GetClient().Get(ctx, types.NamespacedName{Name: name, Namespace: cr.GetNamespace()}, found)

pkg/modules/authorization_test.go

@@ -427,8 +427,8 @@ func TestAuthorizationServerPreCheck(t *testing.T) {
 	type fakeControllerRuntimeClientWrapper func(clusterConfigData []byte) (ctrlClient.Client, error)
 
 	tests := map[string]func(t *testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper){
-		"success": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
-			customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml")
+		"success v1": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
+			customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml")
 			if err != nil {
 				panic(err)
 			}
@@ -438,7 +438,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) {
 
 			karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret")
 			karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret")
-			karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls")
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
 
 			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviStorage, karaviTLS).Build()
 
@@ -449,6 +449,27 @@ func TestAuthorizationServerPreCheck(t *testing.T) {
 
 			return true, auth, tmpCR, sourceClient, fakeControllerRuntimeClient
 		},
+		"success v2": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
+			customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml")
+			if err != nil {
+				panic(err)
+			}
+
+			tmpCR := customResource
+			auth := tmpCR.Spec.Modules[0]
+
+			karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret")
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
+
+			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build()
+
+			fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {
+				clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build()
+				return clusterClient, nil
+			}
+
+			return true, auth, tmpCR, sourceClient, fakeControllerRuntimeClient
+		},
 		"success - version provided": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
 			customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml")
 			if err != nil {
@@ -460,7 +481,7 @@ func TestAuthorizationServerPreCheck(t *testing.T) {
 			auth.ConfigVersion = "v2.0.0-alpha"
 			karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret")
 			karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret")
-			karaviTLS := getSecret(customResource.Namespace, "karavi-auth-tls")
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
 
 			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviStorage, karaviTLS).Build()
 			fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {
@@ -488,23 +509,57 @@ func TestAuthorizationServerPreCheck(t *testing.T) {
 
 			return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient
 		},
-		"fail - empty proxy host": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
-			customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml")
+		"fail v1 - karavi-config-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
+			customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml")
 			if err != nil {
 				panic(err)
 			}
 			tmpCR := customResource
 			auth := tmpCR.Spec.Modules[0]
 
-			for i, env := range auth.Components[0].Envs {
-				if env.Name == "PROXY_HOST" {
-					auth.Components[0].Envs[i].Value = ""
-				}
+			karaviStorage := getSecret(customResource.Namespace, "karavi-storage-secret")
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
+			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviStorage, karaviTLS).Build()
+
+			fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {
+				clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviStorage, karaviTLS).Build()
+				return clusterClient, nil
 			}
-			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build()
+
+			return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient
+		},
+		"fail v1 - karavi-storage-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
+			customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml")
+			if err != nil {
+				panic(err)
+			}
+			tmpCR := customResource
+			auth := tmpCR.Spec.Modules[0]
+
+			karaviConfig := getSecret(customResource.Namespace, "karavi-config-secret")
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
+			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build()
+
+			fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {
+				clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviConfig, karaviTLS).Build()
+				return clusterClient, nil
+			}
+
+			return false, auth, tmpCR, sourceClient, fakeControllerRuntimeClient
+		},
+		"fail v2 - karavi-config-secret not found": func(*testing.T) (bool, csmv1.Module, csmv1.ContainerStorageModule, ctrlClient.Client, fakeControllerRuntimeClientWrapper) {
+			customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml")
+			if err != nil {
+				panic(err)
+			}
+			tmpCR := customResource
+			auth := tmpCR.Spec.Modules[0]
+
+			karaviTLS := getSecret(customResource.Namespace, "karavi-selfsigned-tls")
+			sourceClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviTLS).Build()
 
 			fakeControllerRuntimeClient := func(_ []byte) (ctrlClient.Client, error) {
-				clusterClient := ctrlClientFake.NewClientBuilder().WithObjects().Build()
+				clusterClient := ctrlClientFake.NewClientBuilder().WithObjects(karaviTLS).Build()
 				return clusterClient, nil
 			}