fix(templates): templates should be mounted if TLS disabled (#262) (#265

) (cherry picked from commit 6fb5c83) Co-authored-by: Elliott Baron <ebaron@redhat.com>
cryostatio · Sep 17, 2021 · 09fbf4e · 09fbf4e
1 parent 12ff784
commit 09fbf4e
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 54 deletions.
diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -264,28 +264,28 @@ func NewPodForCR(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTags *I
 			}
 			volumes = append(volumes, grafanaSecretVolume)
 		}
+	}
 
-		// Add any EventTemplates as volumes
-		for _, template := range cr.Spec.EventTemplates {
-			eventTemplateVolume := corev1.Volume{
-				Name: "template-" + template.ConfigMapName,
-				VolumeSource: corev1.VolumeSource{
-					ConfigMap: &corev1.ConfigMapVolumeSource{
-						LocalObjectReference: corev1.LocalObjectReference{
-							Name: template.ConfigMapName,
-						},
-						Items: []corev1.KeyToPath{
-							{
-								Key:  template.Filename,
-								Path: template.Filename,
-								Mode: &readOnlyMode,
-							},
+	// Add any EventTemplates as volumes
+	for _, template := range cr.Spec.EventTemplates {
+		eventTemplateVolume := corev1.Volume{
+			Name: "template-" + template.ConfigMapName,
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: template.ConfigMapName,
+					},
+					Items: []corev1.KeyToPath{
+						{
+							Key:  template.Filename,
+							Path: template.Filename,
+							Mode: &readOnlyMode,
 						},
 					},
 				},
-			}
-			volumes = append(volumes, eventTemplateVolume)
+			},
 		}
+		volumes = append(volumes, eventTemplateVolume)
 	}
 
 	// Ensure PV mounts are writable
@@ -456,20 +456,21 @@ func NewCoreContainer(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTa
 
 		mounts = append(mounts, keystoreMount, caCertMount)
 
-		// Mount the templates specified in Cryostat CR under /opt/cryostat.d/templates.d
-		for _, template := range cr.Spec.EventTemplates {
-			mount := corev1.VolumeMount{
-				Name:      "template-" + template.ConfigMapName,
-				MountPath: fmt.Sprintf("%s/%s_%s", templatesPath, template.ConfigMapName, template.Filename),
-				SubPath:   template.Filename,
-				ReadOnly:  true,
-			}
-			mounts = append(mounts, mount)
-		}
-
 		// Use HTTPS for liveness probe
 		livenessProbeScheme = corev1.URISchemeHTTPS
 	}
+
+	// Mount the templates specified in Cryostat CR under /opt/cryostat.d/templates.d
+	for _, template := range cr.Spec.EventTemplates {
+		mount := corev1.VolumeMount{
+			Name:      "template-" + template.ConfigMapName,
+			MountPath: fmt.Sprintf("%s/%s_%s", templatesPath, template.ConfigMapName, template.Filename),
+			SubPath:   template.Filename,
+			ReadOnly:  true,
+		}
+		mounts = append(mounts, mount)
+	}
+
 	probeHandler := corev1.Handler{
 		HTTPGet: &corev1.HTTPGetAction{
 			Port:   intstr.IntOrString{IntVal: 8181},

diff --git a/internal/controllers/cryostat_controller_test.go b/internal/controllers/cryostat_controller_test.go
@@ -355,17 +355,21 @@ var _ = Describe("CryostatController", func() {
 			})
 			It("Should add volumes and volumeMounts to deployment", func() {
 				t.reconcileCryostatFully()
-				deployment := &appsv1.Deployment{}
-				err := t.Client.Get(context.Background(), types.NamespacedName{Name: "cryostat", Namespace: "default"}, deployment)
-				Expect(err).ToNot(HaveOccurred())
-
-				volumes := deployment.Spec.Template.Spec.Volumes
-				expectedVolumes := test.NewVolumesWithTemplates()
-				Expect(volumes).To(Equal(expectedVolumes))
-
-				volumeMounts := deployment.Spec.Template.Spec.Containers[0].VolumeMounts
-				expectedVolumeMounts := test.NewVolumeMountsWithTemplates()
-				Expect(volumeMounts).To(Equal(expectedVolumeMounts))
+				t.checkDeploymentHasTemplates()
+			})
+		})
+		Context("Cryostat CR has list of event templates with TLS disabled", func() {
+			BeforeEach(func() {
+				certManager := false
+				cr := test.NewCryostatWithTemplates()
+				cr.Spec.EnableCertManager = &certManager
+				t.objs = append(t.objs, cr, test.NewTemplateConfigMap(),
+					test.NewOtherTemplateConfigMap())
+				t.TLS = false
+			})
+			It("Should add volumes and volumeMounts to deployment", func() {
+				t.reconcileCryostatFully()
+				t.checkDeploymentHasTemplates()
 			})
 		})
 		Context("Adding a template to the EventTemplates list", func() {
@@ -392,17 +396,7 @@ var _ = Describe("CryostatController", func() {
 				Expect(err).ToNot(HaveOccurred())
 				Expect(result).To(Equal(reconcile.Result{}))
 
-				deployment := &appsv1.Deployment{}
-				err = t.Client.Get(context.Background(), types.NamespacedName{Name: "cryostat", Namespace: "default"}, deployment)
-				Expect(err).ToNot(HaveOccurred())
-
-				volumes := deployment.Spec.Template.Spec.Volumes
-				expectedVolumes := test.NewVolumesWithTemplates()
-				Expect(volumes).To(Equal(expectedVolumes))
-
-				volumeMounts := deployment.Spec.Template.Spec.Containers[0].VolumeMounts
-				expectedVolumeMounts := test.NewVolumeMountsWithTemplates()
-				Expect(volumeMounts).To(Equal(expectedVolumeMounts))
+				t.checkDeploymentHasTemplates()
 			})
 		})
 		Context("with custom PVC spec overriding all defaults", func() {
@@ -1232,6 +1226,20 @@ func (t *cryostatTestInput) checkDeployment() {
 	Expect(template.Spec.ServiceAccountName).To(Equal("cryostat"))
 }
 
+func (t *cryostatTestInput) checkDeploymentHasTemplates() {
+	deployment := &appsv1.Deployment{}
+	err := t.Client.Get(context.Background(), types.NamespacedName{Name: "cryostat", Namespace: "default"}, deployment)
+	Expect(err).ToNot(HaveOccurred())
+
+	volumes := deployment.Spec.Template.Spec.Volumes
+	expectedVolumes := test.NewVolumesWithTemplates(t.TLS)
+	Expect(volumes).To(Equal(expectedVolumes))
+
+	volumeMounts := deployment.Spec.Template.Spec.Containers[0].VolumeMounts
+	expectedVolumeMounts := test.NewVolumeMountsWithTemplates(t.TLS)
+	Expect(volumeMounts).To(Equal(expectedVolumeMounts))
+}
+
 func checkCoreContainer(container *corev1.Container, minimal bool, tls bool, tag *string) {
 	Expect(container.Name).To(Equal("cryostat"))
 	if tag == nil {

diff --git a/internal/test/resources.go b/internal/test/resources.go
@@ -922,8 +922,8 @@ func NewGrafanaVolumeMounts(tls bool) []corev1.VolumeMount {
 	return mounts
 }
 
-func NewVolumeMountsWithTemplates() []corev1.VolumeMount {
-	return append(NewCoreVolumeMounts(true),
+func NewVolumeMountsWithTemplates(tls bool) []corev1.VolumeMount {
+	return append(NewCoreVolumeMounts(tls),
 		corev1.VolumeMount{
 			Name:      "template-templateCM1",
 			ReadOnly:  true,
@@ -1038,9 +1038,9 @@ func NewVolumesWithSecrets() []corev1.Volume {
 	})
 }
 
-func NewVolumesWithTemplates() []corev1.Volume {
+func NewVolumesWithTemplates(tls bool) []corev1.Volume {
 	mode := int32(0440)
-	return append(NewVolumes(false, true),
+	return append(NewVolumes(false, tls),
 		corev1.Volume{
 			Name: "template-templateCM1",
 			VolumeSource: corev1.VolumeSource{