fix(secret): database should use user-defined secret if specified (#827)

* fix(secret): database should use user-defined secret if specified Signed-off-by: Thuan Vo <thuan.votann@gmail.com> * chore(def): simplify database secret getter * test(db): check for database container * test(proxy): check for auth proxy container * test(env): fix typo --------- Signed-off-by: Thuan Vo <thuan.votann@gmail.com>
cryostatio · May 21, 2024 · ad96512 · ad96512
1 parent 13e6a20
commit ad96512
Show file tree

Hide file tree

Showing 3 changed files with 421 additions and 94 deletions.
diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -1000,10 +1000,7 @@ func NewCoreContainer(cr *model.CryostatInstance, specs *ServiceSpecs, imageTag
 	}
 
 	optional := false
-	secretName := cr.Name + "-db"
-	if cr.Spec.DatabaseOptions != nil && cr.Spec.DatabaseOptions.SecretName != nil {
-		secretName = *cr.Spec.DatabaseOptions.SecretName
-	}
+	secretName := getDatabaseSecret(cr)
 	envs = append(envs, corev1.EnvVar{
 		Name: "QUARKUS_DATASOURCE_PASSWORD",
 		ValueFrom: &corev1.EnvVarSource{
@@ -1415,7 +1412,7 @@ func newDatabaseContainer(cr *model.CryostatInstance, imageTag string, tls *TLSC
 	}
 
 	optional := false
-	secretName := cr.Name + "-db"
+	secretName := getDatabaseSecret(cr)
 	envs = append(envs, corev1.EnvVar{
 		Name: "POSTGRESQL_PASSWORD",
 		ValueFrom: &corev1.EnvVarSource{
@@ -1624,3 +1621,10 @@ func populateResourceRequest(resources *corev1.ResourceRequirements, defaultCpu,
 	}
 	checkResourceRequestWithLimit(requests, resources.Limits)
 }
+
+func getDatabaseSecret(cr *model.CryostatInstance) string {
+	if cr.Spec.DatabaseOptions != nil && cr.Spec.DatabaseOptions.SecretName != nil {
+		return *cr.Spec.DatabaseOptions.SecretName
+	}
+	return cr.Name + "-db"
+}
diff --git a/internal/controllers/reconciler_test.go b/internal/controllers/reconciler_test.go
@@ -2638,6 +2638,25 @@ func (t *cryostatTestInput) checkMainPodTemplate(deployment *appsv1.Deployment,
 	datasourceContainer := template.Spec.Containers[2]
 	t.checkDatasourceContainer(&datasourceContainer, t.NewDatasourceContainerResource(cr), t.NewDatasourceSecurityContext(cr))
 
+	// Check that Storage is configured properly
+	storageContainer := template.Spec.Containers[3]
+	t.checkStorageContainer(&storageContainer, t.NewStorageContainerResource(cr), t.NewStorageSecurityContext(cr))
+
+	// Check that Database is configured properly
+	databaseContainer := template.Spec.Containers[4]
+	t.checkDatabaseContainer(&databaseContainer, t.NewDatabaseContainerResource(cr), t.NewDatabaseSecurityContext(cr), dbSecretProvided)
+
+	// Check that Auth Proxy is configured properly
+	authProxyContainer := template.Spec.Containers[5]
+	basicAuthConfigured := cr.Spec.AuthorizationOptions != nil &&
+		cr.Spec.AuthorizationOptions.BasicAuth != nil &&
+		cr.Spec.AuthorizationOptions.BasicAuth.Filename != nil && cr.Spec.AuthorizationOptions.BasicAuth.SecretName != nil
+	var basicAuthFilename string
+	if basicAuthConfigured {
+		basicAuthFilename = *cr.Spec.AuthorizationOptions.BasicAuth.Filename
+	}
+	t.checkAuthProxyContainer(&authProxyContainer, t.NewAuthProxyContainerResource(cr), t.NewAuthProxySecurityContext(cr), basicAuthConfigured, basicAuthFilename)
+
 	// Check that the proper Service Account is set
 	Expect(template.Spec.ServiceAccountName).To(Equal(t.Name))
 
@@ -2800,7 +2819,7 @@ func (t *cryostatTestInput) checkGrafanaContainer(container *corev1.Container, r
 	}
 	Expect(container.Ports).To(ConsistOf(t.NewGrafanaPorts()))
 	Expect(container.Env).To(ConsistOf(t.NewGrafanaEnvironmentVariables()))
-	Expect(container.VolumeMounts).To(ConsistOf(t.NewGrafanaVolumeMounts()))
+	Expect(container.VolumeMounts).To(BeEmpty())
 	Expect(container.LivenessProbe).To(Equal(t.NewGrafanaLivenessProbe()))
 	Expect(container.SecurityContext).To(Equal(securityContext))
 
@@ -2824,6 +2843,65 @@ func (t *cryostatTestInput) checkDatasourceContainer(container *corev1.Container
 	test.ExpectResourceRequirements(&container.Resources, resources)
 }
 
+func (t *cryostatTestInput) checkStorageContainer(container *corev1.Container, resources *corev1.ResourceRequirements, securityContext *corev1.SecurityContext) {
+	Expect(container.Name).To(Equal(t.Name + "-storage"))
+	if t.EnvStorageImageTag == nil {
+		Expect(container.Image).To(HavePrefix("quay.io/cryostat/cryostat-storage:"))
+	} else {
+		Expect(container.Image).To(Equal(*t.EnvStorageImageTag))
+	}
+	Expect(container.Ports).To(ConsistOf(t.NewStoragePorts()))
+	Expect(container.Env).To(ConsistOf(t.NewStorageEnvironmentVariables()))
+	Expect(container.EnvFrom).To(BeEmpty())
+	Expect(container.VolumeMounts).To(ConsistOf(t.NewStorageVolumeMounts()))
+	Expect(container.LivenessProbe).To(Equal(t.NewStorageLivenessProbe()))
+	Expect(container.SecurityContext).To(Equal(securityContext))
+
+	test.ExpectResourceRequirements(&container.Resources, resources)
+}
+
+func (t *cryostatTestInput) checkDatabaseContainer(container *corev1.Container, resources *corev1.ResourceRequirements, securityContext *corev1.SecurityContext, dbSecretProvided bool) {
+	Expect(container.Name).To(Equal(t.Name + "-db"))
+	if t.EnvDatabaseImageTag == nil {
+		Expect(container.Image).To(HavePrefix("quay.io/cryostat/cryostat-db:"))
+	} else {
+		Expect(container.Image).To(Equal(*t.EnvDatabaseImageTag))
+	}
+	Expect(container.Ports).To(ConsistOf(t.NewDatabasePorts()))
+	Expect(container.Env).To(ConsistOf(t.NewDatabaseEnvironmentVariables(dbSecretProvided)))
+	Expect(container.EnvFrom).To(BeEmpty())
+	Expect(container.VolumeMounts).To(ConsistOf(t.NewDatabaseVolumeMounts()))
+	Expect(container.ReadinessProbe).To(Equal(t.NewDatabaseReadinessProbe()))
+	Expect(container.SecurityContext).To(Equal(securityContext))
+
+	test.ExpectResourceRequirements(&container.Resources, resources)
+}
+
+func (t *cryostatTestInput) checkAuthProxyContainer(container *corev1.Container, resources *corev1.ResourceRequirements, securityContext *corev1.SecurityContext, basicAuthConfigured bool, basicAuthFilename string) {
+	Expect(container.Name).To(Equal(t.Name + "-auth-proxy"))
+
+	imageTag := t.EnvOAuth2ProxyImageTag
+	defaultPrefix := "quay.io/oauth2-proxy/oauth2-proxy:"
+	if t.OpenShift {
+		imageTag = t.EnvOpenShiftOAuthProxyImageTag
+		defaultPrefix = "quay.io/openshift/origin-oauth-proxy:"
+	}
+	if imageTag != nil {
+		Expect(container.Image).To(Equal(*imageTag))
+	} else {
+		Expect(container.Image).To(HavePrefix(defaultPrefix))
+	}
+
+	Expect(container.Ports).To(ConsistOf(t.NewAuthProxyPorts()))
+	Expect(container.Env).To(ConsistOf(t.NewAuthProxyEnvironmentVariables(basicAuthConfigured, basicAuthFilename)))
+	Expect(container.EnvFrom).To(ConsistOf(t.NewAuthProxyEnvFromSource()))
+	Expect(container.VolumeMounts).To(ConsistOf(t.NewAuthProxyVolumeMounts(basicAuthConfigured)))
+	Expect(container.LivenessProbe).To(Equal(t.NewAuthProxyLivenessProbe()))
+	Expect(container.SecurityContext).To(Equal(securityContext))
+
+	test.ExpectResourceRequirements(&container.Resources, resources)
+}
+
 func (t *cryostatTestInput) checkReportsContainer(container *corev1.Container, resources *corev1.ResourceRequirements, securityContext *corev1.SecurityContext) {
 	Expect(container.Name).To(Equal(t.Name + "-reports"))
 	if t.EnvReportsImageTag == nil {
@@ -2840,22 +2918,6 @@ func (t *cryostatTestInput) checkReportsContainer(container *corev1.Container, r
 	test.ExpectResourceRequirements(&container.Resources, resources)
 }
 
-// func (t *cryostatTestInput) checkStorageContainer(container *corev1.Container, resources *corev1.ResourceRequirements, securityContext *corev1.SecurityContext) {
-// 	Expect(container.Name).To(Equal(t.Name + "-storage"))
-// 	if t.EnvReportsImageTag == nil {
-// 		Expect(container.Image).To(HavePrefix("quay.io/cryostat/cryostat-storage:"))
-// 	} else {
-// 		Expect(container.Image).To(Equal(*t.EnvReportsImageTag))
-// 	}
-// 	Expect(container.Ports).To(ConsistOf(t.NewStoragePorts()))
-// 	Expect(container.Env).To(ConsistOf(t.NewStorageEnvironmentVariables(resources)))
-// 	Expect(container.VolumeMounts).To(ConsistOf(t.NewReportsVolumeMounts()))
-// 	Expect(container.LivenessProbe).To(Equal(t.NewReportsLivenessProbe()))
-// 	Expect(container.SecurityContext).To(Equal(securityContext))
-
-// 	test.ExpectResourceRequirements(&container.Resources, resources)
-// }
-
 func (t *cryostatTestInput) checkCoreHasEnvironmentVariables(expectedEnvVars []corev1.EnvVar) {
 	deployment := &appsv1.Deployment{}
 	err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name, Namespace: t.Namespace}, deployment)
@@ -2905,12 +2967,6 @@ func (t *cryostatTestInput) expectConsoleLink() {
 	Expect(link.Spec).To(Equal(expectedLink.Spec))
 }
 
-func (t *cryostatTestInput) expectResourcesUnaffected() {
-	for _, check := range resourceChecks() {
-		check.expectFunc(t)
-	}
-}
-
 func (t *cryostatTestInput) expectTargetNamespaces() {
 	cr := t.getCryostatInstance()
 	Expect(*cr.TargetNamespaceStatus).To(ConsistOf(t.TargetNamespaces))