From 56c9a3585023eb6472f6b77722e8a3378be9bc66 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Wed, 20 Oct 2021 11:48:21 -0400 Subject: [PATCH 01/11] upgrade k3s --- deploy/airgap-prepare.sh | 6 +++--- deploy/rpm/SPECS/karavi-authorization.spec | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/airgap-prepare.sh b/deploy/airgap-prepare.sh index 3dadcd07..f5c6f80c 100755 --- a/deploy/airgap-prepare.sh +++ b/deploy/airgap-prepare.sh @@ -32,19 +32,19 @@ fi # Download k3s if [[ ! -f $K3S_BINARY ]] then - curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s + curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s fi if [[ ! -f $K3S_IMAGES_TAR ]] then # Download k3s images - curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s-airgap-images-$ARCH.tar + curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-airgap-images-$ARCH.tar fi if [[ ! -f $CERT_MANAGER_MANIFEST ]] then # Download cert-manager manifest - curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml fi # Pull all 3rd party images to ensure they exist locally. diff --git a/deploy/rpm/SPECS/karavi-authorization.spec b/deploy/rpm/SPECS/karavi-authorization.spec index a44f06a0..0d684633 100644 --- a/deploy/rpm/SPECS/karavi-authorization.spec +++ b/deploy/rpm/SPECS/karavi-authorization.spec @@ -1,5 +1,5 @@ Name: karavi-authorization -Version: 1.0 +Version: 1.1 Release: 0 Summary: Karavi Authorization From 2a8951dd03ceba4ba3e919af1e40e4f71262e964 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Wed, 20 Oct 2021 11:48:54 -0400 Subject: [PATCH 02/11] policy idempotent --- policies/policy-install.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/policies/policy-install.sh b/policies/policy-install.sh index 3a7b2f4c..afb3028d 100755 --- a/policies/policy-install.sh +++ b/policies/policy-install.sh @@ -18,13 +18,13 @@ do done cd "$(dirname "$0")" -$K3S kubectl create configmap common -n karavi --from-file=./common.rego --save-config -$K3S kubectl create configmap powermax-volumes-create -n karavi --from-file=./volumes_powermax_create.rego --save-config -$K3S kubectl create configmap powerscale-volumes-create -n karavi --from-file=./volumes_powerscale_create.rego --save-config -$K3S kubectl create configmap volumes-create -n karavi --from-file=./volumes_create.rego --save-config -$K3S kubectl create configmap volumes-delete -n karavi --from-file=./volumes_delete.rego --save-config -$K3S kubectl create configmap volumes-unmap -n karavi --from-file=./volumes_unmap.rego --save-config -$K3S kubectl create configmap volumes-map -n karavi --from-file=./volumes_map.rego --save-config -$K3S kubectl create configmap powerflex-urls -n karavi --from-file=./url.rego --save-config -$K3S kubectl create configmap powermax-urls -n karavi --from-file=./powermax_url.rego --save-config -$K3S kubectl create configmap powerscale-urls -n karavi --from-file=./powerscale_url.rego --save-config +$K3S kubectl create configmap common -n karavi --from-file=./common.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap powermax-volumes-create -n karavi --from-file=./volumes_powermax_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap powerscale-volumes-create -n karavi --from-file=./volumes_powerscale_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap volumes-create -n karavi --from-file=./volumes_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap volumes-delete -n karavi --from-file=./volumes_delete.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap volumes-unmap -n karavi --from-file=./volumes_unmap.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap volumes-map -n karavi --from-file=./volumes_map.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap powerflex-urls -n karavi --from-file=./url.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap powermax-urls -n karavi --from-file=./powermax_url.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +$K3S kubectl create configmap powerscale-urls -n karavi --from-file=./powerscale_url.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - From 001e0d5b586539fb87af24b0a317b22835cf65e7 Mon Sep 17 00:00:00 2001 From: Shayna Finocchiaro <66699024+shaynafinocchiaro@users.noreply.github.com> Date: Tue, 2 Nov 2021 12:20:20 -0400 Subject: [PATCH 03/11] updated k3s and cert-manager version, migrated depreciated ingress API fields to new API objects --- deploy/airgap-prepare.sh | 6 +++--- deploy/ingress-traefik.yaml | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/airgap-prepare.sh b/deploy/airgap-prepare.sh index 3dadcd07..a7c5c62d 100755 --- a/deploy/airgap-prepare.sh +++ b/deploy/airgap-prepare.sh @@ -32,19 +32,19 @@ fi # Download k3s if [[ ! -f $K3S_BINARY ]] then - curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s + curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s fi if [[ ! -f $K3S_IMAGES_TAR ]] then # Download k3s images - curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s-airgap-images-$ARCH.tar + curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-airgap-images-$ARCH.tar fi if [[ ! -f $CERT_MANAGER_MANIFEST ]] then # Download cert-manager manifest - curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml fi # Pull all 3rd party images to ensure they exist locally. diff --git a/deploy/ingress-traefik.yaml b/deploy/ingress-traefik.yaml index 3e2faea2..185f3bd4 100644 --- a/deploy/ingress-traefik.yaml +++ b/deploy/ingress-traefik.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: proxy-server @@ -22,10 +22,10 @@ spec: - path: / pathType: Prefix backend: - serviceName: proxy-server - servicePort: 8080 + service.name: proxy-server + service.port.number: 8080 --- -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grpc-services @@ -49,5 +49,5 @@ spec: - path: / pathType: Prefix backend: - serviceName: tenant-service - servicePort: grpc + service.name: tenant-service + service.port.name: grpc From 9d353dcaf215ed2149955a6500a5c624f152c618 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Tue, 2 Nov 2021 12:26:52 -0400 Subject: [PATCH 04/11] cleanup --- deploy/airgap-prepare.sh | 6 +++--- deploy/install.go | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/airgap-prepare.sh b/deploy/airgap-prepare.sh index f5c6f80c..3dadcd07 100755 --- a/deploy/airgap-prepare.sh +++ b/deploy/airgap-prepare.sh @@ -32,19 +32,19 @@ fi # Download k3s if [[ ! -f $K3S_BINARY ]] then - curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s + curl -kL -o $K3S_BINARY https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s fi if [[ ! -f $K3S_IMAGES_TAR ]] then # Download k3s images - curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-airgap-images-$ARCH.tar + curl -kL -o $K3S_IMAGES_TAR https://github.com/rancher/k3s/releases/download/v1.18.10%2Bk3s1/k3s-airgap-images-$ARCH.tar fi if [[ ! -f $CERT_MANAGER_MANIFEST ]] then # Download cert-manager manifest - curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml + curl -kL -o ${DIST}/$CERT_MANAGER_MANIFEST https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml fi # Pull all 3rd party images to ensure they exist locally. diff --git a/deploy/install.go b/deploy/install.go index 9918b1e1..c2ff835d 100644 --- a/deploy/install.go +++ b/deploy/install.go @@ -85,6 +85,7 @@ const ( RancherManifestsDir = "/var/lib/rancher/k3s/server/manifests" RancherK3sKubeConfigPath = "/etc/rancher/k3s/k3s.yaml" EnvK3sInstallSkipDownload = "INSTALL_K3S_SKIP_DOWNLOAD=true" + EnvK3sForceRestart = "INSTALL_K3S_FORCE_RESTART=true" ) const ( @@ -662,7 +663,7 @@ func (dp *DeployProcess) ExecuteK3sInstallScript() { } cmd := execCommand(filepath.Join(dp.tmpDir, k3SInstallScript)) - cmd.Env = append(os.Environ(), EnvK3sInstallSkipDownload) + cmd.Env = append(os.Environ(), EnvK3sInstallSkipDownload, EnvK3sForceRestart) cmd.Stdout = logFile cmd.Stderr = logFile err = cmd.Run() From 39071caa577c1ca80fa0b7935df5bcaf46285df7 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Tue, 2 Nov 2021 13:26:28 -0400 Subject: [PATCH 05/11] add 1.1 version tag --- Makefile | 2 +- deploy/airgap-prepare.sh | 2 +- deploy/deployment.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index aa2d81c9..d48c5319 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -DOCKER_TAG ?= 1.0.0 +DOCKER_TAG ?= 1.1.0 .PHONY: build build: diff --git a/deploy/airgap-prepare.sh b/deploy/airgap-prepare.sh index a7c5c62d..ba66a52f 100755 --- a/deploy/airgap-prepare.sh +++ b/deploy/airgap-prepare.sh @@ -1,7 +1,7 @@ #!/bin/bash -x ARCH=amd64 -DOCKER_TAG=1.0.0 +DOCKER_TAG=1.1.0 DIST=dist K3S_INSTALL_SCRIPT=${DIST}/k3s-install.sh diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 6a454034..943a2339 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -71,7 +71,7 @@ spec: spec: containers: - name: proxy-server - image: proxy-server:1.0.0 + image: proxy-server:1.1.0 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 @@ -129,7 +129,7 @@ spec: spec: containers: - name: tenant-service - image: tenant-service:1.0.0 + image: tenant-service:1.1.0 imagePullPolicy: IfNotPresent ports: - containerPort: 50051 From e97cd366858af5be1228bb343136639da558db83 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Wed, 3 Nov 2021 17:18:25 -0400 Subject: [PATCH 06/11] update sidecar version --- deploy/airgap-prepare.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/airgap-prepare.sh b/deploy/airgap-prepare.sh index ba66a52f..a4215afb 100755 --- a/deploy/airgap-prepare.sh +++ b/deploy/airgap-prepare.sh @@ -1,7 +1,7 @@ #!/bin/bash -x ARCH=amd64 -DOCKER_TAG=1.1.0 +SIDECAR_DOCKER_TAG=1.0.0 DIST=dist K3S_INSTALL_SCRIPT=${DIST}/k3s-install.sh @@ -62,7 +62,7 @@ cp $CRED_SHIELD_DEPLOYMENT_MANIFEST $CRED_SHIELD_INGRESS_MANIFEST $CERT_MANAGER_ cp ../policies/*.rego ../policies/policy-install.sh $DIST/. cp ../bin/$KARAVICTL $DIST/. -docker save $SIDECAR_PROXY:$DOCKER_TAG -o $DIST/$SIDECAR_PROXY-$DOCKER_TAG.tar +docker save $SIDECAR_PROXY:$SIDECAR_DOCKER_TAG -o $DIST/$SIDECAR_PROXY-$SIDECAR_DOCKER_TAG.tar tar -czv -C $DIST -f karavi-airgap-install.tar.gz . @@ -78,7 +78,7 @@ rm $K3S_INSTALL_SCRIPT \ ${DIST}/$CRED_SHIELD_INGRESS_MANIFEST \ ${DIST}/*.rego \ ${DIST}/policy-install.sh \ - ${DIST}/$SIDECAR_PROXY-$DOCKER_TAG.tar \ + ${DIST}/$SIDECAR_PROXY-$SIDECAR_DOCKER_TAG.tar \ ${DIST}/$KARAVICTL # Move the tarball into dist. From f660c0478f0130509517dfe3ca02c6f51a1be60f Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Tue, 9 Nov 2021 16:23:18 -0500 Subject: [PATCH 07/11] sidecar version --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d48c5319..eb05d0b2 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ DOCKER_TAG ?= 1.1.0 +SIDECAR_TAG ?= 1.0.0 .PHONY: build build: @@ -36,7 +37,7 @@ redeploy: build docker .PHONY: docker docker: build docker build -t proxy-server:$(DOCKER_TAG) --build-arg APP=proxy-server ./bin/. - docker build -t sidecar-proxy:$(DOCKER_TAG) --build-arg APP=sidecar-proxy ./bin/. + docker build -t sidecar-proxy:$(SIDECAR_TAG) --build-arg APP=sidecar-proxy ./bin/. docker build -t tenant-service:$(DOCKER_TAG) --build-arg APP=tenant-service ./bin/. .PHONY: protoc From 1abfe9fd9ac6d27beeb887b20484bed39e42c510 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Tue, 9 Nov 2021 16:23:50 -0500 Subject: [PATCH 08/11] persist roles --- policies/policy-install.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/policies/policy-install.sh b/policies/policy-install.sh index afb3028d..39e0610a 100755 --- a/policies/policy-install.sh +++ b/policies/policy-install.sh @@ -18,7 +18,11 @@ do done cd "$(dirname "$0")" -$K3S kubectl create configmap common -n karavi --from-file=./common.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - + +if [[ $($K3S kubectl get configmap common -n karavi | grep common | wc -l) -ne 1 ]] +then + $K3S kubectl create configmap common -n karavi --from-file=./common.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - +fi $K3S kubectl create configmap powermax-volumes-create -n karavi --from-file=./volumes_powermax_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - $K3S kubectl create configmap powerscale-volumes-create -n karavi --from-file=./volumes_powerscale_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - $K3S kubectl create configmap volumes-create -n karavi --from-file=./volumes_create.rego --save-config --dry-run=client -o yaml | $K3S kubectl apply -f - From 960c2d24ff04197b78ffba38ee4f5d6397a306dd Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Tue, 9 Nov 2021 16:24:46 -0500 Subject: [PATCH 09/11] persist storage --- deploy/deployment.yaml | 8 ----- deploy/install.go | 77 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 8 deletions(-) diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 943a2339..237eb165 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -44,14 +44,6 @@ subjects: name: system:serviceaccounts:karavi apiGroup: rbac.authorization.k8s.io --- -apiVersion: v1 -kind: Secret -metadata: - name: karavi-storage-secret - namespace: karavi -data: - storage-systems.yaml: c3RvcmFnZToK ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/deploy/install.go b/deploy/install.go index c2ff835d..8361582b 100644 --- a/deploy/install.go +++ b/deploy/install.go @@ -186,10 +186,12 @@ func NewDeploymentProcess(stdout, stderr io.Writer, bundle fs.FS) *DeployProcess dp.CopyImagesToRancherDirs, dp.CopyManifestsToRancherDirs, dp.WriteConfigSecretManifest, + dp.WriteStorageSecretManifest, dp.WriteConfigMapManifest, dp.ExecuteK3sInstallScript, dp.InitKaraviPolicies, dp.ChownK3sKubeConfig, + dp.RemoveSecretManifest, dp.CopySidecarProxyToCwd, dp.Cleanup, dp.PrintFinishedMessage, @@ -336,6 +338,22 @@ func (dp *DeployProcess) Cleanup() { } } +// RemoveSecretManifest removes the karavi-storage-secret.yaml to prevent +// overriding storage system data on k3s restart. +func (dp *DeployProcess) RemoveSecretManifest() { + if dp.Err != nil { + return + } + + fname := filepath.Join(RancherManifestsDir, "karavi-storage-secret.yaml") + + if err := os.Remove(fname); err != nil { + if !errors.Is(err, os.ErrNotExist) { + fmt.Fprintf(dp.stderr, "error: cleaning up secret file: %+v\n", err) + } + } +} + // UntarFiles extracts the files from the embedded bundle tar file. func (dp *DeployProcess) UntarFiles() { if dp.Err != nil { @@ -557,6 +575,65 @@ func (dp *DeployProcess) WriteConfigSecretManifest() { } } +// WriteStorageSecretManifest generates and writes the Kubernetes +// Storage Secret manifest for Karavi-Authorization, if it does not exist from previous install +func (dp *DeployProcess) WriteStorageSecretManifest() { + if dp.Err != nil { + return + } + + //check if a secret already exists from previous install + cmd := execCommand("/usr/local/bin/k3s", "kubectl", "get", "secret", "karavi-storage-secret", "-n", "karavi", "-o", "json") + err := cmd.Run() + if err == nil { + //skip creating the secret + return + } + + secret := corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Secret", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "karavi-storage-secret", + Namespace: "karavi", + }, + Data: make(map[string][]byte), + } + b64, err := base64.StdEncoding.DecodeString("c3RvcmFnZToK") + if err != nil { + dp.Err = fmt.Errorf("decoding base64 string: %w", err) + return + } + secret.Data["storage-systems.yaml"] = b64 + secretBytes, err := yamlMarshalSecret(&secret) + if err != nil { + dp.Err = fmt.Errorf("marshalling %+v: %w", secret, err) + return + } + + fname := filepath.Join(RancherManifestsDir, "karavi-storage-secret.yaml") + f, err := osOpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0341) + if err != nil { + dp.Err = fmt.Errorf("creating %s: %w", fname, err) + return + } + defer func() { + err := f.Close() + if err != nil { + dp.Err = fmt.Errorf("closing RancherManifestsDir: %w", err) + } + }() + + _, err = f.Write(secretBytes) + if err != nil { + dp.Err = fmt.Errorf("writing secret: %w", err) + return + } + +} + // WriteConfigMapManifest generates and writes the Kubernetes // Secret manifest for Karavi-Authorization, based on the provided // configuration options, if any. From 49c3674944f0b86cd93b2896e62026de481c0d29 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Thu, 11 Nov 2021 12:05:00 -0500 Subject: [PATCH 10/11] unit tests --- deploy/install.go | 3 +- deploy/install_test.go | 191 +++++++++++++++++++++ deploy/testdata/karavi-storage-secret.yaml | 8 + 3 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 deploy/testdata/karavi-storage-secret.yaml diff --git a/deploy/install.go b/deploy/install.go index 8361582b..afad790b 100644 --- a/deploy/install.go +++ b/deploy/install.go @@ -52,6 +52,7 @@ var ( ioutilReadFile = ioutil.ReadFile ioutilWriteFile = ioutil.WriteFile osRemoveAll = os.RemoveAll + osRemove = os.Remove ioutilTempFile = ioutil.TempFile execCommand = exec.Command osGeteuid = os.Geteuid @@ -347,7 +348,7 @@ func (dp *DeployProcess) RemoveSecretManifest() { fname := filepath.Join(RancherManifestsDir, "karavi-storage-secret.yaml") - if err := os.Remove(fname); err != nil { + if err := osRemove(fname); err != nil { if !errors.Is(err, os.ErrNotExist) { fmt.Fprintf(dp.stderr, "error: cleaning up secret file: %+v\n", err) } diff --git a/deploy/install_test.go b/deploy/install_test.go index ac832946..ac0ae0de 100644 --- a/deploy/install_test.go +++ b/deploy/install_test.go @@ -18,6 +18,7 @@ import ( "bytes" "compress/gzip" "errors" + "fmt" "io" "io/fs" "io/ioutil" @@ -265,6 +266,63 @@ func TestDeployProcess_Cleanup(t *testing.T) { }) } +func TestDeployProcess_RemoveSecretManifest(t *testing.T) { + var testOut, testErr bytes.Buffer + sut := buildDeployProcess(&testOut, &testErr) + afterEach := func() { + osRemove = os.Remove + testOut.Reset() + testErr.Reset() + sut.Err = nil + } + t.Run("it is a noop on sticky error", func(t *testing.T) { + defer afterEach() + sut.Err = errors.New("test error") + var callCount int + osRemove = func(_ string) error { + callCount++ + return nil + } + + sut.RemoveSecretManifest() + + want := 0 + if got := callCount; got != want { + t.Errorf("got callCount = %d, want %d", got, want) + } + }) + t.Run("it removes the intended secret file", func(t *testing.T) { + defer afterEach() + osRemove = func(_ string) error { + return nil + } + + sut.RemoveSecretManifest() + + if got := sut.Err; got != nil { + t.Errorf("got err = %s, want nil", got) + } + }) + t.Run("it continues on failure but prints warning", func(t *testing.T) { + defer afterEach() + fName := "karavi-storage-secret.yaml" + givenErr := errors.New(fName) + osRemove = func(_ string) error { + return givenErr + } + + sut.RemoveSecretManifest() + + if got := sut.Err; got != nil { + t.Errorf("got err = %v, but wanted nil", got) + } + wantMsg := fmt.Sprintln("error: cleaning up secret file:", fName) + if got := string(testErr.Bytes()); got != wantMsg { + t.Errorf("got msg = %q, want %q", got, wantMsg) + } + }) +} + func TestDeployProcess_ChownK3sKubeConfig(t *testing.T) { sut := buildDeployProcess(nil, nil) afterEach := func() { @@ -974,6 +1032,139 @@ func TestDeployProcess_WriteConfigSecretManifest(t *testing.T) { }) } +func TestDeployProcess_WriteStorageSecretManifest(t *testing.T) { + sut := buildDeployProcess(nil, nil) + + afterEach := func() { + execCommand = exec.Command + yamlMarshalSettings = realYamlMarshalSettings + yamlMarshalSecret = realYamlMarshalSecret + sut.Err = nil + } + + t.Run("it is a noop on sticky error", func(t *testing.T) { + defer afterEach() + var callCount int + execCommand = func(_ string, _ ...string) *exec.Cmd { + callCount++ + return nil + } + sut.Err = errors.New("test error") + + sut.WriteStorageSecretManifest() + + want := 0 + if got := callCount; got != want { + t.Errorf("got callCount = %v, want %v", got, want) + } + }) + t.Run("it writes config to a storage secret manifest", func(t *testing.T) { + defer afterEach() + execCommand = func(_ string, _ ...string) *exec.Cmd { + return exec.Command("false") //return a failure + } + tmpDir, err := ioutil.TempDir("", "WriteStorageSecretManifest") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmpDir) + var configPath string + osOpenFile = func(path string, _ int, _ os.FileMode) (*os.File, error) { + configPath = filepath.Join(tmpDir, path) + if err := os.MkdirAll(filepath.Dir(configPath), 0755); err != nil { + t.Fatal(err) + } + return os.Create(configPath) + } + + sut.WriteStorageSecretManifest() + + if sut.Err != nil { + t.Fatalf("got err = %v, want nil", sut.Err) + } + got, err := ioutil.ReadFile(configPath) + if err != nil { + t.Fatal(err) + } + want, err := ioutil.ReadFile("testdata/karavi-storage-secret.yaml") + if err != nil { + t.Fatal(err) + } + if !reflect.DeepEqual(got, want) { + t.Errorf("got:\n%v\nwant:\n%v\n", string(got), string(want)) + } + }) + t.Run("it handles file creation failure", func(t *testing.T) { + defer afterEach() + execCommand = func(_ string, _ ...string) *exec.Cmd { + return exec.Command("false") //return a failure + } + wantErr := errors.New("test error") + osOpenFile = func(_ string, _ int, _ os.FileMode) (*os.File, error) { + return nil, wantErr + } + + sut.WriteStorageSecretManifest() + + want := wantErr + if got := errors.Unwrap(sut.Err); got != want { + t.Errorf("got err %v, want %v", got, want) + } + }) + t.Run("it handles file writing failure", func(t *testing.T) { + defer afterEach() + execCommand = func(_ string, _ ...string) *exec.Cmd { + return exec.Command("false") //return a failure + } + osOpenFile = func(_ string, _ int, _ os.FileMode) (*os.File, error) { + // Return a nil file to force #Write to return an error. + return nil, nil + } + + sut.WriteStorageSecretManifest() + + want := os.ErrInvalid + if got := errors.Unwrap(sut.Err); got != want { + t.Errorf("got err %v, want %v", got, want) + } + }) + t.Run("it handles secret marshal failure", func(t *testing.T) { + defer afterEach() + execCommand = func(_ string, _ ...string) *exec.Cmd { + return exec.Command("false") //return a failure + } + wantErr := errors.New("test error") + yamlMarshalSecret = func(_ *corev1.Secret) ([]byte, error) { + return nil, wantErr + } + + sut.WriteStorageSecretManifest() + + want := wantErr + if got := errors.Unwrap(sut.Err); got != want { + t.Errorf("got err %v, want %v", got, want) + } + }) + t.Run("it skips creation if secret already exists", func(t *testing.T) { + defer afterEach() + execCommand = func(_ string, _ ...string) *exec.Cmd { + return exec.Command("true") + } + var callCount int + osOpenFile = func(_ string, _ int, _ os.FileMode) (*os.File, error) { + callCount++ + return nil, nil + } + + sut.WriteStorageSecretManifest() + + want := 0 + if got := callCount; got != want { + t.Errorf("got callCount = %v, want %v", got, want) + } + }) +} + func TestDeployProcess_WriteConfigMapManifest(t *testing.T) { sut := buildDeployProcess(nil, nil) diff --git a/deploy/testdata/karavi-storage-secret.yaml b/deploy/testdata/karavi-storage-secret.yaml new file mode 100644 index 00000000..125bc903 --- /dev/null +++ b/deploy/testdata/karavi-storage-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + storage-systems.yaml: c3RvcmFnZToK +kind: Secret +metadata: + creationTimestamp: null + name: karavi-storage-secret + namespace: karavi From ca7c24933e2e1e95a3eeef288e9063cfe14ad955 Mon Sep 17 00:00:00 2001 From: Sharmila Ramamoorthy Date: Thu, 11 Nov 2021 13:39:20 -0500 Subject: [PATCH 11/11] image version --- .github/workflows/actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index a9686a6e..fc07f68b 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -96,7 +96,7 @@ jobs: - name: Scan Proxy Server uses: Azure/container-scan@v0 with: - image-name: proxy-server:1.0.0 + image-name: proxy-server:1.1.0 severity-threshold: HIGH - name: Scan SideCar Proxy uses: Azure/container-scan@v0