From 146a215c5a68ea00ae56dd3457ee08d841adc07b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Mon, 9 Dec 2024 20:22:47 +0300 Subject: [PATCH 1/3] K8SPXC-1411: Fix disabling TLS without unsafe flag --- pkg/apis/pxc/v1/pxc_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/apis/pxc/v1/pxc_types.go b/pkg/apis/pxc/v1/pxc_types.go index 0003ba2db..fa23e5b90 100644 --- a/pkg/apis/pxc/v1/pxc_types.go +++ b/pkg/apis/pxc/v1/pxc_types.go @@ -1238,7 +1238,7 @@ func (cr *PerconaXtraDBCluster) setProbesDefaults() { } func (cr *PerconaXtraDBCluster) checkSafeDefaults() error { - if !cr.Spec.Unsafe.TLS && !cr.TLSEnabled() { + if !cr.Spec.Unsafe.TLS && !*cr.Spec.TLS.Enabled { return errors.New("TLS must be enabled. Set spec.unsafeFlags.tls to true to disable this check") } From eee11960b8538d71a90d5467ed760d06d378cdd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Tue, 10 Dec 2024 13:42:37 +0300 Subject: [PATCH 2/3] fix tls-issue-self test --- e2e-tests/tls-issue-self/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e-tests/tls-issue-self/run b/e2e-tests/tls-issue-self/run index 52157ee33..82593e2f3 100755 --- a/e2e-tests/tls-issue-self/run +++ b/e2e-tests/tls-issue-self/run @@ -28,7 +28,7 @@ main() { # generation = 2 on this step desc 'check disabling tls' - kubectl_bin patch pxc "$cluster" --type=merge --patch '{"spec": {"tls":{"enabled": false}}}' # generation + 1 (total 3) + kubectl_bin patch pxc "$cluster" --type=merge --patch '{"spec": {"tls":{"enabled": false}, "unsafeFlags": {"tls": true}}}' # generation + 1 (total 3) sleep 10 # operator performs: # - patch .spec.pause to true (generation = 4) From 9feaacfccbf58a91a18c64af46dff25a4071423d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ege=20G=C3=BCne=C5=9F?= Date: Tue, 10 Dec 2024 16:44:38 +0300 Subject: [PATCH 3/3] fix generation in tests --- .../tls-issue-self/compare/pxc_some-name-enabled.yml | 2 +- e2e-tests/tls-issue-self/compare/pxc_some-name.yml | 2 +- e2e-tests/tls-issue-self/run | 11 +++++------ 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/e2e-tests/tls-issue-self/compare/pxc_some-name-enabled.yml b/e2e-tests/tls-issue-self/compare/pxc_some-name-enabled.yml index a4798e716..0124f4979 100644 --- a/e2e-tests/tls-issue-self/compare/pxc_some-name-enabled.yml +++ b/e2e-tests/tls-issue-self/compare/pxc_some-name-enabled.yml @@ -1,7 +1,7 @@ apiVersion: pxc.percona.com/v1 kind: PerconaXtraDBCluster metadata: - generation: 10 + generation: 9 name: some-name spec: backup: diff --git a/e2e-tests/tls-issue-self/compare/pxc_some-name.yml b/e2e-tests/tls-issue-self/compare/pxc_some-name.yml index 63f494ddb..5e96b6304 100644 --- a/e2e-tests/tls-issue-self/compare/pxc_some-name.yml +++ b/e2e-tests/tls-issue-self/compare/pxc_some-name.yml @@ -1,7 +1,7 @@ apiVersion: pxc.percona.com/v1 kind: PerconaXtraDBCluster metadata: - generation: 6 + generation: 5 name: some-name spec: backup: diff --git a/e2e-tests/tls-issue-self/run b/e2e-tests/tls-issue-self/run index 82593e2f3..d3019188f 100755 --- a/e2e-tests/tls-issue-self/run +++ b/e2e-tests/tls-issue-self/run @@ -32,8 +32,7 @@ main() { sleep 10 # operator performs: # - patch .spec.pause to true (generation = 4) - # - patch spec.unsafeFlags.tls to true (generation = 5) - # - patch .spec.pause to false (generation = 6) + # - patch .spec.pause to false (generation = 5) wait_cluster_consistency "$cluster" 3 2 desc 'secrets should be deleted' if kubectl get secret "$cluster-ssl" &>/dev/null; then @@ -47,12 +46,12 @@ main() { compare_kubectl "pxc/$cluster" desc 'check enabling tls' - kubectl_bin patch pxc "$cluster" --type=merge --patch '{"spec": {"tls":{"enabled": true}}}' # generation + 1 (total = 7) + kubectl_bin patch pxc "$cluster" --type=merge --patch '{"spec": {"tls":{"enabled": true}}}' # generation + 1 (total = 6) sleep 10 # operator performs: - # - patch .spec.pause to true (generation = 8) - # - patch spec.unsafeFlags.tls to false (generation = 9) - # - patch .spec.pause to false (generation = 10) + # - patch .spec.pause to true (generation = 7) + # - patch spec.unsafeFlags.tls to false (generation = 8) + # - patch .spec.pause to false (generation = 9) wait_cluster_consistency "$cluster" 3 2 compare_kubectl "pxc/$cluster" "-enabled" desc 'secrets should be recreated'