Fix port exposure in MQTT/STOMP and WS variants

MQTT/STOMP over TLS, and its web socket variants, can be exposed together over TLS, they are not mutually exclusive. Previously, we were not exposing MQTT/STOMP over TLS, if mTLS was enabled, but replacing them with the web socket variants. Signed-off-by: Aitor Perez Cedres <[email protected]>
rabbitmq · Nov 12, 2021 · 18030dc · 18030dc
1 parent c8f420d
commit 18030dc
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 2 deletions.
diff --git a/internal/resource/service.go b/internal/resource/service.go
@@ -12,6 +12,7 @@ package resource
 import (
 	"encoding/json"
 	"fmt"
+
 	"k8s.io/utils/pointer"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -246,7 +247,7 @@ func (builder *ServiceBuilder) generateServicePortsMap() map[string]corev1.Servi
 
 	if builder.Instance.MutualTLSEnabled() {
 		if builder.Instance.AdditionalPluginEnabled("rabbitmq_web_stomp") {
-			servicePortsMap["stomps"] = corev1.ServicePort{
+			servicePortsMap["web-stomp-tls"] = corev1.ServicePort{
 				Protocol:    corev1.ProtocolTCP,
 				Port:        15673,
 				Name:        "web-stomp-tls",
@@ -255,7 +256,7 @@ func (builder *ServiceBuilder) generateServicePortsMap() map[string]corev1.Servi
 			}
 		}
 		if builder.Instance.AdditionalPluginEnabled("rabbitmq_web_mqtt") {
-			servicePortsMap["mqtts"] = corev1.ServicePort{
+			servicePortsMap["web-mqtt-tls"] = corev1.ServicePort{
 				Protocol:    corev1.ProtocolTCP,
 				Port:        15676,
 				Name:        "web-mqtt-tls",

diff --git a/internal/resource/service_test.go b/internal/resource/service_test.go
@@ -270,6 +270,54 @@ var _ = Context("Services", func() {
 					Entry("OSR", "rabbitmq_multi_dc_replication", "streams", 5551, pointer.String("rabbitmq.com/stream-tls")),
 				)
 			})
+
+			When("MQTT and Web-MQTT are enabled", func() {
+				It("exposes ports for both protocols", func() {
+					instance.Spec.Rabbitmq.AdditionalPlugins = []rabbitmqv1beta1.Plugin{"rabbitmq_mqtt", "rabbitmq_web_mqtt"}
+					instance.Spec.TLS.CaSecretName = "my-ca"
+					Expect(serviceBuilder.Update(svc)).To(Succeed())
+					Expect(svc.Spec.Ports).To(ContainElements([]corev1.ServicePort{
+						{
+							Name:        "web-mqtt-tls",
+							Protocol:    corev1.ProtocolTCP,
+							AppProtocol: pointer.String("https"),
+							Port:        15676,
+							TargetPort:  intstr.FromInt(15676),
+						},
+						{
+							Name:        "mqtts",
+							Protocol:    corev1.ProtocolTCP,
+							AppProtocol: pointer.String("mqtts"),
+							Port:        8883,
+							TargetPort:  intstr.FromInt(8883),
+						},
+					}))
+				})
+			})
+
+			When("STOMP and Web-STOMP are enabled", func() {
+				It("exposes ports for both protocols", func() {
+					instance.Spec.Rabbitmq.AdditionalPlugins = []rabbitmqv1beta1.Plugin{"rabbitmq_stomp", "rabbitmq_web_stomp"}
+					instance.Spec.TLS.CaSecretName = "my-ca"
+					Expect(serviceBuilder.Update(svc)).To(Succeed())
+					Expect(svc.Spec.Ports).To(ContainElements([]corev1.ServicePort{
+						{
+							Name:        "web-stomp-tls",
+							Protocol:    corev1.ProtocolTCP,
+							AppProtocol: pointer.String("https"),
+							Port:        15673,
+							TargetPort:  intstr.FromInt(15673),
+						},
+						{
+							Name:        "stomps",
+							Protocol:    corev1.ProtocolTCP,
+							AppProtocol: pointer.String("stomp.github.io/stomp-tls"),
+							Port:        61614,
+							TargetPort:  intstr.FromInt(61614),
+						},
+					}))
+				})
+			})
 		})
 
 		Context("Annotations", func() {