From 18030dc24f8b5c38edde09adf61a3b151ccb601e Mon Sep 17 00:00:00 2001 From: Aitor Perez Cedres Date: Thu, 4 Nov 2021 16:44:07 +0000 Subject: [PATCH] Fix port exposure in MQTT/STOMP and WS variants MQTT/STOMP over TLS, and its web socket variants, can be exposed together over TLS, they are not mutually exclusive. Previously, we were not exposing MQTT/STOMP over TLS, if mTLS was enabled, but replacing them with the web socket variants. Signed-off-by: Aitor Perez Cedres --- internal/resource/service.go | 5 ++-- internal/resource/service_test.go | 48 +++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/internal/resource/service.go b/internal/resource/service.go index 748a94937..4107beaa2 100644 --- a/internal/resource/service.go +++ b/internal/resource/service.go @@ -12,6 +12,7 @@ package resource import ( "encoding/json" "fmt" + "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" @@ -246,7 +247,7 @@ func (builder *ServiceBuilder) generateServicePortsMap() map[string]corev1.Servi if builder.Instance.MutualTLSEnabled() { if builder.Instance.AdditionalPluginEnabled("rabbitmq_web_stomp") { - servicePortsMap["stomps"] = corev1.ServicePort{ + servicePortsMap["web-stomp-tls"] = corev1.ServicePort{ Protocol: corev1.ProtocolTCP, Port: 15673, Name: "web-stomp-tls", @@ -255,7 +256,7 @@ func (builder *ServiceBuilder) generateServicePortsMap() map[string]corev1.Servi } } if builder.Instance.AdditionalPluginEnabled("rabbitmq_web_mqtt") { - servicePortsMap["mqtts"] = corev1.ServicePort{ + servicePortsMap["web-mqtt-tls"] = corev1.ServicePort{ Protocol: corev1.ProtocolTCP, Port: 15676, Name: "web-mqtt-tls", diff --git a/internal/resource/service_test.go b/internal/resource/service_test.go index 9d14a3755..9b8c8581a 100644 --- a/internal/resource/service_test.go +++ b/internal/resource/service_test.go @@ -270,6 +270,54 @@ var _ = Context("Services", func() { Entry("OSR", "rabbitmq_multi_dc_replication", "streams", 5551, pointer.String("rabbitmq.com/stream-tls")), ) }) + + When("MQTT and Web-MQTT are enabled", func() { + It("exposes ports for both protocols", func() { + instance.Spec.Rabbitmq.AdditionalPlugins = []rabbitmqv1beta1.Plugin{"rabbitmq_mqtt", "rabbitmq_web_mqtt"} + instance.Spec.TLS.CaSecretName = "my-ca" + Expect(serviceBuilder.Update(svc)).To(Succeed()) + Expect(svc.Spec.Ports).To(ContainElements([]corev1.ServicePort{ + { + Name: "web-mqtt-tls", + Protocol: corev1.ProtocolTCP, + AppProtocol: pointer.String("https"), + Port: 15676, + TargetPort: intstr.FromInt(15676), + }, + { + Name: "mqtts", + Protocol: corev1.ProtocolTCP, + AppProtocol: pointer.String("mqtts"), + Port: 8883, + TargetPort: intstr.FromInt(8883), + }, + })) + }) + }) + + When("STOMP and Web-STOMP are enabled", func() { + It("exposes ports for both protocols", func() { + instance.Spec.Rabbitmq.AdditionalPlugins = []rabbitmqv1beta1.Plugin{"rabbitmq_stomp", "rabbitmq_web_stomp"} + instance.Spec.TLS.CaSecretName = "my-ca" + Expect(serviceBuilder.Update(svc)).To(Succeed()) + Expect(svc.Spec.Ports).To(ContainElements([]corev1.ServicePort{ + { + Name: "web-stomp-tls", + Protocol: corev1.ProtocolTCP, + AppProtocol: pointer.String("https"), + Port: 15673, + TargetPort: intstr.FromInt(15673), + }, + { + Name: "stomps", + Protocol: corev1.ProtocolTCP, + AppProtocol: pointer.String("stomp.github.io/stomp-tls"), + Port: 61614, + TargetPort: intstr.FromInt(61614), + }, + })) + }) + }) }) Context("Annotations", func() {