Fix validation error

securesign · Mar 14, 2024 · c1b4613 · c1b4613
1 parent c9bfac4
commit c1b4613
Show file tree

Hide file tree

Showing 2 changed files with 172 additions and 4 deletions.
diff --git a/controllers/tuf/actions/generate_cert.go b/controllers/tuf/actions/generate_cert.go
@@ -59,12 +59,11 @@ func (i resolveKeysAction) Handle(ctx context.Context, instance *rhtasv1alpha1.T
 	}
 
 	if cap(instance.Status.Keys) < len(instance.Spec.Keys) {
-		instance.Status.Keys = make([]rhtasv1alpha1.TufKey, len(instance.Spec.Keys))
+		instance.Status.Keys = make([]rhtasv1alpha1.TufKey, 0, len(instance.Spec.Keys))
 	}
 	for index, key := range instance.Spec.Keys {
 		k, err := i.handleKey(ctx, instance, &key)
 		if err != nil {
-			instance.Status.Keys[index].SecretRef = nil
 			meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{Type: constants.Ready,
 				Status: v1.ConditionFalse, Reason: constants.Pending, Message: "Resolving keys"})
 
@@ -77,13 +76,22 @@ func (i resolveKeysAction) Handle(ctx context.Context, instance *rhtasv1alpha1.T
 			i.StatusUpdate(ctx, instance)
 			return i.Requeue()
 		}
-		if !reflect.DeepEqual(*k, instance.Status.Keys[index]) {
-			instance.Status.Keys[index] = *k
+		if len(instance.Status.Keys) < index+1 {
+			instance.Status.Keys = append(instance.Status.Keys, *k)
 			meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
 				Type:   key.Name,
 				Status: v1.ConditionTrue,
 				Reason: constants.Ready,
 			})
+		} else {
+			if !reflect.DeepEqual(*k, instance.Status.Keys[index]) {
+				instance.Status.Keys[index] = *k
+				meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{
+					Type:   key.Name,
+					Status: v1.ConditionTrue,
+					Reason: constants.Ready,
+				})
+			}
 		}
 		if index == len(instance.Status.Keys)-1 {
 			meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{Type: constants.Ready,

diff --git a/controllers/tuf/actions/generate_cert_test.go b/controllers/tuf/actions/generate_cert_test.go
@@ -0,0 +1,160 @@
+package actions
+
+import (
+	"context"
+	"testing"
+
+	"github.com/go-logr/logr"
+	. "github.com/onsi/gomega"
+	"github.com/securesign/operator/api/v1alpha1"
+	common "github.com/securesign/operator/controllers/common/action"
+	"github.com/securesign/operator/controllers/common/utils/kubernetes"
+	"github.com/securesign/operator/controllers/constants"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/record"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+var testAction = resolveKeysAction{
+	BaseAction: common.BaseAction{
+		Client:   fake.NewFakeClient(),
+		Recorder: record.NewFakeRecorder(3),
+		Logger:   logr.Logger{},
+	},
+}
+
+var testContext = context.TODO()
+
+func TestKeyAutogenerate(t *testing.T) {
+	g := NewWithT(t)
+
+	testAction.Client.Create(testContext, kubernetes.CreateSecret("testSecret", t.Name(),
+		map[string][]byte{"key": nil}, map[string]string{constants.LabelNamespace + "/rekor.pub": "key"}))
+	instance := &v1alpha1.Tuf{Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{
+		{
+			Name: "rekor.pub",
+		},
+	}},
+		Status: v1alpha1.TufStatus{Conditions: []metav1.Condition{
+			{
+				Type:   constants.Ready,
+				Reason: constants.Pending,
+				Status: metav1.ConditionFalse,
+			},
+		}}}
+	testAction.Handle(testContext, instance)
+
+	g.Expect(len(instance.Status.Keys)).To(Equal(1))
+	g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("testSecret"))
+	g.Expect(instance.Status.Keys[0].SecretRef.Key).To(Equal("key"))
+
+	g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue())
+}
+
+func TestKeyProvided(t *testing.T) {
+	g := NewWithT(t)
+	instance := &v1alpha1.Tuf{Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{
+		{
+			Name: "rekor.pub",
+			SecretRef: &v1alpha1.SecretKeySelector{
+				LocalObjectReference: v1alpha1.LocalObjectReference{
+					Name: "secret",
+				},
+				Key: "key",
+			},
+		},
+	}},
+		Status: v1alpha1.TufStatus{Conditions: []metav1.Condition{
+			{
+				Type:   constants.Ready,
+				Reason: constants.Pending,
+				Status: metav1.ConditionFalse,
+			}}}}
+	testAction.Handle(testContext, instance)
+
+	g.Expect(len(instance.Status.Keys)).To(Equal(1))
+	g.Expect(instance.Status.Keys[0]).To(Equal(instance.Spec.Keys[0]))
+
+	g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue())
+}
+
+func TestKeyUpdate(t *testing.T) {
+	g := NewWithT(t)
+	instance := &v1alpha1.Tuf{
+		Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{
+			{
+				Name: "rekor.pub",
+				SecretRef: &v1alpha1.SecretKeySelector{
+					LocalObjectReference: v1alpha1.LocalObjectReference{
+						Name: "new",
+					},
+					Key: "key",
+				},
+			},
+		}},
+		Status: v1alpha1.TufStatus{Keys: []v1alpha1.TufKey{
+			{
+				Name: "rekor.pub",
+				SecretRef: &v1alpha1.SecretKeySelector{
+					LocalObjectReference: v1alpha1.LocalObjectReference{
+						Name: "old",
+					},
+					Key: "key",
+				},
+			},
+		},
+			Conditions: []metav1.Condition{
+				{
+					Type:   constants.Ready,
+					Reason: constants.Pending,
+					Status: metav1.ConditionFalse,
+				}}}}
+
+	testAction.Handle(testContext, instance)
+
+	g.Expect(len(instance.Status.Keys)).To(Equal(1))
+	g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("new"))
+	g.Expect(instance.Status.Keys[0]).To(Equal(instance.Spec.Keys[0]))
+
+	g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue())
+}
+
+func TestKeyDelete(t *testing.T) {
+	g := NewWithT(t)
+	testAction.Client.Create(testContext, kubernetes.CreateSecret("new", t.Name(),
+		map[string][]byte{"key": nil}, map[string]string{constants.LabelNamespace + "/ctfe.pub": "key"}))
+	instance := &v1alpha1.Tuf{
+		Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{
+			{
+				Name:      "ctfe.pub",
+				SecretRef: nil,
+			},
+		}},
+		Status: v1alpha1.TufStatus{Keys: []v1alpha1.TufKey{
+			{
+				Name: "ctfe.pub",
+				SecretRef: &v1alpha1.SecretKeySelector{
+					LocalObjectReference: v1alpha1.LocalObjectReference{
+						Name: "old",
+					},
+					Key: "key",
+				},
+			},
+		},
+			Conditions: []metav1.Condition{
+				{
+					Type:   constants.Ready,
+					Reason: constants.Pending,
+					Status: metav1.ConditionFalse,
+				},
+			}}}
+
+	testAction.Handle(testContext, instance)
+
+	g.Expect(len(instance.Status.Keys)).To(Equal(1))
+	g.Expect(instance.Status.Keys[0].SecretRef).To(Not(BeNil()))
+	g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("new"))
+
+	g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "ctfe.pub")).To(BeTrue())
+}