From c1b4613356f6d18403213ab621cc09bee98d7dde Mon Sep 17 00:00:00 2001 From: Jan Bouska Date: Tue, 12 Mar 2024 09:14:43 +0100 Subject: [PATCH] Fix validation error --- controllers/tuf/actions/generate_cert.go | 16 +- controllers/tuf/actions/generate_cert_test.go | 160 ++++++++++++++++++ 2 files changed, 172 insertions(+), 4 deletions(-) create mode 100644 controllers/tuf/actions/generate_cert_test.go diff --git a/controllers/tuf/actions/generate_cert.go b/controllers/tuf/actions/generate_cert.go index b287b17ec..0201333a0 100644 --- a/controllers/tuf/actions/generate_cert.go +++ b/controllers/tuf/actions/generate_cert.go @@ -59,12 +59,11 @@ func (i resolveKeysAction) Handle(ctx context.Context, instance *rhtasv1alpha1.T } if cap(instance.Status.Keys) < len(instance.Spec.Keys) { - instance.Status.Keys = make([]rhtasv1alpha1.TufKey, len(instance.Spec.Keys)) + instance.Status.Keys = make([]rhtasv1alpha1.TufKey, 0, len(instance.Spec.Keys)) } for index, key := range instance.Spec.Keys { k, err := i.handleKey(ctx, instance, &key) if err != nil { - instance.Status.Keys[index].SecretRef = nil meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{Type: constants.Ready, Status: v1.ConditionFalse, Reason: constants.Pending, Message: "Resolving keys"}) @@ -77,13 +76,22 @@ func (i resolveKeysAction) Handle(ctx context.Context, instance *rhtasv1alpha1.T i.StatusUpdate(ctx, instance) return i.Requeue() } - if !reflect.DeepEqual(*k, instance.Status.Keys[index]) { - instance.Status.Keys[index] = *k + if len(instance.Status.Keys) < index+1 { + instance.Status.Keys = append(instance.Status.Keys, *k) meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{ Type: key.Name, Status: v1.ConditionTrue, Reason: constants.Ready, }) + } else { + if !reflect.DeepEqual(*k, instance.Status.Keys[index]) { + instance.Status.Keys[index] = *k + meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{ + Type: key.Name, + Status: v1.ConditionTrue, + Reason: constants.Ready, + }) + } } if index == len(instance.Status.Keys)-1 { meta.SetStatusCondition(&instance.Status.Conditions, v1.Condition{Type: constants.Ready, diff --git a/controllers/tuf/actions/generate_cert_test.go b/controllers/tuf/actions/generate_cert_test.go new file mode 100644 index 000000000..a8aef9ef8 --- /dev/null +++ b/controllers/tuf/actions/generate_cert_test.go @@ -0,0 +1,160 @@ +package actions + +import ( + "context" + "testing" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + "github.com/securesign/operator/api/v1alpha1" + common "github.com/securesign/operator/controllers/common/action" + "github.com/securesign/operator/controllers/common/utils/kubernetes" + "github.com/securesign/operator/controllers/constants" + "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +var testAction = resolveKeysAction{ + BaseAction: common.BaseAction{ + Client: fake.NewFakeClient(), + Recorder: record.NewFakeRecorder(3), + Logger: logr.Logger{}, + }, +} + +var testContext = context.TODO() + +func TestKeyAutogenerate(t *testing.T) { + g := NewWithT(t) + + testAction.Client.Create(testContext, kubernetes.CreateSecret("testSecret", t.Name(), + map[string][]byte{"key": nil}, map[string]string{constants.LabelNamespace + "/rekor.pub": "key"})) + instance := &v1alpha1.Tuf{Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{ + { + Name: "rekor.pub", + }, + }}, + Status: v1alpha1.TufStatus{Conditions: []metav1.Condition{ + { + Type: constants.Ready, + Reason: constants.Pending, + Status: metav1.ConditionFalse, + }, + }}} + testAction.Handle(testContext, instance) + + g.Expect(len(instance.Status.Keys)).To(Equal(1)) + g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("testSecret")) + g.Expect(instance.Status.Keys[0].SecretRef.Key).To(Equal("key")) + + g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue()) +} + +func TestKeyProvided(t *testing.T) { + g := NewWithT(t) + instance := &v1alpha1.Tuf{Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{ + { + Name: "rekor.pub", + SecretRef: &v1alpha1.SecretKeySelector{ + LocalObjectReference: v1alpha1.LocalObjectReference{ + Name: "secret", + }, + Key: "key", + }, + }, + }}, + Status: v1alpha1.TufStatus{Conditions: []metav1.Condition{ + { + Type: constants.Ready, + Reason: constants.Pending, + Status: metav1.ConditionFalse, + }}}} + testAction.Handle(testContext, instance) + + g.Expect(len(instance.Status.Keys)).To(Equal(1)) + g.Expect(instance.Status.Keys[0]).To(Equal(instance.Spec.Keys[0])) + + g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue()) +} + +func TestKeyUpdate(t *testing.T) { + g := NewWithT(t) + instance := &v1alpha1.Tuf{ + Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{ + { + Name: "rekor.pub", + SecretRef: &v1alpha1.SecretKeySelector{ + LocalObjectReference: v1alpha1.LocalObjectReference{ + Name: "new", + }, + Key: "key", + }, + }, + }}, + Status: v1alpha1.TufStatus{Keys: []v1alpha1.TufKey{ + { + Name: "rekor.pub", + SecretRef: &v1alpha1.SecretKeySelector{ + LocalObjectReference: v1alpha1.LocalObjectReference{ + Name: "old", + }, + Key: "key", + }, + }, + }, + Conditions: []metav1.Condition{ + { + Type: constants.Ready, + Reason: constants.Pending, + Status: metav1.ConditionFalse, + }}}} + + testAction.Handle(testContext, instance) + + g.Expect(len(instance.Status.Keys)).To(Equal(1)) + g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("new")) + g.Expect(instance.Status.Keys[0]).To(Equal(instance.Spec.Keys[0])) + + g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "rekor.pub")).To(BeTrue()) +} + +func TestKeyDelete(t *testing.T) { + g := NewWithT(t) + testAction.Client.Create(testContext, kubernetes.CreateSecret("new", t.Name(), + map[string][]byte{"key": nil}, map[string]string{constants.LabelNamespace + "/ctfe.pub": "key"})) + instance := &v1alpha1.Tuf{ + Spec: v1alpha1.TufSpec{Keys: []v1alpha1.TufKey{ + { + Name: "ctfe.pub", + SecretRef: nil, + }, + }}, + Status: v1alpha1.TufStatus{Keys: []v1alpha1.TufKey{ + { + Name: "ctfe.pub", + SecretRef: &v1alpha1.SecretKeySelector{ + LocalObjectReference: v1alpha1.LocalObjectReference{ + Name: "old", + }, + Key: "key", + }, + }, + }, + Conditions: []metav1.Condition{ + { + Type: constants.Ready, + Reason: constants.Pending, + Status: metav1.ConditionFalse, + }, + }}} + + testAction.Handle(testContext, instance) + + g.Expect(len(instance.Status.Keys)).To(Equal(1)) + g.Expect(instance.Status.Keys[0].SecretRef).To(Not(BeNil())) + g.Expect(instance.Status.Keys[0].SecretRef.Name).To(Equal("new")) + + g.Expect(meta.IsStatusConditionTrue(instance.Status.Conditions, "ctfe.pub")).To(BeTrue()) +}