securesign · openshift-merge-bot · Jun 26, 2024 · Jun 25, 2024
diff --git a/internal/controller/common/utils/set_proxy.go b/internal/controller/common/utils/set_proxy.go
@@ -0,0 +1,13 @@
+package utils
+
+import (
+	"github.com/operator-framework/operator-lib/proxy"
+	appsv1 "k8s.io/api/apps/v1"
+)
+
+// SetProxyEnvs set the standard environment variables for proxys "HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"
+func SetProxyEnvs(dep *appsv1.Deployment) {
+	for i, container := range dep.Spec.Template.Spec.Containers {
+		dep.Spec.Template.Spec.Containers[i].Env = append(container.Env, proxy.ReadProxyVarsFromEnv()...)
+	}
+}
diff --git a/internal/controller/common/utils/set_proxy_test.go b/internal/controller/common/utils/set_proxy_test.go
@@ -0,0 +1,66 @@
+package utils
+
+import (
+	"testing"
+
+	. "github.com/onsi/gomega"
+
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+)
+
+// Mock function to simulate proxy.ReadProxyVarsFromEnv
+func mockReadProxyVarsFromEnv() []corev1.EnvVar {
+	return []corev1.EnvVar{
+		{Name: "HTTP_PROXY", Value: "http://proxy.example.com"},
+		{Name: "http_proxy", Value: "http://proxy.example.com"},
+		{Name: "HTTPS_PROXY", Value: "https://proxy.example.com"},
+		{Name: "https_proxy", Value: "https://proxy.example.com"},
+		{Name: "NO_PROXY", Value: "localhost,127.0.0.1"},
+		{Name: "no_proxy", Value: "localhost,127.0.0.1"},
+	}
+}
+
+func TestSetProxyEnvs(t *testing.T) {
+	g := NewWithT(t)
+	defaultEnv := []corev1.EnvVar{
+		{
+			Name:  "answer",
+			Value: "42",
+		},
+	}
+
+	// Define a mock deployment
+	dep := &appsv1.Deployment{
+		Spec: appsv1.DeploymentSpec{
+			Template: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{
+							Name: "test-container",
+							Env:  defaultEnv,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	SetProxyEnvs(dep)
+
+	g.Expect(dep.Spec.Template.Spec.Containers).ShouldNot(BeNil())
+	g.Expect(dep.Spec.Template.Spec.Containers[0].Env).Should(HaveLen(1))
+	g.Expect(dep.Spec.Template.Spec.Containers[0].Env).Should(BeEquivalentTo(defaultEnv))
+
+	for _, e := range mockReadProxyVarsFromEnv() {
+		t.Setenv(e.Name, e.Value)
+	}
+
+	SetProxyEnvs(dep)
+
+	expectedEnvVars := append(defaultEnv, mockReadProxyVarsFromEnv()...)
+
+	g.Expect(dep.Spec.Template.Spec.Containers).ShouldNot(BeNil())
+	g.Expect(dep.Spec.Template.Spec.Containers[0].Env).Should(HaveLen(7))
+	g.Expect(dep.Spec.Template.Spec.Containers[0].Env).Should(BeEquivalentTo(expectedEnvVars))
+}
diff --git a/internal/controller/ctlog/utils/ctlog_deployment.go b/internal/controller/ctlog/utils/ctlog_deployment.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 
 	"github.com/securesign/operator/api/v1alpha1"
+	"github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/constants"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -17,7 +18,7 @@ func CreateDeployment(instance *v1alpha1.CTlog, deploymentName string, sa string
 	}
 	replicas := int32(1)
 	// Define a new Deployment object
-	return &appsv1.Deployment{
+	dep := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      deploymentName,
 			Namespace: instance.Namespace,
@@ -102,5 +103,7 @@ func CreateDeployment(instance *v1alpha1.CTlog, deploymentName string, sa string
 				},
 			},
 		},
-	}, nil
+	}
+	utils.SetProxyEnvs(dep)
+	return dep, nil
 }
diff --git a/internal/controller/fulcio/utils/fulcio_deployment.go b/internal/controller/fulcio/utils/fulcio_deployment.go
@@ -88,7 +88,7 @@ func CreateDeployment(instance *v1alpha1.Fulcio, deploymentName string, sa strin
 		})
 	}
 
-	return &appsv1.Deployment{
+	dep := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      deploymentName,
 			Namespace: instance.Namespace,
@@ -229,5 +229,7 @@ func CreateDeployment(instance *v1alpha1.Fulcio, deploymentName string, sa strin
 				},
 			},
 		},
-	}, nil
+	}
+	utils.SetProxyEnvs(dep)
+	return dep, nil
 }
diff --git a/internal/controller/rekor/utils/redis_deployment.go b/internal/controller/rekor/utils/redis_deployment.go
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/constants"
 	apps "k8s.io/api/apps/v1"
 	core "k8s.io/api/core/v1"
@@ -10,7 +11,7 @@ import (
 func CreateRedisDeployment(namespace string, dpName string, sa string, labels map[string]string) *apps.Deployment {
 	replicas := int32(1)
 	// Define a new Namespace object
-	return &apps.Deployment{
+	dep := &apps.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      dpName,
 			Namespace: namespace,
@@ -74,4 +75,6 @@ func CreateRedisDeployment(namespace string, dpName string, sa string, labels ma
 			},
 		},
 	}
+	utils.SetProxyEnvs(dep)
+	return dep
 }
diff --git a/internal/controller/rekor/utils/rekor_deployment.go b/internal/controller/rekor/utils/rekor_deployment.go
@@ -6,6 +6,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 
 	"github.com/securesign/operator/api/v1alpha1"
+	"github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/constants"
 	apps "k8s.io/api/apps/v1"
 	core "k8s.io/api/core/v1"
@@ -124,7 +125,7 @@ func CreateRekorDeployment(instance *v1alpha1.Rekor, dpName string, sa string, l
 	//TODO mount additional ENV variables and secrets to enable cloud KMS service
 
 	replicas := int32(1)
-	return &apps.Deployment{
+	dep := &apps.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      dpName,
 			Namespace: instance.Namespace,
@@ -193,5 +194,7 @@ func CreateRekorDeployment(instance *v1alpha1.Rekor, dpName string, sa string, l
 				Type: "Recreate",
 			},
 		},
-	}, nil
+	}
+	utils.SetProxyEnvs(dep)
+	return dep, nil
 }
diff --git a/internal/controller/trillian/utils/trillian-deployment.go b/internal/controller/trillian/utils/trillian-deployment.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 
 	"github.com/securesign/operator/api/v1alpha1"
+	"github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/constants"
 	apps "k8s.io/api/apps/v1"
 	core "k8s.io/api/core/v1"
@@ -15,7 +16,7 @@ func CreateTrillDeployment(instance *v1alpha1.Trillian, image string, dpName str
 		return nil, errors.New("reference to database secret is not set")
 	}
 	replicas := int32(1)
-	return &apps.Deployment{
+	dep := &apps.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      dpName,
 			Namespace: instance.Namespace,
@@ -148,5 +149,7 @@ func CreateTrillDeployment(instance *v1alpha1.Trillian, image string, dpName str
 				},
 			},
 		},
-	}, nil
+	}
+	utils.SetProxyEnvs(dep)
+	return dep, nil
 }
diff --git a/internal/controller/tuf/utils/tuf_deployment.go b/internal/controller/tuf/utils/tuf_deployment.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"github.com/securesign/operator/api/v1alpha1"
+	"github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/constants"
 	apps "k8s.io/api/apps/v1"
 	core "k8s.io/api/core/v1"
@@ -38,7 +39,7 @@ func selectorToProjection(secret *v1alpha1.SecretKeySelector, path string) *core
 
 func CreateTufDeployment(instance *v1alpha1.Tuf, dpName string, sa string, labels map[string]string) *apps.Deployment {
 	replicas := int32(1)
-	return &apps.Deployment{
+	dep := &apps.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      dpName,
 			Namespace: instance.Namespace,
@@ -91,4 +92,6 @@ func CreateTufDeployment(instance *v1alpha1.Tuf, dpName string, sa string, label
 			},
 		},
 	}
+	utils.SetProxyEnvs(dep)
+	return dep
 }