diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index de8aff7de..b3f31de14 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -108,10 +108,6 @@ type APIServer struct { // provide a PEM formatted CA bundle to be injected into the DSP // server pod to trust this connection. CA Bundle should be provided // as values within configmaps, mapped to keys. - // - // Note that if a global cert via ODH or the User is provided in this DSPA's - // namespace with the name "odh-trusted-ca-bundle", then that configmap - // is automatically used instead, and "caBundle" is ignored. CABundle *CABundle `json:"cABundle,omitempty"` } diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index ffb5567de..63c923c99 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -62,15 +62,11 @@ spec: description: 'Default: true' type: boolean cABundle: - description: "If the Object store/DB is behind a TLS secured connection + description: If the Object store/DB is behind a TLS secured connection that is unrecognized by the host OpenShift/K8s cluster, then you can provide a PEM formatted CA bundle to be injected into the DSP server pod to trust this connection. CA Bundle should - be provided as values within configmaps, mapped to keys. \n - Note that if a global cert via ODH or the User is provided in - this DSPA's namespace with the name \"odh-trusted-ca-bundle\", - then that configmap is automatically used instead, and \"caBundle\" - is ignored." + be provided as values within configmaps, mapped to keys. properties: configMapKey: description: Key should map to a CA bundle. The key is also diff --git a/config/internal/apiserver/artifact_script.yaml.tmpl b/config/internal/apiserver/artifact_script.yaml.tmpl index 731cea1de..15320a760 100644 --- a/config/internal/apiserver/artifact_script.yaml.tmpl +++ b/config/internal/apiserver/artifact_script.yaml.tmpl @@ -8,8 +8,8 @@ data: artifact_name=$(basename $2) aws_cp() { -{{ if .APIServer.CABundle }} - aws s3 --endpoint {{.ObjectStorageConnection.Endpoint}} --ca-bundle {{ .PiplinesCABundleMountPath }}/{{ .APIServer.CABundle.ConfigMapKey }} cp $1.tgz s3://{{.ObjectStorageConnection.Bucket}}/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz +{{ if .CustomCABundle }} + aws s3 --endpoint {{.ObjectStorageConnection.Endpoint}} --ca-bundle {{ .PiplinesCABundleMountPath }} cp $1.tgz s3://{{.ObjectStorageConnection.Bucket}}/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz {{ else }} aws s3 --endpoint {{.ObjectStorageConnection.Endpoint}} cp $1.tgz s3://{{.ObjectStorageConnection.Bucket}}/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz {{ end }} diff --git a/config/internal/apiserver/deployment.yaml.tmpl b/config/internal/apiserver/deployment.yaml.tmpl index 3e00ec6aa..ea0e12ee7 100644 --- a/config/internal/apiserver/deployment.yaml.tmpl +++ b/config/internal/apiserver/deployment.yaml.tmpl @@ -50,13 +50,13 @@ spec: value: "{{.APIServer.ArtifactImage}}" - name: ARCHIVE_LOGS value: "{{.APIServer.ArchiveLogs}}" - {{ if .APIServer.CABundle }} + {{ if .CustomCABundle }} - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME - value: "{{.APIServer.CABundle.ConfigMapName}}" + value: "{{.CustomCABundle.ConfigMapName}}" - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY - value: "{{.APIServer.CABundle.ConfigMapKey}}" + value: "{{.CustomCABundle.ConfigMapKey}}" - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH - value: {{ .PiplinesCABundleMountPath }} + value: {{ .CustomCABundleRootMountPath }} {{ end }} - name: TRACK_ARTIFACTS value: "{{.APIServer.TrackArtifacts}}" @@ -102,6 +102,10 @@ spec: value: "{{.APIServer.CacheImage}}" - name: MOVERESULTS_IMAGE value: "{{.APIServer.MoveResultsImage}}" + {{ if .CustomSSLCertDir }} + - name: SSL_CERT_DIR + value: {{.CustomSSLCertDir}} + {{ end }} image: {{.APIServer.Image}} imagePullPolicy: Always name: ds-pipeline-api-server @@ -153,7 +157,7 @@ spec: memory: {{.APIServer.Resources.Limits.Memory}} {{ end }} {{ end }} - {{ if or .APIServer.EnableSamplePipeline .APIServer.CABundle }} + {{ if or .APIServer.EnableSamplePipeline .CustomCABundle }} volumeMounts: - name: server-config mountPath: /config/config.json @@ -165,8 +169,8 @@ spec: - name: sample-pipeline mountPath: /samples/ {{ end }} - {{ if .APIServer.CABundle }} - - mountPath: {{ .APIServerPiplinesCABundleMountPath }} + {{ if .CustomCABundle }} + - mountPath: {{ .CustomCABundleRootMountPath }} name: ca-bundle {{ end }} {{ end }} @@ -226,13 +230,10 @@ spec: - name: server-config configMap: name: pipeline-server-config-{{.Name}} - {{ if .APIServer.CABundle }} + {{ if .CustomCABundle }} - name: ca-bundle configMap: - name: {{ .APIServer.CABundle.ConfigMapName }} - items: - - key: {{ .APIServer.CABundle.ConfigMapKey }} - path: {{ .APIServer.CABundle.ConfigMapKey }} + name: {{ .CustomCABundle.ConfigMapName }} {{ end }} {{ if .APIServer.EnableSamplePipeline }} - name: sample-config diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go index 7f29e2de6..9834cd83e 100644 --- a/controllers/config/defaults.go +++ b/controllers/config/defaults.go @@ -17,6 +17,7 @@ limitations under the License. package config import ( + "fmt" dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" "github.com/spf13/viper" "k8s.io/apimachinery/pkg/api/resource" @@ -24,17 +25,16 @@ import ( ) const ( - DefaultImageValue = "MustSetInConfig" - APIServerPiplinesCABundleMountPath = "/etc/pki/tls/certs" - PiplinesCABundleMountPath = "/etc/pki/tls/certs" + DefaultImageValue = "MustSetInConfig" - // GlobalCaBundleConfigMapName key and label values are a contract with + CustomCABundleRootMountPath = "/dsp-custom-certs" + + // GlobalODHCaBundleConfigMapName key and label values are a contract with // ODH Platform https://github.com/opendatahub-io/architecture-decision-records/pull/28 - GlobalCaBundleConfigMapName = "odh-trusted-ca-bundle" + GlobalODHCaBundleConfigMapName = "odh-trusted-ca-bundle" - // GlobalCaBundleConfigMapKey is the key provided by the configmap created via OCP Cluster Network Operator - // https://docs.openshift.com/container-platform/4.14/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki - GlobalCaBundleConfigMapKey = "ca-bundle.crt" + CustomDSPTrustedCAConfigMapNamePrefix = "dsp-trusted-ca" + CustomDSPTrustedCAConfigMapKey = "dsp-ca.crt" MLPipelineUIConfigMapPrefix = "ds-pipeline-ui-configmap-" ArtifactScriptConfigMapNamePrefix = "ds-pipeline-artifact-script-" @@ -169,3 +169,12 @@ func GetDurationConfigWithDefault(configName string, value time.Duration) time.D } return viper.GetDuration(configName) } + +// GetCABundleFileMountPath provides the location in pipeline step-copy-artifact step where the +// ca bundle is mounted for aws cli to connect to s3 store. +// Since pipeline step-copy-artifact step uses aws cli, and there are issues surrounding +// passing a path to aws cli (see: https://github.com/aws/aws-cli/issues/3425#issuecomment-402289636) +// as such for pipelines, we concatenate the certs into a single cert bundle and use a separate configmap for this +func GetCABundleFileMountPath() string { + return fmt.Sprintf("%s/%s", CustomCABundleRootMountPath, CustomDSPTrustedCAConfigMapKey) +} diff --git a/controllers/database.go b/controllers/database.go index 92c7bd0cd..520afcbb1 100644 --- a/controllers/database.go +++ b/controllers/database.go @@ -41,7 +41,7 @@ var dbTemplates = []string{ dbSecret, } -func tLSClientConfig(pem []byte) (*cryptoTls.Config, error) { +func tLSClientConfig(pems [][]byte) (*cryptoTls.Config, error) { rootCertPool := x509.NewCertPool() if f := os.Getenv("SSL_CERT_FILE"); f != "" { @@ -51,8 +51,10 @@ func tLSClientConfig(pem []byte) (*cryptoTls.Config, error) { } } - if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { - return nil, fmt.Errorf("error parsing CA Certificate, ensure provided certs are in valid PEM format") + for _, pem := range pems { + if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { + return nil, fmt.Errorf("error parsing CA Certificate, ensure provided certs are in valid PEM format") + } } tlsConfig := &cryptoTls.Config{ RootCAs: rootCertPool, @@ -88,7 +90,7 @@ var ConnectAndQueryDatabase = func( host string, log logr.Logger, port, username, password, dbname, tls string, - pemCerts []byte, + pemCerts [][]byte, extraParams map[string]string) (bool, error) { mysqlConfig := createMySQLConfig( diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index d476fa1a8..043eff021 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -17,11 +17,14 @@ limitations under the License. package controllers import ( + "bytes" "context" "encoding/base64" "fmt" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/json" "math/rand" + "strings" "time" "github.com/go-logr/logr" @@ -41,11 +44,8 @@ type DSPAParams struct { Namespace string Owner mf.Owner APIServer *dspa.APIServer - APIServerPiplinesCABundleMountPath string - PiplinesCABundleMountPath string APIServerDefaultResourceName string APIServerServiceName string - APICustomPemCerts []byte OAuthProxy string ScheduledWorkflow *dspa.ScheduledWorkflow ScheduledWorkflowDefaultResourceName string @@ -57,6 +57,23 @@ type DSPAParams struct { MLMD *dspa.MLMD DBConnection ObjectStorageConnection + + // TLS + // The CA bundle path used by API server + CustomCABundleRootMountPath string + // This path is used by API server to also look + // for CustomCABundleRootMountPath when + // verifying certs + CustomSSLCertDir *string + // The CA bundle path found in the pipeline pods + PiplinesCABundleMountPath string + // Collects all certs from user & global certs + APICustomPemCerts [][]byte + // Source of truth for the DSP cert configmap details + // If this is defined, then we assume we have additional certs + // we need to leverage for tls connections within dsp apiserver + // pipeline pods + CustomCABundle *dspa.CABundle } type DBConnection struct { @@ -463,8 +480,8 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip p.Minio = dsp.Spec.ObjectStorage.Minio.DeepCopy() p.OAuthProxy = config.GetStringConfigWithDefault(config.OAuthProxyImagePath, config.DefaultImageValue) p.MLMD = dsp.Spec.MLMD.DeepCopy() - p.APIServerPiplinesCABundleMountPath = config.APIServerPiplinesCABundleMountPath - p.PiplinesCABundleMountPath = config.PiplinesCABundleMountPath + p.CustomCABundleRootMountPath = config.CustomCABundleRootMountPath + p.PiplinesCABundleMountPath = config.GetCABundleFileMountPath() log := loggr.WithValues("namespace", p.Namespace).WithValues("dspa_name", p.Name) @@ -479,7 +496,6 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip setStringDefault(artifactImageFromConfig, &p.APIServer.ArtifactImage) setStringDefault(cacheImageFromConfig, &p.APIServer.CacheImage) setStringDefault(moveResultsImageFromConfig, &p.APIServer.MoveResultsImage) - setResourcesDefault(config.APIServerResourceRequirements, &p.APIServer.Resources) if p.APIServer.ArtifactScriptConfigMap == nil { @@ -490,38 +506,96 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip } // Check for Global certs - // If it exists, we use this cert - // If no global cert provided, check if a custom bundle is provided via the DSPA - globalCABundleCFGMapKey, globalCABundleCFGMapName := config.GlobalCaBundleConfigMapKey, config.GlobalCaBundleConfigMapName - err, globalCerVal := util.GetConfigMapValue(ctx, globalCABundleCFGMapKey, globalCABundleCFGMapName, p.Namespace, client, log) - if err != nil && apierrs.IsNotFound(err) { + // If it exists, include this cert for tls verifications + globalCABundleCFGMapName := config.GlobalODHCaBundleConfigMapName + err, globalCerts := util.GetConfigMapValues(ctx, globalCABundleCFGMapName, p.Namespace, client) + if err != nil { // If the global cert configmap is not available, that is OK - // proceed to check if the user has provided their - // own configmap via DSPA config - if p.APIServer.CABundle != nil { - dspaCaBundleCfgKey, dspaCaBundleCfgName := p.APIServer.CABundle.ConfigMapKey, p.APIServer.CABundle.ConfigMapName - dspaCACfgErr, dspaProvidedCABundle := util.GetConfigMapValue(ctx, dspaCaBundleCfgKey, dspaCaBundleCfgName, p.Namespace, client, log) - if dspaCACfgErr != nil && apierrs.IsNotFound(dspaCACfgErr) { - log.Info(fmt.Sprintf("ConfigMap [%s] was not found in namespace [%s]", dspaCaBundleCfgKey, p.Namespace)) - return dspaCACfgErr - } else if dspaCACfgErr != nil { - log.Info(fmt.Sprintf("Encountered error when attempting to fetch ConfigMap: [%s], Error: %v", dspaCaBundleCfgName, dspaCACfgErr)) - return dspaCACfgErr - } - p.APICustomPemCerts = []byte(dspaProvidedCABundle) + if !apierrs.IsNotFound(err) { + log.Info(fmt.Sprintf("Encountered error when attempting to fetch ConfigMap: [%s], Error: %v", globalCABundleCFGMapName, err)) + return err } - } else if err != nil { - log.Info(fmt.Sprintf("Encountered error when attempting to fetch ConfigMap: [%s], Error: %v", globalCABundleCFGMapKey, err)) - return err } else { // Found a global cert, consume this cert, takes precedence over "cABundle" provided via DSPA - log.Info(fmt.Sprintf("Found global CA Bundle %s present in this namespace %s, this cert will be "+ - "included to verify external tls connections in this DSPA.", config.GlobalCaBundleConfigMapName, p.Namespace)) - p.APICustomPemCerts = []byte(globalCerVal) - p.APIServer.CABundle = &dspa.CABundle{ - ConfigMapName: config.GlobalCaBundleConfigMapName, - ConfigMapKey: config.GlobalCaBundleConfigMapKey, + log.Info(fmt.Sprintf("Found global CA Bundle %s present in this namespace %s, this bundle will be included in external tls connections.", config.GlobalODHCaBundleConfigMapName, p.Namespace)) + // "odh-trusted-ca-bundle" can have fields: "odh-ca-bundle.crt" and "ca-bundle.crt", we need to utilize both + for _, val := range globalCerts { + p.APICustomPemCerts = append(p.APICustomPemCerts, []byte(val)) + } + } + + // If user provided a CA bundle, include this in tls verification + if p.APIServer.CABundle != nil { + dspaCaBundleCfgKey, dspaCaBundleCfgName := p.APIServer.CABundle.ConfigMapKey, p.APIServer.CABundle.ConfigMapName + dspaCACfgErr, dspaProvidedCABundle := util.GetConfigMapValue(ctx, dspaCaBundleCfgKey, dspaCaBundleCfgName, p.Namespace, client, log) + if dspaCACfgErr != nil && apierrs.IsNotFound(dspaCACfgErr) { + log.Info(fmt.Sprintf("ConfigMap [%s] was not found in namespace [%s]", dspaCaBundleCfgKey, p.Namespace)) + return dspaCACfgErr + } else if dspaCACfgErr != nil { + log.Info(fmt.Sprintf("Encountered error when attempting to fetch ConfigMap: [%s], Error: %v", dspaCaBundleCfgName, dspaCACfgErr)) + return dspaCACfgErr + } + p.APICustomPemCerts = append(p.APICustomPemCerts, []byte(dspaProvidedCABundle)) + } + + // There are situations where global & user provided certs, or a provided ca trust configmap(s) have various trust bundles + // (for example in the case of "odh-trusted-ca-bundle") there is "odh-ca-bundle.crt" and "ca-bundle.crt". + // We create a separate configmap and concatenate all the certs into a single bundle, because passing a + // full path into the pipeline doesn't seem to work with aws cli used for artifact passing + // Ref: https://github.com/aws/aws-cli/issues/3425#issuecomment-402289636 + + // If user or global CABundle has been provided + // 1) create the dsp-trusted-ca configmap + // 2) populate CustomCABundle SOT var for pipeline pods and artifact script to utilize during templating + // 3) set ssl_cert_dir for api server + if len(p.APICustomPemCerts) > 0 { + p.CustomCABundle = &dspa.CABundle{ + ConfigMapKey: config.CustomDSPTrustedCAConfigMapKey, + ConfigMapName: fmt.Sprintf("%s-%s", config.CustomDSPTrustedCAConfigMapNamePrefix, p.Name), + } + + // Combine certs into a single configmap field + customCABundleCert := &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: p.CustomCABundle.ConfigMapName, + Namespace: p.Namespace, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: dsp.APIVersion, + Kind: dsp.Kind, + Name: dsp.Name, + UID: dsp.UID, + Controller: util.BoolPointer(true), + BlockOwnerDeletion: util.BoolPointer(true), + }, + }, + }, + + Data: map[string]string{ + p.CustomCABundle.ConfigMapKey: string(bytes.Join(p.APICustomPemCerts, []byte{})), + }, + } + + err := client.Create(ctx, customCABundleCert) + if apierrs.IsAlreadyExists(err) { + err := client.Update(ctx, customCABundleCert) + if err != nil { + return err + } + } else if err != nil { + return err + } + + // We need to update the default SSL_CERT_DIR to include + // dsp custom cert path, used by DSP Api Server + var certDirectories = []string{ + config.CustomCABundleRootMountPath, + "/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139 + "/etc/pki/tls/certs", // Fedora/RHEL } + // SSL_CERT_DIR accepts a colon separated list of directories + sslCertDir := strings.Join(certDirectories, ":") + p.CustomSSLCertDir = &sslCertDir } } diff --git a/controllers/storage.go b/controllers/storage.go index b6e1d4845..3d4c3ac0f 100644 --- a/controllers/storage.go +++ b/controllers/storage.go @@ -69,10 +69,10 @@ func createCredentialProvidersChain(accessKey, secretKey string) *credentials.Cr return credentials.New(&credentials.Chain{Providers: providers}) } -func getHttpsTransportWithCACert(log logr.Logger, pemCerts []byte) (*http.Transport, error) { +func getHttpsTransportWithCACert(log logr.Logger, pemCerts [][]byte) (*http.Transport, error) { transport, err := minio.DefaultTransport(true) if err != nil { - return nil, fmt.Errorf("Error creating default transport : %s", err) + return nil, fmt.Errorf("error creating default transport : %s", err) } if transport.TLSClientConfig.RootCAs == nil { @@ -85,13 +85,21 @@ func getHttpsTransportWithCACert(log logr.Logger, pemCerts []byte) (*http.Transp } } - if ok := transport.TLSClientConfig.RootCAs.AppendCertsFromPEM(pemCerts); !ok { - return nil, fmt.Errorf("error parsing CA Certificate, ensure provided certs are in valid PEM format") + for _, pem := range pemCerts { + if ok := transport.TLSClientConfig.RootCAs.AppendCertsFromPEM(pem); !ok { + return nil, fmt.Errorf("error parsing CA Certificate, ensure provided certs are in valid PEM format") + } } return transport, nil } -var ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { +var ConnectAndQueryObjStore = func( + ctx context.Context, + log logr.Logger, + endpoint, bucket string, + accesskey, secretkey []byte, + secure bool, + pemCerts [][]byte) bool { cred := createCredentialProvidersChain(string(accesskey), string(secretkey)) opts := &minio.Options{ diff --git a/controllers/storage_test.go b/controllers/storage_test.go index f2dfed106..a215be860 100644 --- a/controllers/storage_test.go +++ b/controllers/storage_test.go @@ -189,7 +189,7 @@ func TestDefaultDeployBehaviorStorage(t *testing.T) { func TestIsDatabaseAccessibleTrue(t *testing.T) { // Override the live connection function with a mock version - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return true } @@ -227,7 +227,7 @@ func TestIsDatabaseAccessibleTrue(t *testing.T) { func TestIsDatabaseNotAccessibleFalse(t *testing.T) { // Override the live connection function with a mock version - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return false } @@ -265,7 +265,7 @@ func TestIsDatabaseNotAccessibleFalse(t *testing.T) { func TestDisabledHealthCheckReturnsTrue(t *testing.T) { // Override the live connection function with a mock version that would always return false if called - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return false } @@ -305,7 +305,7 @@ func TestDisabledHealthCheckReturnsTrue(t *testing.T) { func TestIsDatabaseAccessibleBadAccessKey(t *testing.T) { // Override the live connection function with a mock version - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return true } @@ -343,7 +343,7 @@ func TestIsDatabaseAccessibleBadAccessKey(t *testing.T) { func TestIsDatabaseAccessibleBadSecretKey(t *testing.T) { // Override the live connection function with a mock version - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return true } @@ -467,12 +467,14 @@ S9IA40yOaVHMI51Fr1i1EIWvP8oJY8rAPWq45JnfFen3tOqKfw== ` _, _, reconciler := CreateNewTestObjects() - transport, err := getHttpsTransportWithCACert(reconciler.Log, []byte(validCert)) + validCerts := [][]byte{[]byte(validCert)} + transport, err := getHttpsTransportWithCACert(reconciler.Log, validCerts) assert.Nil(t, err) assert.NotNil(t, transport) invalidCert := "invalidCert" - transport, err = getHttpsTransportWithCACert(reconciler.Log, []byte(invalidCert)) + invalidCerts := [][]byte{[]byte(invalidCert)} + transport, err = getHttpsTransportWithCACert(reconciler.Log, invalidCerts) assert.NotNil(t, err) assert.Nil(t, transport) } diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 8adfd9d55..1faaa9f47 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -73,10 +73,10 @@ func TestAPIs(t *testing.T) { var _ = BeforeEach(func() { By("Overriding the Database and Object Store live connection functions with trivial stubs") - ConnectAndQueryDatabase = func(host string, log logr.Logger, port, username, password, dbname, tls string, pemCerts []byte, extraParams map[string]string) (bool, error) { + ConnectAndQueryDatabase = func(host string, log logr.Logger, port, username, password, dbname, tls string, pemCerts [][]byte, extraParams map[string]string) (bool, error) { return true, nil } - ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts []byte) bool { + ConnectAndQueryObjStore = func(ctx context.Context, log logr.Logger, endpoint, bucket string, accesskey, secretkey []byte, secure bool, pemCerts [][]byte) bool { return true } }) diff --git a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml index 0b36acbab..85f4c3774 100644 --- a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml +++ b/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml @@ -3,4 +3,36 @@ apiVersion: v1 metadata: name: testcabundleconfigmap6 data: - testcabundleconfigmapkey6.crt: testcabundleconfigmapvalue6 + testcabundleconfigmapkey6.crt: | + -----BEGIN CERTIFICATE----- + MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI + oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW + MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr + 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd + te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies + 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8 + gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT + worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/ + voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ + SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP + XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf + BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud + EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy + aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j + YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B + AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk + RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe + 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz + nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z + xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC + a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC + xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2 + gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy + IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7 + bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub + a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs= + -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml new file mode 100644 index 000000000..93952f57d --- /dev/null +++ b/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml @@ -0,0 +1,159 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: odh-trusted-ca-bundle +data: + ca-bundle.crt: | + -----BEGIN CERTIFICATE----- + MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX + FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH + nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA + +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf + R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk + NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT + Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap + wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV + MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l + Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 + gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD + VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC + hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB + AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G + S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD + gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN + yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz + j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD + jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH + HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt + NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC + z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v + WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk + 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B + -----END CERTIFICATE----- + odh-ca-bundle.crt: | + -----BEGIN CERTIFICATE----- + MIIDMjCCAhqgAwIBAgIISNJDOcjL57gwDQYJKoZIhvcNAQELBQAwNzESMBAGA1UE + CxMJb3BlbnNoaWZ0MSEwHwYDVQQDExhrdWJlLWFwaXNlcnZlci1sYi1zaWduZXIw + HhcNMjMxMDE2MTgxMTE4WhcNMzMxMDEzMTgxMTE4WjA3MRIwEAYDVQQLEwlvcGVu + c2hpZnQxITAfBgNVBAMTGGt1YmUtYXBpc2VydmVyLWxiLXNpZ25lcjCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5tQll535udP/3QfT3dLf4I0bKiYqiJ + OgH7zCJA8oYgFrz8uILbEqnf4822WUDVgrHTD79A98Iu50VmFyvobzuKrJmIn4Xt + bk1E/H3ZB6D7mIMoLGAoje/WwFNte6BIdVWKBjbrqCIlTV1XsmDibq+CD6Pj7arr + 9jxU6L0rjwg2xBbzkfuTTsly4R/QsS6nHRtJanLDLP7hz1hJ84SF7ly1yx0hEhRf + DU5wJSSTzOBXwGku5szrfxvGE1XNmdRMVuFcP4iJZPMC1vJ16it5vss61gjwg90e + epa7xEhc5fLgpowno13BYRnQ9hI2UlR8wqRM2n02zr+w0ALVRXS5iS0CAwEAAaNC + MEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI7i + uAQuSye0b7v2XuTGC+VZ70dqMA0GCSqGSIb3DQEBCwUAA4IBAQANGpMZtBbYirZf + sUPc4bF6RG1J+Fi+RwHLKJaMfeaM8cTORH6sUl13rUXFX4b5i7JVoV0hTtD5jVen + f3PLudx+5iM+Ejxis1my4Odvy5D4DmZqQBmSfysrlczHY4kSbWWPDxFLfb0fCLha + ZAro0oCFu5zeCcZKSDkZstrz1TGqvK295e1fwz9I1iGYH/gtLMxooqtHGz/1+uHA + NVqvfso/Jfo6DYa1P/v3AZJn3YMQrP1YDjDAKAEwH2III221GHnLQ5YqWT/Ay658 + jcIKvUPI1XngWcYaIbm0PIoWdTG2YK8RYjF60Ii/p2VWl+JAXqGOCl2ouBcbfKPH + B8v3jmij + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDQDCCAiigAwIBAgIIBSdL4THieSkwDQYJKoZIhvcNAQELBQAwPjESMBAGA1UE + CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt + c2lnbmVyMB4XDTIzMTAxNjE4MTExOFoXDTMzMTAxMzE4MTExOFowPjESMBAGA1UE + CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt + c2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9biAAB5c61HO + 9QlhHIOYuXkreS1IuFxiWe5514gU4VCR9qtAuFmIDuARrRlpBu/qgHxRAkBNl3kD + JFCNXCG5fRm5W8d445Dh761mlmTRPJD3E0o+ZWGelm3EnOsN9EueVEmSPnnGb85m + j8NJx7pTfKuQ5Y0t06p0o4OCmDkNYNsktcGetRarm24/3o+s2W+P12WUJcmLknyf + drH87r4zhc8wkilZg/b7pew4hyPobB4opXTD8B7g1IuR8UD9ETebe3SM1CfTwBZ3 + NVOGBYWDVrsGpDO64E1y6CPB9dGIQztV0oulzQKriu0p0B/GZM8xc4YaS0iAy05T + bb2C+lENdwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB + /zAdBgNVHQ4EFgQUS5tJ4o5tAdJKs820qO5NYLI3fN0wDQYJKoZIhvcNAQELBQAD + ggEBAH2sSuOKXWID1+twF7AEloPKxRawI487WVW/i/hhMOzAamfP3kULQB9hpNJK + q3sQIH9aKiTMMqbxw2g1PIq0Ng3hGfOPyINQEXAtULQpFLUJOQPWGLu8h0HfGSoX + 1qn6qsgyxX5WToNa7SsBH9GLcOo+HG7FL95h703+k9N0w2dPfl//AbTcpnjUE2gR + 6nlBH5tr+KIwOqjhhSFFQ1AbbJuNE4WSaIiRU6qAz72KsYesTYOP2xwe0rXaL1lq + OIK6j8ppZKBzbFocv7XhsjJJ13NjA3aRh7QRDMCyce1FUuBeWMjuXtCBJyB9Ofeb + tQesuOiz20oXaws5Nrv/xSuGSGY= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDTDCCAjSgAwIBAgIIREkJAXrfisYwDQYJKoZIhvcNAQELBQAwRDESMBAGA1UE + CxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2aWNlLW5l + dHdvcmstc2lnbmVyMB4XDTIzMTAxNjE4MTExOFoXDTMzMTAxMzE4MTExOFowRDES + MBAGA1UECxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2 + aWNlLW5ldHdvcmstc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAyHG03WQ0hBUyXQFEBD0Xq3MMu/zChwtPl6XZeUT7q/I9AbDgHJyho9B5ppJt + lv+QBx7QWixeNVw5vWfN4wb06/2C17aG/lh9B/dmWwKgVyAMEWtKHLMqvnzhcynZ + 7AbNDV6SENfyxSIkqMwmf8JZPLqxMgGXji5SiSWI8f4tD3CIIXvlAVd99WfKZUBb + Ps2yYdKb/CZ2okFJXRrwAWWUT91IDgy4RwC4W7HUxBa+RF184DTAzf1Oq8ZtV/e/ + 9rSwrXcEF3fmSNtUk4QbFLnvu32Fznv0Kt29agwBfRYRWgYg+6tGjoHOX1cdx9Uo + N/o134W4U9ywZZaSiOBCZHT4xQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYD + VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjhW8w4qhzqPcxClXAxHqhAUoF9kwDQYJ + KoZIhvcNAQELBQADggEBAAf7f6yQpMkn3QRKvHsycO/dLXcfOKP8xy37/+2wajOw + v1W/BS6zqK+khYKr4qQyvupBkl8LZjPKEcjbnkfywvM796cq9ggVwzQIxRamuhft + i+tBA3YmGWafavwbAceNQbCde9iKj7mfYoUZ8k7XRw8bdiTRMseydzCPLnVN59FZ + ISYGIAmhTE0VqkfGnBalM2hEMGhl/FfdtbknB29LhhIG5rKBgsFT7m04EWUpRVaZ + vRuDp8LHW1aeNQ/oaVKuQaru85I5v7Lpenaupto+ZcTRD3sOfw6/sDEXh8MaWaK0 + ZwqVbnxdOYBPPqpslDmT+MLyQ0gO5v/e4Yy0tDM+pDs= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDlzCCAn+gAwIBAgIIErmdxvsukCgwDQYJKoZIhvcNAQELBQAwWTFXMFUGA1UE + AwxOb3BlbnNoaWZ0LWt1YmUtYXBpc2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1y + ZWNvdmVyeS1zZXJ2aW5nLXNpZ25lckAxNjk3NDgwNjg3MB4XDTIzMTAxNjE4MjQ0 + NloXDTMzMTAxMzE4MjQ0N1owWTFXMFUGA1UEAwxOb3BlbnNoaWZ0LWt1YmUtYXBp + c2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1yZWNvdmVyeS1zZXJ2aW5nLXNpZ25l + ckAxNjk3NDgwNjg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPS0 + fcHt16SRKMAppnNgf7HnCWpbDR7NzUH8s8cHnJ2aBs7cqiJ9B1p0+yvb6Y0nQ6Pt + 7Z+VfHJrp9c5dCcSRhkK9Z+GpYp0z2KxlN4SzHUQnmq+jWCeeXVcWUrAceO1W3wh + legCm4K/Z8TniodhT3a7YqtIrVI+4e5BRkdSugSadI/MLITmL1flj5xXyvC/aeCM + KnzPAuQEY+4t3Qq/x002q7OfAS2QyF1RPOpCPfWM3S1o2fsesUPYu8zlK9rR/M7S + EDIRCpaOC2wpgxhYCf4a25megD4ZQhRoMgjjsgD/bSb9K1F+R4oaSZWD+o3vigdc + OjPD+qz5HXzUjr3VTQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/ + BAUwAwEB/zAdBgNVHQ4EFgQUj60VoN+77tSjU0RZUceLdkVkzbQwHwYDVR0jBBgw + FoAUj60VoN+77tSjU0RZUceLdkVkzbQwDQYJKoZIhvcNAQELBQADggEBAKe75hsN + gwC7WyrgkpQzDK0CA+f3p8extsgJFpkN1W4OXaLkwqew4fgkCDD6zNRDp+YaDiSX + HW9x2dePpwAoPH4wA/IH8tvmPDhBZayFBzdKcv+PFZN+cZkMQYw6xctFv8s0+y8Z + /utKCdSwBuvcWN5j84SWlgzERJZ1Asitc1tq7ijjsK5Mq6zAh1Rv8la5U8oWdvQM + 99fSfhE0SMSl5J0o8RMgfWyuxc+YipY1C67jbkavBHz2m+Nfevec0/RXRFVSeCHR + XOt1x1UKqlXZtSRjHa+eeCOqNwT8iTMtnU8Cb6nTTafiyOsXC802Ac/T+SCQMiWq + /kD95ZdD9cYmom4= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDgzCCAmugAwIBAgIIOiTCKSDIP/owDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE + AwwbaW5ncmVzcy1vcGVyYXRvckAxNjk3NDgwNzY1MB4XDTIzMTAxNjE4MjYwNFoX + DTI1MTAxNTE4MjYwNVowMTEvMC0GA1UEAwwmKi5hcHBzLmh1a2hhbi0zLmRldi5k + YXRhaHViLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB + AQDZqFLiRXdG/CYoeLfT0Ice9RRRN3lRDiGCsWJm+BIWERUKQ3fpAN8LTjVgnZdZ + cRPH11Gm56bLMJ6y/AgHHlCtEMrVZmjLvQyaWqhVLo6bVvj41IrLWydzk/JrCmcd + EYJlKNpMqqZBxLFHd0ooFNSDEdS9M/hLZCW4c/kmW3E8SIqKRZFJS250JZ4C5qjD + S1uOt7YlV2I6vNZCJRL0GYGudwbWZ4NZxXrK9GG4F3l6B4gOp7dacAXmi+CCmzoT + EjSUDSKMRGw9EcK3SpvsgKi6WuxvmmZsNhtSrpKdILa9VQ7Cm9pCxHk/nCned4YK + Rx7wIzGYfmmNo7Js1cNYeEBzAgMBAAGjgakwgaYwDgYDVR0PAQH/BAQDAgWgMBMG + A1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKkjfYsd + jy1HGd7FtZYgZwgeRF3NMB8GA1UdIwQYMBaAFBAMT0BD8mmD/zWAPZQVgH8oyJxR + MDEGA1UdEQQqMCiCJiouYXBwcy5odWtoYW4tMy5kZXYuZGF0YWh1Yi5yZWRoYXQu + Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQDRyQeJtVrntrFzGMbMvCmheNP/YKWRoHjf + Fez9zKWz6Xa8CU9J3lMAiFc1Gqx51T7YXhCVamDXzGUGK3+2u4mKMQjimdzwJXDX + SL9F6sYQpvdmFVFkIbmr4DMC7wCUezgTq/3vxFCxDwGTrqJlB7JVeSzxsXSkAlzD + k5Qp5UL4Ak75VbPuYIuDAayGbXJMVxKsQAVXBTBQjrN1H2k79DrvdslkI782Hnc6 + YBIICgRZYmE3EePt7lGhuFJqYiCwqkFy0i6B2Ak76YprdkfEG3/tmUTFbZ1VHjKS + 04rymxZJD0pRO5VPuo8dlPkopZ3GPyQaGsUb6tV/ySJnlGjPoeon + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtpbmdy + ZXNzLW9wZXJhdG9yQDE2OTc0ODA3NjUwHhcNMjMxMDE2MTgyNjA0WhcNMjUxMDE1 + MTgyNjA1WjAmMSQwIgYDVQQDDBtpbmdyZXNzLW9wZXJhdG9yQDE2OTc0ODA3NjUw + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcsm1fSNDHkeflKdB1m2Mp + Zsq8m3HoSxiyVLdmRTG9TXDl3qCrzhNXMWnLw2LprSC22x8aOJvAXjVUO2RdfJa6 + 3JA/OfgPwOrHvCqxzOIe/jHx7h5W0ycAB/ASQnL4gRYaoQtLa9tjFa9BwhAEegwB + WJ3CM7cS1rKlvDV/ZdflRVLcYLtPw9DsMUKog2dM7AkHvI2wvrDHrWrL4C7Y0EnI + LqkeqkN0Eh7f69VZawzKIPePzMA/0XuMV+Jknhkblpje4j368xev/OCfWZ4VK85w + KpAcZtHTlKCU//DFBENc6oEumh6dYmbu1YUm3lykP0NyV46cblgo3EjvKSxyK96v + AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G + A1UdDgQWBBQQDE9AQ/Jpg/81gD2UFYB/KMicUTANBgkqhkiG9w0BAQsFAAOCAQEA + nChAAiDUXfVADrFSotDJJsuhqkx8zHLtT296f4CRW13eJdI4aEkq+vwJXaz2eM0f + bZZ7hBNqP7DG1ahTCnJQcIv6uYItPcJzlGMsdGce4r+kH7oN4VXo3EJ0FVqJ0dqn + kTqflNhR7eV+1hgNSrzXaVHN594e5J7CeOGtlK9rMELYTOiuPxO/wA6UsDmRlKnA + bkYG4JqRGsyvg6ZvXDdud3SRZMv8pm04eHfm0J5HDSHodxIl50ms/404qb7JgE9U + FMS5nVpIRPAxb8wGaBj8OqegE2XALbaGP3l5tXFTf/39MWXaywCZsaVOGFSj50Bb + 8uH9ocoA5mEPzbE1Ig2AeA== + -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/01_cr.yaml b/controllers/testdata/declarative/case_6/deploy/02_cr.yaml similarity index 100% rename from controllers/testdata/declarative/case_6/deploy/01_cr.yaml rename to controllers/testdata/declarative/case_6/deploy/02_cr.yaml diff --git a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml index 585b0db80..c21e9d6f2 100644 --- a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml @@ -51,11 +51,11 @@ spec: - name: ARCHIVE_LOGS value: "false" - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME - value: testcabundleconfigmap6 + value: dsp-trusted-ca-testdsp6 - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY - value: testcabundleconfigmapkey6.crt + value: dsp-ca.crt - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH - value: /etc/pki/tls/certs + value: /dsp-custom-certs - name: TRACK_ARTIFACTS value: "true" - name: STRIP_EOF @@ -100,6 +100,8 @@ spec: value: "ubi-minimal:test6" - name: MOVERESULTS_IMAGE value: "busybox:test6" + - name: SSL_CERT_DIR + value: "/dsp-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs" image: api-server:test6 imagePullPolicy: Always name: ds-pipeline-api-server @@ -146,7 +148,7 @@ spec: mountPath: /config/config.json subPath: config.json - name: ca-bundle - mountPath: /etc/pki/tls/certs + mountPath: /dsp-custom-certs - name: oauth-proxy args: - --https-address=:8443 @@ -205,9 +207,6 @@ spec: defaultMode: 420 - name: ca-bundle configMap: - name: testcabundleconfigmap6 - items: - - key: testcabundleconfigmapkey6.crt - path: testcabundleconfigmapkey6.crt + name: dsp-trusted-ca-testdsp6 defaultMode: 420 serviceAccountName: ds-pipeline-testdsp6 diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml index 2cbb8402e..3d0ac3739 100644 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml +++ b/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml @@ -9,7 +9,7 @@ data: aws_cp() { - aws s3 --endpoint http://minio-testdsp6.default.svc.cluster.local:9000 --ca-bundle /etc/pki/tls/certs/testcabundleconfigmapkey6.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz + aws s3 --endpoint http://minio-testdsp6.default.svc.cluster.local:9000 --ca-bundle /dsp-custom-certs/dsp-ca.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz } diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml new file mode 100644 index 000000000..90cdc1a2e --- /dev/null +++ b/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml @@ -0,0 +1,190 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: dsp-trusted-ca-testdsp6 +data: + dsp-ca.crt: | + -----BEGIN CERTIFICATE----- + MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX + FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH + nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA + +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf + R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk + NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT + Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap + wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV + MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l + Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 + gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD + VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC + hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB + AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G + S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD + gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN + yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz + j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD + jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH + HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt + NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC + z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v + WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk + 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDMjCCAhqgAwIBAgIISNJDOcjL57gwDQYJKoZIhvcNAQELBQAwNzESMBAGA1UE + CxMJb3BlbnNoaWZ0MSEwHwYDVQQDExhrdWJlLWFwaXNlcnZlci1sYi1zaWduZXIw + HhcNMjMxMDE2MTgxMTE4WhcNMzMxMDEzMTgxMTE4WjA3MRIwEAYDVQQLEwlvcGVu + c2hpZnQxITAfBgNVBAMTGGt1YmUtYXBpc2VydmVyLWxiLXNpZ25lcjCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5tQll535udP/3QfT3dLf4I0bKiYqiJ + OgH7zCJA8oYgFrz8uILbEqnf4822WUDVgrHTD79A98Iu50VmFyvobzuKrJmIn4Xt + bk1E/H3ZB6D7mIMoLGAoje/WwFNte6BIdVWKBjbrqCIlTV1XsmDibq+CD6Pj7arr + 9jxU6L0rjwg2xBbzkfuTTsly4R/QsS6nHRtJanLDLP7hz1hJ84SF7ly1yx0hEhRf + DU5wJSSTzOBXwGku5szrfxvGE1XNmdRMVuFcP4iJZPMC1vJ16it5vss61gjwg90e + epa7xEhc5fLgpowno13BYRnQ9hI2UlR8wqRM2n02zr+w0ALVRXS5iS0CAwEAAaNC + MEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI7i + uAQuSye0b7v2XuTGC+VZ70dqMA0GCSqGSIb3DQEBCwUAA4IBAQANGpMZtBbYirZf + sUPc4bF6RG1J+Fi+RwHLKJaMfeaM8cTORH6sUl13rUXFX4b5i7JVoV0hTtD5jVen + f3PLudx+5iM+Ejxis1my4Odvy5D4DmZqQBmSfysrlczHY4kSbWWPDxFLfb0fCLha + ZAro0oCFu5zeCcZKSDkZstrz1TGqvK295e1fwz9I1iGYH/gtLMxooqtHGz/1+uHA + NVqvfso/Jfo6DYa1P/v3AZJn3YMQrP1YDjDAKAEwH2III221GHnLQ5YqWT/Ay658 + jcIKvUPI1XngWcYaIbm0PIoWdTG2YK8RYjF60Ii/p2VWl+JAXqGOCl2ouBcbfKPH + B8v3jmij + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDQDCCAiigAwIBAgIIBSdL4THieSkwDQYJKoZIhvcNAQELBQAwPjESMBAGA1UE + CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt + c2lnbmVyMB4XDTIzMTAxNjE4MTExOFoXDTMzMTAxMzE4MTExOFowPjESMBAGA1UE + CxMJb3BlbnNoaWZ0MSgwJgYDVQQDEx9rdWJlLWFwaXNlcnZlci1sb2NhbGhvc3Qt + c2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9biAAB5c61HO + 9QlhHIOYuXkreS1IuFxiWe5514gU4VCR9qtAuFmIDuARrRlpBu/qgHxRAkBNl3kD + JFCNXCG5fRm5W8d445Dh761mlmTRPJD3E0o+ZWGelm3EnOsN9EueVEmSPnnGb85m + j8NJx7pTfKuQ5Y0t06p0o4OCmDkNYNsktcGetRarm24/3o+s2W+P12WUJcmLknyf + drH87r4zhc8wkilZg/b7pew4hyPobB4opXTD8B7g1IuR8UD9ETebe3SM1CfTwBZ3 + NVOGBYWDVrsGpDO64E1y6CPB9dGIQztV0oulzQKriu0p0B/GZM8xc4YaS0iAy05T + bb2C+lENdwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB + /zAdBgNVHQ4EFgQUS5tJ4o5tAdJKs820qO5NYLI3fN0wDQYJKoZIhvcNAQELBQAD + ggEBAH2sSuOKXWID1+twF7AEloPKxRawI487WVW/i/hhMOzAamfP3kULQB9hpNJK + q3sQIH9aKiTMMqbxw2g1PIq0Ng3hGfOPyINQEXAtULQpFLUJOQPWGLu8h0HfGSoX + 1qn6qsgyxX5WToNa7SsBH9GLcOo+HG7FL95h703+k9N0w2dPfl//AbTcpnjUE2gR + 6nlBH5tr+KIwOqjhhSFFQ1AbbJuNE4WSaIiRU6qAz72KsYesTYOP2xwe0rXaL1lq + OIK6j8ppZKBzbFocv7XhsjJJ13NjA3aRh7QRDMCyce1FUuBeWMjuXtCBJyB9Ofeb + tQesuOiz20oXaws5Nrv/xSuGSGY= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDTDCCAjSgAwIBAgIIREkJAXrfisYwDQYJKoZIhvcNAQELBQAwRDESMBAGA1UE + CxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2aWNlLW5l + dHdvcmstc2lnbmVyMB4XDTIzMTAxNjE4MTExOFoXDTMzMTAxMzE4MTExOFowRDES + MBAGA1UECxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2 + aWNlLW5ldHdvcmstc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAyHG03WQ0hBUyXQFEBD0Xq3MMu/zChwtPl6XZeUT7q/I9AbDgHJyho9B5ppJt + lv+QBx7QWixeNVw5vWfN4wb06/2C17aG/lh9B/dmWwKgVyAMEWtKHLMqvnzhcynZ + 7AbNDV6SENfyxSIkqMwmf8JZPLqxMgGXji5SiSWI8f4tD3CIIXvlAVd99WfKZUBb + Ps2yYdKb/CZ2okFJXRrwAWWUT91IDgy4RwC4W7HUxBa+RF184DTAzf1Oq8ZtV/e/ + 9rSwrXcEF3fmSNtUk4QbFLnvu32Fznv0Kt29agwBfRYRWgYg+6tGjoHOX1cdx9Uo + N/o134W4U9ywZZaSiOBCZHT4xQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYD + VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjhW8w4qhzqPcxClXAxHqhAUoF9kwDQYJ + KoZIhvcNAQELBQADggEBAAf7f6yQpMkn3QRKvHsycO/dLXcfOKP8xy37/+2wajOw + v1W/BS6zqK+khYKr4qQyvupBkl8LZjPKEcjbnkfywvM796cq9ggVwzQIxRamuhft + i+tBA3YmGWafavwbAceNQbCde9iKj7mfYoUZ8k7XRw8bdiTRMseydzCPLnVN59FZ + ISYGIAmhTE0VqkfGnBalM2hEMGhl/FfdtbknB29LhhIG5rKBgsFT7m04EWUpRVaZ + vRuDp8LHW1aeNQ/oaVKuQaru85I5v7Lpenaupto+ZcTRD3sOfw6/sDEXh8MaWaK0 + ZwqVbnxdOYBPPqpslDmT+MLyQ0gO5v/e4Yy0tDM+pDs= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDlzCCAn+gAwIBAgIIErmdxvsukCgwDQYJKoZIhvcNAQELBQAwWTFXMFUGA1UE + AwxOb3BlbnNoaWZ0LWt1YmUtYXBpc2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1y + ZWNvdmVyeS1zZXJ2aW5nLXNpZ25lckAxNjk3NDgwNjg3MB4XDTIzMTAxNjE4MjQ0 + NloXDTMzMTAxMzE4MjQ0N1owWTFXMFUGA1UEAwxOb3BlbnNoaWZ0LWt1YmUtYXBp + c2VydmVyLW9wZXJhdG9yX2xvY2FsaG9zdC1yZWNvdmVyeS1zZXJ2aW5nLXNpZ25l + ckAxNjk3NDgwNjg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPS0 + fcHt16SRKMAppnNgf7HnCWpbDR7NzUH8s8cHnJ2aBs7cqiJ9B1p0+yvb6Y0nQ6Pt + 7Z+VfHJrp9c5dCcSRhkK9Z+GpYp0z2KxlN4SzHUQnmq+jWCeeXVcWUrAceO1W3wh + legCm4K/Z8TniodhT3a7YqtIrVI+4e5BRkdSugSadI/MLITmL1flj5xXyvC/aeCM + KnzPAuQEY+4t3Qq/x002q7OfAS2QyF1RPOpCPfWM3S1o2fsesUPYu8zlK9rR/M7S + EDIRCpaOC2wpgxhYCf4a25megD4ZQhRoMgjjsgD/bSb9K1F+R4oaSZWD+o3vigdc + OjPD+qz5HXzUjr3VTQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/ + BAUwAwEB/zAdBgNVHQ4EFgQUj60VoN+77tSjU0RZUceLdkVkzbQwHwYDVR0jBBgw + FoAUj60VoN+77tSjU0RZUceLdkVkzbQwDQYJKoZIhvcNAQELBQADggEBAKe75hsN + gwC7WyrgkpQzDK0CA+f3p8extsgJFpkN1W4OXaLkwqew4fgkCDD6zNRDp+YaDiSX + HW9x2dePpwAoPH4wA/IH8tvmPDhBZayFBzdKcv+PFZN+cZkMQYw6xctFv8s0+y8Z + /utKCdSwBuvcWN5j84SWlgzERJZ1Asitc1tq7ijjsK5Mq6zAh1Rv8la5U8oWdvQM + 99fSfhE0SMSl5J0o8RMgfWyuxc+YipY1C67jbkavBHz2m+Nfevec0/RXRFVSeCHR + XOt1x1UKqlXZtSRjHa+eeCOqNwT8iTMtnU8Cb6nTTafiyOsXC802Ac/T+SCQMiWq + /kD95ZdD9cYmom4= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDgzCCAmugAwIBAgIIOiTCKSDIP/owDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE + AwwbaW5ncmVzcy1vcGVyYXRvckAxNjk3NDgwNzY1MB4XDTIzMTAxNjE4MjYwNFoX + DTI1MTAxNTE4MjYwNVowMTEvMC0GA1UEAwwmKi5hcHBzLmh1a2hhbi0zLmRldi5k + YXRhaHViLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB + AQDZqFLiRXdG/CYoeLfT0Ice9RRRN3lRDiGCsWJm+BIWERUKQ3fpAN8LTjVgnZdZ + cRPH11Gm56bLMJ6y/AgHHlCtEMrVZmjLvQyaWqhVLo6bVvj41IrLWydzk/JrCmcd + EYJlKNpMqqZBxLFHd0ooFNSDEdS9M/hLZCW4c/kmW3E8SIqKRZFJS250JZ4C5qjD + S1uOt7YlV2I6vNZCJRL0GYGudwbWZ4NZxXrK9GG4F3l6B4gOp7dacAXmi+CCmzoT + EjSUDSKMRGw9EcK3SpvsgKi6WuxvmmZsNhtSrpKdILa9VQ7Cm9pCxHk/nCned4YK + Rx7wIzGYfmmNo7Js1cNYeEBzAgMBAAGjgakwgaYwDgYDVR0PAQH/BAQDAgWgMBMG + A1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKkjfYsd + jy1HGd7FtZYgZwgeRF3NMB8GA1UdIwQYMBaAFBAMT0BD8mmD/zWAPZQVgH8oyJxR + MDEGA1UdEQQqMCiCJiouYXBwcy5odWtoYW4tMy5kZXYuZGF0YWh1Yi5yZWRoYXQu + Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQDRyQeJtVrntrFzGMbMvCmheNP/YKWRoHjf + Fez9zKWz6Xa8CU9J3lMAiFc1Gqx51T7YXhCVamDXzGUGK3+2u4mKMQjimdzwJXDX + SL9F6sYQpvdmFVFkIbmr4DMC7wCUezgTq/3vxFCxDwGTrqJlB7JVeSzxsXSkAlzD + k5Qp5UL4Ak75VbPuYIuDAayGbXJMVxKsQAVXBTBQjrN1H2k79DrvdslkI782Hnc6 + YBIICgRZYmE3EePt7lGhuFJqYiCwqkFy0i6B2Ak76YprdkfEG3/tmUTFbZ1VHjKS + 04rymxZJD0pRO5VPuo8dlPkopZ3GPyQaGsUb6tV/ySJnlGjPoeon + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtpbmdy + ZXNzLW9wZXJhdG9yQDE2OTc0ODA3NjUwHhcNMjMxMDE2MTgyNjA0WhcNMjUxMDE1 + MTgyNjA1WjAmMSQwIgYDVQQDDBtpbmdyZXNzLW9wZXJhdG9yQDE2OTc0ODA3NjUw + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcsm1fSNDHkeflKdB1m2Mp + Zsq8m3HoSxiyVLdmRTG9TXDl3qCrzhNXMWnLw2LprSC22x8aOJvAXjVUO2RdfJa6 + 3JA/OfgPwOrHvCqxzOIe/jHx7h5W0ycAB/ASQnL4gRYaoQtLa9tjFa9BwhAEegwB + WJ3CM7cS1rKlvDV/ZdflRVLcYLtPw9DsMUKog2dM7AkHvI2wvrDHrWrL4C7Y0EnI + LqkeqkN0Eh7f69VZawzKIPePzMA/0XuMV+Jknhkblpje4j368xev/OCfWZ4VK85w + KpAcZtHTlKCU//DFBENc6oEumh6dYmbu1YUm3lykP0NyV46cblgo3EjvKSxyK96v + AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G + A1UdDgQWBBQQDE9AQ/Jpg/81gD2UFYB/KMicUTANBgkqhkiG9w0BAQsFAAOCAQEA + nChAAiDUXfVADrFSotDJJsuhqkx8zHLtT296f4CRW13eJdI4aEkq+vwJXaz2eM0f + bZZ7hBNqP7DG1ahTCnJQcIv6uYItPcJzlGMsdGce4r+kH7oN4VXo3EJ0FVqJ0dqn + kTqflNhR7eV+1hgNSrzXaVHN594e5J7CeOGtlK9rMELYTOiuPxO/wA6UsDmRlKnA + bkYG4JqRGsyvg6ZvXDdud3SRZMv8pm04eHfm0J5HDSHodxIl50ms/404qb7JgE9U + FMS5nVpIRPAxb8wGaBj8OqegE2XALbaGP3l5tXFTf/39MWXaywCZsaVOGFSj50Bb + 8uH9ocoA5mEPzbE1Ig2AeA== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI + oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW + MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr + 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd + te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies + 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8 + gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT + worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/ + voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ + SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP + XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf + BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud + EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy + aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j + YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B + AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk + RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe + 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz + nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z + xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC + a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC + xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2 + gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy + IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7 + bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub + a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs= + -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_7/config.yaml b/controllers/testdata/declarative/case_7/config.yaml new file mode 100644 index 000000000..828f72e62 --- /dev/null +++ b/controllers/testdata/declarative/case_7/config.yaml @@ -0,0 +1,12 @@ +# When a minimal DSPA is deployed +Images: + ApiServer: api-server:test7 + Artifact: artifact-manager:test7 + PersistentAgent: persistenceagent:test7 + ScheduledWorkflow: scheduledworkflow:test7 + Cache: ubi-minimal:test7 + MoveResultsImage: busybox:test7 + MlPipelineUI: frontend:test7 + MariaDB: mariadb:test7 + Minio: minio:test7 + OAuthProxy: oauth-proxy:test7 diff --git a/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml b/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml new file mode 100644 index 000000000..c37f91f3d --- /dev/null +++ b/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml @@ -0,0 +1,38 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: testcabundleconfigmap7 +data: + testcabundleconfigmapkey7.crt: | + -----BEGIN CERTIFICATE----- + MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI + oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW + MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr + 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd + te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies + 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8 + gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT + worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/ + voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ + SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP + XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf + BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud + EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy + aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j + YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B + AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk + RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe + 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz + nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z + xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC + a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC + xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2 + gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy + IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7 + bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub + a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs= + -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_7/deploy/01_cr.yaml b/controllers/testdata/declarative/case_7/deploy/01_cr.yaml new file mode 100644 index 000000000..4f97b47e9 --- /dev/null +++ b/controllers/testdata/declarative/case_7/deploy/01_cr.yaml @@ -0,0 +1,29 @@ +# Test: +# DSPA CA bundle, ensure user provided CA Bundle results in dsp-trusted-ca config map creation and utilization in artifact config. +apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 +kind: DataSciencePipelinesApplication +metadata: + name: testdsp7 +spec: + apiServer: + deploy: true + enableSamplePipeline: false + cABundle: + configMapName: testcabundleconfigmap7 + configMapKey: testcabundleconfigmapkey7.crt + persistenceAgent: + deploy: false + scheduledWorkflow: + deploy: false + mlpipelineUI: + deploy: false + image: frontend:test0 + database: + mariaDB: + deploy: false + objectStorage: + minio: + deploy: false + image: minio:test0 + mlmd: + deploy: false diff --git a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml new file mode 100644 index 000000000..a04dfd27b --- /dev/null +++ b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml @@ -0,0 +1,212 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ds-pipeline-testdsp7 + namespace: default + labels: + app: ds-pipeline-testdsp7 + component: data-science-pipelines + dspa: testdsp7 +spec: + selector: + matchLabels: + app: ds-pipeline-testdsp7 + component: data-science-pipelines + dspa: testdsp7 + template: + metadata: + labels: + app: ds-pipeline-testdsp7 + component: data-science-pipelines + dspa: testdsp7 + spec: + containers: + - env: + - name: POD_NAMESPACE + value: "default" + - name: DBCONFIG_USER + value: "mlpipeline" + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: "password" + name: "ds-pipeline-db-testdsp7" + - name: DBCONFIG_DBNAME + value: "mlpipeline" + - name: DBCONFIG_HOST + value: "mariadb-testdsp7.default.svc.cluster.local" + - name: DBCONFIG_PORT + value: "3306" + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp7.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp7" + - name: ARTIFACT_IMAGE + value: "artifact-manager:test7" + - name: ARCHIVE_LOGS + value: "false" + - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME + value: dsp-trusted-ca-testdsp7 + - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY + value: dsp-ca.crt + - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH + value: /dsp-custom-certs + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp7" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + value: "true" + - name: DBCONFIG_CONMAXLIFETIMESEC + value: "120" + - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST + value: "ds-pipeline-visualizationserver" + - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT + value: "8888" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: "mlpipeline" + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: "accesskey" + name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: "secretkey" + name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: MINIO_SERVICE_SERVICE_HOST + value: "minio-testdsp7.default.svc.cluster.local" + - name: MINIO_SERVICE_SERVICE_PORT + value: "9000" + - name: CACHE_IMAGE + value: "ubi-minimal:test7" + - name: MOVERESULTS_IMAGE + value: "busybox:test7" + - name: SSL_CERT_DIR + value: "/dsp-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs" + image: api-server:test7 + imagePullPolicy: Always + name: ds-pipeline-api-server + ports: + - containerPort: 8888 + name: http + protocol: TCP + - containerPort: 8887 + name: grpc + protocol: TCP + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 250m + memory: 500Mi + limits: + cpu: 500m + memory: 1Gi + volumeMounts: + - name: server-config + mountPath: /config/config.json + subPath: config.json + - name: ca-bundle + mountPath: /dsp-custom-certs + - name: oauth-proxy + args: + - --https-address=:8443 + - --provider=openshift + - --openshift-service-account=ds-pipeline-testdsp7 + - --upstream=http://localhost:8888 + - --tls-cert=/etc/tls/private/tls.crt + - --tls-key=/etc/tls/private/tls.key + - --cookie-secret=SECRET + - '--openshift-delegate-urls={"/": {"group":"route.openshift.io","resource":"routes","verb":"get","name":"ds-pipeline-testdsp7","namespace":"default"}}' + - '--openshift-sar={"namespace":"default","resource":"routes","resourceName":"ds-pipeline-testdsp7","verb":"get","resourceAPIGroup":"route.openshift.io"}' + - --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)' + image: oauth-proxy:test7 + ports: + - containerPort: 8443 + name: oauth + protocol: TCP + livenessProbe: + httpGet: + path: /oauth/healthz + port: oauth + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /oauth/healthz + port: oauth + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - mountPath: /etc/tls/private + name: proxy-tls + volumes: + - name: proxy-tls + secret: + secretName: ds-pipelines-proxy-tls-testdsp7 + defaultMode: 420 + - name: server-config + configMap: + name: pipeline-server-config-testdsp7 + defaultMode: 420 + - name: ca-bundle + configMap: + name: dsp-trusted-ca-testdsp7 + defaultMode: 420 + serviceAccountName: ds-pipeline-testdsp7 diff --git a/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml b/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml new file mode 100644 index 000000000..634b46fc0 --- /dev/null +++ b/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +data: + artifact_script: |- + #!/usr/bin/env sh + push_artifact() { + workspace_dir=$(echo $(context.taskRun.name) | sed -e "s/$(context.pipeline.name)-//g") + workspace_dest=/workspace/${workspace_dir}/artifacts/$(context.pipelineRun.name)/$(context.taskRun.name) + artifact_name=$(basename $2) + + aws_cp() { + + aws s3 --endpoint http://minio-testdsp7.default.svc.cluster.local:9000 --ca-bundle /dsp-custom-certs/dsp-ca.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz + + } + + if [ -f "$workspace_dest/$artifact_name" ]; then + echo sending to: ${workspace_dest}/${artifact_name} + tar -cvzf $1.tgz -C ${workspace_dest} ${artifact_name} + aws_cp $1 + elif [ -f "$2" ]; then + tar -cvzf $1.tgz -C $(dirname $2) ${artifact_name} + aws_cp $1 + else + echo "$2 file does not exist. Skip artifact tracking for $1" + fi + } + push_log() { + cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log + push_artifact main-log step-main.log + } + strip_eof() { + if [ -f "$2" ]; then + awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 + fi + } +kind: ConfigMap +metadata: + name: ds-pipeline-artifact-script-testdsp7 + namespace: default + labels: + app: ds-pipeline-testdsp5 + component: data-science-pipelines diff --git a/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml b/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml new file mode 100644 index 000000000..ab1980ef4 --- /dev/null +++ b/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml @@ -0,0 +1,38 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: dsp-trusted-ca-testdsp7 +data: + dsp-ca.crt: | + -----BEGIN CERTIFICATE----- + MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI + oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW + MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr + 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd + te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies + 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8 + gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT + worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/ + voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ + SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP + XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf + BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud + EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy + aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j + YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B + AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk + RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe + 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz + nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z + xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC + a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC + xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2 + gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy + IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7 + bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub + a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs= + -----END CERTIFICATE----- diff --git a/controllers/util/util.go b/controllers/util/util.go index 5e001583b..1630ec356 100644 --- a/controllers/util/util.go +++ b/controllers/util/util.go @@ -80,3 +80,21 @@ func GetConfigMapValue(ctx context.Context, cfgKey, cfgName, ns string, client c return fmt.Errorf("ConfigMap %s does not contain expected key %s", cfgName, cfgKey), "" } } + +// GetConfigMapValues fetches the value for the provided configmap mapped to a given key +func GetConfigMapValues(ctx context.Context, cfgName, ns string, client client.Client) (error, []string) { + cfgMap := &v1.ConfigMap{} + namespacedName := types.NamespacedName{ + Name: cfgName, + Namespace: ns, + } + err := client.Get(ctx, namespacedName, cfgMap) + if err != nil { + return err, []string{} + } + var values []string + for _, val := range cfgMap.Data { + values = append(values, val) + } + return nil, values +}