From a0ac2d2b0a208030470287b311b991189a4b3564 Mon Sep 17 00:00:00 2001 From: Saravana Date: Wed, 6 Nov 2024 01:00:30 +0530 Subject: [PATCH 1/2] tests: e2e test for trusted-ca-bundle --- tests/e2e/creation_test.go | 49 ++++++++++++++++++++++++++++++++++++++ tests/e2e/helper_test.go | 2 +- 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/tests/e2e/creation_test.go b/tests/e2e/creation_test.go index 2a2abc3cd2b..5336d6ae1d0 100644 --- a/tests/e2e/creation_test.go +++ b/tests/e2e/creation_test.go @@ -9,9 +9,11 @@ import ( "testing" "time" + "github.com/go-logr/logr" operatorv1 "github.com/openshift/api/operator/v1" "github.com/stretchr/testify/require" autoscalingv1 "k8s.io/api/autoscaling/v1" + corev1 "k8s.io/api/core/v1" k8serr "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -30,6 +32,7 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/feature/serverless" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels" + "github.com/opendatahub-io/opendatahub-operator/v2/pkg/trustedcabundle" ) func creationTestSuite(t *testing.T) { @@ -99,6 +102,10 @@ func creationTestSuite(t *testing.T) { err = testCtx.testDefaultModelRegistryCertAvailable() require.NoError(t, err, "error getting default cert secret for ModelRegistry") }) + t.Run("Validate trusted CA bundle", func(t *testing.T) { + err = testCtx.testTrustedCABundle() + require.NoError(t, err, "error validating trusted CA bundle") + }) t.Run("Validate model registry servicemeshmember available", func(t *testing.T) { err = testCtx.testMRServiceMeshMember() require.NoError(t, err, "error getting servicemeshmember for Model Registry") @@ -444,6 +451,48 @@ func (tc *testContext) testDefaultCertsAvailable() error { return nil } +func (tc *testContext) testTrustedCABundle() error { + managementStateChangeTrustedCA := false + CAConfigMapName := "odh-trusted-ca-bundle" + CADataFieldName := "odh-ca-bundle.crt" + + err := trustedcabundle.ConfigureTrustedCABundle(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI, managementStateChangeTrustedCA) + + if err != nil { + return fmt.Errorf("Error while configuring trusted-ca-bundle: %w", err) + } + istrustedCABundleUpdated, err := trustedcabundle.IsTrustedCABundleUpdated(tc.ctx, tc.customClient, tc.testDSCI) + + if istrustedCABundleUpdated == true { + return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err) + } + + err = trustedcabundle.AddCABundleCMInAllNamespaces(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI) + + if err != nil { + return fmt.Errorf("failed adding configmap %s to all namespaces: %w", CAConfigMapName, err) + } + + if err := trustedcabundle.RemoveCABundleCMInAllNamespaces(tc.ctx, tc.customClient); err != nil { + return fmt.Errorf("error deleting configmap %s from all namespaces %w", CAConfigMapName, err) + } + + foundConfigMap := &corev1.ConfigMap{} + err = tc.customClient.Get(tc.ctx, client.ObjectKey{ + Name: CAConfigMapName, + Namespace: tc.testDSCI.Spec.ApplicationsNamespace, + }, foundConfigMap) + + if err != nil { + return errors.New("Config map not found") + } + + if foundConfigMap.Data[CADataFieldName] != tc.testDSCI.Spec.TrustedCABundle.CustomCABundle { + return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err) + } + return nil +} + func (tc *testContext) testDefaultModelRegistryCertAvailable() error { // return if MR is not set to Managed if tc.testDsc.Spec.Components.ModelRegistry.ManagementState != operatorv1.Managed { diff --git a/tests/e2e/helper_test.go b/tests/e2e/helper_test.go index 62d9e92b24a..64140cc8111 100644 --- a/tests/e2e/helper_test.go +++ b/tests/e2e/helper_test.go @@ -94,7 +94,7 @@ func setupDSCICR(name string) *dsciv1.DSCInitialization { }, TrustedCABundle: &dsciv1.TrustedCABundleSpec{ ManagementState: "Managed", - CustomCABundle: "", + CustomCABundle: "-----Begin....", }, ServiceMesh: &infrav1.ServiceMeshSpec{ ControlPlane: infrav1.ControlPlaneSpec{ From fcc2720dc57d10207416726512a02772f39bfdeb Mon Sep 17 00:00:00 2001 From: Saravana Date: Thu, 14 Nov 2024 01:04:30 +0530 Subject: [PATCH 2/2] test trustedCABundle ManagementState conditions --- tests/e2e/creation_test.go | 59 ++++++++++++++++++-------------------- tests/e2e/helper_test.go | 6 +++- 2 files changed, 33 insertions(+), 32 deletions(-) diff --git a/tests/e2e/creation_test.go b/tests/e2e/creation_test.go index 5336d6ae1d0..892414014e6 100644 --- a/tests/e2e/creation_test.go +++ b/tests/e2e/creation_test.go @@ -6,10 +6,10 @@ import ( "fmt" "log" "reflect" + "strings" "testing" "time" - "github.com/go-logr/logr" operatorv1 "github.com/openshift/api/operator/v1" "github.com/stretchr/testify/require" autoscalingv1 "k8s.io/api/autoscaling/v1" @@ -32,7 +32,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/feature/serverless" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/trustedcabundle" ) func creationTestSuite(t *testing.T) { @@ -452,43 +451,41 @@ func (tc *testContext) testDefaultCertsAvailable() error { } func (tc *testContext) testTrustedCABundle() error { - managementStateChangeTrustedCA := false CAConfigMapName := "odh-trusted-ca-bundle" CADataFieldName := "odh-ca-bundle.crt" - err := trustedcabundle.ConfigureTrustedCABundle(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI, managementStateChangeTrustedCA) + if tc.testDSCI.Spec.TrustedCABundle.ManagementState == operatorv1.Managed { + foundConfigMap := &corev1.ConfigMap{} + err := tc.customClient.Get(tc.ctx, client.ObjectKey{ + Name: CAConfigMapName, + Namespace: tc.testDSCI.Spec.ApplicationsNamespace, + }, foundConfigMap) - if err != nil { - return fmt.Errorf("Error while configuring trusted-ca-bundle: %w", err) - } - istrustedCABundleUpdated, err := trustedcabundle.IsTrustedCABundleUpdated(tc.ctx, tc.customClient, tc.testDSCI) - - if istrustedCABundleUpdated == true { - return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err) - } - - err = trustedcabundle.AddCABundleCMInAllNamespaces(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI) + if err != nil { + return fmt.Errorf("Config map not found, %w", err) + } - if err != nil { - return fmt.Errorf("failed adding configmap %s to all namespaces: %w", CAConfigMapName, err) - } + checkNewline := strings.HasSuffix(foundConfigMap.Data[CADataFieldName], "\n") - if err := trustedcabundle.RemoveCABundleCMInAllNamespaces(tc.ctx, tc.customClient); err != nil { - return fmt.Errorf("error deleting configmap %s from all namespaces %w", CAConfigMapName, err) - } - - foundConfigMap := &corev1.ConfigMap{} - err = tc.customClient.Get(tc.ctx, client.ObjectKey{ - Name: CAConfigMapName, - Namespace: tc.testDSCI.Spec.ApplicationsNamespace, - }, foundConfigMap) + if checkNewline == false { + fmt.Print("Newline not found at the end of configmap") + } - if err != nil { - return errors.New("Config map not found") - } + if strings.TrimSpace(foundConfigMap.Data[CADataFieldName]) != tc.testDSCI.Spec.TrustedCABundle.CustomCABundle { + return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err) + } + } else { + foundConfigMap := &corev1.ConfigMap{} + err := tc.customClient.Get(tc.ctx, client.ObjectKey{ + Name: CAConfigMapName, + Namespace: tc.testDSCI.Spec.ApplicationsNamespace, + }, foundConfigMap) - if foundConfigMap.Data[CADataFieldName] != tc.testDSCI.Spec.TrustedCABundle.CustomCABundle { - return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err) + if k8serr.IsNotFound(err) { + fmt.Printf("Config map not found in the namespace") + } else { + return fmt.Errorf("failed to validate trusted CA bundle %w", err) + } } return nil } diff --git a/tests/e2e/helper_test.go b/tests/e2e/helper_test.go index 64140cc8111..f6b021c92e4 100644 --- a/tests/e2e/helper_test.go +++ b/tests/e2e/helper_test.go @@ -94,7 +94,11 @@ func setupDSCICR(name string) *dsciv1.DSCInitialization { }, TrustedCABundle: &dsciv1.TrustedCABundleSpec{ ManagementState: "Managed", - CustomCABundle: "-----Begin....", + CustomCABundle: `-----BEGIN CERTIFICATE----- + MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL + ... + IrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU + ------END ------`, }, ServiceMesh: &infrav1.ServiceMeshSpec{ ControlPlane: infrav1.ControlPlaneSpec{