fix: gen-pkcs12-keystore adds ca.crt input option if it exists (apach…

…e#684) * add e2e test generating keystore with init container
intershop · Apr 4, 2024 · 5dcc451 · 5dcc451
1 parent 3701fad
commit 5dcc451
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 17 deletions.
diff --git a/tests/e2e/prometheus_exporter_tls_test.go b/tests/e2e/prometheus_exporter_tls_test.go
@@ -19,6 +19,7 @@ package e2e
 
 import (
 	"context"
+
 	solrv1beta1 "github.com/apache/solr-operator/api/v1beta1"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -44,7 +45,7 @@ var _ = FDescribe("E2E - Prometheus Exporter - TLS ", Ordered, func() {
 	*/
 	BeforeAll(func(ctx context.Context) {
 		installSolrIssuer(ctx, testNamespace())
-		solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true)
+		solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true, true)
 
 		solrCloud.Spec.SolrTLS.CheckPeerName = true
 

diff --git a/tests/e2e/solrcloud_tls_test.go b/tests/e2e/solrcloud_tls_test.go
@@ -19,6 +19,7 @@ package e2e
 
 import (
 	"context"
+
 	solrv1beta1 "github.com/apache/solr-operator/api/v1beta1"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -59,7 +60,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("No Client TLS", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false, true)
 
 			//solrCloud.Spec.SolrOpts = "-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake"
 		})
@@ -70,7 +71,21 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("No Client TLS - Just a Keystore", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false, true)
+
+			solrCloud.Spec.SolrTLS.TrustStoreSecret = nil
+			solrCloud.Spec.SolrTLS.TrustStorePasswordSecret = nil
+
+			//solrCloud.Spec.SolrOpts = "-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake"
+		})
+
+		FIt("Can run", func() {})
+	})
+
+	FContext("No Client TLS - gen-pkcs12-keystore", func() {
+
+		BeforeEach(func(ctx context.Context) {
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false, false)
 
 			solrCloud.Spec.SolrTLS.TrustStoreSecret = nil
 			solrCloud.Spec.SolrTLS.TrustStorePasswordSecret = nil
@@ -84,7 +99,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("No Client TLS - CheckPeerName", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, false, true)
 
 			solrCloud.Spec.SolrTLS.CheckPeerName = true
 
@@ -115,7 +130,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("With Client TLS - VerifyClientHostname", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true, true)
 
 			solrCloud.Spec.SolrTLS.VerifyClientHostname = true
 
@@ -139,7 +154,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("With Client TLS - CheckPeerName", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true, true)
 
 			solrCloud.Spec.SolrTLS.CheckPeerName = true
 
@@ -164,7 +179,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("With Client TLS - Client Auth Need", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true, true)
 
 			solrCloud.Spec.SolrTLS.ClientAuth = solrv1beta1.Need
 
@@ -177,7 +192,7 @@ var _ = FDescribe("E2E - SolrCloud - TLS - Secrets", func() {
 	FContext("With Client TLS - Client Auth Want", func() {
 
 		BeforeEach(func(ctx context.Context) {
-			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true)
+			solrCloud = generateBaseSolrCloudWithSecretTLS(ctx, 2, true, true)
 
 			solrCloud.Spec.SolrTLS.ClientAuth = solrv1beta1.Want
 

diff --git a/tests/e2e/test_utils_test.go b/tests/e2e/test_utils_test.go
@@ -23,6 +23,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
 	solrv1beta1 "github.com/apache/solr-operator/api/v1beta1"
 	"github.com/apache/solr-operator/controllers/util"
 	"github.com/apache/solr-operator/controllers/util/solr_api"
@@ -34,7 +40,6 @@ import (
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/release"
 	"helm.sh/helm/v3/pkg/storage/driver"
-	"io"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -43,11 +48,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/rand"
 	"k8s.io/client-go/tools/remotecommand"
 	"k8s.io/utils/pointer"
-	"os"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strconv"
-	"strings"
-	"time"
 )
 
 const (

diff --git a/tests/e2e/utils_tls_test.go b/tests/e2e/utils_tls_test.go
@@ -19,6 +19,7 @@ package e2e
 
 import (
 	"context"
+
 	solrv1beta1 "github.com/apache/solr-operator/api/v1beta1"
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
@@ -39,10 +40,10 @@ const (
 	clientAuthSecret         = "client-auth"
 )
 
-func generateBaseSolrCloudWithSecretTLS(ctx context.Context, replicas int, includeClientTLS bool) (solrCloud *solrv1beta1.SolrCloud) {
+func generateBaseSolrCloudWithSecretTLS(ctx context.Context, replicas int, includeClientTLS bool, createKeyStore bool) (solrCloud *solrv1beta1.SolrCloud) {
 	solrCloud = generateBaseSolrCloud(replicas)
 
-	solrCertSecret, tlsPasswordSecret, clientCertSecret, clientTlsPasswordSecret := generateSolrCert(ctx, solrCloud, includeClientTLS)
+	solrCertSecret, tlsPasswordSecret, clientCertSecret, clientTlsPasswordSecret := generateSolrCert(ctx, solrCloud, includeClientTLS, createKeyStore)
 
 	solrCloud.Spec.SolrTLS = &solrv1beta1.SolrTLSOptions{
 		PKCS12Secret: &corev1.SecretKeySelector{
@@ -303,7 +304,7 @@ func installSolrIssuer(ctx context.Context, namespace string) {
 	expectSecret(ctx, clusterCA, secretName)
 }
 
-func generateSolrCert(ctx context.Context, solrCloud *solrv1beta1.SolrCloud, includeClientTLS bool) (certSecretName string, tlsPasswordSecretName string, clientTLSCertSecretName string, clientTLSPasswordSecretName string) {
+func generateSolrCert(ctx context.Context, solrCloud *solrv1beta1.SolrCloud, includeClientTLS bool, createKeyStore bool) (certSecretName string, tlsPasswordSecretName string, clientTLSCertSecretName string, clientTLSPasswordSecretName string) {
 	// First create a secret to use as a password for the keystore/truststore
 	tlsPasswordSecret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -338,7 +339,7 @@ func generateSolrCert(ctx context.Context, solrCloud *solrv1beta1.SolrCloud, inc
 			SecretName: certSecretName,
 			Keystores: &certmanagerv1.CertificateKeystores{
 				PKCS12: &certmanagerv1.PKCS12Keystore{
-					Create: true,
+					Create: createKeyStore,
 					PasswordSecretRef: certmanagermetav1.SecretKeySelector{
 						LocalObjectReference: certmanagermetav1.LocalObjectReference{
 							Name: tlsPasswordSecret.Name,