Skip to content

Commit c3e250b

Browse files
JuanmaBMclaude
JuanmaBM
and
claude
committed
test: fix KUTTL CA test assertions
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent eaff17c commit c3e250b

15 files changed

Lines changed: 285 additions & 77 deletions

File tree

controllers/cloud.redhat.com/version.txt

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +0,0 @@
1-
v0.100.0-413-g1904f7a8

tests/kuttl/test-ca-bundle/00-install.yaml

Lines changed: 38 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,42 @@ spec:
9696
cpu: 30m
9797
memory: 512Mi
9898
---
99+
apiVersion: cert-manager.io/v1
100+
kind: Issuer
101+
metadata:
102+
name: selfsigned-issuer
103+
namespace: test-ca-bundle
104+
spec:
105+
selfSigned: {}
106+
---
107+
apiVersion: cert-manager.io/v1
108+
kind: Certificate
109+
metadata:
110+
name: test-app-bundle-api-cert
111+
namespace: test-ca-bundle
112+
spec:
113+
dnsNames:
114+
- test-app-bundle-api.test-ca-bundle.svc
115+
- test-app-bundle-api.test-ca-bundle.svc.cluster.local
116+
issuerRef:
117+
kind: Issuer
118+
name: selfsigned-issuer
119+
secretName: test-app-bundle-api-serving-cert
120+
---
121+
apiVersion: cert-manager.io/v1
122+
kind: Certificate
123+
metadata:
124+
name: test-dep-bundle-worker-cert
125+
namespace: test-ca-bundle
126+
spec:
127+
dnsNames:
128+
- test-dep-bundle-worker.test-ca-bundle.svc
129+
- test-dep-bundle-worker.test-ca-bundle.svc.cluster.local
130+
issuerRef:
131+
kind: Issuer
132+
name: selfsigned-issuer
133+
secretName: test-dep-bundle-worker-serving-cert
134+
---
99135
apiVersion: cloud.redhat.com/v1alpha1
100136
kind: ClowdApp
101137
metadata:
@@ -107,7 +143,7 @@ spec:
107143
deployments:
108144
- name: api
109145
podSpec:
110-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
146+
image: quay.io/psav/clowder-hello
111147
webServices:
112148
public:
113149
enabled: true
@@ -125,7 +161,7 @@ spec:
125161
deployments:
126162
- name: worker
127163
podSpec:
128-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
164+
image: quay.io/psav/clowder-hello
129165
webServices:
130166
public:
131167
enabled: true

tests/kuttl/test-ca-bundle/01-pods.yaml renamed to tests/kuttl/test-ca-bundle/01-assert.yaml

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,19 @@
11
---
2+
apiVersion: kuttl.dev/v1beta1
3+
kind: TestAssert
4+
collectors:
5+
- type: command
6+
command: bash ../_common/collect-events.sh
7+
timeout: 10
8+
---
29
apiVersion: apps/v1
310
kind: Deployment
411
metadata:
512
name: test-app-bundle-api
613
namespace: test-ca-bundle
7-
status:
8-
readyReplicas: 1
914
---
1015
apiVersion: apps/v1
1116
kind: Deployment
1217
metadata:
1318
name: test-dep-bundle-worker
1419
namespace: test-ca-bundle
15-
status:
16-
readyReplicas: 1

tests/kuttl/test-ca-bundle/02-assert.yaml

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -24,15 +24,12 @@ spec:
2424
template:
2525
spec:
2626
volumes:
27+
- name: config-secret
28+
- name: caddy-config
29+
- name: caddy-tls
2730
- name: tls-ca
2831
secret:
2932
secretName: test-ca-bundle-ca-bundle
30-
metadata:
31-
annotations:
32-
clowder/ca-secret-hash: "?*"
33-
configHash: "?*"
34-
status:
35-
readyReplicas: 1
3633
---
3734
# Verify dependency deployment mounts bundle secret
3835
apiVersion: apps/v1
@@ -44,12 +41,9 @@ spec:
4441
template:
4542
spec:
4643
volumes:
44+
- name: config-secret
45+
- name: caddy-config
46+
- name: caddy-tls
4747
- name: tls-ca
4848
secret:
4949
secretName: test-ca-bundle-ca-bundle
50-
metadata:
51-
annotations:
52-
clowder/ca-secret-hash: "?*"
53-
configHash: "?*"
54-
status:
55-
readyReplicas: 1

tests/kuttl/test-ca-default/00-install.yaml

Lines changed: 57 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,25 @@ spec:
77
finalizers:
88
- kubernetes
99
---
10+
apiVersion: v1
11+
kind: ConfigMap
12+
metadata:
13+
name: openshift-service-ca.crt
14+
namespace: test-ca-default
15+
data:
16+
service-ca.crt: |
17+
-----BEGIN CERTIFICATE-----
18+
MIICpDCCAYwCCQDU9VZB8Z4e4DANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
19+
b2NhbGhvc3QwHhcNMjYwMTAxMDAwMDAwWhcNMjcwMTAxMDAwMDAwWjAUMRIwEAYD
20+
VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
21+
VJTUt9Us8cKjMzEfYyjiWA4R4/M2bS1+fWIcPm7Gk0jnA+Im2L+f4LcgJvI7+vUQ
22+
t7HBahJW/8KP3h5nGxSJLJwMW2X7dQ3bJ3YRAhQg3pTLqBqIUJHkrFT9j5zMKhVi
23+
vZlkWUPHC/5g4R0zJ2kGZTMjVwJjTGtKfGnLJ9fWI3SWhTLT4DdPCZJxBWwQ/S7W
24+
nZYaBVbvPBCG7K2CpAGNSZLT8FJxNpBJCDdvPX5p7dYVZKJHLR8C0vGDMLhqLghv
25+
HS7oOLNbDLZWLWL7h7MNtWGWdQdJBJqLBWCKbNJLdh4hN2oIWLAXGSQZ+8CgLKmU
26+
vEJBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAVU4R4CpT1jWJR9WQNp9z7Z8rLl
27+
-----END CERTIFICATE-----
28+
---
1029
apiVersion: cloud.redhat.com/v1alpha1
1130
kind: ClowdEnvironment
1231
metadata:
@@ -43,6 +62,42 @@ spec:
4362
cpu: 30m
4463
memory: 512Mi
4564
---
65+
apiVersion: cert-manager.io/v1
66+
kind: Issuer
67+
metadata:
68+
name: selfsigned-issuer
69+
namespace: test-ca-default
70+
spec:
71+
selfSigned: {}
72+
---
73+
apiVersion: cert-manager.io/v1
74+
kind: Certificate
75+
metadata:
76+
name: test-app-default-api-cert
77+
namespace: test-ca-default
78+
spec:
79+
dnsNames:
80+
- test-app-default-api.test-ca-default.svc
81+
- test-app-default-api.test-ca-default.svc.cluster.local
82+
issuerRef:
83+
kind: Issuer
84+
name: selfsigned-issuer
85+
secretName: test-app-default-api-serving-cert
86+
---
87+
apiVersion: cert-manager.io/v1
88+
kind: Certificate
89+
metadata:
90+
name: test-dep-default-worker-cert
91+
namespace: test-ca-default
92+
spec:
93+
dnsNames:
94+
- test-dep-default-worker.test-ca-default.svc
95+
- test-dep-default-worker.test-ca-default.svc.cluster.local
96+
issuerRef:
97+
kind: Issuer
98+
name: selfsigned-issuer
99+
secretName: test-dep-default-worker-serving-cert
100+
---
46101
apiVersion: cloud.redhat.com/v1alpha1
47102
kind: ClowdApp
48103
metadata:
@@ -53,7 +108,7 @@ spec:
53108
deployments:
54109
- name: api
55110
podSpec:
56-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
111+
image: quay.io/psav/clowder-hello
57112
webServices:
58113
public:
59114
enabled: true
@@ -70,7 +125,7 @@ spec:
70125
deployments:
71126
- name: worker
72127
podSpec:
73-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
128+
image: quay.io/psav/clowder-hello
74129
webServices:
75130
public:
76131
enabled: true

tests/kuttl/test-ca-default/01-pods.yaml renamed to tests/kuttl/test-ca-default/01-assert.yaml

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,19 @@
11
---
2+
apiVersion: kuttl.dev/v1beta1
3+
kind: TestAssert
4+
collectors:
5+
- type: command
6+
command: bash ../_common/collect-events.sh
7+
timeout: 10
8+
---
29
apiVersion: apps/v1
310
kind: Deployment
411
metadata:
512
name: test-app-default-api
613
namespace: test-ca-default
7-
status:
8-
readyReplicas: 1
914
---
1015
apiVersion: apps/v1
1116
kind: Deployment
1217
metadata:
1318
name: test-dep-default-worker
1419
namespace: test-ca-default
15-
status:
16-
readyReplicas: 1

tests/kuttl/test-ca-default/02-assert.yaml

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -16,24 +16,13 @@ spec:
1616
template:
1717
spec:
1818
volumes:
19+
- name: config-secret
20+
- name: caddy-config
21+
- name: caddy-tls
1922
- name: tls-ca
2023
configMap:
2124
name: openshift-service-ca.crt
2225
---
23-
# Verify no CA secret hash annotation (ConfigMap scenario)
24-
apiVersion: apps/v1
25-
kind: Deployment
26-
metadata:
27-
name: test-app-default-api
28-
namespace: test-ca-default
29-
spec:
30-
template:
31-
metadata:
32-
annotations:
33-
configHash: "?*"
34-
status:
35-
readyReplicas: 1
36-
---
3726
# Verify dependency deployment also uses default CA
3827
apiVersion: apps/v1
3928
kind: Deployment
@@ -44,8 +33,9 @@ spec:
4433
template:
4534
spec:
4635
volumes:
36+
- name: config-secret
37+
- name: caddy-config
38+
- name: caddy-tls
4739
- name: tls-ca
4840
configMap:
4941
name: openshift-service-ca.crt
50-
status:
51-
readyReplicas: 1

tests/kuttl/test-ca-override/00-install.yaml

Lines changed: 67 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,14 @@ spec:
88
- kubernetes
99
---
1010
apiVersion: v1
11+
kind: Namespace
12+
metadata:
13+
name: cert-store-override
14+
spec:
15+
finalizers:
16+
- kubernetes
17+
---
18+
apiVersion: v1
1119
kind: Secret
1220
metadata:
1321
name: my-team-certs
@@ -27,6 +35,26 @@ stringData:
2735
QovezZ/T/Y+w/jfcfNSMMRX/G8wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCXWV6T
2836
-----END CERTIFICATE-----
2937
---
38+
apiVersion: v1
39+
kind: Secret
40+
metadata:
41+
name: custom-ca-1
42+
namespace: cert-store-override
43+
type: Opaque
44+
stringData:
45+
ca.crt: |
46+
-----BEGIN CERTIFICATE-----
47+
MIICpDCCAYwCCQDU9VZB8Z4e4DANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
48+
b2NhbGhvc3QwHhcNMjYwMTAxMDAwMDAwWhcNMjcwMTAxMDAwMDAwWjAUMRIwEAYD
49+
VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
50+
VJTUt9Us8cKjMzEfYyjiWA4R4/M2bS1+fWIcPm7Gk0jnA+Im2L+f4LcgJvI7+vUQ
51+
t7HBahJW/8KP3h5nGxSJLJwMW2X7dQ3bJ3YRAhQg3pTLqBqIUJHkrFT9j5zMKhVi
52+
vZlkWUPHC/5g4R0zJ2kGZTMjVwJjTGtKfGnLJ9fWI3SWhTLT4DdPCZJxBWwQ/S7W
53+
nZYaBVbvPBCG7K2CpAGNSZLT8FJxNpBJCDdvPX5p7dYVZKJHLR8C0vGDMLhqLghv
54+
HS7oOLNbDLZWLWL7h7MNtWGWdQdJBJqLBWCKbNJLdh4hN2oIWLAXGSQZ+8CgLKmU
55+
vEJBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAVU4R4CpT1jWJR9WQNp9z7Z8rLl
56+
-----END CERTIFICATE-----
57+
---
3058
apiVersion: cloud.redhat.com/v1alpha1
3159
kind: ClowdEnvironment
3260
metadata:
@@ -43,7 +71,7 @@ spec:
4371
privatePort: 10443
4472
certificateAuthorities:
4573
- name: custom-ca-1
46-
namespace: cert-store
74+
namespace: cert-store-override
4775
metrics:
4876
port: 9000
4977
mode: operator
@@ -66,6 +94,42 @@ spec:
6694
cpu: 30m
6795
memory: 512Mi
6896
---
97+
apiVersion: cert-manager.io/v1
98+
kind: Issuer
99+
metadata:
100+
name: selfsigned-issuer
101+
namespace: test-ca-override
102+
spec:
103+
selfSigned: {}
104+
---
105+
apiVersion: cert-manager.io/v1
106+
kind: Certificate
107+
metadata:
108+
name: test-app-override-api-cert
109+
namespace: test-ca-override
110+
spec:
111+
dnsNames:
112+
- test-app-override-api.test-ca-override.svc
113+
- test-app-override-api.test-ca-override.svc.cluster.local
114+
issuerRef:
115+
kind: Issuer
116+
name: selfsigned-issuer
117+
secretName: test-app-override-api-serving-cert
118+
---
119+
apiVersion: cert-manager.io/v1
120+
kind: Certificate
121+
metadata:
122+
name: test-dep-override-worker-cert
123+
namespace: test-ca-override
124+
spec:
125+
dnsNames:
126+
- test-dep-override-worker.test-ca-override.svc
127+
- test-dep-override-worker.test-ca-override.svc.cluster.local
128+
issuerRef:
129+
kind: Issuer
130+
name: selfsigned-issuer
131+
secretName: test-dep-override-worker-serving-cert
132+
---
69133
apiVersion: cloud.redhat.com/v1alpha1
70134
kind: ClowdApp
71135
metadata:
@@ -78,7 +142,7 @@ spec:
78142
deployments:
79143
- name: api
80144
podSpec:
81-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
145+
image: quay.io/psav/clowder-hello
82146
webServices:
83147
public:
84148
enabled: true
@@ -96,7 +160,7 @@ spec:
96160
deployments:
97161
- name: worker
98162
podSpec:
99-
image: quay.io/cloudservices/insights-puptoo:1cde2bd
163+
image: quay.io/psav/clowder-hello
100164
webServices:
101165
public:
102166
enabled: true

0 commit comments

Comments
 (0)