ESO-155: Fixes bitwarden deployment to use custom certificates

bharath-b-rh · bharath-b-rh · commit bdfeb5063b52 · 2025-10-08T11:22:31.000+05:30
Signed-off-by: Bharath B &lt;bhb@redhat.com&gt;
diff --git a/pkg/controller/external_secrets/deployments.go b/pkg/controller/external_secrets/deployments.go
@@ -392,10 +392,21 @@ func updateBitwardenServerContainerSpec(deployment *appsv1.Deployment, image str
 }
 
 func updateBitwardenVolumeConfig(deployment *appsv1.Deployment, esc *operatorv1alpha1.ExternalSecretsConfig) {
+	const certsVolumeName = "bitwarden-tls-certs"
+
 	if esc.Spec.Plugins.BitwardenSecretManagerProvider.SecretRef != nil &&
 		esc.Spec.Plugins.BitwardenSecretManagerProvider.SecretRef.Name != "" {
+		if deployment.Spec.Template.Spec.Volumes == nil {
+			deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, corev1.Volume{
+				Name: certsVolumeName,
+			})
+		}
+
 		for i := range deployment.Spec.Template.Spec.Volumes {
-			if deployment.Spec.Template.Spec.Volumes[i].Name == "bitwarden-tls-certs" {
+			if deployment.Spec.Template.Spec.Volumes[i].Name == certsVolumeName {
+				if deployment.Spec.Template.Spec.Volumes[i].Secret == nil {
+					deployment.Spec.Template.Spec.Volumes[i].Secret = &corev1.SecretVolumeSource{}
+				}
 				deployment.Spec.Template.Spec.Volumes[i].Secret.SecretName = esc.Spec.Plugins.BitwardenSecretManagerProvider.SecretRef.Name
 			}
 		}
diff --git a/pkg/controller/external_secrets/deployments_test.go b/pkg/controller/external_secrets/deployments_test.go
@@ -477,7 +477,7 @@ func TestCreateOrApplyDeployments(t *testing.T) {
 					switch o := obj.(type) {
 					case *appsv1.Deployment:
 						// Create a deployment with bitwarden-tls-certs volume to test volume update
-						deployment := testDeployment(certControllerDeploymentAssetName)
+						deployment := testDeployment(bitwardenDeploymentAssetName)
 						deployment.Spec.Template.Spec.Volumes = []corev1.Volume{
 							{
 								Name: "bitwarden-tls-certs",
@@ -488,11 +488,6 @@ func TestCreateOrApplyDeployments(t *testing.T) {
 								},
 							},
 						}
-						// Add a bitwarden-sdk-server container to test container image update
-						deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, corev1.Container{
-							Name:  "bitwarden-sdk-server",
-							Image: "initial-bitwarden-image:latest",
-						})
 						deployment.DeepCopyInto(o)
 					}
 					return true, nil
@@ -550,11 +545,9 @@ func TestCreateOrApplyDeployments(t *testing.T) {
 				for _, container := range deployment.Spec.Template.Spec.Containers {
 					if container.Name == "bitwarden-sdk-server" {
 						foundContainer = true
-						if container.Image == "initial-bitwarden-image:latest" {
-							t.Error("bitwarden-sdk-server container image should have been updated from initial value")
+						if container.Image != commontest.TestBitwardenImageName {
+							t.Errorf("bitwarden-sdk-server container image should be %s, got: %s", commontest.TestBitwardenImageName, container.Image)
 						}
-						// The reconciler should update this to the value from environment variable
-						// We set RELATED_IMAGE_BITWARDEN_SDK_SERVER in the test
 						break
 					}
 				}

Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,7 @@ func TestCreateOrApplyDeployments(t *testing.T) {`
`477`	`477`	`switch o := obj.(type) {`
`478`	`478`	`case *appsv1.Deployment:`
`479`	`479`	`// Create a deployment with bitwarden-tls-certs volume to test volume update`
`480`		`- deployment := testDeployment(certControllerDeploymentAssetName)`
	`480`	`+ deployment := testDeployment(bitwardenDeploymentAssetName)`
`481`	`481`	`deployment.Spec.Template.Spec.Volumes = []corev1.Volume{`
`482`	`482`	`{`
`483`	`483`	`Name: "bitwarden-tls-certs",`
`@@ -488,11 +488,6 @@ func TestCreateOrApplyDeployments(t *testing.T) {`
`488`	`488`	`},`
`489`	`489`	`},`
`490`	`490`	`}`
`491`		`- // Add a bitwarden-sdk-server container to test container image update`
`492`		`- deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, corev1.Container{`
`493`		`- Name: "bitwarden-sdk-server",`
`494`		`- Image: "initial-bitwarden-image:latest",`
`495`		`- })`
`496`	`491`	`deployment.DeepCopyInto(o)`
`497`	`492`	`}`
`498`	`493`	`return true, nil`
`@@ -550,11 +545,9 @@ func TestCreateOrApplyDeployments(t *testing.T) {`
`550`	`545`	`for _, container := range deployment.Spec.Template.Spec.Containers {`
`551`	`546`	`if container.Name == "bitwarden-sdk-server" {`
`552`	`547`	`foundContainer = true`
`553`		`- if container.Image == "initial-bitwarden-image:latest" {`
`554`		`- t.Error("bitwarden-sdk-server container image should have been updated from initial value")`
	`548`	`+ if container.Image != commontest.TestBitwardenImageName {`
	`549`	`+ t.Errorf("bitwarden-sdk-server container image should be %s, got: %s", commontest.TestBitwardenImageName, container.Image)`
`555`	`550`	`}`
`556`		`- // The reconciler should update this to the value from environment variable`
`557`		`- // We set RELATED_IMAGE_BITWARDEN_SDK_SERVER in the test`
`558`	`551`	`break`
`559`	`552`	`}`
`560`	`553`	`}`