Skip to content

Commit 6d2fe98

Browse files
stuggistuggi
committed
Fix DataPlaneNodeSet tls verification
The dataplane connects vi the metallb loadbalancer k8s service to the pods exposed to them. If TLS is configured for those is controlled via the tls.podLevel configuraturation of the ctlplane. Right now the implementation checks for both tls.ingress and tls.podLevel configuration. With this it is not possible to deploy edpm nodes with tls.podLevel disabled. This change updates the verification to just check that spec.tlsEnabled of the DataPlaneNodeSet matches tls.podLevel of the ctlplane. Signed-off-by: Martin Schuppert <[email protected]>
1 parent fdde812 commit 6d2fe98

File tree

3 files changed

+9
-10
lines changed

3 files changed

+9
-10
lines changed

apis/dataplane/v1beta1/openstackdataplanenodeset_types.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -335,15 +335,14 @@ func (r *OpenStackDataPlaneNodeSetSpec) ValidateTLS(namespace string, reconciler
335335
// Do TLS flags match in control plane ingress, pods and data plane
336336
func (r *OpenStackDataPlaneNodeSetSpec) TLSMatch(controlPlane openstackv1.OpenStackControlPlane) *field.Error {
337337

338-
if controlPlane.Spec.TLS.Ingress.Enabled != r.TLSEnabled || controlPlane.Spec.TLS.PodLevel.Enabled != r.TLSEnabled {
338+
if controlPlane.Spec.TLS.PodLevel.Enabled != r.TLSEnabled {
339339

340340
return field.Forbidden(
341341
field.NewPath("spec.tlsEnabled"),
342342
fmt.Sprintf(
343-
"TLS settings on Data Plane node set and Control Plane %s do not match, Node set: %t Control Plane Ingress: %t Control Plane PodLevel: %t",
343+
"TLS settings on Data Plane node set and Control Plane %s do not match, Node set: %t Control Plane PodLevel: %t",
344344
controlPlane.Name,
345345
r.TLSEnabled,
346-
controlPlane.Spec.TLS.Ingress.Enabled,
347346
controlPlane.Spec.TLS.PodLevel.Enabled))
348347
}
349348
return nil

tests/functional/dataplane/base_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -465,7 +465,7 @@ func CreateOpenStackControlPlane(name types.NamespacedName, spec map[string]inte
465465
return th.CreateUnstructured(raw)
466466
}
467467

468-
func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{} {
468+
func GetDefaultOpenStackControlPlaneSpec(tlsIngress bool, tlsPodlevel bool) map[string]interface{} {
469469
memcachedTemplate := map[string]interface{}{
470470
"memcached": map[string]interface{}{
471471
"replicas": 1,
@@ -513,7 +513,7 @@ func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{}
513513
},
514514
"tls": map[string]interface{}{
515515
"ingress": map[string]interface{}{
516-
"enabled": enableTLS,
516+
"enabled": tlsIngress,
517517

518518
"ca": map[string]interface{}{
519519
"customIssuer": "custom-issuer",
@@ -524,7 +524,7 @@ func GetDefaultOpenStackControlPlaneSpec(enableTLS bool) map[string]interface{}
524524
},
525525
},
526526
"podLevel": map[string]interface{}{
527-
"enabled": enableTLS,
527+
"enabled": tlsPodlevel,
528528
"internal": map[string]interface{}{
529529
"ca": map[string]interface{}{
530530
"duration": "100h",

tests/functional/dataplane/openstackdataplanedeployment_controller_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1563,7 +1563,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
15631563
})
15641564
})
15651565

1566-
When("A user sets TLSEnabled to true with control plane TLS disabled", func() {
1566+
When("A user sets TLSEnabled to true with control plane with PodLevel TLS disabled", func() {
15671567
BeforeEach(func() {
15681568
CreateSSHSecret(dataplaneSSHSecretName)
15691569
DeferCleanup(th.DeleteInstance, th.CreateSecret(neutronOvnMetadataSecretName, map[string][]byte{
@@ -1596,7 +1596,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
15961596
SimulateIPSetComplete(dataplaneNodeName)
15971597
SimulateDNSDataComplete(dataplaneNodeSetName)
15981598

1599-
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(false)))
1599+
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true, false)))
16001600
})
16011601

16021602
It("Should have Spec fields initialized", func() {
@@ -1661,7 +1661,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
16611661

16621662
})
16631663

1664-
When("A user sets TLSEnabled to true with control plane TLS enabled", func() {
1664+
When("A user sets TLSEnabled to true with control plane PodLevel TLS enabled", func() {
16651665
BeforeEach(func() {
16661666
CreateSSHSecret(dataplaneSSHSecretName)
16671667
DeferCleanup(th.DeleteInstance, th.CreateSecret(neutronOvnMetadataSecretName, map[string][]byte{
@@ -1695,7 +1695,7 @@ var _ = Describe("Dataplane Deployment Test", func() {
16951695
SimulateIPSetComplete(dataplaneNodeName)
16961696
SimulateDNSDataComplete(dataplaneNodeSetName)
16971697

1698-
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true)))
1698+
DeferCleanup(th.DeleteInstance, CreateOpenStackControlPlane(controlPlaneName, GetDefaultOpenStackControlPlaneSpec(true, true)))
16991699
})
17001700

17011701
It("Should have Spec fields initialized", func() {

0 commit comments

Comments
 (0)