diff --git a/pkg/ansibletest/pod.go b/pkg/ansibletest/pod.go index 9ae0b773..71249e19 100644 --- a/pkg/ansibletest/pod.go +++ b/pkg/ansibletest/pod.go @@ -49,7 +49,7 @@ func Pod( Image: containerImage, Args: []string{}, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: GetVolumeMounts(mountCerts, AnsibleTestPropagation, instance, externalWorkflowCounter), + VolumeMounts: GetVolumeMounts(instance, mountCerts, AnsibleTestPropagation, externalWorkflowCounter), SecurityContext: &securityContext, Resources: instance.Spec.Resources, }, diff --git a/pkg/ansibletest/volumes.go b/pkg/ansibletest/volumes.go index 67699997..4ce5c8f3 100644 --- a/pkg/ansibletest/volumes.go +++ b/pkg/ansibletest/volumes.go @@ -7,7 +7,12 @@ import ( corev1 "k8s.io/api/core/v1" ) -// GetVolumes - +const ( + computeName = "compute-ssh-secret" + workloadName = "workload-ssh-secret" +) + +// GetVolumes - returns a list of volumes for the test pod func GetVolumes( instance *testv1beta1.AnsibleTest, logsPVCName string, @@ -16,258 +21,74 @@ func GetVolumes( externalWorkflowCounter int, ) []corev1.Volume { - var scriptsVolumeConfidentialMode int32 = 0420 - var tlsCertificateMode int32 = 0444 - var privateKeyMode int32 = 0600 - var publicInfoMode int32 = 0744 - - //source_type := corev1.HostPathDirectoryOrCreate volumes := []corev1.Volume{ - { - Name: "openstack-config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: "openstack-config", - }, - }, - }, - }, - { - Name: "openstack-config-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &tlsCertificateMode, - SecretName: "openstack-config-secret", - }, - }, - }, - { - Name: "test-operator-logs", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: logsPVCName, - ReadOnly: false, - }, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, + util.CreateOpenstackConfigMapVolume("openstack-config"), + util.CreateOpenstackConfigSecretVolume(), + util.CreateLogsPVCVolume(logsPVCName), + util.CreateWorkdirVolume(), + util.CreateTmpVolume(), } if mountCerts { - caCertsVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - SecretName: "combined-ca-bundle", - }, - }, - } - - volumes = append(volumes, caCertsVolume) + volumes = util.AppendCACertsVolume(volumes) } - keysVolume := corev1.Volume{ - Name: "compute-ssh-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: instance.Spec.ComputeSSHKeySecretName, - DefaultMode: &privateKeyMode, - }, - }, - } - - volumes = append(volumes, keysVolume) + volumes = util.AppendSSHKeyVolume(volumes, computeName, instance.Spec.ComputeSSHKeySecretName) if instance.Spec.WorkloadSSHKeySecretName != "" { - keysVolume = corev1.Volume{ - Name: "workload-ssh-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: instance.Spec.WorkloadSSHKeySecretName, - DefaultMode: &privateKeyMode, - }, - }, - } - - volumes = append(volumes, keysVolume) + volumes = util.AppendSSHKeyVolume(volumes, workloadName, instance.Spec.WorkloadSSHKeySecretName) } - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - for _, v := range vol.Volumes { - volumeSource, _ := v.ToCoreVolumeSource() - convertedVolume := corev1.Volume{ - Name: v.Name, - VolumeSource: *volumeSource, - } - volumes = append(volumes, convertedVolume) - } - } - } - - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - extraVol := corev1.Volume{ - Name: vol.Name, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &publicInfoMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: vol.Name, - }, - }, - }, - } + volumes = util.AppendExtraMountsVolumes(volumes, instance.Spec.ExtraMounts, svc) + volumes = util.AppendExtraConfigmapsVolumes(volumes, instance.Spec.ExtraConfigmapsMounts, util.ScriptsVolumeDefaultMode) - volumes = append(volumes, extraVol) + cmMounts := instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts + if len(instance.Spec.Workflow) > 0 && cmMounts != nil { + volumes = util.AppendExtraConfigmapsVolumes(volumes, *cmMounts, util.ScriptsVolumeDefaultMode) } - if len(instance.Spec.Workflow) > 0 && instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts != nil { - for _, vol := range *instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts { - extraWorkflowVol := corev1.Volume{ - Name: vol.Name, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &publicInfoMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: vol.Name, - }, - }, - }, - } - - volumes = append(volumes, extraWorkflowVol) - } - } return volumes } -// GetVolumeMounts - +// GetVolumeMounts - returns a list of volume mounts for the test container func GetVolumeMounts( + instance *testv1beta1.AnsibleTest, mountCerts bool, svc []storage.PropagationType, - instance *testv1beta1.AnsibleTest, externalWorkflowCounter int, ) []corev1.VolumeMount { volumeMounts := []corev1.VolumeMount{ - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - MountPath: "/var/lib/ansible", - ReadOnly: false, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - MountPath: "/tmp", - ReadOnly: false, - }, - { - Name: "test-operator-logs", - MountPath: "/var/lib/AnsibleTests/external_files", - ReadOnly: false, - }, - { - Name: "openstack-config", - MountPath: "/etc/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config", - MountPath: "/var/lib/ansible/.config/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config-secret", - MountPath: "/var/lib/ansible/.config/openstack/secure.yaml", - ReadOnly: false, - SubPath: "secure.yaml", - }, + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameWorkdir, "/var/lib/ansible", false), + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameTmp, "/tmp", false), + util.CreateVolumeMount(util.TestOperatorLogsVolumeName, "/var/lib/AnsibleTests/external_files", false), + util.CreateOpenstackConfigVolumeMount("/etc/openstack/clouds.yaml"), + util.CreateOpenstackConfigVolumeMount("/var/lib/ansible/.config/openstack/clouds.yaml"), + util.CreateOpenstackConfigSecretVolumeMount("/var/lib/ansible/.config/openstack/secure.yaml"), } if mountCerts { - caCertVolumeMount := corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) - - caCertVolumeMount = corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/tls/certs/ca-bundle.trust.crt", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) - } - - if instance.Spec.WorkloadSSHKeySecretName != "" { - workloadSSHKeyMount := corev1.VolumeMount{ - Name: "workload-ssh-secret", - MountPath: "/var/lib/ansible/test_keypair.key", - SubPath: "ssh-privatekey", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, workloadSSHKeyMount) - } - - computeSSHKeyMount := corev1.VolumeMount{ - Name: "compute-ssh-secret", - MountPath: "/var/lib/ansible/.ssh/compute_id", - SubPath: "ssh-privatekey", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, computeSSHKeyMount) - - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - volumeMounts = append(volumeMounts, vol.Mounts...) - } + volumeMounts = append(volumeMounts, + util.CreateCACertVolumeMount("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"), + util.CreateCACertVolumeMount("/etc/pki/tls/certs/ca-bundle.trust.crt"), + ) } - for _, vol := range instance.Spec.ExtraConfigmapsMounts { + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath(computeName, "/var/lib/ansible/.ssh/compute_id", "ssh-privatekey", true), + ) - extraConfigmapsMounts := corev1.VolumeMount{ - Name: vol.Name, - MountPath: vol.MountPath, - SubPath: vol.SubPath, - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, extraConfigmapsMounts) + if instance.Spec.WorkloadSSHKeySecretName != "" { + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath(workloadName, "/var/lib/ansible/test_keypair.key", "ssh-privatekey", true), + ) } - if len(instance.Spec.Workflow) > 0 && instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts != nil { - for _, vol := range *instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts { - - extraConfigmapsMounts := corev1.VolumeMount{ - Name: vol.Name, - MountPath: vol.MountPath, - SubPath: vol.SubPath, - ReadOnly: true, - } + volumeMounts = util.AppendExtraMountsVolumeMounts(volumeMounts, instance.Spec.ExtraMounts, svc) + volumeMounts = util.AppendExtraConfigmapsVolumeMounts(volumeMounts, instance.Spec.ExtraConfigmapsMounts) - volumeMounts = append(volumeMounts, extraConfigmapsMounts) - } + cmMounts := instance.Spec.Workflow[externalWorkflowCounter].ExtraConfigmapsMounts + if len(instance.Spec.Workflow) > 0 && cmMounts != nil { + volumeMounts = util.AppendExtraConfigmapsVolumeMounts(volumeMounts, *cmMounts) } return volumeMounts diff --git a/pkg/horizontest/pod.go b/pkg/horizontest/pod.go index b59eeea2..c3df846e 100644 --- a/pkg/horizontest/pod.go +++ b/pkg/horizontest/pod.go @@ -49,7 +49,7 @@ func Pod( Image: containerImage, Args: []string{}, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: GetVolumeMounts(mountCerts, mountKubeconfig, HorizonTestPropagation, instance), + VolumeMounts: GetVolumeMounts(instance, mountCerts, mountKubeconfig, HorizonTestPropagation), SecurityContext: &securityContext, Resources: instance.Spec.Resources, }, diff --git a/pkg/horizontest/volumes.go b/pkg/horizontest/volumes.go index 6402fb6c..af325549 100644 --- a/pkg/horizontest/volumes.go +++ b/pkg/horizontest/volumes.go @@ -7,7 +7,7 @@ import ( corev1 "k8s.io/api/core/v1" ) -// GetVolumes - +// GetVolumes - returns a list of volumes for the test pod func GetVolumes( instance *testv1beta1.HorizonTest, logsPVCName string, @@ -16,222 +16,62 @@ func GetVolumes( svc []storage.PropagationType, ) []corev1.Volume { - var scriptsVolumeDefaultMode int32 = 0755 - var scriptsVolumeConfidentialMode int32 = 0420 - var tlsCertificateMode int32 = 0444 - var publicInfoMode int32 = 0744 + horizonTestConfig := "horizontest-config" volumes := []corev1.Volume{ - { - Name: "horizontest-config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeDefaultMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: instance.Name + "horizontest-config", - }, - }, - }, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: util.TestOperatorCloudsConfigMapName, - }, - }, - }, - }, - { - Name: "openstack-config-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &tlsCertificateMode, - SecretName: "openstack-config-secret", - }, - }, - }, - { - Name: "test-operator-logs", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: logsPVCName, - ReadOnly: false, - }, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, + util.CreateConfigMapVolume(horizonTestConfig, instance.Name+horizonTestConfig, util.ScriptsVolumeDefaultMode), + util.CreateOpenstackConfigMapVolume(util.TestOperatorCloudsConfigMapName), + util.CreateOpenstackConfigSecretVolume(), + util.CreateLogsPVCVolume(logsPVCName), + util.CreateWorkdirVolume(), + util.CreateTmpVolume(), } if mountCerts { - caCertsVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - SecretName: "combined-ca-bundle", - }, - }, - } - - volumes = append(volumes, caCertsVolume) + volumes = util.AppendCACertsVolume(volumes) } if mountKubeconfig { - kubeconfigVolume := corev1.Volume{ - Name: "kubeconfig", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: instance.Spec.KubeconfigSecretName, - Items: []corev1.KeyToPath{ - { - Key: "config", - Path: "config", - }, - }, - }, - }, - } - - volumes = append(volumes, kubeconfigVolume) + volumes = util.AppendKubeconfigVolume(volumes, instance.Spec.KubeconfigSecretName) } - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - for _, v := range vol.Volumes { - volumeSource, _ := v.ToCoreVolumeSource() - convertedVolume := corev1.Volume{ - Name: v.Name, - VolumeSource: *volumeSource, - } - volumes = append(volumes, convertedVolume) - } - } - } - - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - extraVol := corev1.Volume{ - Name: vol.Name, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &publicInfoMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: vol.Name, - }, - }, - }, - } - - volumes = append(volumes, extraVol) - } + volumes = util.AppendExtraMountsVolumes(volumes, instance.Spec.ExtraMounts, svc) + volumes = util.AppendExtraConfigmapsVolumes(volumes, instance.Spec.ExtraConfigmapsMounts, util.PublicInfoMode) return volumes } -// GetVolumeMounts - +// GetVolumeMounts - returns a list of volume mounts for the test container func GetVolumeMounts( + instance *testv1beta1.HorizonTest, mountCerts bool, mountKubeconfig bool, svc []storage.PropagationType, - instance *testv1beta1.HorizonTest, ) []corev1.VolumeMount { volumeMounts := []corev1.VolumeMount{ - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - MountPath: "/var/lib/horizontest", - ReadOnly: false, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - MountPath: "/tmp", - ReadOnly: false, - }, - { - Name: "test-operator-logs", - MountPath: "/var/lib/horizontest/external_files", - ReadOnly: false, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - MountPath: "/var/lib/horizontest/.config/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - MountPath: "/etc/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config-secret", - MountPath: "/etc/openstack/secure.yaml", - ReadOnly: false, - SubPath: "secure.yaml", - }, + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameWorkdir, "/var/lib/horizontest", false), + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameTmp, "/tmp", false), + util.CreateVolumeMount(util.TestOperatorLogsVolumeName, "/var/lib/horizontest/external_files", false), + util.CreateTestOperatorCloudsConfigVolumeMount("/var/lib/horizontest/.config/openstack/clouds.yaml"), + util.CreateTestOperatorCloudsConfigVolumeMount("/etc/openstack/clouds.yaml"), + util.CreateOpenstackConfigSecretVolumeMount("/etc/openstack/secure.yaml"), } if mountCerts { - caCertVolumeMount := corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) - - caCertVolumeMount = corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/tls/certs/ca-bundle.trust.crt", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) + volumeMounts = append(volumeMounts, + util.CreateCACertVolumeMount("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"), + util.CreateCACertVolumeMount("/etc/pki/tls/certs/ca-bundle.trust.crt"), + ) } if mountKubeconfig { - kubeconfigMount := corev1.VolumeMount{ - Name: "kubeconfig", - MountPath: "/var/lib/horizontest/.kube/config", - SubPath: "config", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, kubeconfigMount) - } - - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - volumeMounts = append(volumeMounts, vol.Mounts...) - } + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath("kubeconfig", "/var/lib/horizontest/.kube/config", "config", true), + ) } - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - - extraMounts := corev1.VolumeMount{ - Name: vol.Name, - MountPath: vol.MountPath, - SubPath: vol.SubPath, - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, extraMounts) - } + volumeMounts = util.AppendExtraMountsVolumeMounts(volumeMounts, instance.Spec.ExtraMounts, svc) + volumeMounts = util.AppendExtraConfigmapsVolumeMounts(volumeMounts, instance.Spec.ExtraConfigmapsMounts) return volumeMounts } diff --git a/pkg/tempest/pod.go b/pkg/tempest/pod.go index 331d2c85..abc6423d 100644 --- a/pkg/tempest/pod.go +++ b/pkg/tempest/pod.go @@ -51,7 +51,7 @@ func Pod( Image: containerImage, Args: []string{}, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: GetVolumeMounts(mountCerts, mountSSHKey, TempestPropagation, instance), + VolumeMounts: GetVolumeMounts(instance, mountCerts, mountSSHKey, TempestPropagation), SecurityContext: &securityContext, Resources: instance.Spec.Resources, EnvFrom: []corev1.EnvFromSource{ diff --git a/pkg/tempest/volumes.go b/pkg/tempest/volumes.go index ca895182..1d2b69b1 100644 --- a/pkg/tempest/volumes.go +++ b/pkg/tempest/volumes.go @@ -7,7 +7,11 @@ import ( corev1 "k8s.io/api/core/v1" ) -// GetVolumes - +const ( + configData = "config-data" +) + +// GetVolumes - returns a list of volumes for the test pod func GetVolumes( instance *testv1beta1.Tempest, customDataConfigMapName string, @@ -17,219 +21,58 @@ func GetVolumes( svc []storage.PropagationType, ) []corev1.Volume { - var scriptsVolumeDefaultMode int32 = 0755 - var scriptsVolumeConfidentialMode int32 = 0420 - var tlsCertificateMode int32 = 0444 - var privateKeyMode int32 = 0600 - - //source_type := corev1.HostPathDirectoryOrCreate volumes := []corev1.Volume{ - { - Name: "config-data", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeDefaultMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: customDataConfigMapName, - }, - }, - }, - }, - { - Name: "openstack-config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: "openstack-config", - }, - }, - }, - }, - { - Name: "openstack-config-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &tlsCertificateMode, - SecretName: "openstack-config-secret", - }, - }, - }, - { - Name: "test-operator-logs", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: logsPVCName, - ReadOnly: false, - }, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, + util.CreateConfigMapVolume(configData, customDataConfigMapName, util.ScriptsVolumeDefaultMode), + util.CreateOpenstackConfigMapVolume("openstack-config"), + util.CreateOpenstackConfigSecretVolume(), + util.CreateLogsPVCVolume(logsPVCName), + util.CreateWorkdirVolume(), + util.CreateTmpVolume(), } if mountCerts { - caCertsVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - SecretName: "combined-ca-bundle", - }, - }, - } - - volumes = append(volumes, caCertsVolume) + volumes = util.AppendCACertsVolume(volumes) } if mountSSHKey { - sshKeyVolume := corev1.Volume{ - Name: "ssh-key", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: instance.Spec.SSHKeySecretName, - DefaultMode: &privateKeyMode, - Items: []corev1.KeyToPath{ - { - Key: "ssh-privatekey", - Path: "ssh_key", - }, - }, - }, - }, - } - - volumes = append(volumes, sshKeyVolume) + volumes = util.AppendSSHKeyVolumeWithPath(volumes, "ssh-key", instance.Spec.SSHKeySecretName, "ssh-privatekey", "ssh_key") } - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - for _, v := range vol.Volumes { - volumeSource, _ := v.ToCoreVolumeSource() - convertedVolume := corev1.Volume{ - Name: v.Name, - VolumeSource: *volumeSource, - } - volumes = append(volumes, convertedVolume) - } - } - } - - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - extraVol := corev1.Volume{ - Name: vol.Name, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeDefaultMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: vol.Name, - }, - }, - }, - } - - volumes = append(volumes, extraVol) - } + volumes = util.AppendExtraMountsVolumes(volumes, instance.Spec.ExtraMounts, svc) + volumes = util.AppendExtraConfigmapsVolumes(volumes, instance.Spec.ExtraConfigmapsMounts, util.ScriptsVolumeDefaultMode) return volumes } -// GetVolumeMounts - +// GetVolumeMounts - returns a list of volume mounts for the test container func GetVolumeMounts( + instance *testv1beta1.Tempest, mountCerts bool, mountSSHKey bool, svc []storage.PropagationType, - instance *testv1beta1.Tempest, ) []corev1.VolumeMount { volumeMounts := []corev1.VolumeMount{ - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - MountPath: "/var/lib/tempest", - ReadOnly: false, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - MountPath: "/tmp", - ReadOnly: false, - }, - { - Name: "config-data", - MountPath: "/etc/test_operator", - ReadOnly: false, - }, - { - Name: "test-operator-logs", - MountPath: "/var/lib/tempest/external_files", - ReadOnly: false, - }, - { - Name: "openstack-config", - MountPath: "/etc/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config", - MountPath: "/var/lib/tempest/.config/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config-secret", - MountPath: "/etc/openstack/secure.yaml", - ReadOnly: false, - SubPath: "secure.yaml", - }, + util.CreateVolumeMount(configData, "/etc/test_operator", false), + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameWorkdir, "/var/lib/tempest", false), + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameTmp, "/tmp", false), + util.CreateVolumeMount(util.TestOperatorLogsVolumeName, "/var/lib/tempest/external_files", false), + util.CreateOpenstackConfigVolumeMount("/etc/openstack/clouds.yaml"), + util.CreateOpenstackConfigVolumeMount("/var/lib/tempest/.config/openstack/clouds.yaml"), + util.CreateOpenstackConfigSecretVolumeMount("/etc/openstack/secure.yaml"), } if mountCerts { - caCertVolumeMount := corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) + volumeMounts = append(volumeMounts, util.CreateCACertVolumeMount("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem")) } if mountSSHKey { - sshKeyMount := corev1.VolumeMount{ - Name: "ssh-key", - MountPath: "/var/lib/tempest/id_ecdsa", - SubPath: "ssh_key", - } - - volumeMounts = append(volumeMounts, sshKeyMount) + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath("ssh-key", "/var/lib/tempest/id_ecdsa", "ssh_key", false), + ) } - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - volumeMounts = append(volumeMounts, vol.Mounts...) - } - } - - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - - extraMounts := corev1.VolumeMount{ - Name: vol.Name, - MountPath: vol.MountPath, - SubPath: vol.SubPath, - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, extraMounts) - } + volumeMounts = util.AppendExtraMountsVolumeMounts(volumeMounts, instance.Spec.ExtraMounts, svc) + volumeMounts = util.AppendExtraConfigmapsVolumeMounts(volumeMounts, instance.Spec.ExtraConfigmapsMounts) return volumeMounts } diff --git a/pkg/tobiko/pod.go b/pkg/tobiko/pod.go index 7331b895..17889ef8 100644 --- a/pkg/tobiko/pod.go +++ b/pkg/tobiko/pod.go @@ -52,7 +52,7 @@ func Pod( Image: containerImage, Args: []string{}, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: GetVolumeMounts(mountCerts, mountKeys, mountKubeconfig, TobikoPropagation, instance), + VolumeMounts: GetVolumeMounts(instance, mountCerts, mountKeys, mountKubeconfig, TobikoPropagation), SecurityContext: &securityContext, Resources: instance.Spec.Resources, }, diff --git a/pkg/tobiko/volumes.go b/pkg/tobiko/volumes.go index 180e8193..d8108b64 100644 --- a/pkg/tobiko/volumes.go +++ b/pkg/tobiko/volumes.go @@ -7,7 +7,13 @@ import ( corev1 "k8s.io/api/core/v1" ) -// GetVolumes - +const ( + tobikoConfig = "tobiko-config" + tobikoPrivateKey = "tobiko-private-key" + tobikoPublicKey = "tobiko-public-key" +) + +// GetVolumes - returns a list of volumes for the test pod func GetVolumes( instance *testv1beta1.Tobiko, logsPVCName string, @@ -17,281 +23,76 @@ func GetVolumes( svc []storage.PropagationType, ) []corev1.Volume { - var scriptsVolumeDefaultMode int32 = 0755 - var scriptsVolumeConfidentialMode int32 = 0420 - var privateKeyMode int32 = 0600 - var publicKeyMode int32 = 0644 - var tlsCertificateMode int32 = 0444 - var publicInfoMode int32 = 0744 - volumes := []corev1.Volume{ - { - Name: "tobiko-config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeDefaultMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: instance.Name + "tobiko-config", - }, - }, - }, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: util.TestOperatorCloudsConfigMapName, - }, - }, - }, - }, - { - Name: "openstack-config-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &tlsCertificateMode, - SecretName: "openstack-config-secret", - }, - }, - }, - { - Name: "test-operator-logs", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: logsPVCName, - ReadOnly: false, - }, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, + util.CreateConfigMapVolume(tobikoConfig, instance.Name+tobikoConfig, util.ScriptsVolumeDefaultMode), + util.CreateOpenstackConfigMapVolume(util.TestOperatorCloudsConfigMapName), + util.CreateOpenstackConfigSecretVolume(), + util.CreateLogsPVCVolume(logsPVCName), + util.CreateWorkdirVolume(), + util.CreateTmpVolume(), } if mountCerts { - caCertsVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - DefaultMode: &scriptsVolumeConfidentialMode, - SecretName: "combined-ca-bundle", - }, - }, - } - - volumes = append(volumes, caCertsVolume) + volumes = util.AppendCACertsVolume(volumes) } if mountKeys { - keysVolume := corev1.Volume{ - Name: "tobiko-private-key", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &privateKeyMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: instance.Name + "tobiko-private-key", - }, - }, - }, - } - - volumes = append(volumes, keysVolume) - - keysVolume = corev1.Volume{ - Name: "tobiko-public-key", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &publicKeyMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: instance.Name + "tobiko-public-key", - }, - }, - }, - } - - volumes = append(volumes, keysVolume) + volumes = append(volumes, + util.CreateConfigMapVolume(tobikoPrivateKey, instance.Name+tobikoPrivateKey, util.PrivateKeyMode), + util.CreateConfigMapVolume(tobikoPublicKey, instance.Name+tobikoPublicKey, util.PublicKeyMode), + ) } if mountKubeconfig { - kubeconfigVolume := corev1.Volume{ - Name: "kubeconfig", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: instance.Spec.KubeconfigSecretName, - Items: []corev1.KeyToPath{ - { - Key: "config", - Path: "config", - }, - }, - }, - }, - } - - volumes = append(volumes, kubeconfigVolume) - } - - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - for _, v := range vol.Volumes { - volumeSource, _ := v.ToCoreVolumeSource() - convertedVolume := corev1.Volume{ - Name: v.Name, - VolumeSource: *volumeSource, - } - volumes = append(volumes, convertedVolume) - } - } + volumes = util.AppendKubeconfigVolume(volumes, instance.Spec.KubeconfigSecretName) } - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - extraVol := corev1.Volume{ - Name: vol.Name, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &publicInfoMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: vol.Name, - }, - }, - }, - } - - volumes = append(volumes, extraVol) - } + volumes = util.AppendExtraMountsVolumes(volumes, instance.Spec.ExtraMounts, svc) + volumes = util.AppendExtraConfigmapsVolumes(volumes, instance.Spec.ExtraConfigmapsMounts, util.PublicInfoMode) return volumes } -// GetVolumeMounts - +// GetVolumeMounts - returns a list of volume mounts for the test container func GetVolumeMounts( + instance *testv1beta1.Tobiko, mountCerts bool, mountKeys bool, mountKubeconfig bool, svc []storage.PropagationType, - instance *testv1beta1.Tobiko, ) []corev1.VolumeMount { volumeMounts := []corev1.VolumeMount{ - { - Name: util.TestOperatorEphemeralVolumeNameWorkdir, - MountPath: "/var/lib/tobiko", - ReadOnly: false, - }, - { - Name: util.TestOperatorEphemeralVolumeNameTmp, - MountPath: "/tmp", - ReadOnly: false, - }, - { - Name: "test-operator-logs", - MountPath: "/var/lib/tobiko/external_files", - ReadOnly: false, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - MountPath: "/var/lib/tobiko/.config/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: util.TestOperatorCloudsConfigMapName, - MountPath: "/etc/openstack/clouds.yaml", - SubPath: "clouds.yaml", - ReadOnly: true, - }, - { - Name: "openstack-config-secret", - MountPath: "/etc/openstack/secure.yaml", - ReadOnly: false, - SubPath: "secure.yaml", - }, - { - Name: "tobiko-config", - MountPath: "/etc/tobiko/tobiko.conf", - SubPath: "tobiko.conf", - ReadOnly: false, - }, + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameWorkdir, "/var/lib/tobiko", false), + util.CreateVolumeMount(util.TestOperatorEphemeralVolumeNameTmp, "/tmp", false), + util.CreateVolumeMount(util.TestOperatorLogsVolumeName, "/var/lib/tobiko/external_files", false), + util.CreateTestOperatorCloudsConfigVolumeMount("/var/lib/tobiko/.config/openstack/clouds.yaml"), + util.CreateTestOperatorCloudsConfigVolumeMount("/etc/openstack/clouds.yaml"), + util.CreateOpenstackConfigSecretVolumeMount("/etc/openstack/secure.yaml"), + util.CreateVolumeMountWithSubPath(tobikoConfig, "/etc/tobiko/tobiko.conf", "tobiko.conf", false), } if mountCerts { - caCertVolumeMount := corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) - - caCertVolumeMount = corev1.VolumeMount{ - Name: "ca-certs", - MountPath: "/etc/pki/tls/certs/ca-bundle.trust.crt", - ReadOnly: true, - SubPath: "tls-ca-bundle.pem", - } - - volumeMounts = append(volumeMounts, caCertVolumeMount) + volumeMounts = append(volumeMounts, + util.CreateCACertVolumeMount("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"), + util.CreateCACertVolumeMount("/etc/pki/tls/certs/ca-bundle.trust.crt"), + ) } if mountKeys { - keysMount := corev1.VolumeMount{ - Name: "tobiko-private-key", - MountPath: "/etc/test_operator/id_ecdsa", - SubPath: "id_ecdsa", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, keysMount) - - keysMount = corev1.VolumeMount{ - Name: "tobiko-public-key", - MountPath: "/etc/test_operator/id_ecdsa.pub", - SubPath: "id_ecdsa.pub", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, keysMount) + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath(tobikoPrivateKey, "/etc/test_operator/id_ecdsa", "id_ecdsa", true), + util.CreateVolumeMountWithSubPath(tobikoPublicKey, "/etc/test_operator/id_ecdsa.pub", "id_ecdsa.pub", true), + ) } if mountKubeconfig { - kubeconfigMount := corev1.VolumeMount{ - Name: "kubeconfig", - MountPath: "/var/lib/tobiko/.kube/config", - SubPath: "config", - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, kubeconfigMount) - } - - for _, exv := range instance.Spec.ExtraMounts { - for _, vol := range exv.Propagate(svc) { - volumeMounts = append(volumeMounts, vol.Mounts...) - } + volumeMounts = append(volumeMounts, + util.CreateVolumeMountWithSubPath("kubeconfig", "/var/lib/tobiko/.kube/config", "config", true), + ) } - for _, vol := range instance.Spec.ExtraConfigmapsMounts { - - extraMounts := corev1.VolumeMount{ - Name: vol.Name, - MountPath: vol.MountPath, - SubPath: vol.SubPath, - ReadOnly: true, - } - - volumeMounts = append(volumeMounts, extraMounts) - } + volumeMounts = util.AppendExtraMountsVolumeMounts(volumeMounts, instance.Spec.ExtraMounts, svc) + volumeMounts = util.AppendExtraConfigmapsVolumeMounts(volumeMounts, instance.Spec.ExtraConfigmapsMounts) return volumeMounts } diff --git a/pkg/util/common.go b/pkg/util/common.go index ca889f75..4ed2620e 100644 --- a/pkg/util/common.go +++ b/pkg/util/common.go @@ -18,6 +18,9 @@ const ( // TestOperatorEphemeralVolumeNameTmp is the name of the ephemeral temporary volume TestOperatorEphemeralVolumeNameTmp = "test-operator-ephemeral-temporary" + // TestOperatorLogsVolumeName is the name of logs volume + TestOperatorLogsVolumeName = "test-operator-logs" + // ExtraVolTypeUndefined can be used to label an extraMount which is // not associated to anything in particular ExtraVolTypeUndefined storage.ExtraVolType = "Undefined" diff --git a/pkg/util/volumes.go b/pkg/util/volumes.go new file mode 100644 index 00000000..bd1bee9a --- /dev/null +++ b/pkg/util/volumes.go @@ -0,0 +1,315 @@ +// Package util provides common utility functions and constants for test operations +package util //nolint:revive // util is a legitimate package name for utility functions + +import ( + "github.com/openstack-k8s-operators/lib-common/modules/storage" + testv1beta1 "github.com/openstack-k8s-operators/test-operator/api/v1beta1" + corev1 "k8s.io/api/core/v1" +) + +const ( + // ScriptsVolumeDefaultMode is the default permission for script volumes + ScriptsVolumeDefaultMode int32 = 0755 + + // ScriptsVolumeConfidentialMode is the permission for confidential volumes + ScriptsVolumeConfidentialMode int32 = 0420 + + // TLSCertificateMode is the permission for TLS certificates + TLSCertificateMode int32 = 0444 + + // PrivateKeyMode is the permission for private keys + PrivateKeyMode int32 = 0600 + + // PublicKeyMode is the permission for public keys + PublicKeyMode int32 = 0644 + + // PublicInfoMode is the permission for public information + PublicInfoMode int32 = 0744 +) + +const ( + volumeNameCACerts = "ca-certs" + volumeNameKubeconfig = "kubeconfig" + volumeNameOpenstackConfig = "openstack-config" + + scrtNameCombinedCABundle = "combined-ca-bundle" + scrtNameOpenstackConfig = "openstack-config-secret" + + subPathCloudsYAML = "clouds.yaml" + subPathConfig = "config" + subPathSecureYAML = "secure.yaml" + subPathTLSCABundle = "tls-ca-bundle.pem" +) + +// CreateConfigMapVolume creates a ConfigMap volume with the specified name and mode +func CreateConfigMapVolume(volumeName string, configMapName string, mode int32) corev1.Volume { + return corev1.Volume{ + Name: volumeName, + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + DefaultMode: &mode, + LocalObjectReference: corev1.LocalObjectReference{ + Name: configMapName, + }, + }, + }, + } +} + +// CreateOpenstackConfigMapVolume creates the openstack-config ConfigMap volume +func CreateOpenstackConfigMapVolume(configMapName string) corev1.Volume { + mode := ScriptsVolumeConfidentialMode + return corev1.Volume{ + Name: configMapName, + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + DefaultMode: &mode, + LocalObjectReference: corev1.LocalObjectReference{ + Name: configMapName, + }, + }, + }, + } +} + +// CreateOpenstackConfigSecretVolume creates the openstack-config-secret volume +func CreateOpenstackConfigSecretVolume() corev1.Volume { + mode := TLSCertificateMode + return corev1.Volume{ + Name: scrtNameOpenstackConfig, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &mode, + SecretName: scrtNameOpenstackConfig, + }, + }, + } +} + +// CreateLogsPVCVolume creates the test-operator-logs PVC volume +func CreateLogsPVCVolume(logsPVCName string) corev1.Volume { + return corev1.Volume{ + Name: TestOperatorLogsVolumeName, + VolumeSource: corev1.VolumeSource{ + PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ + ClaimName: logsPVCName, + ReadOnly: false, + }, + }, + } +} + +// CreateWorkdirVolume creates the ephemeral workdir volume +func CreateWorkdirVolume() corev1.Volume { + return corev1.Volume{ + Name: TestOperatorEphemeralVolumeNameWorkdir, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + } +} + +// CreateTmpVolume creates the ephemeral tmp volume +func CreateTmpVolume() corev1.Volume { + return corev1.Volume{ + Name: TestOperatorEphemeralVolumeNameTmp, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + } +} + +// AppendCACertsVolume appends the CA certificates volume +func AppendCACertsVolume(volumes []corev1.Volume) []corev1.Volume { + mode := ScriptsVolumeConfidentialMode + caCertsVolume := corev1.Volume{ + Name: volumeNameCACerts, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &mode, + SecretName: scrtNameCombinedCABundle, + }, + }, + } + + return append(volumes, caCertsVolume) +} + +// AppendSSHKeyVolume appends an SSH key volume from a secret +func AppendSSHKeyVolume(volumes []corev1.Volume, volumeName, secretName string) []corev1.Volume { + mode := PrivateKeyMode + keysVolume := corev1.Volume{ + Name: volumeName, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: secretName, + DefaultMode: &mode, + }, + }, + } + + return append(volumes, keysVolume) +} + +// AppendSSHKeyVolumeWithPath appends an SSH key volume from a secret with key path +func AppendSSHKeyVolumeWithPath(volumes []corev1.Volume, volumeName, secretName, keyName, keyPath string) []corev1.Volume { + mode := PrivateKeyMode + sshKeyVolume := corev1.Volume{ + Name: volumeName, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: secretName, + DefaultMode: &mode, + Items: []corev1.KeyToPath{ + { + Key: keyName, + Path: keyPath, + }, + }, + }, + }, + } + + return append(volumes, sshKeyVolume) +} + +// AppendKubeconfigVolume appends a kubeconfig volume from a secret +func AppendKubeconfigVolume(volumes []corev1.Volume, secretName string) []corev1.Volume { + kubeconfigVolume := corev1.Volume{ + Name: volumeNameKubeconfig, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: secretName, + Items: []corev1.KeyToPath{ + { + Key: subPathConfig, + Path: subPathConfig, + }, + }, + }, + }, + } + + return append(volumes, kubeconfigVolume) +} + +// AppendExtraMountsVolumes appends volumes from ExtraMounts spec +func AppendExtraMountsVolumes( + volumes []corev1.Volume, + extraMounts []testv1beta1.ExtraVolMounts, + svc []storage.PropagationType, +) []corev1.Volume { + for _, exv := range extraMounts { + for _, vol := range exv.Propagate(svc) { + for _, v := range vol.Volumes { + volumeSource, _ := v.ToCoreVolumeSource() + convertedVolume := corev1.Volume{ + Name: v.Name, + VolumeSource: *volumeSource, + } + volumes = append(volumes, convertedVolume) + } + } + } + + return volumes +} + +// AppendExtraConfigmapsVolumes appends volumes from ExtraConfigmapsMounts spec +func AppendExtraConfigmapsVolumes( + volumes []corev1.Volume, + extraConfigmaps []testv1beta1.ExtraConfigmapsMounts, + defaultMode int32, +) []corev1.Volume { + for _, vol := range extraConfigmaps { + mode := defaultMode + extraVol := corev1.Volume{ + Name: vol.Name, + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + DefaultMode: &mode, + LocalObjectReference: corev1.LocalObjectReference{ + Name: vol.Name, + }, + }, + }, + } + + volumes = append(volumes, extraVol) + } + + return volumes +} + +// CreateVolumeMount creates a basic VolumeMount +func CreateVolumeMount(name string, mountPath string, readOnly bool) corev1.VolumeMount { + return corev1.VolumeMount{ + Name: name, + MountPath: mountPath, + ReadOnly: readOnly, + } +} + +// CreateVolumeMountWithSubPath creates a VolumeMount with a SubPath +func CreateVolumeMountWithSubPath(name string, mountPath string, subPath string, readOnly bool) corev1.VolumeMount { + return corev1.VolumeMount{ + Name: name, + MountPath: mountPath, + SubPath: subPath, + ReadOnly: readOnly, + } +} + +// CreateCACertVolumeMount creates a CA certificate volume mount +func CreateCACertVolumeMount(mountPath string) corev1.VolumeMount { + return CreateVolumeMountWithSubPath(volumeNameCACerts, mountPath, subPathTLSCABundle, true) +} + +// CreateOpenstackConfigVolumeMount creates an openstack config volume mount +func CreateOpenstackConfigVolumeMount(mountPath string) corev1.VolumeMount { + return CreateVolumeMountWithSubPath(volumeNameOpenstackConfig, mountPath, subPathCloudsYAML, true) +} + +// CreateOpenstackConfigSecretVolumeMount creates an openstack config secret volume mount +func CreateOpenstackConfigSecretVolumeMount(mountPath string) corev1.VolumeMount { + return CreateVolumeMountWithSubPath(scrtNameOpenstackConfig, mountPath, subPathSecureYAML, false) +} + +// CreateTestOperatorCloudsConfigVolumeMount creates a test-operator-clouds-config volume mount +func CreateTestOperatorCloudsConfigVolumeMount(mountPath string) corev1.VolumeMount { + return CreateVolumeMountWithSubPath(TestOperatorCloudsConfigMapName, mountPath, subPathCloudsYAML, true) +} + +// AppendExtraMountsVolumeMounts appends volume mounts from ExtraMounts spec +func AppendExtraMountsVolumeMounts( + volumeMounts []corev1.VolumeMount, + extraMounts []testv1beta1.ExtraVolMounts, + svc []storage.PropagationType, +) []corev1.VolumeMount { + for _, exv := range extraMounts { + for _, vol := range exv.Propagate(svc) { + volumeMounts = append(volumeMounts, vol.Mounts...) + } + } + + return volumeMounts +} + +// AppendExtraConfigmapsVolumeMounts appends volume mounts from ExtraConfigmapsMounts spec +func AppendExtraConfigmapsVolumeMounts( + volumeMounts []corev1.VolumeMount, + extraConfigmaps []testv1beta1.ExtraConfigmapsMounts, +) []corev1.VolumeMount { + for _, vol := range extraConfigmaps { + extraMount := corev1.VolumeMount{ + Name: vol.Name, + MountPath: vol.MountPath, + SubPath: vol.SubPath, + ReadOnly: true, + } + + volumeMounts = append(volumeMounts, extraMount) + } + + return volumeMounts +}