exclude internal cert from checksum and incompatibility computation

Author: russgold

operator/src/main/java/oracle/kubernetes/operator/helpers/PodCompatibility.java

@@ -10,6 +10,7 @@
 import static oracle.kubernetes.operator.VersionConstants.DEFAULT_DOMAIN_VERSION;
 import static oracle.kubernetes.operator.helpers.PodCompatibility.asSet;
 import static oracle.kubernetes.operator.helpers.PodCompatibility.getMissingElements;
+import static oracle.kubernetes.operator.helpers.PodHelper.AdminPodStepContext.INTERNAL_OPERATOR_CERT_ENV;
 
 import io.kubernetes.client.custom.Quantity;
 import io.kubernetes.client.models.V1Container;
@@ -21,6 +22,7 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -162,7 +164,7 @@ static class ContainerCompatibility extends CollectiveCompatibility {
       add(new EqualResources(expected.getResources(), actual.getResources()));
       addSets("volumeMounts", expected.getVolumeMounts(), actual.getVolumeMounts());
       addSets("ports", expected.getPorts(), actual.getPorts());
-      addSets("env", expected.getEnv(), actual.getEnv());
+      addSetsIgnoring("env", expected.getEnv(), actual.getEnv(), INTERNAL_OPERATOR_CERT_ENV);
       addSets("envFrom", expected.getEnvFrom(), actual.getEnvFrom());
     }
 
@@ -275,7 +277,7 @@ static <T> Set<T> asSet(Collection<T> collection) {
 
   static <T> Set<T> getMissingElements(Collection<T> expected, Collection<T> actual) {
     Set<T> missing = asSet(expected);
-    missing.removeAll(actual);
+    if (actual != null) missing.removeAll(actual);
     return missing;
   }
 }
@@ -284,6 +286,10 @@ interface CompatibilityCheck {
   boolean isCompatible();
 
   String getIncompatibility();
+
+  default CompatibilityCheck ignoring(String... keys) {
+    return this;
+  }
 }
 
 abstract class CollectiveCompatibility implements CompatibilityCheck {
@@ -316,6 +322,11 @@ <T> void addSets(String description, List<T> expected, List<T> actual) {
     add(CheckFactory.create(description, expected, actual));
   }
 
+  @SuppressWarnings("SameParameterValue")
+  <T> void addSetsIgnoring(String description, List<T> expected, List<T> actual, String... keys) {
+    add(CheckFactory.create(description, expected, actual).ignoring(keys));
+  }
+
   protected <T> void add(String description, T expected, T actual) {
     add(new Equality(description, expected, actual));
   }
@@ -363,7 +374,7 @@ private static <T> boolean canBeMap(List<T> list) {
   }
 
   private static <T> Map<String, T> asMap(List<T> values) {
-    if (values == null) return null;
+    if (values == null) return Collections.emptyMap();
     Map<String, T> result = new HashMap<>();
     for (T value : values) {
       String key = getKey(value);
@@ -412,6 +423,7 @@ class CompatibleMaps<K, V> implements CompatibilityCheck {
   private final String description;
   private final Map<K, V> expected;
   private final Map<K, V> actual;
+  private List<String> ignoredKeys = new ArrayList<>();
 
   CompatibleMaps(String description, Map<K, V> expected, Map<K, V> actual) {
     this.description = description;
@@ -421,12 +433,22 @@ class CompatibleMaps<K, V> implements CompatibilityCheck {
 
   @Override
   public boolean isCompatible() {
-    for (K key : expected.keySet())
-      if (!actual.containsKey(key) || !Objects.equals(expected.get(key), actual.get(key)))
-        return false;
+    for (K key : expected.keySet()) if (isKeyToCheck(key) && isIncompatible(key)) return false;
     return true;
   }
 
+  private boolean isKeyToCheck(K key) {
+    return !ignoredKeys.contains(key.toString());
+  }
+
+  private boolean isIncompatible(K key) {
+    return !actual.containsKey(key) || valuesDiffer(key);
+  }
+
+  private boolean valuesDiffer(K key) {
+    return !Objects.equals(expected.get(key), actual.get(key));
+  }
+
   @Override
   public String getIncompatibility() {
     StringBuilder sb = new StringBuilder();
@@ -436,12 +458,18 @@ public String getIncompatibility() {
       sb.append(String.format("actual %s has no entry for '%s'%n", description, missingKeys));
 
     for (K key : expected.keySet())
-      if (actual.containsKey(key) && !Objects.equals(expected.get(key), actual.get(key)))
+      if (isKeyToCheck(key) && actual.containsKey(key) && valuesDiffer(key))
         sb.append(
             String.format(
                 "actual %s has entry '%s' with value '%s' rather than '%s'%n",
                 description, key, actual.get(key), expected.get(key)));
 
     return sb.toString();
   }
+
+  @Override
+  public CompatibilityCheck ignoring(String... keys) {
+    ignoredKeys.addAll(Arrays.asList(keys));
+    return this;
+  }
 }

operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java

@@ -4,6 +4,7 @@
 
 package oracle.kubernetes.operator.helpers;
 
+import io.kubernetes.client.models.V1Container;
 import io.kubernetes.client.models.V1DeleteOptions;
 import io.kubernetes.client.models.V1EnvVar;
 import io.kubernetes.client.models.V1ObjectMeta;
@@ -12,7 +13,9 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import oracle.kubernetes.operator.DomainStatusUpdater;
+import oracle.kubernetes.operator.KubernetesConstants;
 import oracle.kubernetes.operator.LabelConstants;
 import oracle.kubernetes.operator.PodAwaiterStepFactory;
 import oracle.kubernetes.operator.ProcessingConstants;
@@ -31,7 +34,7 @@ private PodHelper() {}
 
   static class AdminPodStepContext extends PodStepContext {
     private static final String INTERNAL_OPERATOR_CERT_FILE = "internalOperatorCert";
-    private static final String INTERNAL_OPERATOR_CERT_ENV = "INTERNAL_OPERATOR_CERT";
+    static final String INTERNAL_OPERATOR_CERT_ENV = "INTERNAL_OPERATOR_CERT";
 
     AdminPodStepContext(Step conflictStep, Packet packet) {
       super(conflictStep, packet);
@@ -84,6 +87,28 @@ String getPodReplacedMessageKey() {
       return MessageKeys.ADMIN_POD_REPLACED;
     }
 
+    @Override
+    V1Pod withNonHashedElements(V1Pod pod) {
+      V1Pod v1Pod = super.withNonHashedElements(pod);
+      getContainer(v1Pod).ifPresent(c -> c.addEnvItem(internalCertEnvValue()));
+
+      return v1Pod;
+    }
+
+    private V1EnvVar internalCertEnvValue() {
+      return new V1EnvVar()
+          .name(INTERNAL_OPERATOR_CERT_ENV)
+          .value(getInternalOperatorCertFile(TuningParameters.getInstance()));
+    }
+
+    private Optional<V1Container> getContainer(V1Pod v1Pod) {
+      return v1Pod.getSpec().getContainers().stream().filter(this::isK8sContainer).findFirst();
+    }
+
+    private boolean isK8sContainer(V1Container c) {
+      return KubernetesConstants.CONTAINER_NAME.equals(c.getName());
+    }
+
     @Override
     protected V1PodSpec createSpec(TuningParameters tuningParameters) {
       return super.createSpec(tuningParameters).hostname(getPodName());
@@ -92,7 +117,6 @@ protected V1PodSpec createSpec(TuningParameters tuningParameters) {
     @Override
     List<V1EnvVar> getConfiguredEnvVars(TuningParameters tuningParameters) {
       List<V1EnvVar> vars = new ArrayList<>(getServerSpec().getEnvironmentVariables());
-      addEnvVar(vars, INTERNAL_OPERATOR_CERT_ENV, getInternalOperatorCertFile(tuningParameters));
       overrideContainerWeblogicEnvVars(vars);
       return vars;
     }

operator/src/test/java/oracle/kubernetes/operator/helpers/PodCompatibilityTest.java

@@ -4,8 +4,11 @@
 
 package oracle.kubernetes.operator.helpers;
 
+import static oracle.kubernetes.operator.helpers.PodHelper.AdminPodStepContext.INTERNAL_OPERATOR_CERT_ENV;
+import static org.hamcrest.Matchers.blankOrNullString;
 import static org.hamcrest.Matchers.both;
 import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.emptyOrNullString;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
 import static org.junit.Assert.assertThat;
@@ -15,6 +18,7 @@
 import io.kubernetes.client.custom.Quantity;
 import io.kubernetes.client.models.V1Container;
 import io.kubernetes.client.models.V1ContainerPort;
+import io.kubernetes.client.models.V1EnvVar;
 import io.kubernetes.client.models.V1Probe;
 import io.kubernetes.client.models.V1ResourceRequirements;
 import java.util.Arrays;
@@ -67,14 +71,41 @@ public void whenResourcesDontMatch_createErrorMessage() {
   public void whenPortsDontMatch_createErrorMessage() {
     PodCompatibility.ContainerCompatibility compatibility =
         new PodCompatibility.ContainerCompatibility(
-            new V1Container().name("test").addPortsItem(new V1ContainerPort().containerPort(1100)),
+            new V1Container().addPortsItem(new V1ContainerPort().containerPort(1100)),
             new V1Container().addPortsItem(new V1ContainerPort().containerPort(1234)));
 
     assertThat(
         compatibility.getIncompatibility(),
         both(containsString("1100")).and(not(containsString("1234"))));
   }
 
+  @Test
+  public void whenEnvVarsDontMatch_createErrorMessage() {
+    String name = "aa";
+    String value = "bb";
+    PodCompatibility.ContainerCompatibility compatibility =
+        new PodCompatibility.ContainerCompatibility(
+            new V1Container().addEnvItem(envVar(name, value)),
+            new V1Container().addEnvItem(envVar("aa", "cc")));
+
+    assertThat(
+        compatibility.getIncompatibility(), both(containsString("aa")).and(containsString("bb")));
+  }
+
+  private V1EnvVar envVar(String name, String value) {
+    return new V1EnvVar().name(name).value(value);
+  }
+
+  @Test
+  public void whenOnlyCertificateForEnvVarsDontMatch_dontCreateErrorMessage() {
+    PodCompatibility.ContainerCompatibility compatibility =
+        new PodCompatibility.ContainerCompatibility(
+            new V1Container().name("test").addEnvItem(envVar(INTERNAL_OPERATOR_CERT_ENV, "bb")),
+            new V1Container());
+
+    assertThat(compatibility.getIncompatibility(), blankOrNullString());
+  }
+
   @Test
   public void whenExpectedSubsetOfActual_reportCompatible() {
     CompatibilityCheck check =
@@ -117,6 +148,18 @@ public void whenCanBeMapsAndExpectedAndActualDifferentValues_reportChangedElemen
     assertThat(check.getIncompatibility(), not(containsString("alpha")));
   }
 
+  @Test
+  public void ignoreCertForComparisons() {
+    CompatibilityCheck check =
+        CheckFactory.create(
+                "envVars",
+                Arrays.asList(object("alpha", 1), object(INTERNAL_OPERATOR_CERT_ENV, 3)),
+                Arrays.asList(object(INTERNAL_OPERATOR_CERT_ENV, 700), object("alpha", 1)))
+            .ignoring(INTERNAL_OPERATOR_CERT_ENV);
+
+    assertThat(check.getIncompatibility(), emptyOrNullString());
+  }
+
   private Object object(String name, int value) {
     return new ObjectWithName(name, value);
   }