kubevirt / containerized-data-importer / #4711

coverage: 59.016% (+0.1%) from 58.918%
#4711

push

travis-ci

web-flow 
Make upload client/server certs configurable (#3252)

* Add client cert config to CDI resource

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* make client certs configurable

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* Create uploadserver.Config

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* uploadserver should read certs from files

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* make sure to not close doneChan when error occurs

generally tighten up handling of "done" "uploading" and "processing"

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* add deadline support to uploadserver

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* Add deadline support to upload controller

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* clone controller should use configured client cert duration

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* make lint check happy

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* Extend existing func test to validate client certs configurable and will be rotated

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

* Use deadline/rotation for clone pods as well

Forgot about the case where a source PVC may be in use.  Bay be a big delay from when target pod is created and source.

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

---------

Signed-off-by: Michael Henriksen <mhenriks@redhat.com>

283 of 371 new or added lines in 12 files covered. (76.28%)

9 existing lines in 4 files now uncovered.

16269 of 27567 relevant lines covered (59.02%)

0.65 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.82
/pkg/operator/api.go
1 
/*
2 
Copyright 2018 The CDI Authors.
3 









4



Licensed under the Apache License, Version 2.0 (the "License");










5



you may not use this file except in compliance with the License.










6



You may obtain a copy of the License at










7












8



    http://www.apache.org/licenses/LICENSE-2.0










9












10



Unless required by applicable law or agreed to in writing, software










11



distributed under the License is distributed on an "AS IS" BASIS,










12



WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.










13



See the License for the specific language governing permissions and










14



limitations under the License.










15



*/










16












17



package operator










18












19



import (










20



        "context"










21



        "fmt"










22












23



        corev1 "k8s.io/api/core/v1"










24



        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"










25



        "k8s.io/apimachinery/pkg/types"










26



        "k8s.io/client-go/kubernetes"










27



        "k8s.io/klog/v2"










28












29



        "sigs.k8s.io/controller-runtime/pkg/client"










30












31



        cdiv1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1"










32



        cc "kubevirt.io/containerized-data-importer/pkg/controller/common"










33



        "kubevirt.io/containerized-data-importer/pkg/operator/resources/cert"










34



        "kubevirt.io/containerized-data-importer/pkg/util"










35



)










36












37



const (










38



        // ConfigMapName is the name of the CDI Operator config map










39



        // used to determine which CDI instance is "active"










40



        // and maybe other stuff some day in the future










41



        ConfigMapName = "cdi-config"










42



)










43












44



// SetOwnerRuntime makes the current "active" CDI CR the owner of the object using runtime lib client










45



func SetOwnerRuntime(client client.Client, object metav1.Object) error {




1





46



        namespace := util.GetNamespace()




1





47



        configMap := &corev1.ConfigMap{}




1





48



        if err := client.Get(context.TODO(), types.NamespacedName{Name: ConfigMapName, Namespace: namespace}, configMap); err != nil {




2





49



                klog.Warningf("ConfigMap %s does not exist, so not assigning owner", ConfigMapName)




1





50



                return nil




1





51



        }




1





52



        return SetConfigAsOwner(configMap, object)




1





53



}










54












55



// SetOwner makes the current "active" CDI CR the owner of the object










56



func SetOwner(client kubernetes.Interface, object metav1.Object) error {




1





57



        namespace := util.GetNamespace()




1





58



        configMap, err := client.CoreV1().ConfigMaps(namespace).Get(context.TODO(), ConfigMapName, metav1.GetOptions{})




1





59



        if err != nil {




2





60



                klog.Warningf("ConfigMap %s does not exist, so not assigning owner", ConfigMapName)




1





61



                return nil




1





62



        }




1





63



        return SetConfigAsOwner(configMap, object)




×







64



}










65












66



// SetConfigAsOwner sets the passed in config map as owner of the object










67



func SetConfigAsOwner(configMap *corev1.ConfigMap, object metav1.Object) error {




1





68



        configMapOwner := getController(configMap.GetOwnerReferences())




1





69






1





70



        if configMapOwner == nil {




1





71



                return fmt.Errorf("configmap has no owner")




×







72



        }




×







73












74



        for _, o := range object.GetOwnerReferences() {




1





75



                if o.Controller != nil && *o.Controller {




×







76



                        if o.UID == configMapOwner.UID {




×







77



                                // already set to current obj




×







78



                                return nil




×







79



                        }




×







80












81



                        return fmt.Errorf("object %+v already owned by %+v", object, o)




×







82



                }










83



        }










84












85



        object.SetOwnerReferences(append(object.GetOwnerReferences(), *configMapOwner))




1





86






1





87



        return nil




1





88



}










89












90



// GetCertConfigWithDefaults returns the CDI cert config with default values when not set











91



func GetCertConfigWithDefaults(ctx context.Context, c client.Client) (*cdiv1.CDICertConfig, error) {




1






92



        cdi, err := cc.GetActiveCDI(ctx, c)




1






93



        if err != nil {




1






NEW


94



                return nil, err




×








NEW


95



        }




×







96













97



        certConfig := cdi.Spec.CertConfig




1






98



        if certConfig == nil {




2






99



                certConfig = &cdiv1.CDICertConfig{}




1






100



        }




1





101













102



        if certConfig.CA == nil || certConfig.CA.Duration == nil || certConfig.CA.RenewBefore == nil {




2






103



                certConfig.CA = &cdiv1.CertConfig{




1






104



                        Duration:    &metav1.Duration{Duration: cert.SignerLifetime},




1






105



                        RenewBefore: &metav1.Duration{Duration: cert.SignerLifetime - cert.SignerRefresh},




1






106



                }




1






107



        }




1





108













109



        if certConfig.Server == nil || certConfig.Server.Duration == nil || certConfig.Server.RenewBefore == nil {




2






110



                certConfig.Server = &cdiv1.CertConfig{




1






111



                        Duration:    &metav1.Duration{Duration: cert.ServerLifetime},




1






112



                        RenewBefore: &metav1.Duration{Duration: cert.ServerLifetime - cert.ServerRefresh},




1






113



                }




1






114



        }




1





115













116



        if certConfig.Client == nil || certConfig.Client.Duration == nil || certConfig.Client.RenewBefore == nil {




2






117



                certConfig.Client = &cdiv1.CertConfig{




1






118



                        Duration:    &metav1.Duration{Duration: cert.ClientLifetime},




1






119



                        RenewBefore: &metav1.Duration{Duration: cert.ClientLifetime - cert.ClientRefresh},




1






120



                }




1






121



        }




1





122













123



        return certConfig, nil




1





124



}










125












126



func getController(owners []metav1.OwnerReference) *metav1.OwnerReference {




1





127



        for _, owner := range owners {




2





128



                if owner.Controller != nil && *owner.Controller {




2





129



                        return &owner




1





130



                }




1





131



        }










132



        return nil




×







133



}
























    

  • 

    •