kubevirt / hyperconverged-cluster-operator / 21704553524

coverage: 76.31% (+0.3%) from 76.038%
21704553524

push

github

web-flow 
CNV-74931: Split TLS Security Profile out of ClusterInfo (#3996)

* Fix TLSSecurityProfile validation

Also validate that if the type is "Custom", the custom field must not be
empty.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* Add a new package to manage the TLSSecurityProfile

This will replace the logic in the validating webhook and in the
ClusterInfo.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* use the new tlssecconfig on boot

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* use the tlssecprofile pkg in handllers

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* use the tlssecprofile pkg in wh apiserver-controller

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* introduce new apiserver controller for the operator

This new controller is watching the APIServer CR in openshift and
refresh the TLS Security Config if it was changed.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* use the apiserver controller in the operator

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* Clean the ClusterInfo interface

Remove the `GetTLSSecurityProfile` and `RefreshAPIServerCR` functions from the interface.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

* Add debug information for the hack/deploy.sh script

The script should print the pod log in case of failure, but this is not
working.

This commit fixes this issue, and the failed pods logs are now properly
printed out.

When running this script in CI, the script writes the logs and the log
description (the output of `kubectl describe pod ...`), to the test
artifacts, so it won't fload the test log, and to ease the access to
each log, separately.

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

---------

Signed-off-by: Nahshon Unna Tsameret <nunnatsa@redhat.com>

212 of 224 new or added lines in 12 files covered. (94.64%)

14 existing lines in 2 files now uncovered.

8604 of 11275 relevant lines covered (76.31%)

1.78 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

86.67
/controllers/webhooks/apiserver-controller/controller.go
1 
package apiserver_controller
2 









3



import (










4



        "context"










5



        "time"










6












7



        "github.com/go-logr/logr"










8



        logf "sigs.k8s.io/controller-runtime/pkg/log"










9












10



        openshiftconfigv1 "github.com/openshift/api/config/v1"










11



        "sigs.k8s.io/controller-runtime/pkg/client"










12



        "sigs.k8s.io/controller-runtime/pkg/controller"










13



        "sigs.k8s.io/controller-runtime/pkg/handler"










14



        "sigs.k8s.io/controller-runtime/pkg/manager"










15



        "sigs.k8s.io/controller-runtime/pkg/reconcile"










16



        "sigs.k8s.io/controller-runtime/pkg/source"










17












18



        "github.com/kubevirt/hyperconverged-cluster-operator/pkg/tlssecprofile"










19



)










20












21



const controllerName = "webhook-apiServer-controller"










22












23



// ReconcileAPIServer reconciles APIServer to consume uptodate TLSSecurityProfile










24



type ReconcileAPIServer struct {










25



        client client.Client










26



}










27












28



var (










29



        logger = logf.Log.WithName(controllerName)










30



)










31












32



// Implement reconcile.Reconciler so the controller can reconcile objects










33



var _ reconcile.Reconciler = &ReconcileAPIServer{}










34













35



func (r *ReconcileAPIServer) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {




1






36



        logger := logr.FromContextOrDiscard(ctx).WithName("ReconcileAPIServer").WithValues("Request.Name", req.Name)




1






37



        logger.Info("Reconciling APIServer")




1






38






1






39



        _, err := tlssecprofile.Refresh(ctx, r.client)




1






40






1





41



        if err != nil {




1






NEW


42



                return reconcile.Result{RequeueAfter: 60 * time.Second}, err




×







43



        }




×







44













45



        return reconcile.Result{}, nil




1





46



}










47












48



// RegisterReconciler creates a new HyperConverged Reconciler and registers it into manager.











49



func RegisterReconciler(mgr manager.Manager) error {




1






50



        return add(mgr, newReconciler(mgr))




1





51



}




1





52












53



// newReconciler returns a new reconcile.Reconciler











54



func newReconciler(mgr manager.Manager) reconcile.Reconciler {




1





55



        r := &ReconcileAPIServer{




1





56



                client: mgr.GetClient(),




1





57



        }




1





58



        return r




1





59



}




1





60












61



// add adds a new Controller to mgr with r as the reconcile.Reconciler










62



func add(mgr manager.Manager, r reconcile.Reconciler) error {




1





63






1





64



        // Setup a new controller to reconcile APIServer




1





65



        logger.Info("Setting up APIServer controller")




1






66



        c, err := controller.New(controllerName, mgr, controller.Options{




1





67



                Reconciler: r,




1





68



        })




1





69



        if err != nil {




1





70



                return err




×







71



        }




×







72












73



        // Watch APIServer and enqueue APIServer object key










74



        return c.Watch(source.Kind(mgr.GetCache(), client.Object(&openshiftconfigv1.APIServer{}), &handler.EnqueueRequestForObject{}))




1





75



}
























    

  • 

    •