Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix autogen gossip name mismatch #1196

Merged
merged 4 commits into from
Apr 29, 2022
Merged

Fix autogen gossip name mismatch #1196

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ab52bd1
Match release name when looking for autogenerated gossip encryption key
Apr 29, 2022
a628ce0
s/Secet/Secret/g
Apr 29, 2022
2a4b58e
Add CHANGELOG entry
Apr 29, 2022
6973109
Update CHANGELOG.md
Apr 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
BUG FIXES:
* Helm
* Update client-daemonset to include ca-cert volumeMount only when tls is enabled. [[GH-1194](https://github.com/hashicorp/consul-k8s/pull/1194)]
* Update create-federation-secret-job to look up the automatically generated gossip encryption key by the right name when the release name is set. [[GH-1196](https://github.com/hashicorp/consul-k8s/pull/1196)]
t-eckert marked this conversation as resolved.
Show resolved Hide resolved

## 0.43.0 (April 21, 2022)

Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/create-federation-secret-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ spec:
{{- else if .Values.global.gossipEncryption.autoGenerate }}
- name: gossip-encryption-key
secret:
secretName: consul-gossip-encryption-key
secretName: {{ template "consul.fullname" . }}-gossip-encryption-key
items:
- key: key
path: gossip.key
Expand Down
60 changes: 42 additions & 18 deletions charts/consul/test/unit/create-federation-secret-job.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

load _helpers

@test "createFederationSecet/Job: disabled by default" {
@test "createFederationSecret/Job: disabled by default" {
cd `chart_dir`
assert_empty helm template \
-s templates/create-federation-secret-job.yaml \
.
}

@test "createFederationSecet/Job: fails when global.federation.enabled=false" {
@test "createFederationSecret/Job: fails when global.federation.enabled=false" {
cd `chart_dir`
run helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -20,7 +20,7 @@ load _helpers

# NOTE: This error actually comes from server-statefulset but we test it here
# too because this job requires TLS to be enabled.
@test "createFederationSecet/Job: fails when global.tls.enabled=false" {
@test "createFederationSecret/Job: fails when global.tls.enabled=false" {
cd `chart_dir`
run helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -32,7 +32,7 @@ load _helpers

# NOTE: This error actually comes from server-acl-init but we test it here
# too because this job requires that ACLs are enabled when createReplicationToken is true.
@test "createFederationSecet/Job: fails when global.acls.createReplicationToken is true but global.acls.manageSystemACLs is false" {
@test "createFederationSecret/Job: fails when global.acls.createReplicationToken is true but global.acls.manageSystemACLs is false" {
cd `chart_dir`
run helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -46,7 +46,7 @@ load _helpers
[[ "$output" =~ "if global.acls.createReplicationToken is true, global.acls.manageSystemACLs must be true" ]]
}

@test "createFederationSecet/Job: fails when global.acls.createReplicationToken is false but global.acls.manageSystemACLs is true" {
@test "createFederationSecret/Job: fails when global.acls.createReplicationToken is false but global.acls.manageSystemACLs is true" {
cd `chart_dir`
run helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -61,7 +61,7 @@ load _helpers
[[ "$output" =~ "global.acls.createReplicationToken must be true when global.acls.manageSystemACLs is true because the federation secret must include the replication token" ]]
}

@test "createFederationSecet/Job: mounts auto-created ca secrets by default" {
@test "createFederationSecret/Job: mounts auto-created ca secrets by default" {
cd `chart_dir`
local volumes=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand Down Expand Up @@ -95,7 +95,7 @@ load _helpers
#--------------------------------------------------------------------
# global.tls

@test "createFederationSecet/Job: mounts caCert secrets when set manually" {
@test "createFederationSecret/Job: mounts caCert secrets when set manually" {
cd `chart_dir`
local volumes=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand Down Expand Up @@ -130,7 +130,7 @@ load _helpers
[ "${actual}" = "true" ]
}

@test "createFederationSecet/Job: auto-encrypt disabled" {
@test "createFederationSecret/Job: auto-encrypt disabled" {
cd `chart_dir`
local obj=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -152,7 +152,7 @@ load _helpers
[ "${actual}" = "true" ]
}

@test "createFederationSecet/Job: auto-encrypt enabled" {
@test "createFederationSecret/Job: auto-encrypt enabled" {
cd `chart_dir`
local obj=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand Down Expand Up @@ -182,7 +182,7 @@ load _helpers
#--------------------------------------------------------------------
# global.gossipEncryption

@test "createFederationSecet/Job: gossip encryption key set" {
@test "createFederationSecret/Job: gossip encryption key set" {
cd `chart_dir`
local obj=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -206,10 +206,34 @@ load _helpers
[ "${actual}" = "true" ]
}

@test "createFederationSecret/Job: gossip encryption key autogenerated" {
t-eckert marked this conversation as resolved.
Show resolved Hide resolved
cd `chart_dir`
local obj=$(helm template \
-s templates/create-federation-secret-job.yaml \
--set 'global.federation.enabled=true' \
--set 'meshGateway.enabled=true' \
--set 'connectInject.enabled=true' \
--set 'global.tls.enabled=true' \
--set 'global.gossipEncryption.autoGenerate=true' \
--set 'global.federation.createFederationSecret=true' \
. | tee /dev/stderr)

local actual


# test it mounts the secret
actual=$(echo "$obj" | yq '.spec.template.spec.volumes | map(select(.name == "gossip-encryption-key" and .secret.secretName == "release-name-consul-gossip-encryption-key" and .secret.items[0].key == "key")) | length > 0' | tee /dev/stderr)
[ "${actual}" = "true" ]

# test it sets the -gossip-key-file flag
actual=$(echo "$obj" | yq '.spec.template.spec.containers[0].command | any(contains("-gossip-key-file"))' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

#--------------------------------------------------------------------
# global.acls.createReplicationToken

@test "createFederationSecet/Job: global.acls.createReplicationToken=true" {
@test "createFederationSecret/Job: global.acls.createReplicationToken=true" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -227,7 +251,7 @@ load _helpers
#--------------------------------------------------------------------
# meshGateway.consulServiceName

@test "createFederationSecet/Job: sets -mesh-gateway-service-name to meshGateway.consulServiceName" {
@test "createFederationSecret/Job: sets -mesh-gateway-service-name to meshGateway.consulServiceName" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -244,7 +268,7 @@ load _helpers
#--------------------------------------------------------------------
# tolerations

@test "createFederationSecet/Job: tolerations not set by default" {
@test "createFederationSecret/Job: tolerations not set by default" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -258,7 +282,7 @@ load _helpers
[ "${actual}" = "true" ]
}

@test "createFederationSecet/Job: tolerations can be set" {
@test "createFederationSecret/Job: tolerations can be set" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -276,7 +300,7 @@ load _helpers
#--------------------------------------------------------------------
# priorityClassName

@test "createFederationSecet/Job: priorityClassName is not set by default" {
@test "createFederationSecret/Job: priorityClassName is not set by default" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -290,7 +314,7 @@ load _helpers
[ "${actual}" = "null" ]
}

@test "createFederationSecet/Job: specified priorityClassName" {
@test "createFederationSecret/Job: specified priorityClassName" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -308,7 +332,7 @@ load _helpers
#--------------------------------------------------------------------
# nodeSelector

@test "createFederationSecet/Job: nodeSelector is not set by default" {
@test "createFederationSecret/Job: nodeSelector is not set by default" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand All @@ -322,7 +346,7 @@ load _helpers
[ "${actual}" = "null" ]
}

@test "createFederationSecet/Job: specified nodeSelector" {
@test "createFederationSecret/Job: specified nodeSelector" {
cd `chart_dir`
local actual=$(helm template \
-s templates/create-federation-secret-job.yaml \
Expand Down