Skip to content

Commit

Permalink
Add kitchen sink test for TLS connections (#308)
Browse files Browse the repository at this point in the history
* Add kitchen sink test for TLS connections

* Update to 5.9.10

* update comment
  • Loading branch information
andrewstucki authored Nov 14, 2024
1 parent 7532af7 commit aed4003
Show file tree
Hide file tree
Showing 10 changed files with 166 additions and 19 deletions.
2 changes: 1 addition & 1 deletion acceptance/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/cucumber/godog v0.14.1
github.com/go-logr/logr v1.4.2
github.com/redpanda-data/common-go/rpadmin v0.1.9
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15
github.com/redpanda-data/redpanda-operator/harpoon v0.0.0-00010101000000-000000000000
github.com/redpanda-data/redpanda-operator/operator v0.0.0-00010101000000-000000000000
github.com/stretchr/testify v1.9.0
Expand Down
5 changes: 4 additions & 1 deletion acceptance/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -192,10 +192,13 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/fluxcd/helm-controller/api v0.37.2 h1:tkLezpRdqPDz7HoKHFu92sV+ppOCVDxkjFTh8/lpff8=
github.com/fluxcd/helm-controller/api v0.37.2/go.mod h1:BuXZhAX9blQviil6yUN5zNM4RB753yhyBTJXxXff7Mo=
github.com/fluxcd/pkg/apis/acl v0.1.0 h1:EoAl377hDQYL3WqanWCdifauXqXbMyFuK82NnX6pH4Q=
github.com/fluxcd/pkg/apis/kustomize v1.2.0 h1:vkVs+OumxaWso0jNCqdgFFfMHdh+qtZhykTkjl7OgmA=
github.com/fluxcd/pkg/apis/kustomize v1.2.0/go.mod h1:VF7tR/WuVFeum+HaMTHwp+eCtsHiiQlY6ihgqtAnW/M=
github.com/fluxcd/pkg/apis/meta v1.2.0 h1:O766PzGAdMdQKybSflGL8oV0+GgCNIkdsxfalRyzeO8=
github.com/fluxcd/pkg/apis/meta v1.2.0/go.mod h1:fU/Az9AoVyIxC0oI4ihG0NVMNnvrcCzdEym3wxjIQsc=
github.com/fluxcd/source-controller v1.2.3 h1:g+lleTMyaS2yPfOHuXGJIjQLyiIPjPxM1/m59vwMdgs=
github.com/fluxcd/source-controller/api v1.2.3 h1:71mXv3Qg9HEhcpqOq1ObmoE+P/HuZNaAvxfI7dqZMo8=
github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
Expand Down Expand Up @@ -640,7 +643,7 @@ github.com/redpanda-data/common-go/net v0.1.0/go.mod h1:iOdNkjxM7a1T8F3cYHTaKIPF
github.com/redpanda-data/common-go/rpadmin v0.1.9 h1:X5a95P7Dc+7EaidU7dusWJyiG3eJmk4zJtUttfvhmc4=
github.com/redpanda-data/console/backend v0.0.0-20240303221210-05d5d9e85f20 h1:+zsE3W1V86k2sjAGWOySIlF0xn5R1aXXQBaIdr80F48=
github.com/redpanda-data/console/backend v0.0.0-20240303221210-05d5d9e85f20/go.mod h1:DC42/3+k5PefSo4IalYbDN3yRZrVFP0b69+gC/NwGd4=
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a h1:QrCC2sX/A0ffiJEUJmZhDS8/NWJI4rbcbtCC+NQOGZY=
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15 h1:OkWn3PL9PbIegbYfEZ9LbVAnZpQd/MzUbFdJLxWbX+s=
github.com/redpanda-data/redpanda/src/go/rpk v0.0.0-20240827155712-244863ea0ae8 h1:uTQKqF8UPNxYxKBJ11VlG6Vt2l9ctkkeXsmmjHUSUG4=
github.com/redpanda-data/redpanda/src/go/rpk v0.0.0-20240827155712-244863ea0ae8/go.mod h1:97qkjcMI3gDL+y+aY/w5o0xF2qGHFof6rCXIYjnTalM=
github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA=
Expand Down
2 changes: 2 additions & 0 deletions go.work.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1806,6 +1806,8 @@ github.com/redpanda-data/common-go/rpadmin v0.1.7-0.20240916201938-8d748d9ac10b/
github.com/redpanda-data/helm-charts v0.0.0-20240911060052-2bf9dd6f0996/go.mod h1:uEMmuH+gTppAsZZNYlUbh6tuxN3fqffWY0Bi8AcE2Zk=
github.com/redpanda-data/helm-charts v0.0.0-20240916201426-9ca3b128bb8e/go.mod h1:uEMmuH+gTppAsZZNYlUbh6tuxN3fqffWY0Bi8AcE2Zk=
github.com/redpanda-data/helm-charts v0.0.0-20241025092026-69353dfce9a1/go.mod h1:dmmGZo7DuHNnCy0QOykXN2sY9QI8kbdlkSKgIkCT978=
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a/go.mod h1:dmmGZo7DuHNnCy0QOykXN2sY9QI8kbdlkSKgIkCT978=
github.com/redpanda-data/helm-charts v0.0.0-20241113221319-230a32adcee0/go.mod h1:dmmGZo7DuHNnCy0QOykXN2sY9QI8kbdlkSKgIkCT978=
github.com/redpanda-data/redpanda/src/go/rpk v0.0.0-20240105044330-c094966ca0cf/go.mod h1:SaSp5/JwdLHu8ZU82wFbXD8/oE4UWB+8ZkjWWreAt7Y=
github.com/rhnvrm/simples3 v0.6.1 h1:H0DJwybR6ryQE+Odi9eqkHuzjYAeJgtGcGtuBwOhsH8=
github.com/rickb777/period v1.0.6 h1:f4TcHBtL/4qa4D44eqgxs7785/kfLKUjRI7XYI2HCvk=
Expand Down
2 changes: 1 addition & 1 deletion harpoon/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/cucumber/godog v0.14.1
github.com/cucumber/messages/go/v21 v21.0.1
github.com/olekukonko/tablewriter v0.0.5
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15
github.com/stretchr/testify v1.9.0
golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e
k8s.io/api v0.30.3
Expand Down
2 changes: 1 addition & 1 deletion harpoon/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a h1:QrCC2sX/A0ffiJEUJmZhDS8/NWJI4rbcbtCC+NQOGZY=
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15 h1:OkWn3PL9PbIegbYfEZ9LbVAnZpQd/MzUbFdJLxWbX+s=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
Expand Down
2 changes: 1 addition & 1 deletion operator/api/redpanda/v1alpha2/redpanda_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ type ChartRef struct {
// UseFlux flag set to `false` will prevent helm controller from reconciling helm chart. The operator would be
// tight with `go` based Redpanda helm chart version. The rest of the ChartRef fields would be ignored.
//
// Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.9`
// Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.10`
// version of the Redpanda chart.
//
// RedpandaStatus might not be accurate if flag is set to `false` and HelmRelease is manually deleted.
Expand Down
4 changes: 2 additions & 2 deletions operator/config/crd/bases/cluster.redpanda.com_redpandas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ spec:
UseFlux flag set to `false` will prevent helm controller from reconciling helm chart. The operator would be
tight with `go` based Redpanda helm chart version. The rest of the ChartRef fields would be ignored.

Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.9`
Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.10`
version of the Redpanda chart.

RedpandaStatus might not be accurate if flag is set to `false` and HelmRelease is manually deleted.
Expand Down Expand Up @@ -9905,7 +9905,7 @@ spec:
UseFlux flag set to `false` will prevent helm controller from reconciling helm chart. The operator would be
tight with `go` based Redpanda helm chart version. The rest of the ChartRef fields would be ignored.

Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.9`
Before setting UseFlux flag to `false` please alight your ChartVersion to at least `5.9.10`
version of the Redpanda chart.

RedpandaStatus might not be accurate if flag is set to `false` and HelmRelease is manually deleted.
Expand Down
2 changes: 1 addition & 1 deletion operator/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ require (
github.com/prometheus/common v0.55.0
github.com/redpanda-data/common-go/rpadmin v0.1.9
github.com/redpanda-data/console/backend v0.0.0-20240303221210-05d5d9e85f20
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15
github.com/redpanda-data/redpanda/src/go/rpk v0.0.0-20240827155712-244863ea0ae8
github.com/scalalang2/golang-fifo v1.0.2
github.com/spf13/afero v1.11.0
Expand Down
4 changes: 2 additions & 2 deletions operator/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1093,8 +1093,8 @@ github.com/redpanda-data/flux-controller-shim/helm/shim v0.0.0-20231227162419-a4
github.com/redpanda-data/flux-controller-shim/helm/shim v0.0.0-20231227162419-a45126310240/go.mod h1:5KLXArOMFOrwb3BihpFaRNiPCyo9AXsXhvMdUmrCdUg=
github.com/redpanda-data/flux-controller-shim/source/shim v0.0.0-20240113100428-5e301ef97b19 h1:sJjDhnIbTMOuP4Rnhm1N3GNfgv6BJlocCnGliNvhgbw=
github.com/redpanda-data/flux-controller-shim/source/shim v0.0.0-20240113100428-5e301ef97b19/go.mod h1:T39OECA7eOlhpHZPBSGg+bpuwtt/G4m03fjBkJ821CM=
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a h1:QrCC2sX/A0ffiJEUJmZhDS8/NWJI4rbcbtCC+NQOGZY=
github.com/redpanda-data/helm-charts v0.0.0-20241031235426-99ca96105c9a/go.mod h1:dmmGZo7DuHNnCy0QOykXN2sY9QI8kbdlkSKgIkCT978=
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15 h1:OkWn3PL9PbIegbYfEZ9LbVAnZpQd/MzUbFdJLxWbX+s=
github.com/redpanda-data/helm-charts v0.0.0-20241114193526-f53a0adc8f15/go.mod h1:dmmGZo7DuHNnCy0QOykXN2sY9QI8kbdlkSKgIkCT978=
github.com/redpanda-data/helm-controller v0.37.3-0.20240119022335-c90fadbd044e h1:8HB05vSCY+0MwjT2DIVq6gJV5iw7nQNIDfMqcc1NEC8=
github.com/redpanda-data/helm-controller v0.37.3-0.20240119022335-c90fadbd044e/go.mod h1:jF5kbQy3qT/zufL27DE3lecfYTRWeAzSiVmrbDDQwUw=
github.com/redpanda-data/redpanda/src/go/rpk v0.0.0-20240827155712-244863ea0ae8 h1:uTQKqF8UPNxYxKBJ11VlG6Vt2l9ctkkeXsmmjHUSUG4=
Expand Down
160 changes: 151 additions & 9 deletions operator/pkg/client/factory_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import (
"testing"
"time"

cmapiv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
cmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
"github.com/go-logr/logr"
"github.com/redpanda-data/helm-charts/pkg/helm"
"github.com/redpanda-data/helm-charts/pkg/kube"
Expand All @@ -29,6 +31,7 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
)
Expand All @@ -39,18 +42,20 @@ func init() {
log.SetLogger(logr.Discard())
}

func ensureMapAndSetValue(values map[string]any, name, key string, value any) {
if v, ok := values[name]; ok {
m := v.(map[string]any)
m[key] = value
values[name] = m

func ensureMapAndSetValue(values map[string]any, key string, entries ...any) {
if len(entries) == 1 {
values[key] = entries[0]
return
}

values[name] = map[string]any{
key: value,
set := map[string]any{}
if v, ok := values[key]; ok {
set = v.(map[string]any)
}

ensureMapAndSetValue(set, entries[0].(string), entries[1:]...)

values[key] = set
}

type fakeObject struct {
Expand Down Expand Up @@ -85,7 +90,7 @@ func TestClientFactory(t *testing.T) {
var suffix atomic.Int32

ctx := context.Background()
cluster, err := k3d.NewCluster(t.Name())
cluster, err := k3d.NewCluster(t.Name(), k3d.WithAgents(1))
require.NoError(t, err)
t.Logf("created cluster %T %q", cluster, cluster.Name)

Expand Down Expand Up @@ -231,3 +236,140 @@ func TestClientFactory(t *testing.T) {
})
}
}

func TestClientFactoryTLSListeners(t *testing.T) {
// Test of https://github.com/redpanda-data/helm-charts/blob/230a32adcee07184313f1c864bf9e3ab21a2e38e/charts/operator/files/three_node_redpanda.yaml

if testing.Short() {
t.Skip("skipping factory tests in short mode")
}

ctx := context.Background()
cluster, err := k3d.NewCluster(t.Name(), k3d.WithAgents(1))
require.NoError(t, err)
t.Logf("created cluster %T %q", cluster, cluster.Name)

t.Cleanup(func() {
if testutil.Retain() {
t.Logf("retain flag is set; not deleting cluster %q", cluster.Name)
return
}
t.Logf("Deleting cluster %q", cluster.Name)
require.NoError(t, cluster.Cleanup())
})

restcfg := cluster.RESTConfig()

kubeClient, err := client.New(restcfg, client.Options{Scheme: controller.UnifiedScheme, WarningHandler: client.WarningHandlerOptions{SuppressWarnings: true}})
require.NoError(t, err)

helmClient, err := helm.New(helm.Options{
KubeConfig: restcfg,
})
require.NoError(t, err)
require.NoError(t, helmClient.RepoAdd(ctx, "redpandadata", "https://charts.redpanda.com"))

name := fmt.Sprintf("tls-test-%d", time.Now().Unix())

err = kubeClient.Create(ctx, &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: name,
},
})
require.NoError(t, err)

err = kubeClient.Create(ctx, &cmapiv1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: "kafka-internal-0",
Namespace: name,
},
Spec: cmapiv1.CertificateSpec{
EmailAddresses: []string{
"[email protected]",
},
Duration: ptr.To(metav1.Duration{Duration: 43800 * time.Hour}),
IssuerRef: cmetav1.ObjectReference{
Name: "cluster-tls-kafka-internal-0-root-issuer",
Kind: "Issuer",
Group: "cert-manager.io",
},
PrivateKey: &cmapiv1.CertificatePrivateKey{
Algorithm: "ECDSA",
Size: 256,
},
SecretName: "cluster-tls-user-client",
},
})
require.NoError(t, err)

factory := NewFactory(restcfg, kubeClient).WithDialer(kube.NewPodDialer(restcfg).DialContext)

values := map[string]any{}
ensureMapAndSetValue(values, "tls", map[string]any{
"enabled": true,
"certs": map[string]any{
"kafka-internal-0": map[string]any{
"caEnabled": true,
},
},
})
ensureMapAndSetValue(values, "listeners", "admin", map[string]any{
"external": map[string]any{},
"port": 9644,
"tls": map[string]any{
"cert": "",
"enabled": false,
"requireClientAuth": false,
},
})
ensureMapAndSetValue(values, "listeners", "kafka", map[string]any{
"authenticationMethod": "none",
"external": map[string]any{},
"port": 9092,
"tls": map[string]any{
"cert": "kafka-internal-0",
"enabled": true,
"requireClientAuth": false,
},
})

// to reduce the bootup time of the cluster
ensureMapAndSetValue(values, "statefulset", "replicas", 1)
ensureMapAndSetValue(values, "console", "enabled", false)
// to keep nodeport services from conflicting
ensureMapAndSetValue(values, "external", "enabled", false)
ensureMapAndSetValue(values, "image", "tag", "v24.2.2")

var redpanda redpandav1alpha2.Redpanda
redpanda.Name = name
redpanda.Namespace = name
redpanda.Spec.ClusterSpec = &redpandav1alpha2.RedpandaClusterSpec{}

data, err := json.Marshal(values)
require.NoError(t, err)
require.NoError(t, json.Unmarshal(data, redpanda.Spec.ClusterSpec))

_, err = helmClient.Install(ctx, "redpandadata/redpanda", helm.InstallOptions{
Version: chartVersion,
CreateNamespace: true,
Name: name,
Namespace: name,
Values: values,
})
require.NoError(t, err)

// check kafka connection
kafkaClient, err := factory.KafkaClient(ctx, &redpanda)
require.NoError(t, err)
metadata, err := kadm.NewClient(kafkaClient).BrokerMetadata(ctx)
require.NoError(t, err)
require.Len(t, metadata.Brokers.NodeIDs(), 1)
kafkaClient.Close()

// check admin connection
adminClient, err := factory.RedpandaAdminClient(ctx, &redpanda)
require.NoError(t, err)
brokers, err := adminClient.Brokers(ctx)
require.NoError(t, err)
require.Len(t, brokers, 1)
}

0 comments on commit aed4003

Please sign in to comment.