Skip to content

Commit

Permalink
Add tests to CaReconciler to verify trust rolling behaviour
Browse files Browse the repository at this point in the history
Signed-off-by: Katherine Stanley <[email protected]>
  • Loading branch information
katheris committed Oct 30, 2024
1 parent 59d9226 commit e45a5dd
Show file tree
Hide file tree
Showing 2 changed files with 1,054 additions and 179 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ public class CaReconciler {
/* test */ final DeploymentOperator deploymentOperator;
private final StrimziPodSetOperator strimziPodSetOperator;
private final SecretOperator secretOperator;
private final PodOperator podOperator;
/* test */ final PodOperator podOperator;
private final AdminClientProvider adminClientProvider;
private final KafkaAgentClientProvider kafkaAgentClientProvider;
private final ZookeeperLeaderFinder zookeeperLeaderFinder;
Expand Down Expand Up @@ -548,8 +548,14 @@ Future<Void> rollingUpdateForNewCaKey() {
}

/* test */ Future<Void> rollKafkaBrokers(Set<NodeRef> nodes, RestartReasons podRollReasons, TlsPemIdentity coTlsPemIdentity) {
return new KafkaRoller(
reconciliation,
return createKafkaRoller(nodes, coTlsPemIdentity).rollingRestart(pod -> {
LOGGER.debugCr(reconciliation, "Rolling Pod {} due to {}", pod.getMetadata().getName(), podRollReasons.getReasons());
return podRollReasons;
});
}

/* test */ KafkaRoller createKafkaRoller(Set<NodeRef> nodes, TlsPemIdentity coTlsPemIdentity) {
return new KafkaRoller(reconciliation,
vertx,
podOperator,
1_000,
Expand All @@ -563,15 +569,11 @@ Future<Void> rollingUpdateForNewCaKey() {
null,
null,
false,
eventPublisher
).rollingRestart(pod -> {
LOGGER.debugCr(reconciliation, "Rolling Pod {} due to {}", pod.getMetadata().getName(), podRollReasons.getReasons());
return podRollReasons;
});
eventPublisher);
}

// Entity Operator, Kafka Exporter, and Cruise Control are only rolled when the cluster CA cert key is replaced
Future<Void> maybeRollDeploymentIfExists(String deploymentName, RestartReasons podRollReasons) {
private Future<Void> maybeRollDeploymentIfExists(String deploymentName, RestartReasons podRollReasons) {
if (podRollReasons.contains(RestartReason.CLUSTER_CA_CERT_KEY_REPLACED)) {
return rollDeploymentIfExists(deploymentName, RestartReason.CLUSTER_CA_CERT_KEY_REPLACED.getDefaultNote());
} else {
Expand All @@ -587,7 +589,7 @@ Future<Void> maybeRollDeploymentIfExists(String deploymentName, RestartReasons p
*
* @return Succeeded future if it succeeded, failed otherwise.
*/
Future<Void> rollDeploymentIfExists(String deploymentName, String reason) {
/* test */ Future<Void> rollDeploymentIfExists(String deploymentName, String reason) {
return deploymentOperator.getAsync(reconciliation.namespace(), deploymentName)
.compose(dep -> {
if (dep != null) {
Expand All @@ -603,7 +605,7 @@ Future<Void> rollDeploymentIfExists(String deploymentName, String reason) {
* Remove older cluster CA certificates if present in the corresponding Secret after a renewal by replacing the
* corresponding CA private key.
*/
Future<Void> maybeRemoveOldClusterCaCertificates() {
/* test */ Future<Void> maybeRemoveOldClusterCaCertificates() {
// if the new CA certificate is used to sign all server certificates
if (isClusterCaFullyUsed) {
LOGGER.debugCr(reconciliation, "Maybe there are old cluster CA certificates to remove");
Expand Down
Loading

0 comments on commit e45a5dd

Please sign in to comment.