move internal root cert to projected volume source

nasark · Jan 11, 2024 · 3cbebfd · 3cbebfd
1 parent 0519482
commit 3cbebfd
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 2 deletions.
diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go
@@ -353,8 +353,14 @@ func addInternalRootCertificate(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment,
 		volumeMount := corev1.VolumeMount{Name: "internal-root-certificate", MountPath: "/etc/pki/ca-trust/source/anchors", ReadOnly: true}
 		d.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount)
 
-		secretVolumeSource := corev1.SecretVolumeSource{SecretName: secret.Name, Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}}}
-		d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}})
+		volumeProjection := &corev1.VolumeProjection{
+			Secret: &corev1.SecretProjection{
+				LocalObjectReference: corev1.LocalObjectReference{Name: cr.Spec.InternalCertificatesSecret},
+				Items:                []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}},
+			},
+		}
+		projectedSecretVolumeSource := addOrUpdateProjectedSecretVolumeSource("internal-root-certificate", d.Spec.Template.Spec.Volumes, volumeProjection)
+		d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Projected: &projectedSecretVolumeSource}})
 
 		d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret})
 

diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1"
+	miqutilsv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/miqutils"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -144,6 +145,22 @@ func addOrUpdateEnvVar(environment []corev1.EnvVar, variable corev1.EnvVar) []co
 	return environment
 }
 
+func addOrUpdateProjectedSecretVolumeSource(volumeName string, volumes []corev1.Volume, volumeProjection *corev1.VolumeProjection) corev1.ProjectedVolumeSource {
+	projectedVolumeSource := corev1.ProjectedVolumeSource{}
+
+	if volume := miqutilsv1alpha1.FindVolume(volumeName, volumes); volume.VolumeSource.Projected != nil {
+		if foundVolumeProjection := miqutilsv1alpha1.FindVolumeProjection((*volumeProjection).Secret.LocalObjectReference.Name, volume.VolumeSource.Projected.Sources); foundVolumeProjection.Secret != nil {
+			projectedVolumeSource.Sources = volume.VolumeSource.Projected.Sources
+		} else {
+			projectedVolumeSource.Sources = append(volume.VolumeSource.Projected.Sources, *volumeProjection)
+		}
+	} else {
+		projectedVolumeSource.Sources = []corev1.VolumeProjection{*volumeProjection}
+	}
+
+	return projectedVolumeSource
+}
+
 func addOrUpdateVolumeMount(volumeMounts []corev1.VolumeMount, volumeMount corev1.VolumeMount) []corev1.VolumeMount {
 	if volumeMounts == nil {
 		volumeMounts = []corev1.VolumeMount{}

diff --git a/manageiq-operator/api/v1alpha1/miqutils/find.go b/manageiq-operator/api/v1alpha1/miqutils/find.go
@@ -64,3 +64,27 @@ func FindCatalogSourceByName(client client.Client, namespace string, name string
 
 	return catalogSource
 }
+
+func FindVolume(volumeName string, volumes []corev1.Volume) corev1.Volume {
+	volume := corev1.Volume{}
+	for i := 0; i < len(volumes); i++ {
+		if volumes[i].Name == volumeName {
+			volume = volumes[i]
+		}
+	}
+
+	return volume
+}
+
+func FindVolumeProjection(volumeProjectionName string, volumeProjections []corev1.VolumeProjection) corev1.VolumeProjection {
+	volumeProjection := corev1.VolumeProjection{}
+	for i := 0; i < len(volumeProjections); i++ {
+		if volumeProjections[i].Secret != nil && volumeProjections[i].Secret.LocalObjectReference.Name == volumeProjectionName {
+			volumeProjection = volumeProjections[i]
+		} else if volumeProjections[i].ConfigMap != nil && volumeProjections[i].ConfigMap.LocalObjectReference.Name == volumeProjectionName {
+			volumeProjection = volumeProjections[i]
+		}
+	}
+
+	return volumeProjection
+}