diff --git a/pkg/cassdcutil/config.go b/pkg/cassdcutil/config.go index dc158d1..33bf347 100644 --- a/pkg/cassdcutil/config.go +++ b/pkg/cassdcutil/config.go @@ -23,46 +23,12 @@ func ClientEncryptionEnabled(dc *cassdcapi.CassandraDatacenter) bool { func SubSectionOfCassYaml(dc *cassdcapi.CassandraDatacenter, section string) map[string]*gabs.Container { config, err := gabs.ParseJSON(dc.Spec.Config) if err != nil { - return nil - } - - cassYaml := config.Path("cassandra-yaml") - if cassYaml == nil { return make(map[string]*gabs.Container) } - return cassYaml.Path(section).ChildrenMap() -} - -/* -func (dc *CassandraDatacenter) LegacyInternodeEnabled() bool { - config, err := gabs.ParseJSON(dc.Spec.Config) - if err != nil { - return false - } - - hasOldKeyStore := func(gobContainer map[string]*gabs.Container) bool { - if gobContainer == nil { - return false - } - - if keystorePath, found := gobContainer["keystore"]; found { - if strings.TrimSpace(keystorePath.Data().(string)) == "/etc/encryption/node-keystore.jks" { - return true - } - } - return false - } - - if config.Exists("cassandra-yaml", "client_encryption_options") || config.Exists("cassandra-yaml", "server_encryption_options") { - serverContainer := config.Path("cassandra-yaml.server_encryption_options").ChildrenMap() - clientContainer := config.Path("cassandra-yaml.client_encryption_options").ChildrenMap() - - if hasOldKeyStore(clientContainer) || hasOldKeyStore(serverContainer) { - return true - } + if !config.Exists("cassandra-yaml") { + return make(map[string]*gabs.Container) } - return false + return config.Path("cassandra-yaml").Path(section).ChildrenMap() } -*/ diff --git a/pkg/cassdcutil/config_test.go b/pkg/cassdcutil/config_test.go index 24653d5..cba41e6 100644 --- a/pkg/cassdcutil/config_test.go +++ b/pkg/cassdcutil/config_test.go @@ -33,3 +33,69 @@ func TestClientEncryptionEnabled(t *testing.T) { assert := assert.New(t) assert.True(ClientEncryptionEnabled(dc)) } + +func TestEmptySubSection(t *testing.T) { + dc := &cassdcapi.CassandraDatacenter{ + Spec: cassdcapi.CassandraDatacenterSpec{}, + } + + assert := assert.New(t) + section := SubSectionOfCassYaml(dc, "client_encryption_options") + assert.NotNil(section) + assert.Equal(0, len(section)) + + dc.Spec.Config = json.RawMessage(``) + section = SubSectionOfCassYaml(dc, "client_encryption_options") + assert.NotNil(section) + assert.Equal(0, len(section)) +} + +func TestSubSectionNotMatch(t *testing.T) { + dc := &cassdcapi.CassandraDatacenter{ + Spec: cassdcapi.CassandraDatacenterSpec{ + Config: json.RawMessage(clientEncryptionEnabled), + }, + } + + assert := assert.New(t) + section := SubSectionOfCassYaml(dc, "server_encryption_options") + assert.NotNil(section) + assert.Equal(0, len(section)) +} + +func TestSubSectionPart(t *testing.T) { + dc := &cassdcapi.CassandraDatacenter{ + Spec: cassdcapi.CassandraDatacenterSpec{ + Config: json.RawMessage(clientEncryptionEnabled), + }, + } + + assert := assert.New(t) + section := SubSectionOfCassYaml(dc, "client_encryption_options") + assert.NotNil(section) + assert.Equal(6, len(section)) + + enabled, ok := section["enabled"].Data().(bool) + assert.True(ok) + assert.True(enabled) + + keystore, ok := section["keystore"].Data().(string) + assert.True(ok) + assert.Equal("/etc/encryption/node-keystore.jks", keystore) + + keystorePassword, ok := section["keystore_password"].Data().(string) + assert.True(ok) + assert.Equal("dc2", keystorePassword) + + truststore, ok := section["truststore"].Data().(string) + assert.True(ok) + assert.Equal("/etc/encryption/node-keystore.jks", truststore) + + truststorePassword, ok := section["truststore_password"].Data().(string) + assert.True(ok) + assert.Equal("dc2", truststorePassword) + + optional, ok := section["optional"].Data().(bool) + assert.True(ok) + assert.False(optional) +} diff --git a/pkg/cassdcutil/secrets.go b/pkg/cassdcutil/secrets.go index b0b6c69..3c3cb22 100644 --- a/pkg/cassdcutil/secrets.go +++ b/pkg/cassdcutil/secrets.go @@ -2,6 +2,7 @@ package cassdcutil import ( "context" + "strings" corev1 "k8s.io/api/core/v1" @@ -32,10 +33,10 @@ func (c *CassManager) CassandraAuthDetails(ctx context.Context, cassdc *cassdcap if ClientEncryptionEnabled(cassdc) { encryptionOptions := SubSectionOfCassYaml(cassdc, "client_encryption_options") - auth.KeystorePath = encryptionOptions["keystore"].Data().(string) - auth.KeystorePassword = encryptionOptions["keystore_password"].Data().(string) - auth.TruststorePath = encryptionOptions["truststore"].Data().(string) - auth.TruststorePassword = encryptionOptions["truststore_password"].Data().(string) + auth.KeystorePath = strings.TrimSpace(encryptionOptions["keystore"].Data().(string)) + auth.KeystorePassword = strings.TrimSpace(encryptionOptions["keystore_password"].Data().(string)) + auth.TruststorePath = strings.TrimSpace(encryptionOptions["truststore"].Data().(string)) + auth.TruststorePassword = strings.TrimSpace(encryptionOptions["truststore_password"].Data().(string)) } return auth, nil diff --git a/pkg/cassdcutil/secrets_test.go b/pkg/cassdcutil/secrets_test.go new file mode 100644 index 0000000..bb27510 --- /dev/null +++ b/pkg/cassdcutil/secrets_test.go @@ -0,0 +1,57 @@ +package cassdcutil + +import ( + "context" + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + cassdcapi "github.com/k8ssandra/cass-operator/apis/cassandra/v1beta1" +) + +func TestCassandraAuthDetails(t *testing.T) { + scheme := runtime.NewScheme() + clientgoscheme.AddToScheme(scheme) + cassdcapi.AddToScheme(scheme) + assert := assert.New(t) + + cassdc := &cassdcapi.CassandraDatacenter{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-dc", + }, + Spec: cassdcapi.CassandraDatacenterSpec{ + ClusterName: "test-cluster", + SuperuserSecretName: "test-secret", + Config: json.RawMessage(clientEncryptionEnabled), + }, + } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + }, + Data: map[string][]byte{ + "username": []byte("test-cluster-superuser"), + "password": []byte("cryptic-password"), + }, + } + + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(cassdc, secret).Build() + cassManager := &CassManager{client: client} + + authDetails, err := cassManager.CassandraAuthDetails(context.TODO(), cassdc) + assert.NoError(err) + assert.NotNil(authDetails) + + assert.Equal("test-cluster-superuser", authDetails.Username) + assert.Equal("cryptic-password", authDetails.Password) + assert.Equal("/etc/encryption/node-keystore.jks", authDetails.KeystorePath) + assert.Equal("dc2", authDetails.KeystorePassword) + assert.Equal("/etc/encryption/node-keystore.jks", authDetails.TruststorePath) + assert.Equal("dc2", authDetails.TruststorePassword) +}