Allow jaas-config extraMount and validate missing extraMounts

Signed-off-by: ruromero <rromerom@redhat.com>
artemiscloud · Nov 8, 2022 · 858c305 · 858c305
1 parent 8f5f1c0
commit 858c305
Show file tree

Hide file tree

Showing 6 changed files with 256 additions and 23 deletions.
diff --git a/api/v1beta1/activemqartemis_types.go b/api/v1beta1/activemqartemis_types.go
@@ -422,8 +422,6 @@ const (
 	DeployedConditionZeroSizeReason  = "ZeroSizeDeployment"
 	DeployedConditionZeroSizeMessage = "Pods not scheduled. Deployment size is 0"
 
-	ValidConditionType                      = "Valid"
-	ValidConditionSuccessReason             = "ValidationSucceeded"
 	ValidConditionFailedReservedLabelReason = "ReservedLabelReference"
 
 	ConfigAppliedConditionType                            = "BrokerPropertiesApplied"

diff --git a/controllers/activemqartemis_controller.go b/controllers/activemqartemis_controller.go
@@ -18,11 +18,14 @@ package controllers
 
 import (
 	"context"
+	"fmt"
 	"reflect"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -149,15 +152,23 @@ func (r *ActiveMQArtemisReconciler) Reconcile(ctx context.Context, request ctrl.
 	namer := MakeNamers(customResource)
 	reconciler := ActiveMQArtemisReconcilerImpl{}
 
-	reconciler.Process(customResource, *namer, r.Client, r.Scheme)
+	result := ctrl.Result{}
 
-	err = UpdatePodStatus(customResource, r.Client, request.NamespacedName)
-	if err != nil {
-		reqLogger.Error(err, "unable to update pod status", "Request Namespace", request.Namespace, "Request Name", request.Name)
-		return ctrl.Result{RequeueAfter: common.GetReconcileResyncPeriod()}, err
+	if hasValidationErrors, err := validate(customResource, r.Client, r.Scheme); !hasValidationErrors && err == nil {
+		requeue := reconciler.Process(customResource, *namer, r.Client, r.Scheme)
+
+		err = UpdatePodStatus(customResource, r.Client, request.NamespacedName)
+		if err != nil {
+			reqLogger.Error(err, "unable to update pod status", "Request Namespace", request.Namespace, "Request Name", request.Name)
+			return ctrl.Result{RequeueAfter: common.GetReconcileResyncPeriod()}, err
+		}
+
+		result = UpdateBrokerPropertiesStatus(customResource, r.Client, r.Scheme)
+		if requeue {
+			result = ctrl.Result{RequeueAfter: common.GetReconcileResyncPeriod()}
+		}
 	}
 
-	result := UpdateBrokerPropertiesStatus(customResource, r.Client, r.Scheme)
 	err = UpdateCRStatus(customResource, r.Client, request.NamespacedName)
 
 	if err != nil {
@@ -178,6 +189,69 @@ func (r *ActiveMQArtemisReconciler) Reconcile(ctx context.Context, request ctrl.
 	return result, err
 }
 
+func validate(customResource *brokerv1beta1.ActiveMQArtemis, client rtclient.Client, scheme *runtime.Scheme) (bool, error) {
+	// Do additional validation here
+	validationCondition := metav1.Condition{
+		Type:   common.ValidConditionType,
+		Status: metav1.ConditionTrue,
+		Reason: common.ValidConditionSuccessReason,
+	}
+	condition, err := validateExtraMounts(customResource, client, scheme)
+	if err != nil {
+		return false, err
+	}
+	if condition != nil {
+		validationCondition = *condition
+	}
+
+	meta.SetStatusCondition(&customResource.Status.Conditions, validationCondition)
+	return false, nil
+}
+
+func validateExtraMounts(customResource *brokerv1beta1.ActiveMQArtemis, client rtclient.Client, scheme *runtime.Scheme) (*metav1.Condition, error) {
+	for _, cm := range customResource.Spec.DeploymentPlan.ExtraMounts.ConfigMaps {
+		found, err := validateExtraMount(cm, customResource.Namespace, &corev1.ConfigMap{}, client, scheme)
+		if err != nil {
+			return nil, err
+		}
+		if !found {
+			return &metav1.Condition{
+				Type:    common.ValidConditionType,
+				Status:  metav1.ConditionFalse,
+				Reason:  common.ValidConditionMissingResourcesReason,
+				Message: fmt.Sprintf("Missing required configMap %v", cm),
+			}, nil
+		}
+	}
+	for _, s := range customResource.Spec.DeploymentPlan.ExtraMounts.Secrets {
+		found, err := validateExtraMount(s, customResource.Namespace, &corev1.Secret{}, client, scheme)
+		if err != nil {
+			return nil, err
+		}
+		if !found {
+			return &metav1.Condition{
+				Type:    common.ValidConditionType,
+				Status:  metav1.ConditionFalse,
+				Reason:  common.ValidConditionMissingResourcesReason,
+				Message: fmt.Sprintf("Missing required secret %v", s),
+			}, nil
+		}
+	}
+	return nil, nil
+}
+
+func validateExtraMount(name, namespace string, obj rtclient.Object, client rtclient.Client, scheme *runtime.Scheme) (bool, error) {
+	err := client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, obj)
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			return false, nil
+		} else {
+			return false, err
+		}
+	}
+	return true, nil
+}
+
 type Namers struct {
 	SsGlobalName                  string
 	SsNameBuilder                 namer.NamerData

diff --git a/controllers/activemqartemis_controller_test.go b/controllers/activemqartemis_controller_test.go
@@ -423,7 +423,6 @@ var _ = Describe("artemis controller", func() {
 
 			hasMatch, matchErr = MatchCapturedLog("ERROR")
 			Expect(matchErr).To(BeNil())
-			fmt.Printf("logBuffer: %v\n", logBuffer)
 			Expect(hasMatch).To(BeFalse())
 
 			// cleanup
@@ -1828,7 +1827,7 @@ var _ = Describe("artemis controller", func() {
 					g.Expect(len(createdCrd.Status.PodStatus.Ready)).Should(BeEquivalentTo(1))
 					g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, brokerv1beta1.DeployedConditionType)).Should(BeTrue())
 					g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, common.ReadyConditionType)).Should(BeTrue())
-					g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, brokerv1beta1.ValidConditionType)).Should(BeTrue())
+					g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, common.ValidConditionType)).Should(BeTrue())
 				}, timeout*2, interval).Should(Succeed())
 
 				By("applying taints to node")
@@ -2603,7 +2602,7 @@ var _ = Describe("artemis controller", func() {
 					Message: brokerv1beta1.DeployedConditionZeroSizeMessage,
 				})).Should(BeTrue())
 				g.Expect(meta.IsStatusConditionFalse(createdCrd.Status.Conditions, common.ReadyConditionType)).Should(BeTrue())
-				g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, brokerv1beta1.ValidConditionType)).Should(BeTrue())
+				g.Expect(meta.IsStatusConditionTrue(createdCrd.Status.Conditions, common.ValidConditionType)).Should(BeTrue())
 
 			}, timeout, interval).Should(Succeed())
 
@@ -3191,7 +3190,7 @@ var _ = Describe("artemis controller", func() {
 				g.Expect(deployedCrd.Name).Should(Equal(validCrd.ObjectMeta.Name))
 				g.Expect(len(deployedCrd.Status.PodStatus.Stopped)).Should(Equal(1))
 				g.Expect(deployedCrd.Status.PodStatus.Stopped[0]).Should(Equal(namer.CrToSS(validCrd.Name)))
-				g.Expect(meta.IsStatusConditionTrue(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType)).Should(BeTrue())
+				g.Expect(meta.IsStatusConditionTrue(deployedCrd.Status.Conditions, common.ValidConditionType)).Should(BeTrue())
 			}, timeout, interval).Should(Succeed())
 
 			By("checking deployed resources of valid CR")
@@ -3217,9 +3216,9 @@ var _ = Describe("artemis controller", func() {
 			By("verify status valid false")
 			Eventually(func(g Gomega) {
 				g.Expect(k8sClient.Get(ctx, deployedCrdKey, &deployedCrd)).Should(Succeed())
-				g.Expect(meta.IsStatusConditionFalse(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType)).Should(BeTrue())
-				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType).Reason).Should(Equal(brokerv1beta1.ValidConditionFailedReservedLabelReason))
-				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType).Message).Should(ContainSubstring("application"))
+				g.Expect(meta.IsStatusConditionFalse(deployedCrd.Status.Conditions, common.ValidConditionType)).Should(BeTrue())
+				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, common.ValidConditionType).Reason).Should(Equal(brokerv1beta1.ValidConditionFailedReservedLabelReason))
+				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, common.ValidConditionType).Message).Should(ContainSubstring("application"))
 				g.Expect(meta.IsStatusConditionFalse(deployedCrd.Status.Conditions, common.ReadyConditionType)).Should(BeTrue())
 			}, timeout, interval).Should(Succeed())
 
@@ -3240,8 +3239,8 @@ var _ = Describe("artemis controller", func() {
 				g.Expect(len(deployedCrd.Status.PodStatus.Stopped)).Should(Equal(1))
 				g.Expect(deployedCrd.Status.PodStatus.Stopped[0]).Should(Equal(namer.CrToSS(invalidCrd.Name)))
 				By("verify status valid true")
-				g.Expect(meta.IsStatusConditionTrue(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType)).Should(BeTrue())
-				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, brokerv1beta1.ValidConditionType).Reason).Should(Equal(brokerv1beta1.ValidConditionSuccessReason))
+				g.Expect(meta.IsStatusConditionTrue(deployedCrd.Status.Conditions, common.ValidConditionType)).Should(BeTrue())
+				g.Expect(meta.FindStatusCondition(deployedCrd.Status.Conditions, common.ValidConditionType).Reason).Should(Equal(common.ValidConditionSuccessReason))
 			}, timeout, interval).Should(Succeed())
 
 			By("checking deployed resources of updated invalid CR")

diff --git a/controllers/activemqartemis_reconciler.go b/controllers/activemqartemis_reconciler.go
@@ -66,6 +66,7 @@ const (
 	ImageNamePrefix                  = "RELATED_IMAGE_ActiveMQ_Artemis_Broker_"
 	defaultLivenessProbeInitialDelay = 5
 	TCPLivenessPort                  = 8161
+	jaasConfigSuffix                 = "-jaas-config"
 )
 
 var defaultMessageMigration bool = true
@@ -1546,7 +1547,7 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) NewPodTemplateSpecForCR(customR
 			if key == selectors.LabelAppKey || key == selectors.LabelResourceKey {
 
 				meta.SetStatusCondition(&customResource.Status.Conditions, metav1.Condition{
-					Type:    brokerv1beta1.ValidConditionType,
+					Type:    common.ValidConditionType,
 					Status:  metav1.ConditionFalse,
 					Reason:  brokerv1beta1.ValidConditionFailedReservedLabelReason,
 					Message: fmt.Sprintf("'%s' is a reserved label, it is not allowed in Spec.DeploymentPlan.Labels", key),
@@ -1559,9 +1560,9 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) NewPodTemplateSpecForCR(customR
 	}
 	// validation success
 	meta.SetStatusCondition(&customResource.Status.Conditions, metav1.Condition{
-		Type:   brokerv1beta1.ValidConditionType,
+		Type:   common.ValidConditionType,
 		Status: metav1.ConditionTrue,
-		Reason: brokerv1beta1.ValidConditionSuccessReason,
+		Reason: common.ValidConditionSuccessReason,
 	})
 
 	pts := pods.MakePodTemplateSpec(current, namespacedName, labels)
@@ -1647,6 +1648,15 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) NewPodTemplateSpecForCR(customR
 	}
 	environments.Create(podSpec.Containers, &envBrokerCustomInstanceDir)
 
+	// JAAS Config
+	if jaasConfigPath, found := getJaasConfigExtraMountPath(customResource); found {
+		debugArgs := corev1.EnvVar{
+			Name:  "DEBUG_ARGS",
+			Value: fmt.Sprintf("-Djava.security.auth.login.config=%v", jaasConfigPath),
+		}
+		environments.CreateOrAppend(podSpec.Containers, &debugArgs)
+	}
+
 	//add empty-dir volume and volumeMounts to main container
 	volumeForCfg := volumes.MakeVolumeForCfg(cfgVolumeName)
 	podSpec.Volumes = append(podSpec.Volumes, volumeForCfg)
@@ -1840,6 +1850,27 @@ func (reconciler *ActiveMQArtemisReconcilerImpl) NewPodTemplateSpecForCR(customR
 	return pts, nil
 }
 
+func getJaasConfigExtraMountPath(customResource *brokerv1beta1.ActiveMQArtemis) (string, bool) {
+	if t, name, found := getJaasConfigExtraMount(customResource); found {
+		return fmt.Sprintf("/amq/extra/%v/%v/login.config", t, name), true
+	}
+	return "", false
+}
+
+func getJaasConfigExtraMount(customResource *brokerv1beta1.ActiveMQArtemis) (string, string, bool) {
+	for _, cm := range customResource.Spec.DeploymentPlan.ExtraMounts.ConfigMaps {
+		if strings.HasSuffix(cm, jaasConfigSuffix) {
+			return "configmaps", cm, true
+		}
+	}
+	for _, s := range customResource.Spec.DeploymentPlan.ExtraMounts.Secrets {
+		if strings.HasSuffix(s, jaasConfigSuffix) {
+			return "secrets", s, true
+		}
+	}
+	return "", "", false
+}
+
 func configureLivenessProbe(container *corev1.Container, probeFromCR *corev1.Probe) *corev1.Probe {
 	var livenessProbe *corev1.Probe = container.LivenessProbe
 	clog.V(1).Info("Configuring Liveness Probe", "existing", livenessProbe)
@@ -2308,13 +2339,13 @@ func UpdatePodStatus(cr *brokerv1beta1.ActiveMQArtemis, client rtclient.Client,
 func getValidCondition(cr *brokerv1beta1.ActiveMQArtemis) metav1.Condition {
 	// add valid true if none exists
 	for _, c := range cr.Status.Conditions {
-		if c.Type == brokerv1beta1.ValidConditionType {
+		if c.Type == common.ValidConditionType {
 			return c
 		}
 	}
 	return metav1.Condition{
-		Type:   brokerv1beta1.ValidConditionType,
-		Reason: brokerv1beta1.ValidConditionSuccessReason,
+		Type:   common.ValidConditionType,
+		Reason: common.ValidConditionSuccessReason,
 		Status: metav1.ConditionTrue,
 	}
 }