From 598968660ea3cec86a2343edf324ced7bd5e7eea Mon Sep 17 00:00:00 2001
From: Danail Branekov <danailster@gmail.com>
Date: Mon, 6 Jul 2020 15:34:49 +0000
Subject: [PATCH] Fix task completion callback on k8s

When deployed on K8s, Istio handles transparently applying mTLS to network traffic.

[#173393442]

Signed-off-by: Giuseppe Capizzi <gcapizzi@pivotal.io>
---
 .../diego/task_completion_callback_generator.rb  |  9 +++++++--
 .../task_completion_callback_generator_spec.rb   | 16 ++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/lib/cloud_controller/diego/task_completion_callback_generator.rb b/lib/cloud_controller/diego/task_completion_callback_generator.rb
index 73d580f5723..4045205a4ba 100644
--- a/lib/cloud_controller/diego/task_completion_callback_generator.rb
+++ b/lib/cloud_controller/diego/task_completion_callback_generator.rb
@@ -6,10 +6,15 @@ def initialize(config=Config.config)
       end
 
       def generate(task)
-        schema = 'https'
+        if @config.kubernetes_api_configured?
+          port   = 80
+          schema = 'http'
+        else
+          port   = @config.get(:tls_port)
+          schema = 'https'
+        end
         auth = ''
         host = @config.get(:internal_service_hostname)
-        port = @config.get(:tls_port)
         api_version = 'v4'
 
         path = "/internal/#{api_version}/tasks/#{task.guid}/completed"
diff --git a/spec/unit/lib/cloud_controller/diego/task_completion_callback_generator_spec.rb b/spec/unit/lib/cloud_controller/diego/task_completion_callback_generator_spec.rb
index 3ddd53799a2..869625dc468 100644
--- a/spec/unit/lib/cloud_controller/diego/task_completion_callback_generator_spec.rb
+++ b/spec/unit/lib/cloud_controller/diego/task_completion_callback_generator_spec.rb
@@ -8,10 +8,12 @@ module Diego
 
       describe '#generate' do
         let(:task) { TaskModel.make }
+        let(:kubernetes_config) { nil }
         let(:task_config) do
           {
             internal_service_hostname: 'google.com',
             tls_port:                  '8888',
+            kubernetes:                kubernetes_config,
           }
         end
 
@@ -26,6 +28,20 @@ module Diego
             )
           end
         end
+
+        context 'when kubernetes is configured' do
+          let(:kubernetes_config) do
+            {
+              host_url: 'https://master.default.svc.cluster-domain.example',
+            }
+          end
+
+          it 'configures the callback url with http and relies on Istio for mTLS' do
+            expect(generator.generate(task)).to eq(
+              "http://google.com:80/internal/v4/tasks/#{task.guid}/completed"
+            )
+          end
+        end
       end
     end
   end