forked from rh-messaging/shipshape
/
sslprofile.go
98 lines (80 loc) · 3.55 KB
/
sslprofile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package validation
import (
"fmt"
"github.com/interconnectedcloud/qdr-operator/pkg/apis/interconnectedcloud/v1alpha1"
"github.com/onsi/gomega"
"github.com/gaohoward/shipshape/pkg/apps/qdrouterd/deployment"
"github.com/gaohoward/shipshape/pkg/apps/qdrouterd/qdrmanagement"
"github.com/gaohoward/shipshape/pkg/apps/qdrouterd/qdrmanagement/entities"
"github.com/gaohoward/shipshape/pkg/framework"
"k8s.io/api/core/v1"
)
// SslProfileMapByName represents a map indexed by sslProfile Name storing
// another map with the property names and respective values for the SslProfile entity
// that will be validated.
type SslProfileMapByName map[string]map[string]interface{}
// ValidateDefaultSslProfiles asserts that the default sslProfile entities have
// been defined, based on given Interconnect's role.
func ValidateDefaultSslProfiles(ic *v1alpha1.Interconnect, c framework.ContextData, pods []v1.Pod) {
var expectedSslProfiles = 1
var isInterior = ic.Spec.DeploymentPlan.Role == v1alpha1.RouterRoleInterior
// Interior routers have an extra sslProfile for the inter-router listener
if isInterior {
expectedSslProfiles++
}
// Iterate through the pods to ensure sslProfiles are defined
for _, pod := range pods {
var sslProfilesFound = 0
// Retrieving sslProfile entities from router
sslProfiles, err := qdrmanagement.QdmanageQuery(c, pod.Name, entities.SslProfile{}, nil)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
// Verify expected sslProfiles are defined
for _, entity := range sslProfiles {
sslProfile := entity.(entities.SslProfile)
switch sslProfile.Name {
case "inter-router":
ValidateEntityValues(sslProfile, map[string]interface{}{
"CaCertFile": fmt.Sprintf("/etc/qpid-dispatch-certs/%s/%s-%s-credentials/ca.crt", sslProfile.Name, ic.Name, sslProfile.Name),
})
fallthrough
case "default":
ValidateEntityValues(sslProfile, map[string]interface{}{
"CertFile": fmt.Sprintf("/etc/qpid-dispatch-certs/%s/%s-%s-credentials/tls.crt", sslProfile.Name, ic.Name, sslProfile.Name),
"PrivateKeyFile": fmt.Sprintf("/etc/qpid-dispatch-certs/%s/%s-%s-credentials/tls.key", sslProfile.Name, ic.Name, sslProfile.Name),
})
sslProfilesFound++
}
}
// Assert default sslProfiles have been found
gomega.Expect(expectedSslProfiles).To(gomega.Equal(sslProfilesFound))
}
}
// ValidateSslProfileModels retrieves the Interconnect instance and iterates through all
// its pods, querying management API for sslProfiles. Next it ensure that all sslProfile
// definitions fro the sslProfMap are defined on each pod.
func ValidateSslProfileModels(ic *v1alpha1.Interconnect, c framework.ContextData, sslProfMap SslProfileMapByName) {
// Retrieve lastest version of given Interconnect resource
ic, err := deployment.GetInterconnect(c, ic.Name)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
// Validate IC instance
gomega.Expect(ic).NotTo(gomega.BeNil())
gomega.Expect(len(ic.Status.PodNames)).To(gomega.BeNumerically(">", 0))
// Iterating through all pods
for _, pod := range ic.Status.PodNames {
sslProfFound := 0
sslProfiles, err := qdrmanagement.QdmanageQuery(c, pod, entities.SslProfile{}, nil)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
for _, e := range sslProfiles {
sslProfile := e.(entities.SslProfile)
model, found := sslProfMap[sslProfile.Name]
if !found {
continue
}
ValidateEntityValues(sslProfile, model)
// Validating the matching sslProfile
sslProfFound++
}
// Expect all sslProfiles from map have been validated
gomega.Expect(sslProfFound).To(gomega.Equal(len(sslProfMap)))
}
}