Restore compatibility in specifying custom CAs by using Go client

doc/scratch-space.md

@@ -17,4 +17,5 @@ Operations that require scratch space are:
 | Registry imports | In order to import from registry container images, CDI has to first download the image to a scratch space, extract the layers to find the image file, and then pass that image file to QEMU-IMG for conversion to a raw disk |
 | Upload image | Because QEMU-IMG does not accept inputs from stdin yet, we cannot stream the upload directly to QEMU-IMG, so we have to save the upload to a scratch space first and then pass it to QEMU-IMG for conversion |
 | Http imports from unsupported server source for nbdkit | CDI uses ndbkit curl to stream the source content. However, nbdkit curl plugin cannot fetch the source when the server doesn't support accept ranges, or HTTP HEAD requests (for example, S3 servers). For those cases, the scratch space is still required|
+| Http imports of custom certificates | nbdkit handles custom certificates differently. To avoid breaking users we keep using a Go client that requires scratch space|
 

pkg/importer/http-datasource.go

@@ -138,7 +138,11 @@ func (hs *HTTPDataSource) Info() (ProcessingPhase, error) {
 	if hs.brokenForQemuImg {
 		return ProcessingPhaseTransferScratch, nil
 	}
-	if !hs.readers.Archived && hs.customCA == "" && hs.readers.Convert {
+	if hs.customCA != "" {
+		klog.V(1).Infof("Custom CA requested, using scratch space")
+		return ProcessingPhaseTransferScratch, nil
+	}
+	if !hs.readers.Archived && hs.readers.Convert {
 		// We can pass straight to conversion from the endpoint
 		return ProcessingPhaseConvert, nil
 	}

tests/datavolume_test.go

@@ -223,6 +223,14 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
 			return dataVolume
 		}
 
+		createHTTPSDataVolumeWeirdCertFilename := func(dataVolumeName, size, url string) *cdiv1.DataVolume {
+			dataVolume := utils.NewDataVolumeWithHTTPImport(dataVolumeName, size, url)
+			cm, err := utils.CreateCertConfigMapWeirdFilename(f.K8sClient, f.Namespace.Name, f.CdiInstallNs)
+			Expect(err).To(BeNil())
+			dataVolume.Spec.Source.HTTP.CertConfigMap = cm
+			return dataVolume
+		}
+
 		createCloneDataVolume := func(dataVolumeName, size, command string) *cdiv1.DataVolume {
 			sourcePodFillerName := fmt.Sprintf("%s-filler-pod", dataVolumeName)
 			pvcDef := utils.NewPVCDefinition(pvcName, size, nil, nil)
@@ -482,6 +490,30 @@ var _ = Describe("[vendor:cnv-qe@redhat.com][level:component]DataVolume tests",
 					Message: "Import Complete",
 					Reason:  "Completed",
 				}}),
+			table.Entry("succeed creating import dv with custom https cert that has a weird filename", dataVolumeTestArguments{
+				name:             "dv-https-import-qcow2",
+				size:             "1Gi",
+				url:              httpsTinyCoreQcow2URL,
+				dvFunc:           createHTTPSDataVolumeWeirdCertFilename,
+				eventReason:      controller.ImportSucceeded,
+				phase:            cdiv1.Succeeded,
+				checkPermissions: true,
+				readyCondition: &cdiv1.DataVolumeCondition{
+					Type:   cdiv1.DataVolumeReady,
+					Status: v1.ConditionTrue,
+				},
+				boundCondition: &cdiv1.DataVolumeCondition{
+					Type:    cdiv1.DataVolumeBound,
+					Status:  v1.ConditionTrue,
+					Message: "PVC dv-https-import-qcow2 Bound",
+					Reason:  "Bound",
+				},
+				runningCondition: &cdiv1.DataVolumeCondition{
+					Type:    cdiv1.DataVolumeRunning,
+					Status:  v1.ConditionFalse,
+					Message: "Import Complete",
+					Reason:  "Completed",
+				}}),
 			table.Entry("[rfe_id:1111][crit:high][test_id:1361]succeed creating blank image dv", dataVolumeTestArguments{
 				name:             "blank-image-dv",
 				size:             "1Gi",

tests/utils/configmaps.go

@@ -78,3 +78,33 @@ func CopyConfigMap(client kubernetes.Interface, srcNamespace, srcName, destNames
 
 	return destName, nil
 }
+
+// CreateCertConfigMapWeirdFilename copies a configmap with a different key value
+func CreateCertConfigMapWeirdFilename(client kubernetes.Interface, destNamespace, srcNamespace string) (string, error) {
+	var certBytes string
+	srcName := FileHostCertConfigMap
+	srcCm, err := client.CoreV1().ConfigMaps(srcNamespace).Get(context.TODO(), srcName, metav1.GetOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	for _, value := range srcCm.Data {
+		certBytes = value
+		break
+	}
+	destName := srcName + "-" + strings.ToLower(util.RandAlphaNum(8))
+	dst := &v1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: destName,
+		},
+		Data: map[string]string{
+			"weird-filename-should-still-be-accepted.crt": certBytes,
+		},
+	}
+	_, err = client.CoreV1().ConfigMaps(destNamespace).Create(context.TODO(), dst, metav1.CreateOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	return destName, nil
+}