openshift · openshift-merge-robot · Mar 10, 2020 · Mar 9, 2020
diff --git a/pkg/ovirt/actuator.go b/pkg/ovirt/actuator.go
@@ -41,6 +41,7 @@ const (
 	passwordKey          = "ovirt_password"
 	cafileKey            = "ovirt_cafile"
 	insecureKey          = "ovirt_insecure"
+	cabundleKey          = "ovirt_ca_bundle"
 )
 
 type OvirtActuator struct {
@@ -53,6 +54,7 @@ type OvirtCreds struct {
 	Username string `json:"ovirt_username"`
 	Passord  string `json:"ovirt_password"`
 	CAFile   string `json:"ovirt_cafile"`
+	CABundle string `json:"ovirt_ca_bundle"`
 	Insecure bool   `json:"ovirt_insecure"`
 }
 
@@ -227,6 +229,9 @@ func (a *OvirtActuator) loadExistingSecret(cr *minterv1.CredentialsRequest) (*co
 	if _, ok := loadedSecret.Data[cafileKey]; !ok {
 		logger.Warningf("secret did not have expected key: %s", cafileKey)
 	}
+	if _, ok := loadedSecret.Data[cabundleKey]; !ok {
+		logger.Warningf("secret did not have expected key: %s", cabundleKey)
+	}
 
 	return loadedSecret, nil
 }
@@ -278,6 +283,10 @@ func secretToCreds(secret *corev1.Secret) (OvirtCreds, error) {
 	if !ok {
 		return c, fmt.Errorf("missing field %s", insecureKey)
 	}
+	caBundle, ok := secret.Data[cabundleKey]
+	if !ok {
+		return c, fmt.Errorf("missing field %s", cabundleKey)
+	}
 
 	c.URL = string(url)
 	c.Username = string(username)
@@ -288,6 +297,7 @@ func secretToCreds(secret *corev1.Secret) (OvirtCreds, error) {
 		return c, fmt.Errorf("failed to parse filed: insecure to boolean from value: %v error: %s", insecure, err)
 	}
 	c.Insecure = parse
+	c.CABundle = string(caBundle)
 	return c, nil
 }
 
@@ -328,5 +338,6 @@ func secretDataFrom(ovirtCreds *OvirtCreds) map[string][]byte {
 		passwordKey: []byte(ovirtCreds.Passord),
 		cafileKey:   []byte(ovirtCreds.CAFile),
 		insecureKey: []byte(strconv.FormatBool(ovirtCreds.Insecure)),
+		cabundleKey: []byte(ovirtCreds.CABundle),
 	}
 }
diff --git a/pkg/ovirt/actuator_test.go b/pkg/ovirt/actuator_test.go
@@ -24,6 +24,30 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+var ca_bundle = `
+-----BEGIN CERTIFICATE-----
+MIIEDjCCAvagAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCVVMxIDAeBgNVBAoM
+F2xhYi5lbmcudGx2Mi5yZWRoYXQuY29tMS8wLQYDVQQDDCZ2bS0xMC01MS5sYWIuZW5nLnRsdjIu
+cmVkaGF0LmNvbS45OTM3ODAeFw0yMDAyMTAxMjEyNDdaFw0zMDAyMDgxMjEyNDdaMGAxCzAJBgNV
+BAYTAlVTMSAwHgYDVQQKDBdsYWIuZW5nLnRsdjIucmVkaGF0LmNvbTEvMC0GA1UEAwwmdm0tMTAt
+NTEubGFiLmVuZy50bHYyLnJlZGhhdC5jb20uOTkzNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDDMZydFaXS1KznEAN3R5d0IBOt+dy8HcmcMEDnZru+BqiJL0cghTFe/HaF7fR7WQjD
+Q5mVeSWshcYSd5bnSkjnzoZ+DYQfkRhqsgS/cl705AwJje1scRasYUFsXNgKIGMtY0UswsLoNqhb
+q5rm4LFpckXDENJhVxYfqVyplodBgAWBNJ7G/f23IRrPNZm7cUmQ6u2LQrWxrjvx0hLeGzWJ+nBs
+laGwjt/zeCHlRZW45rH0pTwK/tbMb4bN+eFyBdC/4EwTOQsPxE92SmbEDLh/Dbu5sy8KELMXsFoP
+h2HLjCR/5KNXLdZzQY1/2nT6lqV4teqUyR7FtFWuCDtMQLQ5AgMBAAGjgdEwgc4wHQYDVR0OBBYE
+FKmz7ldOrYBfDlDvR8FdZDlZfX9xMIGLBgNVHSMEgYMwgYCAFKmz7ldOrYBfDlDvR8FdZDlZfX9x
+oWSkYjBgMQswCQYDVQQGEwJVUzEgMB4GA1UECgwXbGFiLmVuZy50bHYyLnJlZGhhdC5jb20xLzAt
+BgNVBAMMJnZtLTEwLTUxLmxhYi5lbmcudGx2Mi5yZWRoYXQuY29tLjk5Mzc4ggIQADAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAJytEfblSIyZ7fu81
+ozFyynTHHJSck5vP8baAY+/uujMYEDmm5vFuwCTvoZAp3eXK5ixVyLF50Rb48BOJUlRRAojko7T1
+Zln4BhQULgGNzDUAtUwiM7l1mCs3b0rlXII5br90Mic6NXXZcTtly8EKBhCkub47170oFl6MviKv
+U5wUTtoeWHgaH1d4Hx9WIO4QQuHzQuQT2Kh4GjC2rckBOs/kS4THZfW4730ReH5OlTOjll8QrTmN
+jEh90ELGUGECJ1MrEI1F6bjowsceq0vMU0Rhup9QXbiAyUZ/wVPVjIBCGZEcPFPCIsT2C1lWgA2q
+clEaxBP6e5HHDuA3rv7kCw==
+-----END CERTIFICATE-----
+`
+
 func TestConvertRootCredentials(t *testing.T) {
 	tests := []struct {
 		givenSecret    corev1.Secret
@@ -35,11 +59,12 @@ func TestConvertRootCredentials(t *testing.T) {
 				TypeMeta:   v1.TypeMeta{},
 				ObjectMeta: v1.ObjectMeta{},
 				Data: map[string][]byte{
-					"ovirt_url":      []byte("https://enginefqdn/ovirt-engine/api"),
-					"ovirt_username": []byte("admin@internal"),
-					"ovirt_password": []byte("secret"),
-					"ovirt_cafile":   []byte("/etc/pki/ovirt-engine/ca.pem"),
-					"ovirt_insecure": []byte("true"),
+					"ovirt_url":       []byte("https://enginefqdn/ovirt-engine/api"),
+					"ovirt_username":  []byte("admin@internal"),
+					"ovirt_password":  []byte("secret"),
+					"ovirt_cafile":    []byte("/etc/pki/ovirt-engine/ca.pem"),
+					"ovirt_ca_bundle": []byte(ca_bundle),
+					"ovirt_insecure":  []byte("true"),
 				},
 				StringData: nil,
 				Type:       "Opaque",
@@ -49,6 +74,7 @@ func TestConvertRootCredentials(t *testing.T) {
 				Username: "admin@internal",
 				Passord:  "secret",
 				CAFile:   "/etc/pki/ovirt-engine/ca.pem",
+				CABundle: ca_bundle,
 				Insecure: true,
 			},
 			expectedToFail: false,