Merge pull request #77 from ipfs-cluster/fix/secret-creator

Cory Schwartz · web-flow · commit 1d7d2f636750 · 2022-09-28T16:39:53.000-07:00
Fix/secret creator
diff --git a/controllers/ipfscluster_controller.go b/controllers/ipfscluster_controller.go
@@ -145,7 +145,7 @@ func (r *IpfsClusterReconciler) createTrackedObjects(
 	mutsvc, svcName := r.serviceCluster(instance, &svc)
 
 	mutCmScripts, cmScriptName := r.ConfigMapScripts(ctx, instance, &cmScripts)
-	mutSecConfig, secConfigName := r.secretConfig(ctx, instance, &secConfig, []byte(clusterSecret), []byte(privateString))
+	mutSecConfig, secConfigName := r.SecretConfig(ctx, instance, &secConfig, []byte(clusterSecret), []byte(privateString))
 	mutCmConfig, cmConfigName := r.configMapConfig(instance, &cmConfig, peerID.String())
 	mutSts := r.statefulSet(instance, &sts, svcName, secConfigName, cmConfigName, cmScriptName)
 
diff --git a/controllers/ipfscluster_controller_test.go b/controllers/ipfscluster_controller_test.go
@@ -0,0 +1,110 @@
+package controllers_test
+
+import (
+	"context"
+	"encoding/base64"
+	"math/rand"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/redhat-et/ipfs-operator/api/v1alpha1"
+	"github.com/redhat-et/ipfs-operator/controllers"
+)
+
+var _ = Describe("IPFS Reconciler", func() {
+	var ipfsReconciler *controllers.IpfsClusterReconciler
+	var ipfs *v1alpha1.IpfsCluster
+	var configMapScripts *v1.ConfigMap
+	var ctx context.Context
+	const myName = "my-fav-ipfs-node"
+
+	BeforeEach(func() {
+		ctx = context.TODO()
+		ipfsReconciler = &controllers.IpfsClusterReconciler{
+			Scheme: k8sClient.Scheme(),
+			Client: k8sClient,
+		}
+		configMapScripts = &v1.ConfigMap{}
+		ipfs = &v1alpha1.IpfsCluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      myName,
+				Namespace: "test",
+			},
+		}
+	})
+
+	When("ConfigMapScripts are edited", func() {
+		It("populates the ConfigMap", func() {
+			// configMap is empty
+			Expect(len(configMapScripts.Data)).To(Equal(0))
+			fn, _ := ipfsReconciler.ConfigMapScripts(ctx, ipfs, configMapScripts)
+			// should not have errored
+			Expect(fn()).NotTo(HaveOccurred())
+			// the configmap should be populated with the following scripts
+			Expect(len(configMapScripts.Data)).To(Equal(2))
+
+			expectedKeys := []string{
+				controllers.ScriptConfigureIPFS,
+				controllers.ScriptIPFSClusterEntryPoint,
+			}
+			for _, key := range expectedKeys {
+				data, ok := configMapScripts.Data[key]
+				Expect(ok).To(BeTrue())
+				Expect(data).NotTo(BeEmpty())
+			}
+		})
+
+		It("contains the IPFS resource name", func() {
+			fn, name := ipfsReconciler.ConfigMapScripts(ctx, ipfs, configMapScripts)
+			Expect(fn).NotTo(BeNil())
+			Expect(fn()).NotTo(HaveOccurred())
+			Expect(name).To(ContainSubstring(myName))
+			Expect(name).To(Equal("ipfs-cluster-scripts-" + myName))
+		})
+	})
+
+	When("replicas are edited", func() {
+		// we always expect there to be cluster secrets, which have two values
+		const alwaysKeys = 2
+		var (
+			clusterSec   = []byte("cluster secret")
+			bootstrapKey = []byte("bootstrap private key")
+			replicas     int32
+		)
+		BeforeEach(func() {
+			replicas = rand.Int31n(100)
+			ipfs.Spec.Replicas = replicas
+		})
+		It("creates a new peer ids", func() {
+			secretConfig := &v1.Secret{}
+			fn, _ := ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig, clusterSec, bootstrapKey)
+			Expect(fn()).To(BeNil())
+			secretStringToData(secretConfig)
+			expectedKeys := int(replicas)*2 + alwaysKeys
+			Expect(len(secretConfig.Data)).To(Equal(expectedKeys))
+
+			// increase the replica count. Expect to see new keys generated.
+			ipfs.Spec.Replicas++
+			fn, _ = ipfsReconciler.SecretConfig(ctx, ipfs, secretConfig, clusterSec, bootstrapKey)
+			Expect(fn()).To(BeNil())
+			secretStringToData(secretConfig)
+			Expect(len(secretConfig.Data)).To(Equal(expectedKeys + 2))
+
+		})
+	})
+})
+
+// The k8s client will encode and copy data from the StringData to Data
+// This function mimics the behavior for tests.
+func secretStringToData(secret *v1.Secret) {
+	for k, v := range secret.StringData {
+		bv := []byte(v)
+		enc := make([]byte, base64.StdEncoding.EncodedLen(len(bv)))
+		base64.StdEncoding.Encode(enc, bv)
+		secret.Data[k] = enc
+	}
+	secret.StringData = make(map[string]string)
+}
diff --git a/controllers/scripts_test.go b/controllers/scripts_test.go
diff --git a/controllers/secret.go b/controllers/secret.go
@@ -28,7 +28,7 @@ func errorFunc(err error) controllerutil.MutateFn {
 	}
 }
 
-func (r *IpfsClusterReconciler) secretConfig(
+func (r *IpfsClusterReconciler) SecretConfig(
 	ctx context.Context,
 	m *clusterv1alpha1.IpfsCluster,
 	sec *corev1.Secret,
@@ -45,32 +45,33 @@ func (r *IpfsClusterReconciler) secretConfig(
 	}
 	// find secret
 	err := r.Get(ctx, client.ObjectKeyFromObject(expectedSecret), expectedSecret)
-	if err != nil && !errors.IsNotFound(err) {
-		return errorFunc(err), ""
-	}
-	// initialize the secret, if needed
-	if err != nil && errors.IsNotFound(err) {
+	if err != nil {
+		// test for unhandled errors
+		if !errors.IsNotFound(err) {
+			return errorFunc(err), ""
+		}
+		// secret is not found.
+		// initialize new secret
 		expectedSecret.Data = make(map[string][]byte, 0)
-		expectedSecret.StringData = make(map[string]string, 0)
-		// secret doesn't exist
 		err = generateNewIdentities(expectedSecret, 0, m.Spec.Replicas)
 		if err != nil {
 			return errorFunc(err), ""
 		}
 		expectedSecret.Data["CLUSTER_SECRET"] = clusterSecret
 		expectedSecret.Data["BOOTSTRAP_PEER_PRIV_KEY"] = bootstrapPrivateKey
-	}
-
-	// secret does exist
-	numIdentities := countIdentities(expectedSecret)
-	if numIdentities != m.Spec.Replicas {
-		// create more identities if needed, otherwise they will be reused
-		// when scaling down and then up again
-		if numIdentities < m.Spec.Replicas {
-			// create more
-			err = generateNewIdentities(expectedSecret, numIdentities, m.Spec.Replicas)
-			if err != nil {
-				return errorFunc(err), ""
+	} else {
+		// secret exists.
+		// test if we need to add more identieis
+		numIdentities := countIdentities(expectedSecret)
+		if numIdentities != m.Spec.Replicas {
+			// create more identities if needed, otherwise they will be reused
+			// when scaling down and then up again
+			if numIdentities < m.Spec.Replicas {
+				// create more
+				err = generateNewIdentities(expectedSecret, numIdentities, m.Spec.Replicas)
+				if err != nil {
+					return errorFunc(err), ""
+				}
 			}
 		}
 	}
@@ -82,6 +83,7 @@ func (r *IpfsClusterReconciler) secretConfig(
 	}
 	return func() error {
 		sec.Data = expectedSecret.Data
+		sec.StringData = expectedSecret.StringData
 		return nil
 	}, secName
 }
@@ -100,6 +102,9 @@ func countIdentities(secret *corev1.Secret) int32 {
 // generateNewIdentities Populates the secret data with new Peer IDs
 // and private keys which are mapped based on the replica number.
 func generateNewIdentities(secret *corev1.Secret, start, n int32) error {
+	if secret.StringData == nil {
+		secret.StringData = make(map[string]string, 0)
+	}
 	for i := start; i < n; i++ {
 		// generate new private key & peer id
 		peerID, privKey, err := generateIdentity()
