|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +set -o errexit |
| 4 | + |
| 5 | +test_dir="$(realpath "$(dirname "$0")")" |
| 6 | +. "${test_dir}/../functions" |
| 7 | +set_debug |
| 8 | + |
| 9 | +cluster="some-name" |
| 10 | + |
| 11 | +test_user_provided_only() { |
| 12 | + desc '=== Test: certManagementPolicy: userProvidedOnly ===' |
| 13 | + |
| 14 | + desc 'create secrets (users + TLS)' |
| 15 | + kubectl_bin apply -f "$conf_dir/secrets_with_tls.yml" |
| 16 | + |
| 17 | + desc "create PSMDB cluster $cluster with certManagementPolicy: userProvidedOnly" |
| 18 | + apply_cluster "$test_dir/conf/$cluster.yml" |
| 19 | + |
| 20 | + desc 'check if all Pods started' |
| 21 | + wait_for_running $cluster-rs0 3 |
| 22 | + |
| 23 | + desc 'save SSL secrets for later restore' |
| 24 | + kubectl_bin get secret ${cluster}-ssl -o yaml >"$tmp_dir/ssl_backup.yaml" |
| 25 | + kubectl_bin get secret ${cluster}-ssl-internal -o yaml >"$tmp_dir/ssl_internal_backup.yaml" |
| 26 | + |
| 27 | + desc 'delete SSL secrets to simulate secret loss' |
| 28 | + kubectl_bin delete secret ${cluster}-ssl ${cluster}-ssl-internal |
| 29 | + |
| 30 | + desc 'wait for a few reconcile loops' |
| 31 | + sleep 30 |
| 32 | + |
| 33 | + desc 'verify operator did NOT recreate SSL secrets' |
| 34 | + if kubectl_bin get secret ${cluster}-ssl 2>/dev/null; then |
| 35 | + echo "FAIL: operator recreated SSL secret when certManagementPolicy is userProvidedOnly" |
| 36 | + exit 1 |
| 37 | + fi |
| 38 | + if kubectl_bin get secret ${cluster}-ssl-internal 2>/dev/null; then |
| 39 | + echo "FAIL: operator recreated SSL internal secret when certManagementPolicy is userProvidedOnly" |
| 40 | + exit 1 |
| 41 | + fi |
| 42 | + echo "PASS: operator did not recreate SSL secrets" |
| 43 | + |
| 44 | + desc 'verify pods are still running (no restart)' |
| 45 | + wait_for_running $cluster-rs0 3 |
| 46 | + |
| 47 | + desc 'restore SSL secrets' |
| 48 | + kubectl_bin apply -f "$tmp_dir/ssl_backup.yaml" |
| 49 | + kubectl_bin apply -f "$tmp_dir/ssl_internal_backup.yaml" |
| 50 | + |
| 51 | + desc 'verify cluster is still healthy after secret restore' |
| 52 | + sleep 10 |
| 53 | + wait_for_running $cluster-rs0 3 |
| 54 | + |
| 55 | + desc 'cleanup cluster' |
| 56 | + kubectl_bin delete psmdb $cluster |
| 57 | + wait_for_delete psmdb/$cluster 180 |
| 58 | +} |
| 59 | + |
| 60 | +test_auto() { |
| 61 | + desc '=== Test: certManagementPolicy: auto ===' |
| 62 | + |
| 63 | + desc 'create only user secrets (no TLS secrets)' |
| 64 | + kubectl_bin apply -f "$conf_dir/secrets.yml" |
| 65 | + |
| 66 | + desc "create PSMDB cluster $cluster with certManagementPolicy: auto" |
| 67 | + apply_cluster "$test_dir/conf/$cluster-auto.yml" |
| 68 | + |
| 69 | + desc 'wait for operator to auto-create SSL secrets' |
| 70 | + sleep 30 |
| 71 | + |
| 72 | + desc 'verify operator created SSL secrets automatically' |
| 73 | + if ! kubectl_bin get secret ${cluster}-ssl 2>/dev/null; then |
| 74 | + echo "FAIL: operator did not create SSL secret when certManagementPolicy is auto" |
| 75 | + exit 1 |
| 76 | + fi |
| 77 | + if ! kubectl_bin get secret ${cluster}-ssl-internal 2>/dev/null; then |
| 78 | + echo "FAIL: operator did not create SSL internal secret when certManagementPolicy is auto" |
| 79 | + exit 1 |
| 80 | + fi |
| 81 | + echo "PASS: operator created SSL secrets automatically" |
| 82 | + |
| 83 | + desc 'check if all Pods started' |
| 84 | + wait_for_running $cluster-rs0 3 |
| 85 | +} |
| 86 | + |
| 87 | +main() { |
| 88 | + create_infra "$namespace" |
| 89 | + destroy_cert_manager || true |
| 90 | + |
| 91 | + test_user_provided_only |
| 92 | + test_auto |
| 93 | + |
| 94 | + destroy "$namespace" |
| 95 | + |
| 96 | + desc 'test passed' |
| 97 | +} |
| 98 | + |
| 99 | +main |
0 commit comments