From 2a11071e8bb08d13624d6b5816d6d3a7c0fbd6f8 Mon Sep 17 00:00:00 2001 From: Sangeet Gupta Date: Fri, 28 May 2021 19:09:13 +0000 Subject: [PATCH] rabbitmq: Make helm test work with TLS Update helm test pod and script to use TLS certificates. Change-Id: Ic599014227ad63303bdc2758862f02dcefec66c7 --- rabbitmq/Chart.yaml | 2 +- rabbitmq/templates/bin/_rabbitmq-test.sh.tpl | 27 +++++++++++++++----- rabbitmq/templates/pod-test.yaml | 6 +++++ releasenotes/notes/rabbitmq.yaml | 1 + 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml index 9033893a2..3538e9561 100644 --- a/rabbitmq/Chart.yaml +++ b/rabbitmq/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v3.7.26 description: OpenStack-Helm RabbitMQ name: rabbitmq -version: 0.1.7 +version: 0.1.8 home: https://github.com/rabbitmq/rabbitmq-server ... diff --git a/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl index 98ac2079f..c719b3a45 100644 --- a/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl +++ b/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl @@ -32,12 +32,27 @@ set -x function rabbitmqadmin_authed () { set +x - rabbitmqadmin \ - --host="${RABBIT_HOSTNAME}" \ - --port="${RABBIT_PORT}" \ - --username="${RABBITMQ_ADMIN_USERNAME}" \ - --password="${RABBITMQ_ADMIN_PASSWORD}" \ - $@ + if [ -n "$RABBITMQ_X509" ] + then + rabbitmqadmin \ + --ssl \ + --ssl-disable-hostname-verification \ + --ssl-ca-cert-file="/etc/rabbitmq/certs/ca.crt" \ + --ssl-cert-file="/etc/rabbitmq/certs/tls.crt" \ + --ssl-key-file="/etc/rabbitmq/certs/tls.key" \ + --host="${RABBIT_HOSTNAME}" \ + --port="${RABBIT_PORT}" \ + --username="${RABBITMQ_ADMIN_USERNAME}" \ + --password="${RABBITMQ_ADMIN_PASSWORD}" \ + ${@} + else + rabbitmqadmin \ + --host="${RABBIT_HOSTNAME}" \ + --port="${RABBIT_PORT}" \ + --username="${RABBITMQ_ADMIN_USERNAME}" \ + --password="${RABBITMQ_ADMIN_PASSWORD}" \ + $@ + fi set -x } diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index bcddfd3ea..516ce5041 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -51,6 +51,10 @@ spec: value: {{ tuple "oslo_messaging" "internal" "user" "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | quote }} - name: RABBIT_REPLICA_COUNT value: {{ $envAll.Values.pod.replicas.server | quote }} +{{- if $envAll.Values.manifests.certificates }} + - name: RABBITMQ_X509 + value: "REQUIRE X509" +{{- end }} command: - /tmp/rabbitmq-test.sh volumeMounts: @@ -60,6 +64,7 @@ spec: mountPath: /tmp/rabbitmq-test.sh subPath: rabbitmq-test.sh readOnly: true +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.oslo_messaging.server.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} volumes: - name: pod-tmp emptyDir: {} @@ -67,4 +72,5 @@ spec: configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} defaultMode: 0555 +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.oslo_messaging.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }} {{- end }} diff --git a/releasenotes/notes/rabbitmq.yaml b/releasenotes/notes/rabbitmq.yaml index 483c2a301..f108e07fb 100644 --- a/releasenotes/notes/rabbitmq.yaml +++ b/releasenotes/notes/rabbitmq.yaml @@ -7,4 +7,5 @@ rabbitmq: - 0.1.5 Update Rabbitmq exporter version - 0.1.6 Disallow privilege escalation in rabbitmq server container - 0.1.7 Adding TLS logic to rabbitmq + - 0.1.8 Make helm test work with TLS ...