tests: e2e test for trusted-ca-bundle

opendatahub-io · Nov 5, 2024 · 52a655a · 52a655a
1 parent bde4b4e
commit 52a655a
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 19 deletions.
diff --git a/tests/e2e/creation_test.go b/tests/e2e/creation_test.go
@@ -9,9 +9,20 @@ import (
 	"testing"
 	"time"
 
+	"github.com/go-logr/logr"
+	dscv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/datasciencecluster/v1"
+	dsciv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/dscinitialization/v1"
+	infrav1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/infrastructure/v1"
+	"github.com/opendatahub-io/opendatahub-operator/v2/components"
+	"github.com/opendatahub-io/opendatahub-operator/v2/components/modelregistry"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/feature/serverless"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/trustedcabundle"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	"github.com/stretchr/testify/require"
 	autoscalingv1 "k8s.io/api/autoscaling/v1"
+	corev1 "k8s.io/api/core/v1"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -21,15 +32,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	dscv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/datasciencecluster/v1"
-	dsciv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/dscinitialization/v1"
-	infrav1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/infrastructure/v1"
-	"github.com/opendatahub-io/opendatahub-operator/v2/components"
-	"github.com/opendatahub-io/opendatahub-operator/v2/components/modelregistry"
-	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster"
-	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/feature/serverless"
-	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels"
 )
 
 func creationTestSuite(t *testing.T) {
@@ -99,6 +101,10 @@ func creationTestSuite(t *testing.T) {
 			err = testCtx.testDefaultModelRegistryCertAvailable()
 			require.NoError(t, err, "error getting default cert secret for ModelRegistry")
 		})
+		t.Run("Validate trusted CA bunle cert available", func(t *testing.T) {
+			err = testCtx.testTrustedCABundle()
+			require.NoError(t, err, "error getting default cert secret for ModelRegistry")
+		})
 		t.Run("Validate model registry servicemeshmember available", func(t *testing.T) {
 			err = testCtx.testMRServiceMeshMember()
 			require.NoError(t, err, "error getting servicemeshmember for Model Registry")
@@ -444,6 +450,44 @@ func (tc *testContext) testDefaultCertsAvailable() error {
 	return nil
 }
 
+func (tc *testContext) testTrustedCABundle() error {
+	managementStateChangeTrustedCA := false
+	CAConfigMapName := "odh-trusted-ca-bundle"
+	CADataFieldName := "odh-ca-bundle.crt"
+
+	err := trustedcabundle.ConfigureTrustedCABundle(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI, managementStateChangeTrustedCA)
+
+	if err != nil {
+		return fmt.Errorf("Error while configuring trusted-ca-bundle: %w", err)
+	}
+	istrustedCABundleUpdated, err := trustedcabundle.IsTrustedCABundleUpdated(tc.ctx, tc.customClient, tc.testDSCI)
+
+	if istrustedCABundleUpdated == true {
+		return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err)
+	}
+
+	err = trustedcabundle.AddCABundleCMInAllNamespaces(tc.ctx, tc.customClient, logr.Logger{}, tc.testDSCI)
+
+	if err != nil {
+		return fmt.Errorf("failed adding configmap %s to all namespaces: %w", CAConfigMapName, err)
+	}
+
+	if err := trustedcabundle.RemoveCABundleCMInAllNamespaces(tc.ctx, tc.customClient); err != nil {
+		return fmt.Errorf("error deleting configmap %s from all namespaces %w", CAConfigMapName, err)
+	}
+
+	foundConfigMap := &corev1.ConfigMap{}
+	tc.customClient.Get(tc.ctx, client.ObjectKey{
+		Name:      CAConfigMapName,
+		Namespace: tc.testDSCI.Spec.ApplicationsNamespace,
+	}, foundConfigMap)
+
+	if string(foundConfigMap.Data[CADataFieldName]) != string(tc.testDSCI.Spec.TrustedCABundle.CustomCABundle) {
+		return fmt.Errorf("odh-trusted-ca-bundle in config map does not match with DSCI's TrustedCABundle.CustomCABundle, needs update: %w", err)
+	}
+	return nil
+}
+
 func (tc *testContext) testDefaultModelRegistryCertAvailable() error {
 	// return if MR is not set to Managed
 	if tc.testDsc.Spec.Components.ModelRegistry.ManagementState != operatorv1.Managed {

diff --git a/tests/e2e/helper_test.go b/tests/e2e/helper_test.go
@@ -94,7 +94,7 @@ func setupDSCICR(name string) *dsciv1.DSCInitialization {
 			},
 			TrustedCABundle: &dsciv1.TrustedCABundleSpec{
 				ManagementState: "Managed",
-				CustomCABundle:  "",
+				CustomCABundle:  "-----Begin....",
 			},
 			ServiceMesh: &infrav1.ServiceMeshSpec{
 				ControlPlane: infrav1.ControlPlaneSpec{
@@ -129,45 +129,45 @@ func setupDSCInstance(name string) *dscv1.DataScienceCluster {
 				},
 				ModelMeshServing: modelmeshserving.ModelMeshServing{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				DataSciencePipelines: datasciencepipelines.DataSciencePipelines{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				Kserve: kserve.Kserve{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 					Serving: infrav1.ServingSpec{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				CodeFlare: codeflare.CodeFlare{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				Ray: ray.Ray{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				Kueue: kueue.Kueue{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				TrustyAI: trustyai.TrustyAI{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				ModelRegistry: modelregistry.ModelRegistry{
 					Component: components.Component{
-						ManagementState: operatorv1.Managed,
+						ManagementState: operatorv1.Removed,
 					},
 				},
 				TrainingOperator: trainingoperator.TrainingOperator{