Skip to content

Commit 51538fc

Browse files
jukiejukie
committed
fix
Signed-off-by: Jukie <[email protected]>
1 parent c297aea commit 51538fc

File tree

2 files changed

+16
-8
lines changed

2 files changed

+16
-8
lines changed

internal/cmd/certgen.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -136,9 +136,10 @@ func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *c
136136
}
137137

138138
var updated bool
139+
desiredBundle := current.Data["ca.crt"]
139140
for i, webhook := range webhookCfg.Webhooks {
140-
if !bytes.Equal(current.Data["ca.crt"], webhook.ClientConfig.CABundle) {
141-
webhookCfg.Webhooks[i].ClientConfig.CABundle = current.Data["ca.crt"]
141+
if !bytes.Equal(desiredBundle, webhook.ClientConfig.CABundle) {
142+
webhookCfg.Webhooks[i].ClientConfig.CABundle = desiredBundle
142143
updated = true
143144
}
144145
}

internal/cmd/certgen_test.go

+13-6
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515
"github.com/stretchr/testify/assert"
1616
"github.com/stretchr/testify/require"
1717
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
18+
corev1 "k8s.io/api/core/v1"
1819
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1920
"sigs.k8s.io/controller-runtime/pkg/client"
2021
"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -57,7 +58,7 @@ func TestPatchTopologyWebhook(t *testing.T) {
5758
cases := []struct {
5859
caseName string
5960
webhook *admissionregistrationv1.MutatingWebhookConfiguration
60-
caBundle []byte
61+
secret *corev1.Secret
6162
wantErr error
6263
wantPatch bool
6364
}{
@@ -69,7 +70,10 @@ func TestPatchTopologyWebhook(t *testing.T) {
6970
},
7071
Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{}}},
7172
},
72-
caBundle: []byte("foo"),
73+
secret: &corev1.Secret{
74+
ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace},
75+
Data: map[string][]byte{"ca.crt": []byte("foo")},
76+
},
7377
wantErr: nil,
7478
wantPatch: true,
7579
},
@@ -81,25 +85,28 @@ func TestPatchTopologyWebhook(t *testing.T) {
8185
},
8286
Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{CABundle: []byte("foo")}}},
8387
},
84-
caBundle: []byte("foo"),
88+
secret: &corev1.Secret{
89+
ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace},
90+
Data: map[string][]byte{"ca.crt": []byte("foo")},
91+
},
8592
wantPatch: false,
8693
},
8794
}
8895
for _, tc := range cases {
8996
t.Run(tc.caseName, func(t *testing.T) {
9097
fakeClient := fake.NewClientBuilder().
91-
WithRuntimeObjects(tc.webhook).
98+
WithRuntimeObjects(tc.webhook, tc.secret).
9299
Build()
93100
beforeWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{}
94101
require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, beforeWebhook))
95-
err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg)
96102

103+
err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg)
97104
require.NoError(t, err)
98105

99106
afterWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{}
100107
require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, afterWebhook))
101108

102-
require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.caBundle)
109+
require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.secret.Data["ca.crt"])
103110
assert.Equal(t, tc.wantPatch, beforeWebhook.GetResourceVersion() != afterWebhook.GetResourceVersion())
104111
})
105112
}

0 commit comments

Comments
 (0)