add unit tests

Author: dennis-ge

controllers/telemetry/logpipeline_controller_test.go

@@ -27,13 +27,14 @@ import (
 
 var (
 	testLogPipelineConfig = logpipelinereconciler.Config{
-		DaemonSet:         types.NamespacedName{Name: "test-telemetry-fluent-bit", Namespace: "default"},
-		ParsersConfigMap:  types.NamespacedName{Name: "test-telemetry-fluent-bit-parsers", Namespace: "default"},
-		LuaConfigMap:      types.NamespacedName{Name: "test-telemetry-fluent-bit-luascripts", Namespace: "default"},
-		SectionsConfigMap: types.NamespacedName{Name: "test-telemetry-fluent-bit-sections", Namespace: "default"},
-		FilesConfigMap:    types.NamespacedName{Name: "test-telemetry-fluent-bit-files", Namespace: "default"},
-		EnvSecret:         types.NamespacedName{Name: "test-telemetry-fluent-bit-env", Namespace: "default"},
-		OverrideConfigMap: types.NamespacedName{Name: "override-config", Namespace: "default"},
+		DaemonSet:             types.NamespacedName{Name: "test-telemetry-fluent-bit", Namespace: "default"},
+		ParsersConfigMap:      types.NamespacedName{Name: "test-telemetry-fluent-bit-parsers", Namespace: "default"},
+		LuaConfigMap:          types.NamespacedName{Name: "test-telemetry-fluent-bit-luascripts", Namespace: "default"},
+		SectionsConfigMap:     types.NamespacedName{Name: "test-telemetry-fluent-bit-sections", Namespace: "default"},
+		FilesConfigMap:        types.NamespacedName{Name: "test-telemetry-fluent-bit-files", Namespace: "default"},
+		EnvSecret:             types.NamespacedName{Name: "test-telemetry-fluent-bit-env", Namespace: "default"},
+		OutputTLSConfigSecret: types.NamespacedName{Name: "test-telemetry-fluent-bit-output-tls-config", Namespace: "default"},
+		OverrideConfigMap:     types.NamespacedName{Name: "override-config", Namespace: "default"},
 		DaemonSetConfig: logpipelineresources.DaemonSetConfig{
 			FluentBitImage:              "my-fluent-bit-image",
 			FluentBitConfigPrepperImage: "my-fluent-bit-config-image",

internal/fluentbit/config/builder/output.go

@@ -90,13 +90,13 @@ func generateHTTPOutput(httpOutput *telemetryv1alpha1.HTTPOutput, fsBufferLimit
 	sb.AddConfigParam("tls.verify", tlsVerify)
 
 	if httpOutput.TLSConfig.CA.IsDefined() {
-		sb.AddConfigParam("tls.ca_file", fmt.Sprintf("/fluent-bit/tls/%s-ca.crt", name))
+		sb.AddConfigParam("tls.ca_file", fmt.Sprintf("/fluent-bit/etc/output-tls-config/%s-ca.crt", name))
 	}
 	if httpOutput.TLSConfig.Cert.IsDefined() {
-		sb.AddConfigParam("tls.crt_file", fmt.Sprintf("/fluent-bit/tls/%s-cert.crt", name))
+		sb.AddConfigParam("tls.crt_file", fmt.Sprintf("/fluent-bit/etc/output-tls-config/%s-cert.crt", name))
 	}
 	if httpOutput.TLSConfig.Key.IsDefined() {
-		sb.AddConfigParam("tls.key_file", fmt.Sprintf("/fluent-bit/tls/%s-key.key", name))
+		sb.AddConfigParam("tls.key_file", fmt.Sprintf("/fluent-bit/etc/output-tls-config/%s-key.key", name))
 	}
 
 	return sb.Build()

internal/fluentbit/config/builder/output_test.go

@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	telemetryv1alpha1 "github.com/kyma-project/telemetry-manager/apis/telemetry/v1alpha1"
 )
@@ -121,6 +122,51 @@ func TestCreateOutputSectionWithHTTPOutputWithSecretReference(t *testing.T) {
 	require.Equal(t, expected, actual)
 }
 
+func TestCreateOutputSectionWithHTTPOutputWithTLS(t *testing.T) {
+	expected := `[OUTPUT]
+    name                     http
+    match                    foo.*
+    alias                    foo-http
+    allow_duplicated_headers true
+    format                   json
+    host                     localhost
+    port                     443
+    retry_limit              300
+    storage.total_limit_size 1G
+    tls                      on
+    tls.ca_file              /fluent-bit/etc/output-tls-config/foo-ca.crt
+    tls.crt_file             /fluent-bit/etc/output-tls-config/foo-cert.crt
+    tls.key_file             /fluent-bit/etc/output-tls-config/foo-key.key
+    tls.verify               on
+    uri                      /my-uri
+
+`
+	logPipeline := &telemetryv1alpha1.LogPipeline{
+		ObjectMeta: metav1.ObjectMeta{Name: "foo"},
+		Spec: telemetryv1alpha1.LogPipelineSpec{
+			Output: telemetryv1alpha1.Output{
+				HTTP: &telemetryv1alpha1.HTTPOutput{
+					Dedot: true,
+					URI:   "/my-uri",
+					Host:  telemetryv1alpha1.ValueType{Value: "localhost"},
+					TLSConfig: telemetryv1alpha1.TLSConfig{
+						Disabled:                  false,
+						SkipCertificateValidation: false,
+						CA:                        telemetryv1alpha1.ValueType{Value: "fake-ca-value"},
+						Cert:                      telemetryv1alpha1.ValueType{Value: "fake-cert-value"},
+						Key:                       telemetryv1alpha1.ValueType{Value: "fake-key-value"},
+					},
+				},
+			},
+		},
+	}
+	pipelineConfig := PipelineDefaults{FsBufferLimit: "1G"}
+
+	actual := createOutputSection(logPipeline, pipelineConfig)
+	require.NotEmpty(t, actual)
+	require.Equal(t, expected, actual)
+}
+
 func TestCreateOutputSectionWithLokiOutput(t *testing.T) {
 	expected := `[OUTPUT]
     name                     grafana-loki

internal/reconciler/logpipeline/reconciler.go

@@ -40,17 +40,17 @@ import (
 )
 
 type Config struct {
-	DaemonSet         types.NamespacedName
-	SectionsConfigMap types.NamespacedName
-	FilesConfigMap    types.NamespacedName
-	LuaConfigMap      types.NamespacedName
-	ParsersConfigMap  types.NamespacedName
-	EnvSecret         types.NamespacedName
-	TLSConfigSecret   types.NamespacedName
-	OverrideConfigMap types.NamespacedName
-	PipelineDefaults  configbuilder.PipelineDefaults
-	Overrides         overrides.Config
-	DaemonSetConfig   resources.DaemonSetConfig
+	DaemonSet             types.NamespacedName
+	SectionsConfigMap     types.NamespacedName
+	FilesConfigMap        types.NamespacedName
+	LuaConfigMap          types.NamespacedName
+	ParsersConfigMap      types.NamespacedName
+	EnvSecret             types.NamespacedName
+	OutputTLSConfigSecret types.NamespacedName
+	OverrideConfigMap     types.NamespacedName
+	PipelineDefaults      configbuilder.PipelineDefaults
+	Overrides             overrides.Config
+	DaemonSetConfig       resources.DaemonSetConfig
 }
 
 //go:generate mockery --name DaemonSetProber --filename daemon_set_prober.go

internal/reconciler/logpipeline/sync.go

@@ -156,7 +156,7 @@ func (s *syncer) syncReferencedSecrets(ctx context.Context, logPipelines *teleme
 }
 
 func (s *syncer) syncTLSConfigSecrets(ctx context.Context, logPipelines *telemetryv1alpha1.LogPipelineList) error {
-	oldSecret, err := utils.GetOrCreateSecret(ctx, s, s.config.TLSConfigSecret)
+	oldSecret, err := utils.GetOrCreateSecret(ctx, s, s.config.OutputTLSConfigSecret)
 	if err != nil {
 		return fmt.Errorf("unable to get tls config secret: %w", err)
 	}

internal/reconciler/logpipeline/sync_test.go

@@ -21,11 +21,12 @@ import (
 
 var (
 	testConfig = Config{
-		DaemonSet:         types.NamespacedName{Name: "test-telemetry-fluent-bit", Namespace: "default"},
-		SectionsConfigMap: types.NamespacedName{Name: "test-telemetry-fluent-bit-sections", Namespace: "default"},
-		FilesConfigMap:    types.NamespacedName{Name: "test-telemetry-fluent-bit-files", Namespace: "default"},
-		EnvSecret:         types.NamespacedName{Name: "test-telemetry-fluent-bit-env", Namespace: "default"},
-		OverrideConfigMap: types.NamespacedName{Name: "override-config", Namespace: "default"},
+		DaemonSet:             types.NamespacedName{Name: "test-telemetry-fluent-bit", Namespace: "default"},
+		SectionsConfigMap:     types.NamespacedName{Name: "test-telemetry-fluent-bit-sections", Namespace: "default"},
+		FilesConfigMap:        types.NamespacedName{Name: "test-telemetry-fluent-bit-files", Namespace: "default"},
+		EnvSecret:             types.NamespacedName{Name: "test-telemetry-fluent-bit-env", Namespace: "default"},
+		OutputTLSConfigSecret: types.NamespacedName{Name: "test-telemetry-fluent-bit-output-tls-config", Namespace: "default"},
+		OverrideConfigMap:     types.NamespacedName{Name: "override-config", Namespace: "default"},
 		DaemonSetConfig: resources.DaemonSetConfig{
 			FluentBitImage:              "my-fluent-bit-image",
 			FluentBitConfigPrepperImage: "my-fluent-bit-config-image",
@@ -396,3 +397,124 @@ func TestSyncReferencedSecrets(t *testing.T) {
 		require.NotContains(t, envSecret.Data, "HTTP_DEFAULT_CREDS_PASSWORD")
 	})
 }
+
+func TestSyncTLSConfigSecrets(t *testing.T) {
+	allPipelines := telemetryv1alpha1.LogPipelineList{
+		Items: []telemetryv1alpha1.LogPipeline{
+			{
+				ObjectMeta: metav1.ObjectMeta{Name: "pipeline-1"},
+				Spec: telemetryv1alpha1.LogPipelineSpec{
+					Output: telemetryv1alpha1.Output{
+						HTTP: &telemetryv1alpha1.HTTPOutput{
+							TLSConfig: telemetryv1alpha1.TLSConfig{
+								Disabled:                  false,
+								SkipCertificateValidation: false,
+								CA: telemetryv1alpha1.ValueType{
+									Value: "fake-ca-value",
+								},
+								Cert: telemetryv1alpha1.ValueType{
+									Value: "fake-cert-value",
+								},
+								Key: telemetryv1alpha1.ValueType{
+									ValueFrom: &telemetryv1alpha1.ValueFromSource{
+										SecretKeyRef: &telemetryv1alpha1.SecretKeyRef{
+											Name:      "my-key-secret",
+											Namespace: "default",
+											Key:       "my-key.key",
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	t.Run("should add output TLS config to secret during first sync", func(t *testing.T) {
+		keySecret := corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "my-key-secret",
+				Namespace: "default",
+			},
+			Data: map[string][]byte{"my-key.key": []byte("fake-key-value")},
+		}
+
+		fakeClient := fake.NewClientBuilder().WithObjects(&keySecret).Build()
+		sut := syncer{fakeClient, testConfig}
+		err := sut.syncReferencedSecrets(context.Background(), &allPipelines)
+		require.NoError(t, err)
+
+		var tlsConfigSecret corev1.Secret
+		err = fakeClient.Get(context.Background(), testConfig.OutputTLSConfigSecret, &tlsConfigSecret)
+		require.NoError(t, err)
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-ca.crt")
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-cert.crt")
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-key.crt")
+		require.Equal(t, []byte("fake-ca-value"), tlsConfigSecret.Data["pipeline-1-ca.crt"])
+		require.Equal(t, []byte("fake-cert-value"), tlsConfigSecret.Data["pipeline-1-cert.crt"])
+		require.Equal(t, []byte("fake-key-value"), tlsConfigSecret.Data["pipeline-1-key.crt"])
+		require.Len(t, tlsConfigSecret.OwnerReferences, 1)
+		require.Equal(t, allPipelines.Items[0].Name, tlsConfigSecret.OwnerReferences[0].Name)
+	})
+
+	t.Run("should update output TLS config in secret during subsequent sync", func(t *testing.T) {
+		keySecret := corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "my-key-secret",
+				Namespace: "default",
+			},
+			Data: map[string][]byte{"my-key.key": []byte("fake-key-value")},
+		}
+		fakeClient := fake.NewClientBuilder().WithObjects(&keySecret).Build()
+
+		sut := syncer{fakeClient, testConfig}
+		err := sut.syncReferencedSecrets(context.Background(), &allPipelines)
+		require.NoError(t, err)
+
+		keySecret.Data["my-key.key"] = []byte("new-fake-key-value")
+		err = fakeClient.Update(context.Background(), &keySecret)
+		require.NoError(t, err)
+
+		err = sut.syncReferencedSecrets(context.Background(), &allPipelines)
+		require.NoError(t, err)
+
+		var tlsConfigSecret corev1.Secret
+		err = fakeClient.Get(context.Background(), testConfig.OutputTLSConfigSecret, &tlsConfigSecret)
+		require.NoError(t, err)
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-ca.crt")
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-cert.crt")
+		require.Contains(t, tlsConfigSecret.Data, "pipeline-1-key.crt")
+		require.Equal(t, []byte("fake-ca-value"), tlsConfigSecret.Data["pipeline-1-ca.crt"])
+		require.Equal(t, []byte("fake-cert-value"), tlsConfigSecret.Data["pipeline-1-cert.crt"])
+		require.Equal(t, []byte("new-fake-key-value"), tlsConfigSecret.Data["pipeline-1-key.crt"])
+	})
+
+	t.Run("should delete value in env secret if marked for deletion", func(t *testing.T) {
+		keySecret := corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "my-key-secret",
+				Namespace: "default",
+			},
+			Data: map[string][]byte{"my-key.key": []byte("fake-key-value")},
+		}
+		fakeClient := fake.NewClientBuilder().WithObjects(&keySecret).Build()
+
+		sut := syncer{fakeClient, testConfig}
+		err := sut.syncReferencedSecrets(context.Background(), &allPipelines)
+		require.NoError(t, err)
+
+		now := metav1.Now()
+		allPipelines.Items[0].SetDeletionTimestamp(&now)
+		err = sut.syncReferencedSecrets(context.Background(), &allPipelines)
+		require.NoError(t, err)
+
+		var tlsConfigSecret corev1.Secret
+		err = fakeClient.Get(context.Background(), testConfig.OutputTLSConfigSecret, &tlsConfigSecret)
+		require.NoError(t, err)
+		require.NotContains(t, tlsConfigSecret.Data, "pipeline-1-ca.crt")
+		require.NotContains(t, tlsConfigSecret.Data, "pipeline-1-cert.crt")
+		require.NotContains(t, tlsConfigSecret.Data, "pipeline-1-key.crt")
+	})
+}

internal/resources/fluentbit/resources.go

@@ -133,7 +133,7 @@ func MakeDaemonSet(name types.NamespacedName, checksum string, dsConfig DaemonSe
 								{MountPath: "/var/log", Name: "varlog", ReadOnly: true},
 								{MountPath: "/data", Name: "varfluentbit"},
 								{MountPath: "/files", Name: "dynamic-files"},
-								{MountPath: "/fluent-bit/tls/", Name: "output-tls-config"},
+								{MountPath: "/fluent-bit/etc/output-tls-config/", Name: "output-tls-config", ReadOnly: true},
 							},
 						},
 						{

main.go

@@ -444,15 +444,15 @@ func validateFlags() error {
 
 func createLogPipelineReconciler(client client.Client) *telemetrycontrollers.LogPipelineReconciler {
 	config := logpipeline.Config{
-		SectionsConfigMap: types.NamespacedName{Name: "telemetry-fluent-bit-sections", Namespace: telemetryNamespace},
-		FilesConfigMap:    types.NamespacedName{Name: "telemetry-fluent-bit-files", Namespace: telemetryNamespace},
-		LuaConfigMap:      types.NamespacedName{Name: "telemetry-fluent-bit-luascripts", Namespace: telemetryNamespace},
-		ParsersConfigMap:  types.NamespacedName{Name: "telemetry-fluent-bit-parsers", Namespace: telemetryNamespace},
-		EnvSecret:         types.NamespacedName{Name: "telemetry-fluent-bit-env", Namespace: telemetryNamespace},
-		TLSConfigSecret:   types.NamespacedName{Name: "telemetry-fluent-bit-output-tls-config", Namespace: telemetryNamespace},
-		DaemonSet:         types.NamespacedName{Name: fluentBitDaemonSet, Namespace: telemetryNamespace},
-		OverrideConfigMap: types.NamespacedName{Name: overridesConfigMapName, Namespace: telemetryNamespace},
-		PipelineDefaults:  createPipelineDefaults(),
+		SectionsConfigMap:     types.NamespacedName{Name: "telemetry-fluent-bit-sections", Namespace: telemetryNamespace},
+		FilesConfigMap:        types.NamespacedName{Name: "telemetry-fluent-bit-files", Namespace: telemetryNamespace},
+		LuaConfigMap:          types.NamespacedName{Name: "telemetry-fluent-bit-luascripts", Namespace: telemetryNamespace},
+		ParsersConfigMap:      types.NamespacedName{Name: "telemetry-fluent-bit-parsers", Namespace: telemetryNamespace},
+		EnvSecret:             types.NamespacedName{Name: "telemetry-fluent-bit-env", Namespace: telemetryNamespace},
+		OutputTLSConfigSecret: types.NamespacedName{Name: "telemetry-fluent-bit-output-tls-config", Namespace: telemetryNamespace},
+		DaemonSet:             types.NamespacedName{Name: fluentBitDaemonSet, Namespace: telemetryNamespace},
+		OverrideConfigMap:     types.NamespacedName{Name: overridesConfigMapName, Namespace: telemetryNamespace},
+		PipelineDefaults:      createPipelineDefaults(),
 		DaemonSetConfig: fluentbit.DaemonSetConfig{
 			FluentBitImage:              fluentBitImageVersion,
 			FluentBitConfigPrepperImage: fluentBitConfigPrepperImageVersion,

test/e2e/logs_fluentbit_metrics_test.go

@@ -14,7 +14,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	kitk8s "github.com/kyma-project/telemetry-manager/test/testkit/k8s"
-	kymakit "github.com/kyma-project/telemetry-manager/test/testkit/kyma"
 	kitlog "github.com/kyma-project/telemetry-manager/test/testkit/kyma/telemetry/log"
 	. "github.com/kyma-project/telemetry-manager/test/testkit/matchers"
 	"github.com/kyma-project/telemetry-manager/test/testkit/mocks/backend"
@@ -55,7 +54,7 @@ var _ = Describe("Logs Fluent Bit Metrics", Label("logging"), func() {
 		It("Should have a healthy webhook", func() {
 			Eventually(func(g Gomega) {
 				var endPoint corev1.Endpoints
-				key := types.NamespacedName{Name: telemetryWebhookEndpoint, Namespace: kymakit.SystemNamespaceName}
+				key := types.NamespacedName{Name: telemetryWebhookEndpoint, Namespace: kymaSystemNamespaceName}
 				g.Expect(k8sClient.Get(ctx, key, &endPoint)).To(Succeed())
 				g.Expect(endPoint.Subsets).NotTo(BeEmpty())
 			}, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed())
@@ -64,12 +63,12 @@ var _ = Describe("Logs Fluent Bit Metrics", Label("logging"), func() {
 		It("Should have a running fluent-bit daemonset", func() {
 			Eventually(func(g Gomega) bool {
 				var daemonSet appsv1.DaemonSet
-				key := types.NamespacedName{Name: telemetryFluentbitName, Namespace: kymakit.SystemNamespaceName}
+				key := types.NamespacedName{Name: telemetryFluentbitName, Namespace: kymaSystemNamespaceName}
 				g.Expect(k8sClient.Get(ctx, key, &daemonSet)).To(Succeed())
 
 				listOptions := client.ListOptions{
 					LabelSelector: labels.SelectorFromSet(daemonSet.Spec.Selector.MatchLabels),
-					Namespace:     kymakit.SystemNamespaceName,
+					Namespace:     kymaSystemNamespaceName,
 				}
 				var pods corev1.PodList
 				g.Expect(k8sClient.List(ctx, &pods, &listOptions)).To(Succeed())
@@ -86,7 +85,7 @@ var _ = Describe("Logs Fluent Bit Metrics", Label("logging"), func() {
 		It("Should be able to get fluent-bit metrics endpoint", Label(operationalTest), func() {
 			Eventually(func(g Gomega) {
 				resp, err := proxyClient.Get(proxyClient.ProxyURLForService(
-					kymakit.SystemNamespaceName, telemetryFluentbitMetricServiceName, "/metrics", 2020))
+					kymaSystemNamespaceName, telemetryFluentbitMetricServiceName, "/metrics", 2020))
 				g.Expect(err).NotTo(HaveOccurred())
 				g.Expect(resp).To(HaveHTTPStatus(http.StatusOK))
 				g.Expect(resp).To(HaveHTTPBody(SatisfyAll(

test/testkit/mocks/backend/fluentd/config_map.go

@@ -46,7 +46,6 @@ const configTemplateFluentd = `<source>
     port 8006
     weight 60
   </server>
-  
 </match>`
 
 const configTemplateFluentdTLS = `<source>
@@ -78,7 +77,6 @@ const configTemplateFluentdTLS = `<source>
     port 8006
     weight 60
   </server>
-  
 </match>`
 
 func (cm *ConfigMap) Name() string {