diff --git a/CHANGELOG.md b/CHANGELOG.md index 934b01bd..3c3e37c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ All notable changes to this project will be documented in this file. - Use `--file-log-rotation-period` (or `FILE_LOG_ROTATION_PERIOD`) to configure the frequency of rotation. - Use `--console-log-format` (or `CONSOLE_LOG_FORMAT`) to set the format to `plain` (default) or `json`. - Added TrustStore CRD for requesting CA certificate information ([#557]). + - Support exporting the CA certificate information to Secrets or ConfigMaps ([#597]). ### Changed @@ -46,6 +47,7 @@ All notable changes to this project will be documented in this file. [#587]: https://github.com/stackabletech/secret-operator/pull/587 [#591]: https://github.com/stackabletech/secret-operator/pull/591 [#594]: https://github.com/stackabletech/secret-operator/pull/594 +[#597]: https://github.com/stackabletech/secret-operator/pull/597 ## [25.3.0] - 2025-03-21 diff --git a/deploy/helm/secret-operator/crds/crds.yaml b/deploy/helm/secret-operator/crds/crds.yaml index f04a9b8f..75f36b15 100644 --- a/deploy/helm/secret-operator/crds/crds.yaml +++ b/deploy/helm/secret-operator/crds/crds.yaml @@ -392,6 +392,18 @@ spec: - kerberos nullable: true type: string + outputResource: + default: ConfigMap + description: |- + Which Kubernetes resource should be used to output the requested information to. + + The trust information (such as a `ca.crt`) can be considered public information, so we put it in a `ConfigMap` by default. However, some tools (such as OpenShift routes) require it to be placed in a `Secret`, so we also support that. + + Can be either `ConfigMap` or `Secret`, defaults to `ConfigMap`. + enum: + - Secret + - ConfigMap + type: string secretClassName: description: The name of the SecretClass that the request concerns. type: string diff --git a/rust/operator-binary/src/crd.rs b/rust/operator-binary/src/crd.rs index c613040c..916f3f65 100644 --- a/rust/operator-binary/src/crd.rs +++ b/rust/operator-binary/src/crd.rs @@ -518,10 +518,28 @@ pub struct TrustStoreSpec { /// The name of the SecretClass that the request concerns. pub secret_class_name: String, + /// Which Kubernetes resource should be used to output the requested information to. + /// + /// The trust information (such as a `ca.crt`) can be considered public information, so we put + /// it in a `ConfigMap` by default. However, some tools (such as OpenShift routes) require it + /// to be placed in a `Secret`, so we also support that. + /// + /// Can be either `ConfigMap` or `Secret`, defaults to `ConfigMap`. + #[serde(default)] + pub output_resource: TrustStoreOutputType, + /// The [format](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#format) that the data should be converted into. pub format: Option, } +#[derive(Clone, Debug, Default, PartialEq, JsonSchema, Serialize, Deserialize)] +pub enum TrustStoreOutputType { + Secret, + + #[default] + ConfigMap, +} + #[cfg(test)] mod test { use super::*; diff --git a/rust/operator-binary/src/truststore_controller.rs b/rust/operator-binary/src/truststore_controller.rs index e817d86e..bec4414b 100644 --- a/rust/operator-binary/src/truststore_controller.rs +++ b/rust/operator-binary/src/truststore_controller.rs @@ -32,7 +32,7 @@ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ OPERATOR_NAME, backend::{self, SecretBackendError, TrustSelector}, - crd::{SearchNamespaceMatchCondition, SecretClass, TrustStore}, + crd::{SearchNamespaceMatchCondition, SecretClass, TrustStore, TrustStoreOutputType}, format::{ self, well_known::{CompatibilityOptions, NamingOptions}, @@ -82,6 +82,11 @@ pub async fn start(client: &stackable_operator::client::Client, watch_namespace: watch_namespace.get_api::>(client), watcher::Config::default(), ) + // TODO: merge this into the other Secret watch + .owns( + watch_namespace.get_api::>(client), + watcher::Config::default(), + ) .watches( watch_namespace.get_api::>(client), watcher::Config::default(), @@ -205,7 +210,14 @@ pub enum Error { source: stackable_operator::client::Error, config_map: ObjectRef, }, + + #[snafu(display("failed to apply target {secret} for the TrustStore"))] + ApplyTrustStoreSecret { + source: stackable_operator::client::Error, + secret: ObjectRef, + }, } + type Result = std::result::Result; impl ReconcilerError for Error { fn category(&self) -> &'static str { @@ -222,6 +234,7 @@ impl ReconcilerError for Error { Error::FormatData { secret_class, .. } => Some(secret_class.clone().erase()), Error::BuildOwnerReference { .. } => None, Error::ApplyTrustStoreConfigMap { config_map, .. } => Some(config_map.clone().erase()), + Error::ApplyTrustStoreSecret { secret, .. } => Some(secret.clone().erase()), } } } @@ -264,7 +277,7 @@ async fn reconcile( .get_trust_data(&selector) .await .context(BackendGetTrustDataSnafu)?; - let (Flattened(string_data), Flattened(binary_data)) = trust_data + let trust_file_contents = trust_data .data .into_files( truststore.spec.format, @@ -273,30 +286,53 @@ async fn reconcile( ) .context(FormatDataSnafu { secret_class: secret_class_ref, - })? + })?; + let (Flattened(string_data), Flattened(binary_data)) = trust_file_contents .into_iter() - // Try to put valid UTF-8 data into `data`, but fall back to `binary_data` otherwise + // Try to put valid UTF-8 data into `string_data`, but fall back to `binary_data` otherwise .map(|(k, v)| match String::from_utf8(v) { Ok(v) => (Some((k, v)), None), Err(v) => (None, Some((k, ByteString(v.into_bytes())))), }) .collect(); - let trust_cm = ConfigMap { - metadata: ObjectMetaBuilder::new() - .name_and_namespace(truststore) - .ownerreference_from_resource(truststore, None, Some(true)) - .context(BuildOwnerReferenceSnafu)? - .build(), - data: Some(string_data), - binary_data: Some(binary_data), - ..Default::default() - }; - ctx.client - .apply_patch(CONTROLLER_NAME, &trust_cm, &trust_cm) - .await - .context(ApplyTrustStoreConfigMapSnafu { - config_map: &trust_cm, - })?; + + let trust_metadata = ObjectMetaBuilder::new() + .name_and_namespace(truststore) + .ownerreference_from_resource(truststore, None, Some(true)) + .context(BuildOwnerReferenceSnafu)? + .build(); + + match truststore.spec.output_resource { + TrustStoreOutputType::ConfigMap => { + let trust_cm = ConfigMap { + metadata: trust_metadata, + data: Some(string_data), + binary_data: Some(binary_data), + ..Default::default() + }; + ctx.client + .apply_patch(CONTROLLER_NAME, &trust_cm, &trust_cm) + .await + .context(ApplyTrustStoreConfigMapSnafu { + config_map: &trust_cm, + })?; + } + TrustStoreOutputType::Secret => { + let trust_secret = Secret { + metadata: trust_metadata, + string_data: Some(string_data), + data: Some(binary_data), + ..Default::default() + }; + ctx.client + .apply_patch(CONTROLLER_NAME, &trust_secret, &trust_secret) + .await + .context(ApplyTrustStoreSecretSnafu { + secret: &trust_secret, + })?; + } + } + Ok(controller::Action::await_change()) } diff --git a/tests/templates/kuttl/cert-manager-tls/02-create-secretclass.yaml b/tests/templates/kuttl/cert-manager-tls/02-create-secretclass.yaml new file mode 100644 index 00000000..e751796c --- /dev/null +++ b/tests/templates/kuttl/cert-manager-tls/02-create-secretclass.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 02_secretclass.yaml | kubectl apply -f - diff --git a/tests/templates/kuttl/cert-manager-tls/02-secretclass.yaml b/tests/templates/kuttl/cert-manager-tls/02-secretclass.yaml deleted file mode 100644 index 9e09376d..00000000 --- a/tests/templates/kuttl/cert-manager-tls/02-secretclass.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < secretclass.yaml | kubectl apply -f - diff --git a/tests/templates/kuttl/cert-manager-tls/secretclass.yaml b/tests/templates/kuttl/cert-manager-tls/02_secretclass.yaml similarity index 100% rename from tests/templates/kuttl/cert-manager-tls/secretclass.yaml rename to tests/templates/kuttl/cert-manager-tls/02_secretclass.yaml diff --git a/tests/templates/kuttl/cert-manager-tls/10-consumer.yaml b/tests/templates/kuttl/cert-manager-tls/10-consumer.yaml deleted file mode 100644 index a2388abe..00000000 --- a/tests/templates/kuttl/cert-manager-tls/10-consumer.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < consumer.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/cert-manager-tls/10-create-consumer.yaml b/tests/templates/kuttl/cert-manager-tls/10-create-consumer.yaml new file mode 100644 index 00000000..fb89178c --- /dev/null +++ b/tests/templates/kuttl/cert-manager-tls/10-create-consumer.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 10_consumer.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/cert-manager-tls/consumer.yaml b/tests/templates/kuttl/cert-manager-tls/10_consumer.yaml similarity index 100% rename from tests/templates/kuttl/cert-manager-tls/consumer.yaml rename to tests/templates/kuttl/cert-manager-tls/10_consumer.yaml diff --git a/tests/templates/kuttl/kerberos-ad/01-install-secretclass.yaml b/tests/templates/kuttl/kerberos-ad/01-install-secretclass.yaml index 3564659b..3636a568 100644 --- a/tests/templates/kuttl/kerberos-ad/01-install-secretclass.yaml +++ b/tests/templates/kuttl/kerberos-ad/01-install-secretclass.yaml @@ -2,7 +2,7 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - - script: envsubst '$NAMESPACE' < secretclass.yaml | kubectl apply -f - + - script: envsubst '$NAMESPACE' < 01_secretclass.yaml | kubectl apply -f - --- apiVersion: v1 kind: Secret diff --git a/tests/templates/kuttl/kerberos-ad/secretclass.yaml.j2 b/tests/templates/kuttl/kerberos-ad/01_secretclass.yaml.j2 similarity index 100% rename from tests/templates/kuttl/kerberos-ad/secretclass.yaml.j2 rename to tests/templates/kuttl/kerberos-ad/01_secretclass.yaml.j2 diff --git a/tests/templates/kuttl/kerberos-ad/02-kinit-client.yaml b/tests/templates/kuttl/kerberos-ad/02-kinit-client.yaml index 6524bdd8..689393ca 100644 --- a/tests/templates/kuttl/kerberos-ad/02-kinit-client.yaml +++ b/tests/templates/kuttl/kerberos-ad/02-kinit-client.yaml @@ -2,7 +2,7 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - - script: envsubst '$NAMESPACE' < kinit-client.yaml | kubectl apply -n $NAMESPACE -f - + - script: envsubst '$NAMESPACE' < 02_kinit-client.yaml | kubectl apply -n $NAMESPACE -f - --- apiVersion: v1 kind: Service diff --git a/tests/templates/kuttl/kerberos-ad/kinit-client.yaml.j2 b/tests/templates/kuttl/kerberos-ad/02_kinit-client.yaml.j2 similarity index 100% rename from tests/templates/kuttl/kerberos-ad/kinit-client.yaml.j2 rename to tests/templates/kuttl/kerberos-ad/02_kinit-client.yaml.j2 diff --git a/tests/templates/kuttl/kerberos/01-install-kdc.yaml.j2 b/tests/templates/kuttl/kerberos/01-install-kdc.yaml.j2 index 4174902d..a1b46887 100644 --- a/tests/templates/kuttl/kerberos/01-install-kdc.yaml.j2 +++ b/tests/templates/kuttl/kerberos/01-install-kdc.yaml.j2 @@ -2,8 +2,8 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - - script: envsubst '$NAMESPACE' < secretclass.yaml | kubectl apply -f - - - script: envsubst '$NAMESPACE' < listenerclass.yaml | kubectl apply -f - + - script: envsubst '$NAMESPACE' < 01_secretclass.yaml | kubectl apply -f - + - script: envsubst '$NAMESPACE' < 01_listenerclass.yaml | kubectl apply -f - --- apiVersion: apps/v1 kind: StatefulSet diff --git a/tests/templates/kuttl/kerberos/listenerclass.yaml b/tests/templates/kuttl/kerberos/01_listenerclass.yaml similarity index 100% rename from tests/templates/kuttl/kerberos/listenerclass.yaml rename to tests/templates/kuttl/kerberos/01_listenerclass.yaml diff --git a/tests/templates/kuttl/kerberos/secretclass.yaml b/tests/templates/kuttl/kerberos/01_secretclass.yaml similarity index 100% rename from tests/templates/kuttl/kerberos/secretclass.yaml rename to tests/templates/kuttl/kerberos/01_secretclass.yaml diff --git a/tests/templates/kuttl/kerberos/02-kinit-client.yaml b/tests/templates/kuttl/kerberos/02-kinit-client.yaml index 6524bdd8..689393ca 100644 --- a/tests/templates/kuttl/kerberos/02-kinit-client.yaml +++ b/tests/templates/kuttl/kerberos/02-kinit-client.yaml @@ -2,7 +2,7 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: - - script: envsubst '$NAMESPACE' < kinit-client.yaml | kubectl apply -n $NAMESPACE -f - + - script: envsubst '$NAMESPACE' < 02_kinit-client.yaml | kubectl apply -n $NAMESPACE -f - --- apiVersion: v1 kind: Service diff --git a/tests/templates/kuttl/kerberos/kinit-client.yaml.j2 b/tests/templates/kuttl/kerberos/02_kinit-client.yaml.j2 similarity index 100% rename from tests/templates/kuttl/kerberos/kinit-client.yaml.j2 rename to tests/templates/kuttl/kerberos/02_kinit-client.yaml.j2 diff --git a/tests/templates/kuttl/tls-truststore/01-create-secretclass.yaml b/tests/templates/kuttl/tls-truststore/01-create-secretclass.yaml new file mode 100644 index 00000000..5237075f --- /dev/null +++ b/tests/templates/kuttl/tls-truststore/01-create-secretclass.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 01_secretclass.yaml | kubectl --namespace=$NAMESPACE apply -f - diff --git a/tests/templates/kuttl/tls-truststore/01-secretclass.yaml b/tests/templates/kuttl/tls-truststore/01-secretclass.yaml deleted file mode 100644 index 26ebc567..00000000 --- a/tests/templates/kuttl/tls-truststore/01-secretclass.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < secretclass.yaml | kubectl --namespace=$NAMESPACE apply -f - diff --git a/tests/templates/kuttl/tls-truststore/secretclass.yaml b/tests/templates/kuttl/tls-truststore/01_secretclass.yaml similarity index 100% rename from tests/templates/kuttl/tls-truststore/secretclass.yaml rename to tests/templates/kuttl/tls-truststore/01_secretclass.yaml diff --git a/tests/templates/kuttl/tls-truststore/02-assert.yaml b/tests/templates/kuttl/tls-truststore/02-assert.yaml.j2 similarity index 56% rename from tests/templates/kuttl/tls-truststore/02-assert.yaml rename to tests/templates/kuttl/tls-truststore/02-assert.yaml.j2 index 624f35c6..9eb8ef4a 100644 --- a/tests/templates/kuttl/tls-truststore/02-assert.yaml +++ b/tests/templates/kuttl/tls-truststore/02-assert.yaml.j2 @@ -4,17 +4,18 @@ kind: TestAssert timeout: 5 --- apiVersion: v1 -kind: ConfigMap +kind: {{ test_scenario['values']['truststore-output-resource'] }} metadata: name: truststore-pem # data is validated in 03-assert.yaml --- apiVersion: v1 -kind: ConfigMap +kind: {{ test_scenario['values']['truststore-output-resource'] }} metadata: name: truststore-pkcs12 # data is validated in 03-assert.yaml --- +{% if test_scenario['values']['truststore-output-resource'] == 'ConfigMap' %} apiVersion: v1 kind: ConfigMap metadata: @@ -26,3 +27,13 @@ data: binaryData: # Should stay binary since it is not legal UTF-8 actuallyBinary: aWxsZWdhbIB1dGYtOA== +{% else %} +apiVersion: v1 +kind: Secret +metadata: + name: truststore-k8ssearch +data: + foo: YmFy + baz: aGVsbG8= + actuallyBinary: aWxsZWdhbIB1dGYtOA== +{% endif %} diff --git a/tests/templates/kuttl/tls-truststore/02-create-truststore.yaml b/tests/templates/kuttl/tls-truststore/02-create-truststore.yaml new file mode 100644 index 00000000..0dfd5134 --- /dev/null +++ b/tests/templates/kuttl/tls-truststore/02-create-truststore.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 02_truststore.yaml | kubectl --namespace=$NAMESPACE apply -f - diff --git a/tests/templates/kuttl/tls-truststore/02-truststore.yaml b/tests/templates/kuttl/tls-truststore/02-truststore.yaml deleted file mode 100644 index 55a2a567..00000000 --- a/tests/templates/kuttl/tls-truststore/02-truststore.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < truststore.yaml | kubectl --namespace=$NAMESPACE apply -f - diff --git a/tests/templates/kuttl/tls-truststore/truststore.yaml b/tests/templates/kuttl/tls-truststore/02_truststore.yaml.j2 similarity index 69% rename from tests/templates/kuttl/tls-truststore/truststore.yaml rename to tests/templates/kuttl/tls-truststore/02_truststore.yaml.j2 index f0d66b89..7f6d7afa 100644 --- a/tests/templates/kuttl/tls-truststore/truststore.yaml +++ b/tests/templates/kuttl/tls-truststore/02_truststore.yaml.j2 @@ -7,6 +7,7 @@ metadata: spec: secretClassName: tls-$NAMESPACE format: tls-pem + outputResource: {{ test_scenario['values']['truststore-output-resource'] }} --- apiVersion: secrets.stackable.tech/v1alpha1 kind: TrustStore @@ -15,6 +16,7 @@ metadata: spec: secretClassName: tls-$NAMESPACE format: tls-pkcs12 + outputResource: {{ test_scenario['values']['truststore-output-resource'] }} --- apiVersion: secrets.stackable.tech/v1alpha1 kind: TrustStore @@ -22,3 +24,4 @@ metadata: name: truststore-k8ssearch spec: secretClassName: k8ssearch-$NAMESPACE + outputResource: {{ test_scenario['values']['truststore-output-resource'] }} diff --git a/tests/templates/kuttl/tls-truststore/03-assert.yaml b/tests/templates/kuttl/tls-truststore/03-assert.yaml deleted file mode 100644 index f81a9795..00000000 --- a/tests/templates/kuttl/tls-truststore/03-assert.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Validate certificates generated by step 02 ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestAssert -timeout: 5 -commands: - - script: kubectl --namespace=$NAMESPACE get cm/truststore-pem --output=jsonpath='{.data.ca\.crt}' | openssl x509 -noout - - script: kubectl --namespace=$NAMESPACE get cm/truststore-pkcs12 --output=jsonpath='{.binaryData.truststore\.p12}' | base64 -d | openssl pkcs12 -noout -passin 'pass:' -legacy diff --git a/tests/templates/kuttl/tls-truststore/03-assert.yaml.j2 b/tests/templates/kuttl/tls-truststore/03-assert.yaml.j2 new file mode 100644 index 00000000..91dbdfa7 --- /dev/null +++ b/tests/templates/kuttl/tls-truststore/03-assert.yaml.j2 @@ -0,0 +1,13 @@ +# Validate certificates generated by step 02 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 10 +commands: +{% if test_scenario['values']['truststore-output-resource'] == 'ConfigMap' %} + - script: kubectl --namespace=$NAMESPACE get configmap/truststore-pem --output=jsonpath='{.data.ca\.crt}' | openssl x509 -noout + - script: kubectl --namespace=$NAMESPACE get configmap/truststore-pkcs12 --output=jsonpath='{.binaryData.truststore\.p12}' | base64 --decode | openssl pkcs12 -noout -passin 'pass:' -legacy +{% else %} + - script: kubectl --namespace=$NAMESPACE get secret/truststore-pem --output=jsonpath='{.data.ca\.crt}' | base64 --decode | openssl x509 -noout + - script: kubectl --namespace=$NAMESPACE get secret/truststore-pkcs12 --output=jsonpath='{.data.truststore\.p12}' | base64 --decode | openssl pkcs12 -noout -passin 'pass:' -legacy +{% endif %} diff --git a/tests/templates/kuttl/tls/01-create-secretclass.yaml b/tests/templates/kuttl/tls/01-create-secretclass.yaml new file mode 100644 index 00000000..18560dfd --- /dev/null +++ b/tests/templates/kuttl/tls/01-create-secretclass.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 01_secretclass.yaml | kubectl apply -f - diff --git a/tests/templates/kuttl/tls/01-secretclass.yaml b/tests/templates/kuttl/tls/01-secretclass.yaml deleted file mode 100644 index 9e09376d..00000000 --- a/tests/templates/kuttl/tls/01-secretclass.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < secretclass.yaml | kubectl apply -f - diff --git a/tests/templates/kuttl/tls/secretclass.yaml.j2 b/tests/templates/kuttl/tls/01_secretclass.yaml.j2 similarity index 100% rename from tests/templates/kuttl/tls/secretclass.yaml.j2 rename to tests/templates/kuttl/tls/01_secretclass.yaml.j2 diff --git a/tests/templates/kuttl/tls/10-consumer.yaml b/tests/templates/kuttl/tls/10-consumer.yaml deleted file mode 100644 index a2388abe..00000000 --- a/tests/templates/kuttl/tls/10-consumer.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: envsubst '$NAMESPACE' < consumer.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/tls/10-create-consumer.yaml b/tests/templates/kuttl/tls/10-create-consumer.yaml new file mode 100644 index 00000000..fb89178c --- /dev/null +++ b/tests/templates/kuttl/tls/10-create-consumer.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 10_consumer.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/tls/consumer.yaml.j2 b/tests/templates/kuttl/tls/10_consumer.yaml.j2 similarity index 100% rename from tests/templates/kuttl/tls/consumer.yaml.j2 rename to tests/templates/kuttl/tls/10_consumer.yaml.j2 diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index b8f29998..afbf6560 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -19,6 +19,10 @@ dimensions: values: - false - true + - name: truststore-output-resource + values: + - ConfigMap + - Secret tests: - name: kerberos dimensions: @@ -40,6 +44,7 @@ tests: - name: tls-truststore dimensions: - openshift + - truststore-output-resource - name: cert-manager-tls dimensions: - openshift