Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions internal/kube/site/site.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,9 @@ func (s *Site) reconcile(siteDef *skupperv2alpha1.Site, inRecovery bool) error {
s.currentGroups = s.groups()
s.bindings.init(s, routerConfig)
s.setBindingsConfiguredStatus(nil)
s.checkSecuredAccess()
if err := s.checkSecuredAccess(); err != nil {
return err
}
Comment thread
evanwang9x marked this conversation as resolved.
} else if len(s.currentGroups) != len(s.groups()) {
s.logger.Info("EnableHA setting changed for site",
slog.String("namespace", siteDef.Namespace),
Expand Down Expand Up @@ -1537,6 +1539,7 @@ func asSecuredAccessSpec(routerAccess *skupperv2alpha1.RouterAccess, group strin

func (s *Site) checkSecuredAccess() error {
groups := s.groups()
var errs []error
for i, group := range groups {
for _, la := range s.linkAccess {
name := la.Name
Comment thread
evanwang9x marked this conversation as resolved.
Expand All @@ -1548,15 +1551,18 @@ func (s *Site) checkSecuredAccess() error {
"internal.skupper.io/routeraccess": la.Name,
}
if err := s.access.Ensure(s.namespace, name, asSecuredAccessSpec(la, group, s.site.DefaultIssuer()), annotations, routerAccessOwner(la)); err != nil {
//TODO: add message to site status
s.logger.Error("Error ensuring SecuredAccess for RouterAccess",
slog.String("key", la.Key()),
slog.Any("error", err))
errs = append(errs, fmt.Errorf("%s: %w", la.Key(), err))
} else {
s.accessMapping[name] = newSecuredAccessMapping(la.Name, group)
}
}
}
if len(errs) > 0 {
return stderrors.Join(errs...)
}
Comment thread
coderabbitai[bot] marked this conversation as resolved.
return nil
}

Expand Down
66 changes: 66 additions & 0 deletions internal/kube/site/site_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1112,6 +1112,72 @@ func TestSite_CheckRouterAccess(t *testing.T) {
}
}

func TestSite_checkSecuredAccess(t *testing.T) {
tests := []struct {
name string
skupperErrorMessage string
wantErr bool
wantAccessMapping int
}{
{
name: "secured access ensured for each router access",
wantErr: false,
wantAccessMapping: 1,
},
{
name: "secured access ensure failure is returned, not just logged",
skupperErrorMessage: "secured access create failed",
wantErr: true,
wantAccessMapping: 0,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s, err := newSiteMocks("test", nil, nil, tt.skupperErrorMessage, true)
assert.Assert(t, err)

s.linkAccess["my-ra"] = &skupperv2alpha1.RouterAccess{
ObjectMeta: metav1.ObjectMeta{
Name: "my-ra",
Namespace: "test",
},
Spec: skupperv2alpha1.RouterAccessSpec{
AccessType: "loadbalancer",
},
}

err = s.checkSecuredAccess()
if (err != nil) != tt.wantErr {
t.Errorf("Site.checkSecuredAccess() error = %v, wantErr %v", err, tt.wantErr)
}
if tt.skupperErrorMessage != "" && err != nil {
assert.ErrorContains(t, err, tt.skupperErrorMessage)
}
assert.Equal(t, tt.wantAccessMapping, len(s.accessMapping))
})
}
}

func TestSite_checkSecuredAccess_reportsErrorOnInitialization(t *testing.T) {
s, err := newSiteMocks("test", nil, nil, "secured access create failed", true)
assert.Assert(t, err)

s.linkAccess["my-ra"] = &skupperv2alpha1.RouterAccess{
ObjectMeta: metav1.ObjectMeta{
Name: "my-ra",
Namespace: "test",
},
Spec: skupperv2alpha1.RouterAccessSpec{
AccessType: "loadbalancer",
},
}

err = s.Reconcile(s.site)
assert.Assert(t, err != nil)
assert.Assert(t, !s.site.IsConfigured(), "site should not be reported as configured when SecuredAccess creation fails")
}

func Test_NetworkStatusUpdate(t *testing.T) {
type args struct {
siteRecord []skupperv2alpha1.SiteRecord
Expand Down
Loading