Add tests for novncproxy certs and routes cleanup

auniyal61 · auniyal61 · commit fffc1917c420 · 2025-04-24T21:27:12.000-04:00
diff --git a/tests/functional/ctlplane/base_test.go b/tests/functional/ctlplane/base_test.go
@@ -44,47 +44,50 @@ import (
 )
 
 type Names struct {
-	Namespace                   string
-	OpenStackControlplaneName   types.NamespacedName
-	OpenStackVersionName        types.NamespacedName
-	KeystoneAPIName             types.NamespacedName
-	MemcachedName               types.NamespacedName
-	MemcachedCertName           types.NamespacedName
-	CinderName                  types.NamespacedName
-	ManilaName                  types.NamespacedName
-	GlanceName                  types.NamespacedName
-	NeutronName                 types.NamespacedName
-	HorizonName                 types.NamespacedName
-	HeatName                    types.NamespacedName
-	TelemetryName               types.NamespacedName
-	DBName                      types.NamespacedName
-	DBCertName                  types.NamespacedName
-	DBCell1Name                 types.NamespacedName
-	DBCell1CertName             types.NamespacedName
-	RabbitMQName                types.NamespacedName
-	RabbitMQCertName            types.NamespacedName
-	RabbitMQCell1Name           types.NamespacedName
-	RabbitMQCell1CertName       types.NamespacedName
-	ServiceAccountName          types.NamespacedName
-	RoleName                    types.NamespacedName
-	RoleBindingName             types.NamespacedName
-	RootCAPublicName            types.NamespacedName
-	RootCAInternalName          types.NamespacedName
-	RootCAOvnName               types.NamespacedName
-	RootCALibvirtName           types.NamespacedName
-	SelfSignedIssuerName        types.NamespacedName
-	CustomIssuerName            types.NamespacedName
-	CustomServiceCertSecretName types.NamespacedName
-	CABundleName                types.NamespacedName
-	OpenStackClientName         types.NamespacedName
-	OVNNorthdName               types.NamespacedName
-	OVNNorthdCertName           types.NamespacedName
-	OVNControllerName           types.NamespacedName
-	OVNControllerCertName       types.NamespacedName
-	OVNDbServerNBName           types.NamespacedName
-	OVNDbServerSBName           types.NamespacedName
-	NeutronOVNCertName          types.NamespacedName
-	OpenStackTopology           []types.NamespacedName
+	Namespace                          string
+	OpenStackControlplaneName          types.NamespacedName
+	OpenStackVersionName               types.NamespacedName
+	KeystoneAPIName                    types.NamespacedName
+	MemcachedName                      types.NamespacedName
+	MemcachedCertName                  types.NamespacedName
+	CinderName                         types.NamespacedName
+	ManilaName                         types.NamespacedName
+	GlanceName                         types.NamespacedName
+	NeutronName                        types.NamespacedName
+	HorizonName                        types.NamespacedName
+	HeatName                           types.NamespacedName
+	TelemetryName                      types.NamespacedName
+	DBName                             types.NamespacedName
+	DBCertName                         types.NamespacedName
+	DBCell1Name                        types.NamespacedName
+	DBCell1CertName                    types.NamespacedName
+	RabbitMQName                       types.NamespacedName
+	RabbitMQCertName                   types.NamespacedName
+	RabbitMQCell1Name                  types.NamespacedName
+	RabbitMQCell1CertName              types.NamespacedName
+	NoVNCProxyCell1CertPublicRouteName types.NamespacedName
+	NoVNCProxyCell1CertPublicSvcName   types.NamespacedName
+	NoVNCProxyCell1CertVencryptName    types.NamespacedName
+	ServiceAccountName                 types.NamespacedName
+	RoleName                           types.NamespacedName
+	RoleBindingName                    types.NamespacedName
+	RootCAPublicName                   types.NamespacedName
+	RootCAInternalName                 types.NamespacedName
+	RootCAOvnName                      types.NamespacedName
+	RootCALibvirtName                  types.NamespacedName
+	SelfSignedIssuerName               types.NamespacedName
+	CustomIssuerName                   types.NamespacedName
+	CustomServiceCertSecretName        types.NamespacedName
+	CABundleName                       types.NamespacedName
+	OpenStackClientName                types.NamespacedName
+	OVNNorthdName                      types.NamespacedName
+	OVNNorthdCertName                  types.NamespacedName
+	OVNControllerName                  types.NamespacedName
+	OVNControllerCertName              types.NamespacedName
+	OVNDbServerNBName                  types.NamespacedName
+	OVNDbServerSBName                  types.NamespacedName
+	NeutronOVNCertName                 types.NamespacedName
+	OpenStackTopology                  []types.NamespacedName
 }
 
 func CreateNames(openstackControlplaneName types.NamespacedName) Names {
@@ -200,6 +203,18 @@ func CreateNames(openstackControlplaneName types.NamespacedName) Names {
 			Namespace: openstackControlplaneName.Namespace,
 			Name:      "cert-rabbitmq-cell1-svc",
 		},
+		NoVNCProxyCell1CertPublicRouteName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-public-route",
+			Namespace: openstackControlplaneName.Namespace,
+		},
+		NoVNCProxyCell1CertPublicSvcName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-public-svc",
+			Namespace: openstackControlplaneName.Namespace,
+		},
+		NoVNCProxyCell1CertVencryptName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-vencrypt",
+			Namespace: openstackControlplaneName.Namespace,
+		},
 		OpenStackClientName: types.NamespacedName{
 			Namespace: openstackControlplaneName.Namespace,
 			Name:      "openstackclient",
diff --git a/tests/functional/ctlplane/openstackoperator_controller_test.go b/tests/functional/ctlplane/openstackoperator_controller_test.go
@@ -45,9 +45,11 @@ import (
 	"github.com/openstack-k8s-operators/lib-common/modules/common/service"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	manilav1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
+	novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1"
 	clientv1 "github.com/openstack-k8s-operators/openstack-operator/apis/client/v1beta1"
 	corev1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
 	ovnv1 "github.com/openstack-k8s-operators/ovn-operator/api/v1beta1"
+	placementv1 "github.com/openstack-k8s-operators/placement-operator/api/v1beta1"
 )
 
 var _ = Describe("OpenStackOperator controller", func() {
@@ -2931,6 +2933,14 @@ var _ = Describe("OpenStackOperator controller galera and rabbitmq", func() {
 			th.CreateCertSecret(names.RabbitMQCertName)
 			th.CreateCertSecret(names.RabbitMQCell1CertName)
 
+			// create cert secrets for ovn instance
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.OVNNorthdCertName))
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.OVNControllerCertName))
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.NeutronOVNCertName))
+
+			// create cert secrets for memcached instance
+			DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.MemcachedCertName))
+
 			extGalera := CreateGaleraConfig(namespace, GetDefaultGaleraSpec())
 			extGaleraName.Name = extGalera.GetName()
 			extGaleraName.Namespace = extGalera.GetNamespace()
@@ -2949,6 +2959,13 @@ var _ = Describe("OpenStackOperator controller galera and rabbitmq", func() {
 				th.DeleteInstance,
 				CreateOpenStackControlPlane(names.OpenStackControlplaneName, spec),
 			)
+
+			// enable TLS
+			Eventually(func(g Gomega) {
+				OSCtlplane := GetOpenStackControlPlane(names.OpenStackControlplaneName)
+				OSCtlplane.Spec.TLS.PodLevel.Enabled = true
+				g.Expect(k8sClient.Update(ctx, OSCtlplane)).Should(Succeed())
+			}, timeout, interval).Should(Succeed())
 		})
 
 		It("cell1 galera should be deleted from CR", func() {
@@ -3031,13 +3048,6 @@ var _ = Describe("OpenStackOperator controller galera and rabbitmq", func() {
 			var secretName types.NamespacedName
 			var certName types.NamespacedName
 
-			// enable TLS
-			Eventually(func(g Gomega) {
-				OSCtlplane = GetOpenStackControlPlane(names.OpenStackControlplaneName)
-				OSCtlplane.Spec.TLS.PodLevel.Enabled = true
-				g.Expect(k8sClient.Update(ctx, OSCtlplane)).Should(Succeed())
-			}, timeout, interval).Should(Succeed())
-
 			// rabbitmq exists
 			Eventually(func(g Gomega) {
 				rabbitmq := GetRabbitMQCluster(names.RabbitMQCell1Name)
@@ -3102,6 +3112,177 @@ var _ = Describe("OpenStackOperator controller galera and rabbitmq", func() {
 
 		})
 
+		When("The novncproxy k8s service is created for cell1", func() {
+			/*
+				- generate certs and routes for novncproxy
+					- enable nova and dependencies
+					- create novncproxy service
+				- find and verify certs and routes are created
+				- reproduce cell1 deletion
+					- delete novnc service
+				- verify if there are no residue certs and routes
+			*/
+
+			BeforeEach(func() {
+				// enable Nova and dependencies
+				Eventually(func(g Gomega) {
+					OSCtlplane := GetOpenStackControlPlane(names.OpenStackControlplaneName)
+					OSCtlplane.Spec.Nova.Enabled = true
+					OSCtlplane.Spec.Nova.Template = &novav1.NovaSpecCore{}
+					// enable "Galera, Memcached, RabbitMQ, Keystone, Glance, Neutron, Placement" too
+
+					OSCtlplane.Spec.Keystone.Enabled = true
+					OSCtlplane.Spec.Glance.Enabled = true
+					OSCtlplane.Spec.Neutron.Enabled = true
+					OSCtlplane.Spec.Placement.Enabled = true
+
+					if OSCtlplane.Spec.Placement.Template == nil {
+						OSCtlplane.Spec.Placement.Template = &placementv1.PlacementAPISpecCore{}
+						OSCtlplane.Spec.Placement.Template.APITimeout = 10
+					}
+					g.Expect(k8sClient.Update(ctx, OSCtlplane)).Should(Succeed())
+				}, timeout, interval).Should(Succeed())
+
+				// logger.Info("XXX OpenStackControlPlane updated")
+				// OSCtlplane := GetOpenStackControlPlane(names.OpenStackControlplaneName)
+				// th.Logger.Info("", "XXX OSCtlplane", OSCtlplane)
+
+				// nova-novncproxy-cell1-public
+				novncProxyPublicSvcName := types.NamespacedName{
+					Name:      "nova-novncproxy-cell1-public",
+					Namespace: namespace}
+
+				th.CreateService(
+					novncProxyPublicSvcName,
+					map[string]string{
+						"osctlplane-service": "nova-novncproxy",
+						"osctlplane":         "",
+						"cell":               "cell1",
+					},
+					k8s_corev1.ServiceSpec{
+						Ports: []k8s_corev1.ServicePort{
+							{
+								Name:     "nova-novncproxy-cell1-public",
+								Port:     int32(6080),
+								Protocol: k8s_corev1.ProtocolTCP,
+							},
+						},
+					})
+
+				novncProxySvc := th.GetService(novncProxyPublicSvcName)
+
+				if novncProxySvc.Annotations == nil {
+					novncProxySvc.Annotations = map[string]string{}
+				}
+
+				novncProxySvc.Annotations[service.AnnotationIngressCreateKey] = "true"
+				novncProxySvc.Annotations[service.AnnotationEndpointKey] = "public"
+
+				Expect(th.K8sClient.Status().Update(th.Ctx, novncProxySvc)).To(Succeed())
+				// novncProxySvc = th.GetService(novncProxyPublicSvcName)
+				// logger.Info("", "XXX novncproxy labels", novncProxySvc.Labels)
+
+				// vnproxy certs
+				DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.NoVNCProxyCell1CertPublicRouteName))
+				DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.NoVNCProxyCell1CertPublicSvcName))
+				DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(names.NoVNCProxyCell1CertVencryptName))
+
+			})
+
+			It("cell1 novncproxy certs should be deleted", func() {
+
+				nova := &novav1.Nova{}
+				novaNamespace := types.NamespacedName{Name: "nova", Namespace: namespace}
+				// Eventually(func(g Gomega) {
+				// 	g.Expect(k8sClient.Get(ctx, novaNamespace, nova)).Should(Succeed())
+				// }, timeout, interval).Should(Succeed())
+
+				// th.Logger.Info("", "XXX nova", nova)
+
+				certNames := []types.NamespacedName{
+					{Name: "nova-novncproxy-cell1-public-route", Namespace: namespace},
+					{Name: "nova-novncproxy-cell1-public-svc", Namespace: namespace},
+					{Name: "nova-novncproxy-cell1-vencrypt", Namespace: namespace},
+				}
+
+				// verify all certs for novncproxy exists
+				Eventually(func(g Gomega) {
+					for _, certName := range certNames {
+						cert := crtmgr.GetCert(certName)
+						g.Expect(cert).NotTo(BeNil())
+					}
+				}, timeout, interval).Should(Succeed())
+
+				// verify route is present
+				Eventually(func(g Gomega) {
+					novncproxyRouteName := types.NamespacedName{Name: "nova-novncproxy-cell1-public", Namespace: namespace}
+					novncproxyRoute := &routev1.Route{}
+
+					g.Expect(th.K8sClient.Get(th.Ctx, novncproxyRouteName, novncproxyRoute)).Should(Succeed())
+					g.Expect(novncproxyRoute.Spec.TLS.Certificate).Should(Not(BeEmpty()))
+					g.Expect(novncproxyRoute.Spec.TLS.Key).Should(Not(BeEmpty()))
+					g.Expect(novncproxyRoute.Spec.TLS.CACertificate).Should(Not(BeEmpty()))
+				}, timeout, interval).Should(Succeed())
+
+				novncProxyPublicSvcName := types.NamespacedName{
+					Name:      "nova-novncproxy-cell1-public",
+					Namespace: namespace}
+
+				th.DeleteService(novncProxyPublicSvcName)
+
+				// simulate cell1 deletion jobsuccess !!
+
+				//  remove cell1 from nova
+				Eventually(func(g Gomega) {
+					g.Expect(k8sClient.Get(ctx, novaNamespace, nova)).Should(Succeed())
+					delete(nova.Spec.CellTemplates, "cell1")
+					g.Expect(k8sClient.Update(ctx, nova)).To(Succeed())
+				}, timeout, interval).Should(Succeed())
+
+				// Eventually(func(g Gomega) {
+				// 	g.Expect(k8sClient.Get(ctx, novaNamespace, nova)).Should(Succeed())
+				// }, timeout, interval).Should(Succeed())
+
+				// th.Logger.Info("", "XXX nova 1", nova)
+
+				// remove from oscp
+				Eventually(func(g Gomega) {
+					OSCtlplane := GetOpenStackControlPlane(names.OpenStackControlplaneName)
+					delete(OSCtlplane.Spec.Nova.Template.CellTemplates, "cell1")
+					g.Expect(k8sClient.Update(ctx, OSCtlplane)).Should(Succeed())
+				}, timeout, interval).Should(Succeed())
+
+				// OSCtlplane := GetOpenStackControlPlane(names.OpenStackControlplaneName)
+				// th.Logger.Info("", "XXX oscp", OSCtlplane)
+
+				// // verify all certs for novncproxy
+				// Eventually(func(g Gomega) {
+				// 	for _, certName := range certNames {
+				// 		cert := crtmgr.GetCert(certName)
+				// 		g.Expect(cert).To(BeNil())
+				// 	}
+				// }, timeout, interval).Should(Succeed())
+
+				certs := crtmgr.GetCerts(namespace)
+				for _, cert := range certs.Items {
+					th.Logger.Info("XXX---", "", cert.Name)
+
+				}
+
+				// Eventually(func(g Gomega) {
+				// 	novncproxyRouteName := types.NamespacedName{Name: "nova-novncproxy-cell1-public", Namespace: namespace}
+				// 	novncproxyRoute := &routev1.Route{}
+
+				// 	g.Expect(th.K8sClient.Get(th.Ctx, novncproxyRouteName, novncproxyRoute)).Should(Succeed())
+				// 	g.Expect(novncproxyRoute.Spec.TLS.Certificate).Should(Not(BeEmpty()))
+				// 	g.Expect(novncproxyRoute.Spec.TLS.Key).Should(Not(BeEmpty()))
+				// 	g.Expect(novncproxyRoute.Spec.TLS.CACertificate).Should(Not(BeEmpty()))
+				// }, timeout, interval).Should(Succeed())
+
+			})
+
+		})
+
 	})
 
 })
