Merge pull request #170 from projectsyn/fix/lib-ca-volume

simu · web-flow · commit 1e695eff2f04 · 2026-01-06T14:07:49.000+01:00
Correctly configure custom CA volume on `Schedule` objects generated by the component library
diff --git a/.cruft.json b/.cruft.json
@@ -1,13 +1,13 @@
 {
   "template": "https://github.com/projectsyn/commodore-component-template.git",
-  "commit": "8f2273cd8ab13c55eb0f6dd621c70c4c9e4786fd",
+  "commit": "7e46facc758385bc32eeecab92b4639c66fd4e4f",
   "checkout": "main",
   "context": {
     "cookiecutter": {
       "name": "backup-k8up",
       "slug": "backup-k8up",
       "parameter_key": "backup_k8up",
-      "test_cases": "defaults",
+      "test_cases": "defaults component-lib",
       "add_lib": "y",
       "add_pp": "y",
       "add_golden": "y",
@@ -25,7 +25,7 @@
       "github_name": "component-backup-k8up",
       "github_url": "https://github.com/projectsyn/component-backup-k8up",
       "_template": "https://github.com/projectsyn/commodore-component-template.git",
-      "_commit": "8f2273cd8ab13c55eb0f6dd621c70c4c9e4786fd"
+      "_commit": "7e46facc758385bc32eeecab92b4639c66fd4e4f"
     }
   },
   "directory": null
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -33,6 +33,7 @@ jobs:
       matrix:
         instance:
           - defaults
+          - component-lib
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -48,6 +49,7 @@ jobs:
       matrix:
         instance:
           - defaults
+          - component-lib
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
diff --git a/Makefile.vars.mk b/Makefile.vars.mk
@@ -57,4 +57,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
-test_instances = tests/defaults.yml
+test_instances = tests/defaults.yml tests/component-lib.yml
diff --git a/lib/backup-k8up.libjsonnet b/lib/backup-k8up.libjsonnet
@@ -88,7 +88,7 @@ local Backend(backupkey, bucket, s3secret, create_bucket=true, caConfigMap=null)
 local CheckSpec(schedule) =
   {
     spec+: {
-      check: {
+      check+: {
         [if k8up_params.prometheus_push_gateway != null then 'promURL']:
           k8up_params.prometheus_push_gateway,
         schedule: schedule,
@@ -110,7 +110,7 @@ local CheckSpec(schedule) =
 local PruneSpec(schedule, keepDaily, keepLast) =
   {
     spec+: {
-      prune: {
+      prune+: {
         retention: {
           keepDaily: keepDaily,
           keepLast: keepLast,
@@ -179,10 +179,24 @@ local Job(name, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_
  * See the documentation for \ref Job for definitions of the other arguments.
  */
 local Schedule(name, schedule, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_bucket=true, caConfigMap=null) =
+  local caVolume = {
+    [if caConfigMap != null then 'volumes']: [
+      {
+        name: 'ca',
+        configMap: {
+          name: caConfigMap,
+        },
+      },
+    ],
+  };
   // prune backups daily, keep last 5 and 30 daily backups
-  local pspec = PruneSpec('30 2 * * *', 30, 5);
+  local pspec = PruneSpec('30 2 * * *', 30, 5) {
+    spec+: { prune+: caVolume },
+  };
   // check backup repo dalily
-  local cspec = CheckSpec('30 3 * * *');
+  local cspec = CheckSpec('30 3 * * *') {
+    spec+: { check+: caVolume },
+  };
   local backend = Backend(backupkey, bucket, s3secret, create_bucket, caConfigMap);
   local theschedule =
     {
@@ -198,15 +212,7 @@ local Schedule(name, schedule, keep_jobs=3, backupkey=null, bucket=null, s3secre
             k8up_params.prometheus_push_gateway,
           keepJobs: keep_jobs,
           schedule: schedule,
-          [if caConfigMap != null then 'volumes']: [
-            {
-              name: 'ca',
-              configMap: {
-                name: caConfigMap,
-              },
-            },
-          ],
-        },
+        } + caVolume,
       },
     } + pspec + cspec;
   {
diff --git a/tests/component-lib-tests.jsonnet b/tests/component-lib-tests.jsonnet
@@ -0,0 +1,33 @@
+local kap = import 'lib/kapitan.libjsonnet';
+
+local k8up = import 'lib/backup-k8up.libjsonnet';
+
+local inv = kap.inventory();
+
+local test_cases = inv.parameters.test_cases;
+
+local create_schedule(tc, spec) =
+  local pspec = if std.objectHas(spec, 'prune_spec') then
+    k8up.PruneSpec(
+      spec.prune_spec.schedule,
+      spec.prune_spec.keep_daily,
+      spec.prune_spec.keep_last
+    )
+  else
+    {};
+  local cspec = if std.objectHas(spec, 'check_schedule') then
+    k8up.CheckSpec(spec.check_schedule)
+  else
+    {};
+  k8up.Schedule(
+    tc,
+    std.get(spec, 'schedule', '23 * * * *'),
+    keep_jobs=std.get(spec, 'keep_jobs', 3),
+    backupkey=std.get(spec, 'backupkey'),
+    bucket=std.get(spec, 'bucket'),
+    s3secret=std.get(spec, 's3secret'),
+    create_bucket=false,
+    caConfigMap=std.get(spec, 'caConfigMap'),
+  ).schedule + pspec + cspec;
+
+std.mapWithKey(create_schedule, test_cases)
diff --git a/tests/component-lib.yml b/tests/component-lib.yml
@@ -0,0 +1,40 @@
+parameters:
+  kapitan:
+    ~compile:
+      - input_paths:
+          - ${_base_directory}/tests/component-lib-tests.jsonnet
+        input_type: jsonnet
+        output_path: ${_instance}/
+
+  # disable commodore postprocessing for lib test
+  ~commodore: {}
+
+  backup_k8up:
+    default_backup_bucket: null
+    global_backup_config:
+      s3_endpoint: https://s3.example.com
+
+  test_cases:
+    default: &d
+      schedule: "10 3 * * *"
+      bucket: default-bucket
+      backupkey:
+        name: backup-secret
+        key: password
+      s3secret:
+        name: s3-secret
+        accesskeyname: username
+        secretkeyname: password
+    custom-ca:
+      <<: *d
+      bucket: custom-ca-bucket
+      caConfigMap: custom-ca
+    custom-ca-with-extra:
+      <<: *d
+      bucket: custom-ca-bucket
+      caConfigMap: custom-ca
+      prune_spec:
+        schedule: "10 */4 * * *"
+        keep_last: 20
+        keep_daily: 30
+      check_schedule: "30 3 * * *"
diff --git a/tests/golden/component-lib/backup-k8up/backup-k8up/custom-ca-with-extra.yaml b/tests/golden/component-lib/backup-k8up/backup-k8up/custom-ca-with-extra.yaml
@@ -0,0 +1,47 @@
+apiVersion: k8up.io/v1
+kind: Schedule
+metadata:
+  name: custom-ca-with-extra
+spec:
+  backend:
+    repoPasswordSecretRef:
+      key: password
+      name: backup-secret
+    s3:
+      accessKeyIDSecretRef:
+        key: username
+        name: s3-secret
+      bucket: custom-ca-bucket
+      endpoint: https://s3.example.com
+      secretAccessKeySecretRef:
+        key: password
+        name: s3-secret
+    tlsOptions:
+      caCert: /mnt/ca/ca.crt
+    volumeMounts:
+      - mountPath: /mnt/ca/
+        name: ca
+  backup:
+    keepJobs: 3
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 10 3 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
+  check:
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 30 3 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
+  prune:
+    retention:
+      keepDaily: 30
+      keepLast: 20
+    schedule: 10 */4 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
diff --git a/tests/golden/component-lib/backup-k8up/backup-k8up/custom-ca.yaml b/tests/golden/component-lib/backup-k8up/backup-k8up/custom-ca.yaml
@@ -0,0 +1,47 @@
+apiVersion: k8up.io/v1
+kind: Schedule
+metadata:
+  name: custom-ca
+spec:
+  backend:
+    repoPasswordSecretRef:
+      key: password
+      name: backup-secret
+    s3:
+      accessKeyIDSecretRef:
+        key: username
+        name: s3-secret
+      bucket: custom-ca-bucket
+      endpoint: https://s3.example.com
+      secretAccessKeySecretRef:
+        key: password
+        name: s3-secret
+    tlsOptions:
+      caCert: /mnt/ca/ca.crt
+    volumeMounts:
+      - mountPath: /mnt/ca/
+        name: ca
+  backup:
+    keepJobs: 3
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 10 3 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
+  check:
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 30 3 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
+  prune:
+    retention:
+      keepDaily: 30
+      keepLast: 5
+    schedule: 30 2 * * *
+    volumes:
+      - configMap:
+          name: custom-ca
+        name: ca
diff --git a/tests/golden/component-lib/backup-k8up/backup-k8up/default.yaml b/tests/golden/component-lib/backup-k8up/backup-k8up/default.yaml
@@ -0,0 +1,30 @@
+apiVersion: k8up.io/v1
+kind: Schedule
+metadata:
+  name: default
+spec:
+  backend:
+    repoPasswordSecretRef:
+      key: password
+      name: backup-secret
+    s3:
+      accessKeyIDSecretRef:
+        key: username
+        name: s3-secret
+      bucket: default-bucket
+      endpoint: https://s3.example.com
+      secretAccessKeySecretRef:
+        key: password
+        name: s3-secret
+  backup:
+    keepJobs: 3
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 10 3 * * *
+  check:
+    promURL: http://platform-prometheus-pushgateway.syn-synsights.svc:9091
+    schedule: 30 3 * * *
+  prune:
+    retention:
+      keepDaily: 30
+      keepLast: 5
+    schedule: 30 2 * * *
