@@ -88,3 +88,214 @@ func TestCreateUpgradeJob_NodeAffinity(t *testing.T) {
88
88
assert .Equal (t , corev1 .NodeSelectorOpExists , preferredTerms [0 ].Preference .MatchExpressions [0 ].Operator ,
89
89
"Node affinity operator should be 'Exists'" )
90
90
}
91
+
92
+ func TestCreateUpgradeJob_HostCABundle (t * testing.T ) {
93
+ // Test with HostCABundlePath set
94
+ t .Run ("with HostCABundlePath set" , func (t * testing.T ) {
95
+ scheme := runtime .NewScheme ()
96
+ require .NoError (t , ecv1beta1 .AddToScheme (scheme ))
97
+ require .NoError (t , batchv1 .AddToScheme (scheme ))
98
+ require .NoError (t , corev1 .AddToScheme (scheme ))
99
+
100
+ // Version used for testing
101
+ testVersion := "1.2.3"
102
+ testCAPath := "/etc/ssl/certs/ca-certificates.crt"
103
+
104
+ // Create a minimal installation CR with RuntimeConfig.HostCABundlePath set
105
+ installation := & ecv1beta1.Installation {
106
+ ObjectMeta : metav1.ObjectMeta {
107
+ Name : "test-installation" ,
108
+ Namespace : "default" ,
109
+ },
110
+ Spec : ecv1beta1.InstallationSpec {
111
+ BinaryName : "test-binary" ,
112
+ Config : & ecv1beta1.ConfigSpec {
113
+ Version : testVersion ,
114
+ Domains : ecv1beta1.Domains {
115
+ ProxyRegistryDomain : "registry.example.com" ,
116
+ },
117
+ },
118
+ RuntimeConfig : & ecv1beta1.RuntimeConfigSpec {
119
+ HostCABundlePath : testCAPath ,
120
+ },
121
+ },
122
+ }
123
+
124
+ // Create a cached metadata for the test version
125
+ // This avoids having to properly create a ConfigMap
126
+ testMeta := types.ReleaseMetadata {
127
+ Images : []string {"registry.example.com/embedded-cluster-operator-image:1.2.3" },
128
+ }
129
+ release .CacheMeta (testVersion , testMeta )
130
+
131
+ // Create a fake client with the installation
132
+ cli := fake .NewClientBuilder ().
133
+ WithScheme (scheme ).
134
+ WithObjects (installation ).
135
+ Build ()
136
+
137
+ // Call the function under test
138
+ err := CreateUpgradeJob (
139
+ context .Background (), cli , installation ,
140
+ "registry.example.com/local-artifact-mirror:1.2.3" ,
141
+ "license-id" , "app-slug" , "channel-id" , testVersion ,
142
+ "1.2.2" ,
143
+ )
144
+ require .NoError (t , err )
145
+
146
+ // Get the job that was created
147
+ job := & batchv1.Job {}
148
+ err = cli .Get (context .Background (), client.ObjectKey {
149
+ Namespace : upgradeJobNamespace ,
150
+ Name : "embedded-cluster-upgrade-test-installation" ,
151
+ }, job )
152
+ require .NoError (t , err )
153
+
154
+ // Verify that the host CA bundle volume exists
155
+ var hostCABundleVolumeFound bool
156
+ for _ , volume := range job .Spec .Template .Spec .Volumes {
157
+ if volume .Name == "host-ca-bundle" {
158
+ hostCABundleVolumeFound = true
159
+ // Verify the volume properties
160
+ require .NotNil (t , volume .HostPath , "Host CA bundle volume should be a hostPath volume" )
161
+ assert .Equal (t , testCAPath , volume .HostPath .Path , "Host CA bundle path should match RuntimeConfig.HostCABundlePath" )
162
+ assert .Equal (t , corev1 .HostPathFileOrCreate , * volume .HostPath .Type , "Host CA bundle type should be FileOrCreate" )
163
+ break
164
+ }
165
+ }
166
+ assert .True (t , hostCABundleVolumeFound , "Host CA bundle volume should exist" )
167
+
168
+ // Verify that the volume mount exists
169
+ var hostCABundleMountFound bool
170
+ for _ , mount := range job .Spec .Template .Spec .Containers [0 ].VolumeMounts {
171
+ if mount .Name == "host-ca-bundle" {
172
+ hostCABundleMountFound = true
173
+ // Verify the mount properties
174
+ assert .Equal (t , "/certs/ca-certificates.crt" , mount .MountPath , "Host CA bundle mount path should be correct" )
175
+ break
176
+ }
177
+ }
178
+ assert .True (t , hostCABundleMountFound , "Host CA bundle mount should exist" )
179
+
180
+ // Verify that the SSL_CERT_DIR environment variable exists
181
+ var sslCertDirEnvFound bool
182
+ for _ , env := range job .Spec .Template .Spec .Containers [0 ].Env {
183
+ if env .Name == "SSL_CERT_DIR" {
184
+ sslCertDirEnvFound = true
185
+ // Verify the env var value
186
+ assert .Equal (t , "/certs" , env .Value , "SSL_CERT_DIR value should be correct" )
187
+ break
188
+ }
189
+ }
190
+ assert .True (t , sslCertDirEnvFound , "SSL_CERT_DIR environment variable should exist" )
191
+
192
+ // Verify the "private-cas" volume does NOT exist
193
+ var privateCasVolumeFound bool
194
+ for _ , volume := range job .Spec .Template .Spec .Volumes {
195
+ if volume .Name == "private-cas" {
196
+ privateCasVolumeFound = true
197
+ break
198
+ }
199
+ }
200
+ assert .False (t , privateCasVolumeFound , "private-cas volume should not exist" )
201
+ })
202
+
203
+ // Test without HostCABundlePath set
204
+ t .Run ("without HostCABundlePath set" , func (t * testing.T ) {
205
+ scheme := runtime .NewScheme ()
206
+ require .NoError (t , ecv1beta1 .AddToScheme (scheme ))
207
+ require .NoError (t , batchv1 .AddToScheme (scheme ))
208
+ require .NoError (t , corev1 .AddToScheme (scheme ))
209
+
210
+ // Version used for testing
211
+ testVersion := "1.2.3"
212
+
213
+ // Create a minimal installation CR without RuntimeConfig.HostCABundlePath
214
+ installation := & ecv1beta1.Installation {
215
+ ObjectMeta : metav1.ObjectMeta {
216
+ Name : "test-installation" ,
217
+ Namespace : "default" ,
218
+ },
219
+ Spec : ecv1beta1.InstallationSpec {
220
+ BinaryName : "test-binary" ,
221
+ Config : & ecv1beta1.ConfigSpec {
222
+ Version : testVersion ,
223
+ Domains : ecv1beta1.Domains {
224
+ ProxyRegistryDomain : "registry.example.com" ,
225
+ },
226
+ },
227
+ // No RuntimeConfig or empty RuntimeConfig
228
+ },
229
+ }
230
+
231
+ // Create a cached metadata for the test version
232
+ // This avoids having to properly create a ConfigMap
233
+ testMeta := types.ReleaseMetadata {
234
+ Images : []string {"registry.example.com/embedded-cluster-operator-image:1.2.3" },
235
+ }
236
+ release .CacheMeta (testVersion , testMeta )
237
+
238
+ // Create a fake client with the installation
239
+ cli := fake .NewClientBuilder ().
240
+ WithScheme (scheme ).
241
+ WithObjects (installation ).
242
+ Build ()
243
+
244
+ // Call the function under test
245
+ err := CreateUpgradeJob (
246
+ context .Background (), cli , installation ,
247
+ "registry.example.com/local-artifact-mirror:1.2.3" ,
248
+ "license-id" , "app-slug" , "channel-id" , testVersion ,
249
+ "1.2.2" ,
250
+ )
251
+ require .NoError (t , err )
252
+
253
+ // Get the job that was created
254
+ job := & batchv1.Job {}
255
+ err = cli .Get (context .Background (), client.ObjectKey {
256
+ Namespace : upgradeJobNamespace ,
257
+ Name : "embedded-cluster-upgrade-test-installation" ,
258
+ }, job )
259
+ require .NoError (t , err )
260
+
261
+ // Verify that the host CA bundle volume does NOT exist
262
+ var hostCABundleVolumeFound bool
263
+ for _ , volume := range job .Spec .Template .Spec .Volumes {
264
+ if volume .Name == "host-ca-bundle" {
265
+ hostCABundleVolumeFound = true
266
+ break
267
+ }
268
+ }
269
+ assert .False (t , hostCABundleVolumeFound , "Host CA bundle volume should not exist when HostCABundlePath is not set" )
270
+
271
+ // Verify that the volume mount does NOT exist
272
+ var hostCABundleMountFound bool
273
+ for _ , mount := range job .Spec .Template .Spec .Containers [0 ].VolumeMounts {
274
+ if mount .Name == "host-ca-bundle" {
275
+ hostCABundleMountFound = true
276
+ break
277
+ }
278
+ }
279
+ assert .False (t , hostCABundleMountFound , "Host CA bundle mount should not exist when HostCABundlePath is not set" )
280
+
281
+ // Verify that the SSL_CERT_DIR environment variable does NOT exist
282
+ var sslCertDirEnvFound bool
283
+ for _ , env := range job .Spec .Template .Spec .Containers [0 ].Env {
284
+ if env .Name == "SSL_CERT_DIR" {
285
+ sslCertDirEnvFound = true
286
+ break
287
+ }
288
+ }
289
+ assert .False (t , sslCertDirEnvFound , "SSL_CERT_DIR environment variable should not exist when HostCABundlePath is not set" )
290
+
291
+ // Verify the "private-cas" volume does NOT exist
292
+ var privateCasVolumeFound bool
293
+ for _ , volume := range job .Spec .Template .Spec .Volumes {
294
+ if volume .Name == "private-cas" {
295
+ privateCasVolumeFound = true
296
+ break
297
+ }
298
+ }
299
+ assert .False (t , privateCasVolumeFound , "private-cas volume should not exist" )
300
+ })
301
+ }
0 commit comments