rename some vars, add env var with path to new key

nais · Apr 18, 2024 · 4fcef6d · 4fcef6d
1 parent 6d304c0
commit 4fcef6d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 18 deletions.
diff --git a/internal/controller/sqlsslcert_controller.go b/internal/controller/sqlsslcert_controller.go
@@ -22,10 +22,10 @@ import (
 )
 
 const (
-	certKey     = "cert.pem"
-	pemKeyKey   = "key.pem"
-	derKeyKey   = "key.pk8"
-	rootCertKey = "root-cert.pem"
+	certKey      = "cert.pem"
+	pk1PemKeyKey = "key.pem"
+	pk8DerKeyKey = "key.pk8"
+	rootCertKey  = "root-cert.pem"
 )
 
 var (
@@ -126,12 +126,12 @@ func (r *SQLSSLCertReconciler) reconcileSQLSSLCert(ctx context.Context, req ctrl
 			logger.Info("Failed to convert cert to DER", "error", err)
 		}
 		secret.Data = map[string][]byte{
-			derKeyKey: derKey,
+			pk8DerKeyKey: derKey,
 		}
 		secret.StringData = map[string]string{
-			certKey:     *sqlSslCert.Status.Cert,
-			pemKeyKey:   *sqlSslCert.Status.PrivateKey,
-			rootCertKey: *sqlSslCert.Status.ServerCaCert,
+			certKey:      *sqlSslCert.Status.Cert,
+			pk1PemKeyKey: *sqlSslCert.Status.PrivateKey,
+			rootCertKey:  *sqlSslCert.Status.ServerCaCert,
 		}
 
 		return nil

diff --git a/internal/controller/sqlsslcert_controller_test.go b/internal/controller/sqlsslcert_controller_test.go
@@ -95,9 +95,9 @@ KChGB9mxeIDV+wqRFCOK0IVOlBk4e+O2mk31LrXibw==
 					Expect(err).ToNot(HaveOccurred())
 
 					Expect(secret.StringData).To(HaveKeyWithValue(certKey, "dummy-cert"))
-					Expect(secret.StringData).To(HaveKeyWithValue(pemKeyKey, testKey))
+					Expect(secret.StringData).To(HaveKeyWithValue(pk1PemKeyKey, testKey))
 					Expect(secret.StringData).To(HaveKeyWithValue(rootCertKey, "dummy-server-ca-cert"))
-					Expect(secret.Data).To(HaveKeyWithValue(derKeyKey, testDerKey))
+					Expect(secret.Data).To(HaveKeyWithValue(pk8DerKeyKey, testDerKey))
 				})
 
 				It("should set owner reference and managed by", func() {
@@ -194,7 +194,7 @@ KChGB9mxeIDV+wqRFCOK0IVOlBk4e+O2mk31LrXibw==
 					Expect(err).ToNot(HaveOccurred())
 
 					Expect(secret.StringData).To(HaveKeyWithValue(certKey, "dummy-cert"))
-					Expect(secret.StringData).To(HaveKeyWithValue(pemKeyKey, testKey))
+					Expect(secret.StringData).To(HaveKeyWithValue(pk1PemKeyKey, testKey))
 					Expect(secret.StringData).To(HaveKeyWithValue(rootCertKey, "dummy-server-ca-cert"))
 				})
 			})
@@ -220,9 +220,9 @@ KChGB9mxeIDV+wqRFCOK0IVOlBk4e+O2mk31LrXibw==
 							},
 						},
 						StringData: map[string]string{
-							certKey:     "existing-cert",
-							pemKeyKey:   "existing-private-key",
-							rootCertKey: "existing-server-ca-cert",
+							certKey:      "existing-cert",
+							pk1PemKeyKey: "existing-private-key",
+							rootCertKey:  "existing-server-ca-cert",
 						},
 					}
 					k8sClient = clientBuilder.WithObjects(existingSecret).Build()
@@ -239,7 +239,7 @@ KChGB9mxeIDV+wqRFCOK0IVOlBk4e+O2mk31LrXibw==
 					Expect(err).ToNot(HaveOccurred())
 
 					Expect(secret.StringData).To(HaveKeyWithValue(certKey, "existing-cert"))
-					Expect(secret.StringData).To(HaveKeyWithValue(pemKeyKey, "existing-private-key"))
+					Expect(secret.StringData).To(HaveKeyWithValue(pk1PemKeyKey, "existing-private-key"))
 					Expect(secret.StringData).To(HaveKeyWithValue(rootCertKey, "existing-server-ca-cert"))
 				})
 

diff --git a/internal/controller/sqluser_controller.go b/internal/controller/sqluser_controller.go
@@ -175,12 +175,13 @@ func (r *SQLUserReconciler) reconcileSQLUser(ctx context.Context, req ctrl.Reque
 
 		rootCertPath := filepath.Join(nais_io_v1alpha1.DefaultSqeletorMountPath, rootCertKey)
 		certPath := filepath.Join(nais_io_v1alpha1.DefaultSqeletorMountPath, certKey)
-		keyPath := filepath.Join(nais_io_v1alpha1.DefaultSqeletorMountPath, pemKeyKey)
+		pk1PemKeyPath := filepath.Join(nais_io_v1alpha1.DefaultSqeletorMountPath, pk1PemKeyKey)
+		pk8DerKeyPath := filepath.Join(nais_io_v1alpha1.DefaultSqeletorMountPath, pk8DerKeyKey)
 
 		queries := url.Values{}
 		queries.Add("sslmode", "verify-ca")
 		queries.Add("sslcert", certPath)
-		queries.Add("sslkey", keyPath)
+		queries.Add("sslkey", pk1PemKeyPath)
 		queries.Add("sslrootcert", rootCertPath)
 		googleSQLPostgresURL := url.URL{
 			Scheme:   "postgresql",
@@ -199,7 +200,8 @@ func (r *SQLUserReconciler) reconcileSQLUser(ctx context.Context, req ctrl.Reque
 			envVarPrefix + "_URL":         googleSQLPostgresURL.String(),
 			envVarPrefix + "_SSLROOTCERT": rootCertPath,
 			envVarPrefix + "_SSLCERT":     certPath,
-			envVarPrefix + "_SSLKEY":      keyPath,
+			envVarPrefix + "_SSLKEY":      pk1PemKeyPath,
+			envVarPrefix + "_SSLKEY_PK8":  pk8DerKeyPath,
 			envVarPrefix + "_SSLMODE":     "verify-ca",
 		}
 

diff --git a/internal/controller/sqluser_controller_test.go b/internal/controller/sqluser_controller_test.go
@@ -141,6 +141,7 @@ var _ = Describe("SQLUser Controller", func() {
 						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_SSLROOTCERT", "/var/run/secrets/nais.io/sqlcertificate/root-cert.pem"))
 						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_SSLCERT", "/var/run/secrets/nais.io/sqlcertificate/cert.pem"))
 						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_SSLKEY", "/var/run/secrets/nais.io/sqlcertificate/key.pem"))
+						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_SSLKEY_PK8", "/var/run/secrets/nais.io/sqlcertificate/key.pk8"))
 						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_SSLMODE", "verify-ca"))
 						Expect(secret.StringData).To(HaveKeyWithValue(envVarPrefix+"_URL", MatchRegexp(`^postgresql:\/\/test-resource-id:[^@]+@10.10.10.10:5432\/test-db\?sslcert=%2Fvar%2Frun%2Fsecrets%2Fnais.io%2Fsqlcertificate%2Fcert.pem&sslkey=%2Fvar%2Frun%2Fsecrets%2Fnais.io%2Fsqlcertificate%2Fkey.pem&sslmode=verify-ca&sslrootcert=%2Fvar%2Frun%2Fsecrets%2Fnais.io%2Fsqlcertificate%2Froot-cert.pem$`)))
 					})