[BUGFIX] - Authentication From Revision (#1340)

Currently the authentication was not being copied over to the configuration resource. Update the code to default to Revision, and only if the CloudResource is set, allow it to override
appvia · Mar 28, 2024 · 51e0932 · 51e0932
1 parent 8fed872
commit 51e0932
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 3 deletions.
diff --git a/pkg/controller/cloudresource/ensure.go b/pkg/controller/cloudresource/ensure.go
@@ -170,9 +170,15 @@ func (c *Controller) ensureConfigurationExists(cloudresource *terraformv1alpha1.
 			},
 		}
 
-		configuration.Spec.Module = revision.Spec.Configuration.Module
+		// @step: if the revision contains authentication details
+		configuration.Spec.Auth = revision.Spec.Configuration.Auth
+		if cloudresource.Spec.Auth != nil {
+			configuration.Spec.Auth = cloudresource.Spec.Auth
+		}
+
 		configuration.Spec.EnableAutoApproval = cloudresource.Spec.EnableAutoApproval
 		configuration.Spec.EnableDriftDetection = cloudresource.Spec.EnableDriftDetection
+		configuration.Spec.Module = revision.Spec.Configuration.Module
 		configuration.Spec.Plan = &terraformv1alpha1.PlanReference{
 			Name:     cloudresource.Spec.Plan.Name,
 			Revision: cloudresource.Spec.Plan.Revision,

diff --git a/pkg/controller/cloudresource/reconcile_test.go b/pkg/controller/cloudresource/reconcile_test.go
@@ -26,6 +26,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/sirupsen/logrus"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/ptr"
@@ -94,6 +95,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
 				Description: "The name of the database engine",
 			},
 		}
+		revision.Spec.Configuration.Auth = &v1.SecretReference{Name: "mysecret"}
 		revision.Spec.Configuration.Module = "git::https://github.com/appvia/terranetes-controller.git?ref=master"
 		revision.Spec.Configuration.Variables = &runtime.RawExtension{
 			Raw: []byte("{\"test\": \"default\"}"),
@@ -105,7 +107,6 @@ var _ = Describe("CloudResource Reconcilation", func() {
 		cloudresource.Spec.WriteConnectionSecretToRef = &terraformv1alpha1.WriteConnectionSecret{
 			Name: "mysecret",
 		}
-
 		Expect(cc.Create(context.Background(), revision)).To(Succeed())
 		Expect(cc.Create(context.Background(), plan)).To(Succeed())
 		Expect(cc.Create(context.Background(), cloudresource)).To(Succeed())
@@ -240,7 +241,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
 							Name:     revision.Spec.Plan.Name,
 							Revision: revision.Spec.Plan.Revision,
 						}))
-
+						Expect(configuration.Spec.Auth).To(Equal(revision.Spec.Configuration.Auth))
 						Expect(configuration.Spec.Module).To(Equal(revision.Spec.Configuration.Module))
 						Expect(configuration.Spec.EnableAutoApproval).To(Equal(revision.Spec.Configuration.EnableAutoApproval))
 						Expect(configuration.Spec.EnableDriftDetection).To(Equal(revision.Spec.Configuration.EnableDriftDetection))
@@ -377,6 +378,7 @@ var _ = Describe("CloudResource Reconcilation", func() {
 							Revision: revision.Spec.Plan.Revision,
 						}))
 
+						Expect(configuration.Spec.Auth).To(Equal(revision.Spec.Configuration.Auth))
 						Expect(configuration.Spec.Module).To(Equal(revision.Spec.Configuration.Module))
 						Expect(configuration.Spec.EnableAutoApproval).To(Equal(revision.Spec.Configuration.EnableAutoApproval))
 						Expect(configuration.Spec.EnableDriftDetection).To(Equal(revision.Spec.Configuration.EnableDriftDetection))
@@ -388,6 +390,36 @@ var _ = Describe("CloudResource Reconcilation", func() {
 					})
 				})
 
+				Context("and the cloudresource has overidden the revision auth", func() {
+					BeforeEach(func() {
+						cloudresource.Spec.Auth = &v1.SecretReference{Name: "cloudresource-secret"}
+						Expect(cc.Update(context.Background(), cloudresource)).To(Succeed())
+
+						result, _, rerr = controllertests.Roll(context.TODO(), ctrl, cloudresource, 0)
+					})
+
+					It("should not return an error", func() {
+						Expect(rerr).ToNot(HaveOccurred())
+					})
+
+					It("should have updated a configuration", func() {
+						list := &terraformv1alpha1.ConfigurationList{}
+						Expect(cc.List(context.Background(), list,
+							client.InNamespace(cloudresource.Namespace),
+							client.MatchingLabels(map[string]string{
+								terraformv1alpha1.CloudResourceNameLabel:         cloudresource.Name,
+								terraformv1alpha1.CloudResourcePlanNameLabel:     revision.Spec.Plan.Name,
+								terraformv1alpha1.CloudResourceRevisionLabel:     revision.Spec.Plan.Revision,
+								terraformv1alpha1.CloudResourceRevisionNameLabel: revision.Name,
+							}))).To(Succeed())
+						Expect(list.Items).To(HaveLen(1))
+
+						configuration := list.Items[0]
+						Expect(configuration.Spec.Auth).ToNot(Equal(revision.Spec.Configuration.Auth))
+						Expect(configuration.Spec.Auth).To(Equal(cloudresource.Spec.Auth))
+					})
+				})
+
 				Context("and the cloud resource does not have an update available", func() {
 					BeforeEach(func() {
 						result, _, rerr = controllertests.Roll(context.TODO(), ctrl, cloudresource, 0)