From 0e24d95d291c6361f18f250f9db41302706c5f4f Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 3 Jan 2024 11:32:26 +0100
Subject: [PATCH] OZG-4453 fix certificate mounts

---
 .../src/main/helm/templates/deployment.yaml                   | 2 +-
 ...zgcloud_elasticsearch_operator_admin_secret_view_role.yaml | 1 +
 ozgcloud-elasticsearch-operator/src/main/helm/values.yaml     | 1 +
 .../src/main/resources/application.yml                        | 4 ++--
 .../src/test/helm/deployment_volumes.yaml                     | 2 +-
 ...ud_elasticsearch_operator_admin_secret_view_role_test.yaml | 1 +
 6 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/deployment.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/deployment.yaml
index b2c1e68..928a5fc 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/deployment.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/deployment.yaml
@@ -93,7 +93,7 @@ spec:
           subPath: type
           readOnly: true
         - name: elasticsearch-certificate
-          mountPath: "/bindings/ca-certificates/elasticsearch-certificate.pem"
+          mountPath: "/bindings/ca-certificates/es-root-ca.pem"
           subPath: ca.crt
           readOnly: true
       volumes:
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
index f5bfed6..7b92028 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
@@ -32,6 +32,7 @@ rules:
       - ""
     resourceNames:
       - {{ required "elasticsearch.adminSecretName must be set" (.Values.elasticsearch).adminSecretName }}
+      - {{ required "elasticsearch.certificateSecretName must be set" (.Values.elasticsearch).certificateSecretName }}
     resources:
       - secrets
     verbs:
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
index d041f12..14594d7 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
@@ -5,3 +5,4 @@ image:
 elasticsearch:
     namespace: elastic-system
     adminSecretName: ozg-search-cluster-es-elastic-user
+    certificateSecretName: ozg-search-cluster-es-ozg-search-es-transport-certs
diff --git a/ozgcloud-elasticsearch-operator/src/main/resources/application.yml b/ozgcloud-elasticsearch-operator/src/main/resources/application.yml
index f7e2444..742c69e 100644
--- a/ozgcloud-elasticsearch-operator/src/main/resources/application.yml
+++ b/ozgcloud-elasticsearch-operator/src/main/resources/application.yml
@@ -9,8 +9,8 @@ ozgcloud:
       host: ozg-search-cluster-es-http.${ozgcloud.elasticsearch.server.namespace}
       port: 9200
       scheme: https
-      certificateNamespace: ozgcloud-elasticsearch-operator
-      certificateSecretName: elasticsearch-certificate
+      certificateNamespace: elastic-system
+      certificateSecretName: ozg-search-cluster-es-ozg-search-es-transport-certs
       certificateSecretDataKey: ca.crt
 
 management:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_volumes.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_volumes.yaml
index b5051b2..ffaafb7 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_volumes.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_volumes.yaml
@@ -81,6 +81,6 @@ tests:
           path: spec.template.spec.containers[0].volumeMounts
           content:  
               name: elasticsearch-certificate
-              mountPath: "/bindings/ca-certificates/elasticsearch-certificate.pem"
+              mountPath: "/bindings/ca-certificates/es-root-ca.pem"
               subPath: ca.crt
               readOnly: true
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
index ced2580..3e80b1c 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
@@ -60,6 +60,7 @@ tests:
                 - ""
               resourceNames:
                 - ozg-search-cluster-es-elastic-user
+                - ozg-search-cluster-es-ozg-search-es-transport-certs
               resources:
                 - secrets
               verbs:
-- 
GitLab