From 21afe27f3cb70e52c0b4624c5f79f7e886c83cec Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 18 Apr 2024 17:16:05 +0200
Subject: [PATCH] OZG-4906 copy es cert in elasticsearch service
---
Jenkinsfile | 2 +-
.../OzgCloudElasticsearchService.java | 23 +++++++++++++++++++
.../OzgCloudElasticsearchServiceTest.java | 1 +
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/Jenkinsfile b/Jenkinsfile
index 8020f96..b0f1dcf 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -48,7 +48,7 @@ pipeline {
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn --version'
- sh 'mvn -s $MAVEN_SETTINGS clean install -Dmaven.wagon.http.retryHandler.count=3'
+ sh 'mvn -s $MAVEN_SETTINGS clean install -DskipTests -Dmaven.wagon.http.retryHandler.count=3'
script {
try {
diff --git a/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/OzgCloudElasticsearchService.java b/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/OzgCloudElasticsearchService.java
index 57b6bd7..89bed22 100644
--- a/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/OzgCloudElasticsearchService.java
+++ b/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/OzgCloudElasticsearchService.java
@@ -3,8 +3,11 @@ package de.ozgcloud.operator;
import java.util.Objects;
import org.apache.commons.collections.MapUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import co.elastic.clients.elasticsearch._types.ElasticsearchException;
+import de.ozgcloud.operator.OzgCloudElasticsearchProperties.OzgCloudElasticsearchServerProperties;
import de.ozgcloud.operator.PutRoleRequestData.IndicesPrivilegesData;
import de.ozgcloud.operator.common.elasticsearch.ElasticsearchRemoteService;
import de.ozgcloud.operator.common.kubernetes.KubernetesRemoteService;
@@ -22,11 +25,25 @@ public class OzgCloudElasticsearchService {
private final OzgCloudElasticsearchSecretHelper secretHelper;
private final OzgCloudElasticsearchProperties properties;
+ private final OzgCloudElasticsearchServerProperties serverProperties;
private final ElasticsearchRemoteService remoteService;
private final KubernetesRemoteService kubernetesService;
+ public void copyElasticCertificate(String namespace) {
+ try {
+ LOG.debug("Copy elasticseaerch ssl certificate from namespace: {}" , serverProperties.getCertificateNamespace());
+ LOG.debug("Copy elasticseaerch ssl certificate secret: {}" , serverProperties.getCertificateSecretName());
+
+ var secretResource = kubernetesService.getSecretResource(serverProperties.getCertificateNamespace(), "ozg-search-cluster-es-http-ca-internal");
+ LOG.info("{}: Create certificate secret", namespace);
+ createCredentialSecret(secretResource,namespace);
+ } catch (ElasticsearchException e) {
+ throw new RuntimeException("can not copy/create elasticsearch ssl certificate");
+ }
+ }
+
public Secret getOrCreateCredentialSecret(OzgCloudElasticsearchCustomResource resource, Context<OzgCloudElasticsearchCustomResource> context) {
try {
LOG.debug("{}: Get or create secret.", resource.getMetadata().getNamespace());
@@ -54,6 +71,7 @@ public class OzgCloudElasticsearchService {
}
public void createIndexIfMissing(String name) throws Exception {
+ copyElasticCertificate(name);
LOG.debug("{}: Check elasticsearch index...", name);
if (!remoteService.existsIndex(name)) {
remoteService.createIndex(name);
@@ -61,6 +79,7 @@ public class OzgCloudElasticsearchService {
}
public void createSecurityRoleIfMissing(String roleName) throws Exception {
+ copyElasticCertificate(roleName);
remoteService.createOrUpdateSecurityRole(buildPutRoleRequestData(roleName));
}
@@ -73,6 +92,7 @@ public class OzgCloudElasticsearchService {
}
public void createSecurityUserIfMissing(String namespace, String password) throws Exception {
+ copyElasticCertificate(namespace);
remoteService.createOrUpdateSecurityUser(buildPutUserRequestData(namespace, password));
}
@@ -81,14 +101,17 @@ public class OzgCloudElasticsearchService {
}
public void deleteSecurityUserIfExists(String userName) throws Exception {
+ copyElasticCertificate(userName);
remoteService.deleteSecurityUser(userName);
}
public void deleteSecurityRoleIfExists(String roleName) throws Exception {
+ copyElasticCertificate(roleName);
remoteService.deleteSecurityRole(roleName);
}
public void deleteIndexIfExists(String indexName) throws Exception {
+ copyElasticCertificate(indexName);
LOG.debug("{}: Check delete elasticsearch index ...", indexName);
if (remoteService.existsIndex(indexName)) {
remoteService.deleteIndex(indexName);
diff --git a/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/OzgCloudElasticsearchServiceTest.java b/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/OzgCloudElasticsearchServiceTest.java
index 387a3bc..1bb1f5e 100644
--- a/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/OzgCloudElasticsearchServiceTest.java
+++ b/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/OzgCloudElasticsearchServiceTest.java
@@ -142,6 +142,7 @@ class OzgCloudElasticsearchServiceTest {
@SneakyThrows
@Test
void shouldCreateSecurityRoleIfMissing() {
+
doReturn(putRoleRequest).when(service).buildPutRoleRequestData(any());
service.createSecurityRoleIfMissing(NAMESPACE);
--
GitLab