Skip to content

Commit

Permalink
Handle missing agent-tls-mode Setting value (#996)
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
  • Loading branch information
@anmazzotti
anmazzotti authored Jan 13, 2025
1 parent 5d29853 commit cd5225c
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 2 deletions.
9 changes: 7 additions & 2 deletions internal/controllers/helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,12 @@ func getTrustedCAcert(ctx context.Context, cl client.Client, agentTLSModeFeature
return nil, fmt.Errorf("error getting agent-tls-mode setting: %w", err)
}

switch agentTLSModeSetting.Value {
agentTLSModeValue := agentTLSModeSetting.Value
if len(agentTLSModeValue) == 0 {
agentTLSModeValue = agentTLSModeSetting.Default
}

switch agentTLSModeValue {
case "system-store":
log.Info("using system store for CA certificates")
return nil, nil
Expand All @@ -336,6 +341,6 @@ func getTrustedCAcert(ctx context.Context, cl client.Client, agentTLSModeFeature

return []byte(caCertsSetting.Value), nil
default:
return nil, fmt.Errorf("invalid agent-tls-mode setting value: %s", agentTLSModeSetting.Value)
return nil, fmt.Errorf("invalid agent-tls-mode setting value: %s", agentTLSModeValue)
}
}
22 changes: 22 additions & 0 deletions internal/controllers/helpers_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,17 @@ var _ = Describe("getTrustedCAcert", func() {
Expect(result).To(Equal([]byte("cert-data")))
})

It("should use default agent-tls-mode when value is empty", func() {
agentTLSModeSetting.Value = ""
agentTLSModeSetting.Default = "strict"
Expect(fakeClient.Create(ctx, agentTLSModeSetting)).To(Succeed())
Expect(fakeClient.Create(ctx, cacertsSetting)).To(Succeed())

result, err := getTrustedCAcert(ctx, fakeClient, true)
Expect(err).NotTo(HaveOccurred())
Expect(result).To(Equal([]byte("cert-data")))
})

It("should return error when agent-tls-mode is strict and cacerts is empty", func() {
cacertsSetting.Value = ""
Expect(fakeClient.Create(ctx, agentTLSModeSetting)).To(Succeed())
Expand All @@ -99,4 +110,15 @@ var _ = Describe("getTrustedCAcert", func() {
Expect(err.Error()).To(ContainSubstring("invalid agent-tls-mode setting value"))
Expect(result).To(BeNil())
})

It("should return error for missing agent-tls-mode value and default", func() {
agentTLSModeSetting.Value = ""
agentTLSModeSetting.Default = ""
Expect(fakeClient.Create(ctx, agentTLSModeSetting)).To(Succeed())

result, err := getTrustedCAcert(ctx, fakeClient, true)
Expect(err).To(HaveOccurred(), "Should not make assumptions on default agent-tls-mode value")
Expect(err.Error()).To(ContainSubstring("invalid agent-tls-mode setting value"))
Expect(result).To(BeNil())
})
})

0 comments on commit cd5225c

Please sign in to comment.