Fix test case failures

wso2 · Jan 3, 2024 · 25ec320 · 25ec320
1 parent 9e7cb01
commit 25ec320
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 12 deletions.
diff --git a/adapter/internal/operator/controllers/dp/api_controller.go b/adapter/internal/operator/controllers/dp/api_controller.go
@@ -769,11 +769,14 @@ func (apiReconciler *APIReconciler) getAPIPolicyChildrenRefs(ctx context.Context
 
 func (apiReconciler *APIReconciler) resolveAuthentications(ctx context.Context,
 	authentications map[string]dpv1alpha1.Authentication) (*dpv1alpha1.MutualSSL, error) {
-	resolvedMutualSSL := dpv1alpha1.MutualSSL{}
+	var resolvedMutualSSL *dpv1alpha1.MutualSSL
 	for _, authentication := range authentications {
-		resolvedMutualSSL = utils.GetResolvedMutualSSL(ctx, apiReconciler.client, authentication)
+		if resolvedMutualSSL == nil {
+			resolvedMutualSSL = &dpv1alpha1.MutualSSL{}
+		}
+		utils.GetResolvedMutualSSL(ctx, apiReconciler.client, authentication, resolvedMutualSSL)
 	}
-	return &resolvedMutualSSL, nil
+	return resolvedMutualSSL, nil
 }
 
 func (apiReconciler *APIReconciler) getResolvedBackendsMapping(ctx context.Context,

diff --git a/adapter/internal/operator/synchronizer/synchronizer.go b/adapter/internal/operator/synchronizer/synchronizer.go
@@ -162,8 +162,7 @@ func GenerateAdapterInternalAPI(apiState APIState, httpRoute *HTTPRouteState, en
 		adapterInternalAPI.SetDisableMtls(apiState.MutualSSL.Disabled)
 		adapterInternalAPI.SetMutualSSL(apiState.MutualSSL.Required)
 		adapterInternalAPI.SetClientCerts(apiState.APIDefinition.Name, apiState.MutualSSL.ClientCertificates)
-	}
-	if adapterInternalAPI.IsSystemAPI || apiState.MutualSSL == nil {
+	} else {
 		adapterInternalAPI.SetDisableMtls(true)
 	}
 

diff --git a/adapter/internal/operator/utils/utils.go b/adapter/internal/operator/utils/utils.go
@@ -458,8 +458,7 @@ func getResolvedBackendSecurity(ctx context.Context, client k8client.Client,
 }
 
 // GetResolvedMutualSSL resolves mTLS related security configurations.
-func GetResolvedMutualSSL(ctx context.Context, client k8client.Client, authentication dpv1alpha1.Authentication) dpv1alpha1.MutualSSL {
-	resolvedMutualSSL := dpv1alpha1.MutualSSL{}
+func GetResolvedMutualSSL(ctx context.Context, client k8client.Client, authentication dpv1alpha1.Authentication, resolvedMutualSSL *dpv1alpha1.MutualSSL) {
 	var err error
 	var certificate string
 	var mutualSSL *dpv1alpha1.MutualSSLConfig
@@ -471,15 +470,13 @@ func GetResolvedMutualSSL(ctx context.Context, client k8client.Client, authentic
 	if mutualSSL != nil {
 		resolvedCertificates := ResolveAllmTLSCertificates(ctx, mutualSSL, certificate, err, client, authentication.Namespace)
 		resolvedMutualSSL.Disabled = mutualSSL.Disabled
-		resolvedMutualSSL.Required = authentication.Spec.Default.AuthTypes.MutualSSL.Required
+		resolvedMutualSSL.Required = mutualSSL.Required
 		resolvedMutualSSL.ClientCertificates = append(resolvedMutualSSL.ClientCertificates, resolvedCertificates...)
 	}
 
 	if err != nil {
 		loggers.LoggerAPKOperator.ErrorC(logging.PrintError(logging.Error2622, logging.TRIVIAL, "Error in resolving mutual SSL %v in authentication", certificate))
 	}
-
-	return resolvedMutualSSL
 }
 
 // ResolveAllmTLSCertificates resolves all mTLS certificates

diff --git a/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml b/runtime/config-deployer-service/ballerina/resources/apk-conf-schema.yaml
@@ -155,7 +155,7 @@ components:
                 - optional
             certificates:
               type: array
-              description: The names and keys of the secrets containing the mTLS certificates of that API
+              description: The names and keys of the config maps containing the mTLS certificates of that API
               items:
                 type: object
                 properties:

diff --git a/test/cucumber-tests/CRs/artifacts.yaml b/test/cucumber-tests/CRs/artifacts.yaml
@@ -730,4 +730,58 @@ metadata:
   namespace: apk-integration-test
 spec:
   applicationRef: 583e4146-7ef5-11ee-b962-0242ac120004
-  subscriptionRef: 583e4146-7ef6-11ee-b962-0242ac120003
+  subscriptionRef: 583e4146-7ef6-11ee-b962-0242ac120003
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mtls-test-configmap
+  namespace: apk-integration-test
+data:
+  tls.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIIDGTCCAgECFANIkLQBkd76qiTXzSXjBS2scPJsMA0GCSqGSIb3DQEBCwUAME0x
+    CzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDAR3c28y
+    MQwwCgYDVQQLDANhcGsxDDAKBgNVBAMMA2FwazAeFw0yMzEyMDYxMDEyNDhaFw0y
+    NTA0MTkxMDEyNDhaMEUxCzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRl
+    MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3
+    DQEBAQUAA4IBDwAwggEKAoIBAQCdG90W/Tlk4u9awHPteD5zpVcThUKwMLvAKw9i
+    vVQBC0AG6GzPbakol5gKVm+kBUDFzzzF6eayEXKWbyaZDty66A2+7HLLcKBop5M/
+    a57Q9XtU3lRYvotgutLWuHcI7mLCScZDrjA3rnb/KjjbhZ602ZS1pp5jtyUz6DwL
+    m7w4wQ/RProqCdBj8QqoAvnDDLSPeDfsx14J5VeNJVGJV2wax65jWRjRkj6wE7z2
+    qzWAlP5vDeED6bogYYVDpC8DtgayQ+vKAQLi1uj+I9Yqb/nPUrdUh9IlxudlqiFQ
+    QxyvsXMJEzbWWmlbD0kXYkHmHzetJNPK9ayOS/fJcAcfAb01AgMBAAEwDQYJKoZI
+    hvcNAQELBQADggEBAFmUc7+cI8d0Dl4wTdq+gfyWdqjQb7AYVO9DvJi3XGxdc5Kp
+    1nCSsKzKUz9gvxXHeaYKrBNYf4SSU+Pkdf/BWePqi7UX/SIxNXby2da8zWg+W6Uh
+    xZfKlLYGMp3mCjueZpZTJ7SKOOGFA8IIgEzjJD9Ln1gl3ywMaCwlNrG9RpiD1McT
+    COKvyWNKnSRVr/RvCklLVrAMTJr50kce2czcdFl/xF4Hm66vp7cP/bYJKWAL8hBG
+    zUa9aQBKncOoAO+zQ/SGy7uJxTDUF8SverDsmjOc6AU6IhBGVUyX/JQbYyJfZinB
+    YlviYxVzIm6IaNJHx4sihw4U1/jMFWRXT470zcQ=
+    -----END CERTIFICATE-----
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mtls-test-configmap2
+  namespace: apk-integration-test
+data:
+  tls.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIIDGTCCAgECFANIkLQBkd76qiTXzSXjBS2scPJsMA0GCSqGSIb3DQEBCwUAME0x
+    CzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDAR3c28y
+    MQwwCgYDVQQLDANhcGsxDDAKBgNVBAMMA2FwazAeFw0yMzEyMDYxMDEyNDhaFw0y
+    NTA0MTkxMDEyNDhaMEUxCzAJBgNVBAYTAkxLMRMwEQYDVQQIDApTb21lLVN0YXRl
+    MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3
+    DQEBAQUAA4IBDwAwggEKAoIBAQCdG90W/Tlk4u9awHPteD5zpVcThUKwMLvAKw9i
+    vVQBC0AG6GzPbakol5gKVm+kBUDFzzzF6eayEXKWbyaZDty66A2+7HLLcKBop5M/
+    a57Q9XtU3lRYvotgutLWuHcI7mLCScZDrjA3rnb/KjjbhZ602ZS1pp5jtyUz6DwL
+    m7w4wQ/RProqCdBj8QqoAvnDDLSPeDfsx14J5VeNJVGJV2wax65jWRjRkj6wE7z2
+    qzWAlP5vDeED6bogYYVDpC8DtgayQ+vKAQLi1uj+I9Yqb/nPUrdUh9IlxudlqiFQ
+    QxyvsXMJEzbWWmlbD0kXYkHmHzetJNPK9ayOS/fJcAcfAb01AgMBAAEwDQYJKoZI
+    hvcNAQELBQADggEBAFmUc7+cI8d0Dl4wTdq+gfyWdqjQb7AYVO9DvJi3XGxdc5Kp
+    1nCSsKzKUz9gvxXHeaYKrBNYf4SSU+Pkdf/BWePqi7UX/SIxNXby2da8zWg+W6Uh
+    xZfKlLYGMp3mCjueZpZTJ7SKOOGFA8IIgEzjJD9Ln1gl3ywMaCwlNrG9RpiD1McT
+    COKvyWNKnSRVr/RvCklLVrAMTJr50kce2czcdFl/xF4Hm66vp7cP/bYJKWAL8hBG
+    zUa9aQBKncOoAO+zQ/SGy7uJxTDUF8SverDsmjOc6AU6IhBGVUyX/JQbYyJfZinB
+    YlviYxVzIm6IaNJHx4sihw4U1/jMFWRXT470zcQ=
+    -----END CERTIFICATE-----