Include additional cluster-wide trusted CA into Che (#718)

Include additional cluster-wide trusted CA into Che Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
2021-03-18 08:58:33 +02:00 · 2021-03-18 08:58:33 +02:00 · 8e53ebedbd
parent 9af5816955
commit 8e53ebedbd
2 changed files with 32 additions and 5 deletions
--- a/pkg/controller/che/proxy.go
+++ b/pkg/controller/che/proxy.go
@ -48,14 +48,13 @@ func (r *ReconcileChe) getProxyConfiguration(checluster *orgv1.CheCluster) (*dep
 			} else {
 				cheClusterProxyConf.NoProxy = deploy.MergeNonProxy(cheClusterProxyConf.NoProxy, ".svc")
 			}
+			// Add cluster-wide trusted CA certs, if any
+			cheClusterProxyConf.TrustedCAMapName = clusterWideProxyConf.TrustedCAMapName
 			return cheClusterProxyConf, nil
-		} else if clusterWideProxyConf.HttpProxy != "" {
+		} else {
 			clusterWideProxyConf.NoProxy = deploy.MergeNonProxy(clusterWideProxyConf.NoProxy, cheClusterProxyConf.NoProxy)
 			return clusterWideProxyConf, nil
 		}
-
-		// proxy isn't configured
-		return &deploy.Proxy{}, nil
 	}

 	// OpenShift 3.x and k8s
--- a/pkg/controller/che/proxy_test.go
+++ b/pkg/controller/che/proxy_test.go
@ -142,6 +142,11 @@ func TestReadProxyConfiguration(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "cluster",
 				},
+				Spec: configv1.ProxySpec{
+					TrustedCA: configv1.ConfigMapNameReference{
+						Name: "additional-cluster-ca-bundle",
+					},
+				},
 				Status: configv1.ProxyStatus{
 					HTTPProxy:  "http://proxy:3128",
 					HTTPSProxy: "http://proxy:3128",
@ -169,7 +174,30 @@ func TestReadProxyConfiguration(t *testing.T) {
 				HttpsHost:        "proxy",
 				HttpsPort:        "3128",
 				NoProxy:          "host1",
-				TrustedCAMapName: "",
+				TrustedCAMapName: "additional-cluster-ca-bundle",
+			},
+		},
+		{
+			name:             "Test cluster wide proxy is not configured, but cluster wide CA certs added, OpenShift 4.x",
+			openShiftVersion: "4",
+			clusterProxy: &configv1.Proxy{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster",
+				},
+				Spec: configv1.ProxySpec{
+					TrustedCA: configv1.ConfigMapNameReference{
+						Name: "additional-cluster-ca-bundle",
+					},
+				},
+			},
+			cheCluster: &orgv1.CheCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "eclipse-che",
+				},
+			},
+			initObjects: []runtime.Object{},
+			expectedProxyConf: &deploy.Proxy{
+				TrustedCAMapName: "additional-cluster-ca-bundle",
 			},
 		},
 		{