@@ -160,6 +160,105 @@ func TestSigner_reconciler_withInvalidUserName(t *testing.T) {
160
160
g .Expect (csrConditions [0 ].Type ).To (Equal (certificatev1 .CertificateFailed ))
161
161
}
162
162
163
+ func TestSigner_DegradedCondition (t * testing.T ) {
164
+ g := NewGomegaWithT (t )
165
+ client := fake .NewFakeClient ()
166
+ status := statusmanager .New (client , coName , names .StandAloneClusterName )
167
+ signer := ReconcileCSR {client : client , status : status }
168
+
169
+ co := & configv1.ClusterOperator {ObjectMeta : metav1.ObjectMeta {Name : coName }}
170
+ setCO (t , client , co )
171
+ no := & operv1.Network {ObjectMeta : metav1.ObjectMeta {Name : names .OPERATOR_CONFIG }}
172
+ setOC (t , client , no )
173
+
174
+ csr , err := generateCSR ()
175
+ g .Expect (err ).NotTo (HaveOccurred ())
176
+ csrObj := & certificatev1.CertificateSigningRequest {}
177
+ csrObj .Name = csrName
178
+ csrObj .Spec .Request = []byte (csr )
179
+ csrObj .Spec .SignerName = signerName
180
+ csrObj .Spec .Usages = []certificatev1.KeyUsage {"ipsec tunnel" }
181
+ csrObj .Spec .Username = fmt .Sprintf ("system:ovn-node:%s" , nodeName )
182
+ csrObj .Status .Conditions = append (csrObj .Status .Conditions , certificatev1.CertificateSigningRequestCondition {
183
+ Type : certificatev1 .CertificateApproved ,
184
+ Status : "True" ,
185
+ Reason : "AutoApproved" ,
186
+ Message : "Automatically approved by " + signerName })
187
+
188
+ err = client .Default ().CRClient ().Create (context .TODO (), csrObj )
189
+ g .Expect (err ).NotTo (HaveOccurred ())
190
+ _ , err = client .Default ().Kubernetes ().CertificatesV1 ().CertificateSigningRequests ().Create (context .TODO (), csrObj , metav1.CreateOptions {})
191
+ g .Expect (err ).NotTo (HaveOccurred ())
192
+
193
+ node := & corev1.Node {}
194
+ node .Name = nodeName
195
+ _ , err = client .Default ().Kubernetes ().CoreV1 ().Nodes ().Create (context .TODO (), node , metav1.CreateOptions {})
196
+ g .Expect (err ).NotTo (HaveOccurred ())
197
+
198
+ randomByteArray := []byte ("blahblahblah" )
199
+ caSecret := & corev1.Secret {}
200
+ caSecret .Name = "signer-ca"
201
+ caSecret .Namespace = "openshift-ovn-kubernetes"
202
+ caSecret .Data = make (map [string ][]byte )
203
+ caSecret .Data ["tls.crt" ] = randomByteArray
204
+ caSecret .Data ["tls.key" ] = randomByteArray
205
+ err = client .Default ().CRClient ().Create (context .TODO (), caSecret )
206
+ g .Expect (err ).NotTo (HaveOccurred ())
207
+
208
+ for range 3 {
209
+ _ , err = signer .Reconcile (context .TODO (),
210
+ reconcile.Request {NamespacedName : types.NamespacedName {Name : csrName }})
211
+ g .Expect (err ).NotTo (HaveOccurred ())
212
+
213
+ err = client .Default ().CRClient ().Get (context .TODO (), types.NamespacedName {Name : csrName }, csrObj )
214
+ g .Expect (err ).NotTo (HaveOccurred ())
215
+ g .Expect (csrObj .Status .Certificate ).Should (BeEmpty ())
216
+
217
+ co , _ , err = getStatuses (client , "testing" )
218
+ if err != nil {
219
+ t .Fatalf ("error getting network.operator: %v" , err )
220
+ }
221
+ g .Expect (err ).NotTo (HaveOccurred ())
222
+ g .Expect (conditionsInclude (co .Status .Conditions , []configv1.ClusterOperatorStatusCondition {
223
+ {
224
+ Type : configv1 .OperatorDegraded ,
225
+ Status : configv1 .ConditionTrue ,
226
+ },
227
+ })).To (BeTrue ())
228
+ g .Expect (conditionsInclude (co .Status .Conditions , []configv1.ClusterOperatorStatusCondition {
229
+ {
230
+ Type : configv1 .OperatorUpgradeable ,
231
+ Status : configv1 .ConditionTrue ,
232
+ },
233
+ })).To (BeTrue ())
234
+ }
235
+
236
+ err = client .Default ().CRClient ().Delete (context .TODO (), csrObj )
237
+ g .Expect (err ).NotTo (HaveOccurred ())
238
+ _ , err = signer .Reconcile (context .TODO (),
239
+ reconcile.Request {NamespacedName : types.NamespacedName {Name : csrName }})
240
+ g .Expect (err ).NotTo (HaveOccurred ())
241
+
242
+ co , _ , err = getStatuses (client , "testing" )
243
+ if err != nil {
244
+ t .Fatalf ("error getting network.operator: %v" , err )
245
+ }
246
+ g .Expect (err ).NotTo (HaveOccurred ())
247
+ g .Expect (conditionsInclude (co .Status .Conditions , []configv1.ClusterOperatorStatusCondition {
248
+ {
249
+ Type : configv1 .OperatorDegraded ,
250
+ Status : configv1 .ConditionFalse ,
251
+ },
252
+ })).To (BeTrue ())
253
+ g .Expect (conditionsInclude (co .Status .Conditions , []configv1.ClusterOperatorStatusCondition {
254
+ {
255
+ Type : configv1 .OperatorUpgradeable ,
256
+ Status : configv1 .ConditionTrue ,
257
+ },
258
+ })).To (BeTrue ())
259
+
260
+ }
261
+
163
262
func generateCSR () (string , error ) {
164
263
// Create private key.
165
264
csrKey , err := rsa .GenerateKey (rand .Reader , 2048 )
0 commit comments