added tenant id to tls secret name to avoid collisions

3scale · Dec 23, 2020 · 77a088c · 77a088c
1 parent a2e56bf
commit 77a088c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 14 deletions.
diff --git a/app/services/integration/kubernetes_service.rb b/app/services/integration/kubernetes_service.rb
@@ -164,16 +164,18 @@ def initialize(url, service, port)
   end
 
   class IngressSpec < K8s::Resource
-    def initialize(url, service, port)
+    def initialize(url, service, port, tenant_id)
       uri = URI(url)
+      host = uri.host || uri.path
+
       tls_options = [{
-        hosts: [uri.host || uri.path],
-        secretName: service + '-tls'
+        hosts: [host],
+        secretName: service + '-tls-' + tenant_id
       }] if uri.class == URI::HTTPS || uri.scheme.blank?
 
       super({
         rules: [{
-          host: uri.host || uri.path,
+          host: host,
           http: {
             paths: [{
               path: '/',
@@ -201,9 +203,11 @@ def build_proxy_routes(entry)
   end
 
   def build_proxy_ingresses(entry)
+    data = entry.data
+    tenant_id = String(entry.tenant_id)
     build_ingresses('zync-3scale-api-', [
-                   IngressSpec.new(entry.data.fetch('endpoint'), 'apicast-production', 'gateway'),
-                   IngressSpec.new(entry.data.fetch('sandbox_endpoint'), 'apicast-staging', 'gateway')
+                   IngressSpec.new(data.fetch('endpoint'), 'apicast-production', 'gateway', tenant_id),
+                   IngressSpec.new(data.fetch('sandbox_endpoint'), 'apicast-staging', 'gateway', tenant_id)
                  ], labels: labels_for_proxy(entry), annotations: annotations_for(entry))
   end
 
@@ -270,15 +274,16 @@ def build_provider_ingresses(entry)
     data = entry.data
     domain, admin_domain = data.values_at('domain', 'admin_domain')
     metadata = { labels: labels_for_provider(entry), annotations: annotations_for(entry) }
+    tenant_id = String(entry.tenant_id)
 
     if admin_domain == domain # master account
       build_ingresses('zync-3scale-master-', [
-                     IngressSpec.new(data.fetch('domain'), 'system-master', 'http')
+                     IngressSpec.new(data.fetch('domain'), 'system-master', 'http', tenant_id)
                    ], **metadata)
     else
       build_ingresses('zync-3scale-provider-', [
-                     IngressSpec.new(data.fetch('domain'), 'system-developer', 'http'),
-                     IngressSpec.new(data.fetch('admin_domain'), 'system-provider', 'http')
+                     IngressSpec.new(data.fetch('domain'), 'system-developer', 'http', tenant_id),
+                     IngressSpec.new(data.fetch('admin_domain'), 'system-provider', 'http', tenant_id)
                    ], **metadata)
     end
   end

diff --git a/test/services/kubernetes_service_test.rb b/test/services/kubernetes_service_test.rb
@@ -198,22 +198,24 @@ class IngressSpec < ActiveSupport::TestCase
       url = 'https://my-api.example.com'
       service_name = 'My API'
       port = 7443
-      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port)
+      tenant_id = '2'
+      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port, tenant_id)
       json = {
         rules: [{
           host: "my-api.example.com",
           http: {
             paths: [{ path: '/', pathType: 'Prefix', backend: { service: { name: service_name, port: { name: port } } } }]
           }
         }],
-        tls: [{hosts: ["my-api.example.com"], secretName: "My API-tls"}]
+        tls: [{hosts: ["my-api.example.com"], secretName: "My API-tls-2"}]
       }
       assert_equal json, spec.to_hash
 
       url = 'http://my-api.example.com'
       service_name = 'My API'
       port = 7780
-      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port)
+      tenant_id = '2'
+      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port, tenant_id)
       json = {
         rules: [{
           host: "my-api.example.com",
@@ -230,15 +232,16 @@ class IngressSpec < ActiveSupport::TestCase
       url = 'my-api.example.com'
       service_name = 'My API'
       port = 7443
-      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port)
+      tenant_id = '2'
+      spec = Integration::KubernetesService::IngressSpec.new(url, service_name, port, tenant_id)
       json = {
         rules: [{
           host: "my-api.example.com",
           http: {
             paths: [{ path: '/', pathType: 'Prefix', backend: { service: { name: service_name, port: { name: port } } } }]
           }
         }],
-        tls: [{hosts: ["my-api.example.com"], secretName: "My API-tls"}]
+        tls: [{hosts: ["my-api.example.com"], secretName: "My API-tls-2"}]
       }
       assert_equal json, spec.to_hash
     end