From 34d53910611a45a6112cf8548e0ec5cb743df48d Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Mon, 12 Dec 2022 17:18:27 +0100 Subject: [PATCH 1/2] correctly create ent http client when tls disabled --- pkg/controller/enterprisesearch/version_upgrade.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkg/controller/enterprisesearch/version_upgrade.go b/pkg/controller/enterprisesearch/version_upgrade.go index 4ae00bde6b..58774cb11b 100644 --- a/pkg/controller/enterprisesearch/version_upgrade.go +++ b/pkg/controller/enterprisesearch/version_upgrade.go @@ -168,9 +168,13 @@ func (r *VersionUpgrade) setReadOnlyMode(ctx context.Context, enabled bool) erro httpClient := r.httpClient if httpClient == nil { // build an HTTP client to reach the Enterprise Search service - tlsCerts, err := r.retrieveTLSCerts() - if err != nil { - return err + var tlsCerts []*x509.Certificate + if r.ent.Spec.HTTP.TLS.Enabled() { + var err error + tlsCerts, err = r.retrieveTLSCerts() + if err != nil { + return err + } } httpClient = apmhttp.WrapClient( commonhttp.Client(r.dialer, tlsCerts, 0), From 9713e5241b9d69553a1126b1e84a94382a264c34 Mon Sep 17 00:00:00 2001 From: Thibault Richard Date: Fri, 16 Dec 2022 16:04:41 +0100 Subject: [PATCH 2/2] Transform ent no tls e2e test to test version upgrade --- test/e2e/ent/ent_test.go | 41 +++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/test/e2e/ent/ent_test.go b/test/e2e/ent/ent_test.go index f70144451f..d9ba54c546 100644 --- a/test/e2e/ent/ent_test.go +++ b/test/e2e/ent/ent_test.go @@ -33,21 +33,6 @@ func TestEnterpriseSearchCrossNSAssociation(t *testing.T) { test.Sequence(nil, test.EmptySteps, esBuilder, entBuilder).RunSequential(t) } -func TestEnterpriseSearchTLSDisabled(t *testing.T) { - name := "test-ent-tls-disabled" - - esBuilder := elasticsearch.NewBuilder(name). - WithESMasterDataNodes(1, elasticsearch.DefaultResources). - WithRestrictedSecurityContext() - entBuilder := enterprisesearch.NewBuilder(name). - WithElasticsearchRef(esBuilder.Ref()). - WithNodeCount(1). - WithTLSDisabled(true). - WithRestrictedSecurityContext() - - test.Sequence(nil, test.EmptySteps, esBuilder, entBuilder).RunSequential(t) -} - func TestEnterpriseSearchVersionUpgradeToLatest7x(t *testing.T) { srcVersion := test.Ctx().ElasticStackVersion dstVersion := test.LatestReleasedVersion7x @@ -97,3 +82,29 @@ func TestEnterpriseSearchVersionUpgradeToLatest8x(t *testing.T) { // runs fine in the new version: it would fail to run if read-only mode wasn't toggled. test.RunMutations(t, []test.Builder{es, ent}, []test.Builder{esUpgraded, entUpgraded}) } + +func TestEnterpriseSearchTLSDisabledVersionUpgradeToLatest8x(t *testing.T) { + srcVersion, dstVersion := test.GetUpgradePathTo8x(test.Ctx().ElasticStackVersion) + + test.SkipInvalidUpgrade(t, srcVersion, dstVersion) + + name := "test-ent-notls-version-upgrade-8x" + es := elasticsearch.NewBuilder(name). + WithESMasterDataNodes(1, elasticsearch.DefaultResources). + WithVersion(srcVersion) + + ent := enterprisesearch.NewBuilder(name). + WithElasticsearchRef(es.Ref()). + WithNodeCount(2). + WithVersion(srcVersion). + WithTLSDisabled(true). + WithRestrictedSecurityContext() + + esUpgraded := es.WithVersion(dstVersion).WithMutatedFrom(&es) + entUpgraded := ent.WithVersion(dstVersion).WithMutatedFrom(&ent) + + // During the version upgrade, the operator will toggle Enterprise Search read-only mode. + // We don't verify this behaviour here. Instead, we just check Enterprise Search eventually + // runs fine in the new version: it would fail to run if read-only mode wasn't toggled. + test.RunMutations(t, []test.Builder{es, ent}, []test.Builder{esUpgraded, entUpgraded}) +}