ARO-4373 change OIDCIssuer field to pointer

2024-06-13 11:51:52 -04:00 · 2024-06-13 11:51:52 -04:00 · a485dcbf50
--- a/pkg/api/admin/openshiftcluster.go
+++ b/pkg/api/admin/openshiftcluster.go
@ -134,7 +134,7 @@ type ClusterProfile struct {
 	Version              string               `json:"version,omitempty"`
 	ResourceGroupID      string               `json:"resourceGroupId,omitempty"`
 	FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"`
-	OIDCIssuer           OIDCIssuer           `json:"oidcIssuer,omitempty"`
+	OIDCIssuer           *OIDCIssuer          `json:"oidcIssuer,omitempty"`
 }

 // FeatureProfile represents a feature profile.
--- a/pkg/api/admin/openshiftcluster_convert.go
+++ b/pkg/api/admin/openshiftcluster_convert.go
@ -5,6 +5,7 @@ package admin

 import (
 	"github.com/Azure/ARO-RP/pkg/api"
+	"github.com/Azure/ARO-RP/pkg/util/pointerutils"
 )

 type openShiftClusterConverter struct{}
@ -37,7 +38,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac
 				Version:              oc.Properties.ClusterProfile.Version,
 				ResourceGroupID:      oc.Properties.ClusterProfile.ResourceGroupID,
 				FipsValidatedModules: FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules),
-				OIDCIssuer:           OIDCIssuer(oc.Properties.ClusterProfile.OIDCIssuer),
 			},
 			FeatureProfile: FeatureProfile{
 				GatewayEnabled: oc.Properties.FeatureProfile.GatewayEnabled,
@ -208,6 +208,10 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac
 		}
 	}

+	if oc.Properties.ClusterProfile.OIDCIssuer != nil {
+		out.Properties.ClusterProfile.OIDCIssuer = pointerutils.ToPtr(OIDCIssuer(*oc.Properties.ClusterProfile.OIDCIssuer))
+	}
+
 	out.Properties.HiveProfile = HiveProfile{
 		Namespace:     oc.Properties.HiveProfile.Namespace,
 		CreatedByHive: oc.Properties.HiveProfile.CreatedByHive,
--- a/pkg/api/openshiftcluster.go
+++ b/pkg/api/openshiftcluster.go
@ -263,7 +263,7 @@ type ClusterProfile struct {
 	Version                       string               `json:"version,omitempty"`
 	ResourceGroupID               string               `json:"resourceGroupId,omitempty"`
 	FipsValidatedModules          FipsValidatedModules `json:"fipsValidatedModules,omitempty"`
-	OIDCIssuer                    OIDCIssuer           `json:"oidcIssuer,omitempty"`
+	OIDCIssuer                    *OIDCIssuer          `json:"oidcIssuer,omitempty"`
 	BoundServiceAccountSigningKey *SecureString        `json:"boundServiceAccountSigningKey,omitempty"`
 }

--- a/pkg/api/v20240812preview/openshiftcluster.go
+++ b/pkg/api/v20240812preview/openshiftcluster.go
@ -125,7 +125,7 @@ type ClusterProfile struct {
 	FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"`

 	// The URL of the managed OIDC issuer in a workload identity cluster.
-	OIDCIssuer OIDCIssuer `json:"oidcIssuer,omitempty"`
+	OIDCIssuer *OIDCIssuer `json:"oidcIssuer,omitempty"`
 }

 // ConsoleProfile represents a console profile.
--- a/pkg/api/v20240812preview/openshiftcluster_convert.go
+++ b/pkg/api/v20240812preview/openshiftcluster_convert.go
@ -5,6 +5,7 @@ package v20240812preview

 import (
 	"github.com/Azure/ARO-RP/pkg/api"
+	"github.com/Azure/ARO-RP/pkg/util/pointerutils"
 )

 type openShiftClusterConverter struct{}
@ -27,7 +28,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac
 				Version:              oc.Properties.ClusterProfile.Version,
 				ResourceGroupID:      oc.Properties.ClusterProfile.ResourceGroupID,
 				FipsValidatedModules: FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules),
-				OIDCIssuer:           OIDCIssuer(oc.Properties.ClusterProfile.OIDCIssuer),
 			},
 			ConsoleProfile: ConsoleProfile{
 				URL: oc.Properties.ConsoleProfile.URL,
@ -157,6 +157,10 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac
 		}
 	}

+	if oc.Properties.ClusterProfile.OIDCIssuer != nil {
+		out.Properties.ClusterProfile.OIDCIssuer = pointerutils.ToPtr(OIDCIssuer(*oc.Properties.ClusterProfile.OIDCIssuer))
+	}
+
 	out.SystemData = &SystemData{
 		CreatedBy:          oc.SystemData.CreatedBy,
 		CreatedAt:          oc.SystemData.CreatedAt,
--- a/pkg/api/v20240812preview/openshiftcluster_example.go
+++ b/pkg/api/v20240812preview/openshiftcluster_example.go
@ -78,7 +78,7 @@ func ExampleOpenShiftClusterPutParameter() interface{} {
 func ExampleOpenShiftClusterGetResponse() interface{} {
 	oc := exampleOpenShiftCluster()
 	oc.Properties.ClusterProfile.PullSecret = ""
-	oc.Properties.ClusterProfile.OIDCIssuer = ""
+	oc.Properties.ClusterProfile.OIDCIssuer = nil
 	oc.Properties.ServicePrincipalProfile.ClientSecret = ""
 	oc.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{
 		EffectiveOutboundIPs: []EffectiveOutboundIP{
--- a/pkg/cluster/deploybaseresources.go
+++ b/pkg/cluster/deploybaseresources.go
@ -72,7 +72,7 @@ func (m *manager) createOIDC(ctx context.Context) error {
 	}

 	m.doc, err = m.db.PatchWithLease(ctx, m.doc.Key, func(doc *api.OpenShiftClusterDocument) error {
-		doc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer = api.OIDCIssuer(oidcBuilder.GetEndpointUrl())
+		doc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer = pointerutils.ToPtr(api.OIDCIssuer(oidcBuilder.GetEndpointUrl()))
 		doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = pointerutils.ToPtr(api.SecureString(oidcBuilder.GetPrivateKey()))
 		return nil
 	})
--- a/pkg/cluster/deploybaseresources_test.go
+++ b/pkg/cluster/deploybaseresources_test.go
@ -35,6 +35,7 @@ import (
 	mock_env "github.com/Azure/ARO-RP/pkg/util/mocks/env"
 	mock_subnet "github.com/Azure/ARO-RP/pkg/util/mocks/subnet"
 	"github.com/Azure/ARO-RP/pkg/util/oidcbuilder"
+	"github.com/Azure/ARO-RP/pkg/util/pointerutils"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
 	uuidfake "github.com/Azure/ARO-RP/pkg/util/uuid/fake"
 	testdatabase "github.com/Azure/ARO-RP/test/database"
@ -1415,7 +1416,7 @@ func TestCreateOIDC(t *testing.T) {
 		name                              string
 		oc                                *api.OpenShiftClusterDocument
 		mocks                             func(*mock_azblob.MockManager, *mock_env.MockInterface, *mock_azblob.MockAZBlobClient)
-		wantedOIDCIssuer                  string
+		wantedOIDCIssuer                  *api.OIDCIssuer
 		wantErr                           string
 		wantBoundServiceAccountSigningKey bool
 	}{
@ -1435,6 +1436,7 @@ func TestCreateOIDC(t *testing.T) {
 					},
 				},
 			},
+			wantedOIDCIssuer:                  nil,
 			wantBoundServiceAccountSigningKey: false,
 		},
 		{
@ -1450,6 +1452,7 @@ func TestCreateOIDC(t *testing.T) {
 					},
 				},
 			},
+			wantedOIDCIssuer:                  nil,
 			wantBoundServiceAccountSigningKey: false,
 		},
 		{
@ -1477,7 +1480,7 @@ func TestCreateOIDC(t *testing.T) {
 				azblobClient.EXPECT().UploadBuffer(gomock.Any(), "", oidcbuilder.JWKSKey, gomock.Any()).Return(nil)
 				blob.EXPECT().GetAZBlobClient(gomock.Any(), &azblob.ClientOptions{}).Return(azblobClient, nil)
 			},
-			wantedOIDCIssuer:                  prodOIDCIssuer,
+			wantedOIDCIssuer:                  pointerutils.ToPtr(api.OIDCIssuer(prodOIDCIssuer)),
 			wantBoundServiceAccountSigningKey: true,
 		},
 		{
@ -1505,7 +1508,7 @@ func TestCreateOIDC(t *testing.T) {
 				azblobClient.EXPECT().UploadBuffer(gomock.Any(), "", oidcbuilder.JWKSKey, gomock.Any()).Return(nil)
 				blob.EXPECT().GetAZBlobClient(gomock.Any(), &azblob.ClientOptions{}).Return(azblobClient, nil)
 			},
-			wantedOIDCIssuer:                  devOIDCIssuer,
+			wantedOIDCIssuer:                  pointerutils.ToPtr(api.OIDCIssuer(devOIDCIssuer)),
 			wantBoundServiceAccountSigningKey: true,
 		},
 		{
@ -1628,8 +1631,16 @@ func TestCreateOIDC(t *testing.T) {
 				t.Fatal(err)
 			}

-			if string(checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer) != tt.wantedOIDCIssuer {
-				t.Fatalf("OIDC Issuer URL - %s != %s (wanted)", checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer, tt.wantedOIDCIssuer)
+			if tt.wantedOIDCIssuer == nil && checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer != nil {
+				t.Fatalf("Expected OIDC Issuer URL as nil but got a value as %s", *checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer)
+			}
+
+			if tt.wantedOIDCIssuer != nil && checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer == nil {
+				t.Fatalf("OIDC Issuer URL isn't as expected, wanted %s returned nil", *tt.wantedOIDCIssuer)
+			}
+
+			if tt.wantedOIDCIssuer != nil && checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer == nil && *tt.wantedOIDCIssuer != *checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer {
+				t.Fatalf("OIDC Issuer URL isn't as expected, wanted %s returned %s", *tt.wantedOIDCIssuer, *checkDoc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer)
 			}

 			if checkDoc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey == nil && tt.wantBoundServiceAccountSigningKey {