fix: correct ca certificate mounting (#56)

snyk · Dec 18, 2024 · 8d3a487 · 8d3a487
1 parent 6e3d099
commit 8d3a487
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 19 deletions.
diff --git a/snyk-universal-broker/templates/ca-secret.yaml b/snyk-universal-broker/templates/ca-secret.yaml
@@ -6,5 +6,5 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
 data:
-  caCert: {{ .Values.caCert | b64enc | nindent 4 }}
+  {{ .Values.caCertMount.name }}: {{ .Values.caCert | b64enc | nindent 4 }}
 {{- end }}
diff --git a/snyk-universal-broker/templates/statefulset.yaml b/snyk-universal-broker/templates/statefulset.yaml
@@ -119,7 +119,7 @@ spec:
           volumeMounts:
               {{- if or .Values.caCert .Values.caCertSecret.name }}
               - name: {{ .Release.Name }}-cacert-volume
-                mountPath: {{ printf "%s/%s" .Values.caCertMount.path .Values.caCertMount.name }}
+                mountPath: {{ .Values.caCertMount.path }}
                 readOnly: true
               {{- end }}
               {{- if or .Values.localWebServerSecret.name ( and (.Values.localWebServer.certificate) (.Values.localWebServer.key) ) }}

diff --git a/snyk-universal-broker/tests/certificate_trust_test.yaml b/snyk-universal-broker/tests/certificate_trust_test.yaml
@@ -15,26 +15,26 @@ tests:
     asserts:
       - contains:
           path: spec.template.spec.containers[0].env
-          content: 
+          content:
             name: CA_CERT
             value: /home/node/cacert/cacert
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.volumes
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            secret: 
+            secret:
               secretName: RELEASE-NAME-cacert-secret
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.containers[0].volumeMounts
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            mountPath: /home/node/cacert/cacert 
+            mountPath: /home/node/cacert
             readOnly: true
         template: statefulset.yaml
       - equal:
-          path: data.caCert
+          path: data.cacert
           value: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkZBS0UKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
         template: ca-secret.yaml
 
@@ -44,26 +44,26 @@ tests:
     asserts:
       - contains:
           path: spec.template.spec.containers[0].env
-          content: 
+          content:
             name: CA_CERT
             value: /home/node/cacert/cacert
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.volumes
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            secret: 
+            secret:
               secretName: RELEASE-NAME-cacert-secret
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.containers[0].volumeMounts
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            mountPath: /home/node/cacert/cacert 
+            mountPath: /home/node/cacert
             readOnly: true
         template: statefulset.yaml
       - equal:
-          path: data.caCert
+          path: data.cacert
           value: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkZBS0UKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkFOT1RIRVIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
         template: ca-secret.yaml
 
@@ -80,24 +80,24 @@ tests:
     asserts:
       - contains:
           path: spec.template.spec.containers[0].env
-          content: 
+          content:
             name: CA_CERT
             value: /home/node/cacert/cacert
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.volumes
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            secret: 
+            secret:
               secretName: corp-ca
               items:
               - key: ca.pem
                 path: cacert
         template: statefulset.yaml
       - contains:
           path: spec.template.spec.containers[0].volumeMounts
-          content: 
+          content:
             name: RELEASE-NAME-cacert-volume
-            mountPath: /home/node/cacert/cacert
+            mountPath: /home/node/cacert
             readOnly: true
         template: statefulset.yaml