test(backup-restore): Use truststore ConfigMap instead of TLS volumes

Author: siegfriedweber

tests/templates/kuttl/backup-restore/20-create-opensearch-1-admin-certificate.yaml

@@ -14,8 +14,6 @@ spec:
           volumeMounts:
             - name: script
               mountPath: /stackable/scripts
-            - name: tls
-              mountPath: /stackable/tls
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -34,19 +32,6 @@ spec:
           configMap:
             name: create-opensearch-1-admin-certificate-script
             defaultMode: 0o770
-        - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000

tests/templates/kuttl/backup-restore/22-create-testuser.yaml

@@ -49,18 +49,8 @@ spec:
           configMap:
             name: create-testuser-script
         - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
+          configMap:
+            name: truststore-pem
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000

tests/templates/kuttl/backup-restore/23-create-data.yaml

@@ -49,18 +49,8 @@ spec:
           configMap:
             name: create-data-script
         - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
+          configMap:
+            name: truststore-pem
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000

tests/templates/kuttl/backup-restore/30-create-snapshot.yaml

@@ -49,18 +49,8 @@ spec:
           configMap:
             name: create-snapshot-script
         - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
+          configMap:
+            name: truststore-pem
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000

tests/templates/kuttl/backup-restore/50-create-opensearch-2-admin-certificate.yaml

@@ -14,8 +14,6 @@ spec:
           volumeMounts:
             - name: script
               mountPath: /stackable/scripts
-            - name: tls
-              mountPath: /stackable/tls
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -34,19 +32,6 @@ spec:
           configMap:
             name: create-opensearch-2-admin-certificate-script
             defaultMode: 0o770
-        - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000

tests/templates/kuttl/backup-restore/61-restore-snapshot.yaml

@@ -49,18 +49,8 @@ spec:
           configMap:
             name: restore-snapshot-script
         - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
+          configMap:
+            name: truststore-pem
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000
@@ -108,27 +98,21 @@ data:
     # Restore snapshot
     snapshot = "test_snapshot"
 
-    try:
-      response = client.snapshot.restore(
-        repository='snapshot_repository',
-        snapshot=snapshot,
-        # Do not restore the following indices:
-        # - .opensearch_security will be restored with securityadmin.sh
-        # - .plugins-ml-config already was created by the plugin
-        # - .opensearch-sap-log-types-config already was created by the plugin
-        #
-        # see also https://github.com/opensearch-project/security-analytics/issues/1352
-        body={
-          'indices': ','.join([
-            '-.opendistro_security',
-            '-.plugins-ml-config',
-            '-.opensearch-sap-log-types-config'
-          ])
-        }
-      )
-      print(f'Restoring snapshot; {response=}')
-    except RequestError as err:
-      if err.error == 'invalid_snapshot_name_exception':
-        print(f'The snapshot was already restored in a prior test run; {snapshot=}')
-      else:
-        raise
+    response = client.snapshot.restore(
+      repository='snapshot_repository',
+      snapshot=snapshot,
+      # Do not restore the following indices:
+      # - .opensearch_security will be restored with securityadmin.sh
+      # - .plugins-ml-config already was created by the plugin
+      # - .opensearch-sap-log-types-config already was created by the plugin
+      #
+      # see also https://github.com/opensearch-project/security-analytics/issues/1352
+      body={
+        'indices': ','.join([
+          '-.opendistro_security',
+          '-.plugins-ml-config',
+          '-.opensearch-sap-log-types-config'
+        ])
+      }
+    )
+    print(f'Restoring snapshot; {response=}')

tests/templates/kuttl/backup-restore/70-test-opensearch-2.yaml

@@ -49,18 +49,8 @@ spec:
           configMap:
             name: test-opensearch-2
         - name: tls
-          ephemeral:
-            volumeClaimTemplate:
-              metadata:
-                annotations:
-                  secrets.stackable.tech/class: tls
-              spec:
-                storageClassName: secrets.stackable.tech
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: "1"
+          configMap:
+            name: truststore-pem
       serviceAccountName: test-service-account
       securityContext:
         fsGroup: 1000