Precheck to verify the correct license secret exists when using an en…

…t image. (#875) * added checkValidEnterprise to check and validate an enterprise installation Co-authored-by: Iryna Shustava <[email protected]> Co-authored-by: Nitya Dhanushkodi <[email protected]>
hashicorp · Nov 30, 2021 · 98585af · 98585af
1 parent 0bb6a44
commit 98585af
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## UNRELEASED
 
+IMPROVEMENTS:
+* CLI
+   * Pre-check in the `install` command to verify the correct license secret exists when using an enterprise Consul image. [[GH-875](https://github.com/hashicorp/consul-k8s/pull/875)]
+
 ## 0.37.0 (November 18, 2021)
 
 BREAKING CHANGES:

diff --git a/cli/cmd/install/install.go b/cli/cmd/install/install.go
@@ -3,6 +3,7 @@ package install
 import (
 	"errors"
 	"fmt"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"os"
 	"strings"
 	"sync"
@@ -174,6 +175,20 @@ func (c *Command) init() {
 	c.Init()
 }
 
+type helmValues struct {
+	Global globalValues `yaml:"global"`
+}
+
+type globalValues struct {
+	Image             string            `yaml:"image"`
+	EnterpriseLicense enterpriseLicense `yaml:"enterpriseLicense"`
+}
+
+type enterpriseLicense struct {
+	SecretName string `yaml:"secretName"`
+	SecretKey  string `yaml:"secretKey"`
+}
+
 func (c *Command) Run(args []string) int {
 	c.once.Do(c.init)
 
@@ -267,6 +282,22 @@ func (c *Command) Run(args []string) int {
 		return 1
 	}
 
+	var v helmValues
+	err = yaml.Unmarshal(valuesYaml, &v)
+	if err != nil {
+		c.UI.Output(err.Error(), terminal.WithErrorStyle())
+		return 1
+	}
+
+	// If an enterprise license secret was provided check that the secret exists
+	// and that the enterprise Consul image is set.
+	if v.Global.EnterpriseLicense.SecretName != "" {
+		if err := c.checkValidEnterprise(v.Global.EnterpriseLicense.SecretName, v.Global.Image); err != nil {
+			c.UI.Output(err.Error(), terminal.WithErrorStyle())
+			return 1
+		}
+	}
+
 	// Print out the installation summary.
 	if !c.flagAutoApprove {
 		c.UI.Output("Consul Installation Summary", terminal.WithHeaderStyle())
@@ -501,3 +532,21 @@ func validLabel(s string) bool {
 	}
 	return true
 }
+
+// checkValidEnterprise checks and validates an enterprise installation.
+// When an enterprise license secret is provided, check that the secret exists
+// in the "consul" namespace, and that the enterprise Consul image is provided.
+func (c *Command) checkValidEnterprise(secretName string, image string) error {
+
+	_, err := c.kubernetes.CoreV1().Secrets(c.flagNamespace).Get(c.Ctx, secretName, metav1.GetOptions{})
+	if k8serrors.IsNotFound(err) {
+		return fmt.Errorf("enterprise license secret %q is not found in the %q namespace; please make sure that the secret exists in the %q namespace", secretName, c.flagNamespace, c.flagNamespace)
+	} else if err != nil {
+		return fmt.Errorf("error getting the enterprise license secret %q in the %q namespace: %s", secretName, c.flagNamespace, err)
+	}
+	if !strings.Contains(image, "-ent") {
+		return fmt.Errorf("enterprise Consul image is not provided when enterprise license secret is set: %s", image)
+	}
+	c.UI.Output("Valid enterprise Consul image and secret found.", terminal.WithSuccessStyle())
+	return nil
+}
diff --git a/cli/cmd/install/install_test.go b/cli/cmd/install/install_test.go
@@ -187,3 +187,39 @@ func getInitializedCommand(t *testing.T) *Command {
 	c.init()
 	return c
 }
+
+func TestCheckValidEnterprise(t *testing.T) {
+	c := getInitializedCommand(t)
+	c.kubernetes = fake.NewSimpleClientset()
+	secret := &v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "consul-secret",
+		},
+	}
+	secret2 := &v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "consul-secret2",
+		},
+	}
+
+	// Enterprise secret and image are valid.
+	c.kubernetes.CoreV1().Secrets("consul").Create(context.Background(), secret, metav1.CreateOptions{})
+	err := c.checkValidEnterprise(secret.Name, "consul-enterprise:-ent")
+	require.NoError(t, err)
+
+	// Enterprise secret provided but not an enterprise image.
+	err = c.checkValidEnterprise(secret.Name, "consul:")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "enterprise Consul image is not provided")
+
+	// Enterprise secret does not exist.
+	err = c.checkValidEnterprise("consul-unrelated-secret", "consul-enterprise:-ent")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "please make sure that the secret exists")
+
+	// Enterprise secret exists in a different namespace.
+	c.kubernetes.CoreV1().Secrets("unrelated").Create(context.Background(), secret2, metav1.CreateOptions{})
+	err = c.checkValidEnterprise(secret2.Name, "consul-enterprise:-ent")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "please make sure that the secret exists")
+}