diff --git a/backend/src/v2/compiler/argocompiler/container.go b/backend/src/v2/compiler/argocompiler/container.go index d412c08b59b0..14ed4f706796 100644 --- a/backend/src/v2/compiler/argocompiler/container.go +++ b/backend/src/v2/compiler/argocompiler/container.go @@ -29,6 +29,7 @@ import ( const ( volumeNameKFPLauncher = "kfp-launcher" + volumeNameCABundle = "ca-bundle" DefaultLauncherImage = "gcr.io/ml-pipeline/kfp-launcher@sha256:8fe5e6e4718f20b021736022ad3741ddf2abd82aa58c86ae13e89736fdc3f08f" LauncherImageEnvVar = "V2_LAUNCHER_IMAGE" DefaultDriverImage = "gcr.io/ml-pipeline/kfp-driver@sha256:3c0665cd36aa87e4359a4c8b6271dcba5bdd817815cd0496ed12eb5dde5fd2ec" @@ -395,7 +396,7 @@ func (c *workflowCompiler) addContainerExecutorTemplate(refName string) string { Value: sslCertDir, }) volume := k8score.Volume{ - Name: volumeNameCABUndle, + Name: volumeNameCABundle, VolumeSource: k8score.VolumeSource{ ConfigMap: &k8score.ConfigMapVolumeSource{ LocalObjectReference: k8score.LocalObjectReference{ @@ -408,7 +409,7 @@ func (c *workflowCompiler) addContainerExecutorTemplate(refName string) string { executor.Volumes = append(executor.Volumes, volume) volumeMount := k8score.VolumeMount{ - Name: volumeNameCABUndle, + Name: volumeNameCABundle, MountPath: caFile, SubPath: caBundleCfgMapKey, } diff --git a/backend/src/v2/compiler/argocompiler/container_test.go b/backend/src/v2/compiler/argocompiler/container_test.go index f242d87a188d..e382cb9b0c13 100644 --- a/backend/src/v2/compiler/argocompiler/container_test.go +++ b/backend/src/v2/compiler/argocompiler/container_test.go @@ -15,6 +15,7 @@ package argocompiler import ( + "os" "testing" wfapi "github.com/argoproj/argo-workflows/v3/pkg/apis/workflow/v1alpha1" @@ -22,6 +23,62 @@ import ( "github.com/stretchr/testify/assert" ) +func TestAddContainerExecutorTemplate(t *testing.T) { + // Setup the environment variables for testing + os.Setenv("EXECUTOR_CABUNDLE_CONFIGMAP_NAME", "kube-root-ca.crt") + os.Setenv("EXECUTOR_CABUNDLE_CONFIGMAP_KEY", "ca.crt") + os.Setenv("EXECUTOR_CABUNDLE_MOUNTPATH", "/etc/ssl/custom") + + defer func() { + // Clean up environment variables + os.Unsetenv("EXECUTOR_CABUNDLE_CONFIGMAP_NAME") + os.Unsetenv("EXECUTOR_CABUNDLE_CONFIGMAP_KEY") + os.Unsetenv("EXECUTOR_CABUNDLE_MOUNTPATH") + }() + + // Creating an instance of workflowCompiler with properly initialized members + c := &workflowCompiler{ + templates: make(map[string]*wfapi.Template), + wf: &wfapi.Workflow{ // Ensure this object is properly initialized if it's used in the function + Spec: wfapi.WorkflowSpec{ + Templates: []wfapi.Template{}, + }, + }, + } + + // Call the function with a reference name + templateName := c.addContainerExecutorTemplate("test-ref") + + // Check that the returned template name is expected + assert.NotEmpty(t, templateName, "Template name should not be empty") + // Check that the template name is stored in the compiler's template map + executorTemplate, exists := c.templates[templateName] + assert.True(t, exists, "Template should exist with the returned name") + assert.NotNil(t, executorTemplate, "Executor template should not be nil") + + // Check Volumes + expectedVolumeName := "ca-bundle" + foundVolume := false + for _, volume := range executorTemplate.Volumes { + if volume.Name == expectedVolumeName { + foundVolume = true + assert.Equal(t, "kube-root-ca.crt", volume.VolumeSource.ConfigMap.Name, "ConfigMap name should match") + } + } + assert.True(t, foundVolume, "CA bundle volume should be included in the template") + + // Check VolumeMounts in the container + foundVolumeMount := false + if executorTemplate.Container != nil { + for _, mount := range executorTemplate.Container.VolumeMounts { + if mount.Name == expectedVolumeName { + foundVolumeMount = true + assert.Equal(t, "/etc/ssl/custom/ca.crt", mount.MountPath, "Mount path should match the specified CABUNDLE MOUNTPATH and KEY") + } + } + } + assert.True(t, foundVolumeMount, "CA bundle volume mount should be included in the container") +} func Test_extendPodMetadata(t *testing.T) { tests := []struct { name string