fix: Properly set additionalTrustBundle for Nutanix CCM

The helm values template contained an error meaning that the
additionalTrustBundle setting would have been templated as part of the
Helm install, rather than the CAAPH addon deployment, meaning that
specifying an additional trust bundle would not work for Nutanix CCM
deployments.

This commit fixes that and adds tests that use the same template as the
CAAPH addon would do from the Helm chart to ensure that the template is
now correct.

Author: jimmidyson

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/nutanix/manifests/helm-addon-installation.yaml

@@ -12,9 +12,9 @@ data:
     prismCentralEndPoint: {{ `{{ .PrismCentralHost }}` }}
     prismCentralPort: {{ `{{ .PrismCentralPort }}` }}
     prismCentralInsecure: {{ `{{ .PrismCentralInsecure }}` }}
-    {{- with .PrismCentralAdditionalTrustBundle }}
-    prismCentralAdditionalTrustBundle: {{ `{{ . }}` }}
-    {{- end }}
+    {{ `{{- with .PrismCentralAdditionalTrustBundle }}` }}
+    prismCentralAdditionalTrustBundle: {{ `{{ printf "%q" . }}` }}
+    {{ `{{- end }}` }}
 
     # The Secret containing the credentials will be created by the handler.
     createSecret: false

pkg/handlers/generic/lifecycle/ccm/nutanix/handler_test.go

@@ -4,27 +4,25 @@
 package nutanix
 
 import (
+	"bytes"
 	"fmt"
+	"os/exec"
+	"path/filepath"
+	"strings"
 	"testing"
+	"text/template"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"sigs.k8s.io/yaml"
 
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
 	apivariables "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
 )
 
 const (
-	in = `---
-prismCentralEndPoint: {{ .PrismCentralHost }}
-prismCentralPort: {{ .PrismCentralPort }}
-prismCentralInsecure: {{ .PrismCentralInsecure }}
-prismCentralAdditionalTrustBundle: "{{ or .PrismCentralAdditionalTrustBundle "" }}"
-
-# The Secret containing the credentials will be created by the handler.
-createSecret: false
-secretName: nutanix-ccm-credentials
-`
 	//nolint:lll // just a long string
 	testCertBundle = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjekNDQTF1Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRUUZBRC4uQWtHQTFVRUJoTUNSMEl4CkV6QVJCZ05WQkFnVENsTnZiV1V0VTNSaGRHVXhGREFTQmdOVkJBb1RDMC4uMEVnVEhSa01UY3dOUVlEClZRUUxFeTVEYkdGemN5QXhJRkIxWW14cFl5QlFjbWx0WVhKNUlFTmxjbi4uWFJwYjI0Z1FYVjBhRzl5CmFYUjVNUlF3RWdZRFZRUURFd3RDWlhOMElFTkJJRXgwWkRBZUZ3MHdNRC4uVFV3TVRaYUZ3MHdNVEF5Ck1EUXhPVFV3TVRaYU1JR0hNUXN3Q1FZRFZRUUdFd0pIUWpFVE1CRUdBMS4uMjl0WlMxVGRHRjBaVEVVCk1CSUdBMVVFQ2hNTFFtVnpkQ0JEUVNCTWRHUXhOekExQmdOVkJBc1RMay4uREVnVUhWaWJHbGpJRkJ5CmFXMWhjbmtnUTJWeWRHbG1hV05oZEdsdmJpQkJkWFJvYjNKcGRIa3hGRC4uQU1UQzBKbGMzUWdRMEVnClRIUmtNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZy4uVHoybXI3U1ppQU1mUXl1CnZCak05T2lKalJhelhCWjFCalA1Q0UvV20vUnI1MDBQUksrTGg5eDVlSi4uL0FOQkUwc1RLMFpzREdNCmFrMm0xZzdvcnVJM2RZM1ZIcUl4RlR6MFRhMWQrTkFqd25MZTRuT2I3Ly4uazA1U2hoQnJKR0JLS3hiCjhuMTA0by81cDhIQXNaUGR6YkZNSXlOakp6Qk0ybzV5NUExM3dpTGl0RS4uZnlZa1F6YXhDdzBBd3psCmtWSGlJeUN1YUY0d2o1NzFwU3prdjZzdis0SURNYlQvWHBDbzhMNndUYS4uc2grZXRMRDZGdFRqWWJiCnJ2WjhSUU0xdGxLZG9NSGcycXhyYUFWKytITkJZbU5XczBkdUVkalViSi4uWEk5VHRuUzRvMUNrajdQCk9mbGppUUlEQVFBQm80SG5NSUhrTUIwR0ExVWREZ1FXQkJROHVyTUNSTC4uNUFrSXA5TkpISnc1VENCCnRBWURWUjBqQklHc01JR3BnQlE4dXJNQ1JMWVlNSFVLVTVBa0lwOU5KSC4uYVNCaWpDQmh6RUxNQWtHCkExVUVCaE1DUjBJeEV6QVJCZ05WQkFnVENsTnZiV1V0VTNSaGRHVXhGRC4uQW9UQzBKbGMzUWdRMEVnClRIUmtNVGN3TlFZRFZRUUxFeTVEYkdGemN5QXhJRkIxWW14cFl5QlFjbS4uRU5sY25ScFptbGpZWFJwCmIyNGdRWFYwYUc5eWFYUjVNUlF3RWdZRFZRUURFd3RDWlhOMElFTkJJRS4uREFNQmdOVkhSTUVCVEFECkFRSC9NQTBHQ1NxR1NJYjNEUUVCQkFVQUE0SUJBUUMxdVlCY3NTbmN3QS4uRENzUWVyNzcyQzJ1Y3BYCnhRVUUvQzBwV1dtNmdEa3dkNUQwRFNNREpScVYvd2VvWjR3QzZCNzNmNS4uYkxoR1lIYVhKZVNENktyClhjb093TGRTYUdtSllzbExLWkIzWklERXAwd1lUR2hndGViNkpGaVR0bi4uc2YyeGRyWWZQQ2lJQjdnCkJNQVY3R3pkYzRWc3BTNmxqckFoYmlpYXdkQmlRbFFtc0JlRno5SmtGNC4uYjNsOEJvR04rcU1hNTZZCkl0OHVuYTJnWTRsMk8vL29uODhyNUlXSmxtMUwwb0E4ZTRmUjJ5ckJIWC4uYWRzR2VGS2t5TnJ3R2kvCjd2UU1mWGRHc1JyWE5HUkduWCt2V0RaMy96V0kwam9EdENrTm5xRXBWbi4uSG9YCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0="
 )
@@ -39,24 +37,61 @@ prismCentralAdditionalTrustBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVj
 
 # The Secret containing the credentials will be created by the handler.
 createSecret: false
-secretName: nutanix-ccm-credentials
-`
+secretName: nutanix-ccm-credentials`
 
 	expectedWithoutAdditionalTrustBundle = `---
 prismCentralEndPoint: prism-central.nutanix.com
 prismCentralPort: 9440
 prismCentralInsecure: true
-prismCentralAdditionalTrustBundle: ""
 
 # The Secret containing the credentials will be created by the handler.
 createSecret: false
-secretName: nutanix-ccm-credentials
-`
+secretName: nutanix-ccm-credentials`
+)
+
+var templateFile = filepath.Join(
+	moduleRootDir(),
+	"charts",
+	"cluster-api-runtime-extensions-nutanix",
+	"templates",
+	"ccm",
+	"nutanix",
+	"manifests",
+	"helm-addon-installation.yaml",
 )
 
 func Test_templateValues(t *testing.T) {
 	t.Parallel()
 
+	// Mimic the Helm templating using dummy values.
+	templateData := map[string]interface{}{}
+	require.NoError(
+		t,
+		unstructured.SetNestedField(
+			templateData,
+			true,
+			"Values",
+			"hooks",
+			"ccm",
+			"nutanix",
+			"helmAddonStrategy",
+			"defaultValueTemplateConfigMap",
+			"create",
+		),
+	)
+	var templatedBytes bytes.Buffer
+	require.NoError(
+		t,
+		template.Must(
+			template.New(
+				"helm-addon-installation.yaml").ParseFiles(templateFile),
+		).Execute(&templatedBytes, templateData),
+	)
+	cm := &corev1.ConfigMap{}
+	require.NoError(t, yaml.UnmarshalStrict(templatedBytes.Bytes(), cm))
+
+	valuesTemplate := cm.Data["values.yaml"]
+
 	tests := []struct {
 		name          string
 		clusterConfig *apivariables.ClusterConfigSpec
@@ -88,7 +123,7 @@ func Test_templateValues(t *testing.T) {
 					},
 				},
 			},
-			in:       in,
+			in:       valuesTemplate,
 			expected: expectedWithAdditionalTrustBundle,
 		},
 		{
@@ -115,7 +150,7 @@ func Test_templateValues(t *testing.T) {
 					},
 				},
 			},
-			in:       in,
+			in:       valuesTemplate,
 			expected: expectedWithoutAdditionalTrustBundle,
 		},
 	}
@@ -129,3 +164,21 @@ func Test_templateValues(t *testing.T) {
 		})
 	}
 }
+
+func moduleRootDir() string {
+	cmd := exec.Command("go", "list", "-m", "-f", "{{ .Dir }}")
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		// We include the combined output because the error is usually
+		// an exit code, which does not explain why the command failed.
+		panic(
+			fmt.Sprintf("cmd.Dir=%q, cmd.Env=%q, cmd.Args=%q, err=%q, output=%q",
+				cmd.Dir,
+				cmd.Env,
+				cmd.Args,
+				err,
+				out),
+		)
+	}
+	return strings.TrimSpace(string(out))
+}