Fix failing ldap test (#410)

# Description

During resolving conflicts between #407 and #408 this line was not removed, thus creating (and overwriting!) the truststore *after* the ldap tls cert was added. Result was the ldap tls cert missing from the truststore

rust/operator-binary/src/druid_controller.rs

@@ -695,8 +695,24 @@ fn build_rolegroup_statefulset(
     let mut pb = PodBuilder::new();
     pb.affinity(&merged_rolegroup_config.affinity);
 
-    let mut prepare_container_commands = druid_tls_security.build_tls_key_stores_cmd();
     let mut main_container_commands = role.main_container_prepare_commands(s3_conn);
+    let mut prepare_container_commands = vec![];
+    if let Some(ContainerLogConfig {
+        choice: Some(ContainerLogConfigChoice::Automatic(log_config)),
+    }) = merged_rolegroup_config
+        .logging
+        .containers
+        .get(&Container::Prepare)
+    {
+        // This command needs to be added at the beginning of the shell commands,
+        // otherwise the output of the following commands will not be captured!
+        prepare_container_commands.push(product_logging::framework::capture_shell_output(
+            LOG_DIR,
+            &prepare_container_name,
+            log_config,
+        ));
+    }
+    prepare_container_commands.extend(druid_tls_security.build_tls_key_stores_cmd());
 
     if let Some(ldap_settings) = ldap_settings {
         // TODO: Connecting to an LDAP server without bind credentials does not seem to be configurable in Druid at the moment
@@ -736,22 +752,6 @@ fn build_rolegroup_statefulset(
         .resources
         .update_volumes_and_volume_mounts(&mut cb_druid, &mut pb);
 
-    if let Some(ContainerLogConfig {
-        choice: Some(ContainerLogConfigChoice::Automatic(log_config)),
-    }) = merged_rolegroup_config
-        .logging
-        .containers
-        .get(&Container::Prepare)
-    {
-        prepare_container_commands.push(product_logging::framework::capture_shell_output(
-            LOG_DIR,
-            &prepare_container_name,
-            log_config,
-        ));
-    }
-
-    prepare_container_commands.extend(druid_tls_security.build_tls_key_stores_cmd());
-
     cb_prepare
         .image_from_product_image(resolved_product_image)
         .command(vec!["/bin/bash".to_string(), "-c".to_string()])

tests/templates/kuttl/ldap-authentication/03-install-openldap.yaml.j2

@@ -1,77 +1,99 @@
 ---
-apiVersion: apps/v1
-kind: StatefulSet
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
 metadata:
   name: openldap
-  labels:
-    app.kubernetes.io/name: openldap
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: openldap
-  serviceName: openldap
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: openldap
-    spec:
-      containers:
-        - name: openldap
-          image: docker.io/bitnami/openldap:2.5
-          env:
-            - name: LDAP_ADMIN_USERNAME
-              value: admin
-            - name: LDAP_ADMIN_PASSWORD
-              value: admin
-            - name: LDAP_ENABLE_TLS
-              value: "yes"
-            - name: LDAP_TLS_CERT_FILE
-              value: /tls/tls.crt
-            - name: LDAP_TLS_KEY_FILE
-              value: /tls/tls.key
-            - name: LDAP_TLS_CA_FILE
-              value: /tls/ca.crt
+commands:
+  - script: |
+      kubectl apply -n $NAMESPACE -f - <<EOF
+      ---
+      apiVersion: secrets.stackable.tech/v1alpha1
+      kind: SecretClass
+      metadata:
+        name: openldap-tls-$NAMESPACE
+      spec:
+        backend:
+          autoTls:
+            ca:
+              autoGenerate: true
+              secret:
+                name: openldap-tls-ca
+                namespace: $NAMESPACE
+      ---
+      apiVersion: apps/v1
+      kind: StatefulSet
+      metadata:
+        name: openldap
+        labels:
+          app.kubernetes.io/name: openldap
+      spec:
+        selector:
+          matchLabels:
+            app.kubernetes.io/name: openldap
+        serviceName: openldap
+        replicas: 1
+        template:
+          metadata:
+            labels:
+              app.kubernetes.io/name: openldap
+          spec:
+            containers:
+              - name: openldap
+                image: docker.io/bitnami/openldap:2.5
+                env:
+                  - name: LDAP_ADMIN_USERNAME
+                    value: admin
+                  - name: LDAP_ADMIN_PASSWORD
+                    value: admin
+                  - name: LDAP_ENABLE_TLS
+                    value: "yes"
+                  - name: LDAP_TLS_CERT_FILE
+                    value: /tls/tls.crt
+                  - name: LDAP_TLS_KEY_FILE
+                    value: /tls/tls.key
+                  - name: LDAP_TLS_CA_FILE
+                    value: /tls/ca.crt
 {% if test_scenario['values']['ldap-no-bind-credentials'] == 'true' %}
-            - name: LDAP_ALLOW_ANON_BINDING
-              value: "yes"
+                  - name: LDAP_ALLOW_ANON_BINDING
+                    value: "yes"
 {% endif %}
-          ports:
-            - name: ldap
-              containerPort: 1389
-            - name: tls-ldap
-              containerPort: 1636
-          volumeMounts:
-            - name: tls
-              mountPath: /tls
-          startupProbe:
-            tcpSocket:
-              port: 1389
-          readinessProbe:
-            tcpSocket:
-              port: 1389
-      volumes:
-        - name: tls
-          csi:
-            driver: secrets.stackable.tech
-            volumeAttributes:
-              secrets.stackable.tech/class: openldap-tls
-              secrets.stackable.tech/scope: pod
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: openldap
-  labels:
-    app.kubernetes.io/name: openldap
-spec:
-  type: ClusterIP
-  ports:
-    - name: ldap
-      port: 1389
-      targetPort: ldap
-    - name: tls-ldap
-      port: 1636
-      targetPort: tls-ldap
-  selector:
-    app.kubernetes.io/name: openldap
+                ports:
+                  - name: ldap
+                    containerPort: 1389
+                  - name: tls-ldap
+                    containerPort: 1636
+                volumeMounts:
+                  - name: tls
+                    mountPath: /tls
+                startupProbe:
+                  tcpSocket:
+                    port: 1389
+                readinessProbe:
+                  tcpSocket:
+                    port: 1389
+            volumes:
+              - name: tls
+                csi:
+                  driver: secrets.stackable.tech
+                  volumeAttributes:
+                    secrets.stackable.tech/class: openldap-tls-$NAMESPACE
+                    secrets.stackable.tech/scope: pod
+      ---
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: openldap
+        labels:
+          app.kubernetes.io/name: openldap
+      spec:
+        type: ClusterIP
+        ports:
+          - name: ldap
+            port: 1389
+            targetPort: ldap
+          - name: tls-ldap
+            port: 1636
+            targetPort: tls-ldap
+        selector:
+          app.kubernetes.io/name: openldap
+      EOF

tests/templates/kuttl/ldap-authentication/05-openldap-authentication-class.yaml.j2 → tests/templates/kuttl/ldap-authentication/05-authentication-class.yaml.j2

@@ -26,7 +26,7 @@ commands:
               verification:
                 server:
                   caCert:
-                    secretClass: openldap-tls
+                    secretClass: openldap-tls-$NAMESPACE
 {% endif %}
 {% if test_scenario['values']['ldap-no-bind-credentials'] == 'true' %}
             bindCredentials: null