chore: Fix tests, partially by fixing reporting-task

CHANGELOG.md

@@ -7,7 +7,7 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Add rolling upgrade support for upgrades between NiFi 2 versions ([#771]).
-- BREAKING: Added Listener support for NiFi ([#784], [#819]).
+- BREAKING: Added Listener support for NiFi ([#784], [#818], [#819]).
 - Adds new telemetry CLI arguments and environment variables ([#782]).
   - Use `--file-log-max-files` (or `FILE_LOG_MAX_FILES`) to limit the number of log files kept.
   - Use `--file-log-rotation-period` (or `FILE_LOG_ROTATION_PERIOD`) to configure the frequency of rotation.
@@ -69,6 +69,7 @@ All notable changes to this project will be documented in this file.
 [#801]: https://github.com/stackabletech/nifi-operator/pull/801
 [#808]: https://github.com/stackabletech/nifi-operator/pull/808
 [#817]: https://github.com/stackabletech/nifi-operator/pull/817
+[#818]: https://github.com/stackabletech/nifi-operator/pull/818
 [#819]: https://github.com/stackabletech/nifi-operator/pull/819
 
 ## [25.3.0] - 2025-03-21

docs/modules/nifi/pages/usage_guide/monitoring.adoc

@@ -95,6 +95,9 @@ stringData:
 ----
 
 If you want to use a `ServiceMonitor` you'd need to configure it as follows:
+
+// TODO: The ServiceMonitor should be switched to the -metrics service
+
 [source,yaml]
 ----
 ---

rust/operator-binary/src/controller.rs

@@ -1350,7 +1350,7 @@ async fn build_node_rolegroup_statefulset(
                 vec![&build_reporting_task_service_name(&nifi_cluster_name)],
                 SecretFormat::TlsPkcs12,
                 &requested_secret_lifetime,
-                LISTENER_VOLUME_NAME,
+                Some(LISTENER_VOLUME_NAME),
             )
             .context(SecuritySnafu)?,
         )

rust/operator-binary/src/reporting_task/mod.rs

@@ -51,7 +51,6 @@ use stackable_operator::{
 use crate::{
     controller::build_recommended_labels,
     crd::{APP_NAME, HTTPS_PORT, HTTPS_PORT_NAME, METRICS_PORT, NifiRole, v1alpha1},
-    listener::LISTENER_VOLUME_NAME,
     security::{
         authentication::{NifiAuthenticationConfig, STACKABLE_ADMIN_USERNAME},
         build_tls_volume,
@@ -357,7 +356,8 @@ fn build_reporting_task_job(
                 // There is no correct way to configure this job since it's an implementation detail.
                 // Also it will be dropped when support for 1.x is removed.
                 &Duration::from_days_unchecked(1),
-                LISTENER_VOLUME_NAME,
+                // There is no listener volume we could get certs for
+                None,
             )
             .context(SecretVolumeBuildFailureSnafu)?,
         )

rust/operator-binary/src/security/mod.rs

@@ -50,7 +50,7 @@ pub fn build_tls_volume(
     service_scopes: Vec<&str>,
     secret_format: SecretFormat,
     requested_secret_lifetime: &Duration,
-    listener_scope: &str,
+    listener_scope: Option<&str>,
 ) -> Result<Volume> {
     tls::build_tls_volume(
         nifi,

rust/operator-binary/src/security/tls.rs

@@ -27,24 +27,25 @@ pub(crate) fn build_tls_volume(
     service_scopes: Vec<&str>,
     secret_format: SecretFormat,
     requested_secret_lifetime: &Duration,
-    listener_scope: &str,
+    listener_scope: Option<&str>,
 ) -> Result<Volume> {
     let mut secret_volume_source_builder =
         SecretOperatorVolumeSourceBuilder::new(nifi.server_tls_secret_class());
 
     if secret_format == SecretFormat::TlsPkcs12 {
         secret_volume_source_builder.with_tls_pkcs12_password(STACKABLE_TLS_STORE_PASSWORD);
     }
-
     for scope in service_scopes {
         secret_volume_source_builder.with_service_scope(scope);
     }
+    if let Some(listener_scope) = listener_scope {
+        secret_volume_source_builder.with_listener_volume_scope(listener_scope);
+    }
 
     Ok(VolumeBuilder::new(volume_name)
         .ephemeral(
             secret_volume_source_builder
                 .with_pod_scope()
-                .with_listener_volume_scope(listener_scope)
                 .with_format(secret_format)
                 .with_auto_tls_cert_lifetime(*requested_secret_lifetime)
                 .build()

tests/templates/kuttl/iceberg/60_nifi-flow-with-kerberos.json

@@ -653,7 +653,7 @@
                 "properties": {
                     "AWS Credentials Provider service": "d9e8d00a-c387-3064-add2-c6060f158ae7",
                     "hadoop-config-resources": "/stackable/userdata/hdfs-config/core-site.xml,/stackable/userdata/hdfs-config/hdfs-site.xml,/stackable/userdata/hive-config/hive-site.xml",
-                    "hive-metastore-uri": "thrift://hive:9083",
+                    "hive-metastore-uri": "thrift://hive-metastore:9083",
                     "s3-endpoint": "https://minio.${NAMESPACE}.svc.cluster.local:9000",
                     "s3-path-style-access": "true",
                     "warehouse-location": "s3a://demo/lakehouse"

tests/templates/kuttl/iceberg/60_nifi-flow-without-kerberos.json

@@ -593,7 +593,7 @@
                 "properties": {
                     "AWS Credentials Provider service": "d9e8d00a-c387-3064-add2-c6060f158ae7",
                     "hadoop-config-resources": "/stackable/userdata/hdfs-config/core-site.xml,/stackable/userdata/hdfs-config/hdfs-site.xml",
-                    "hive-metastore-uri": "thrift://hive:9083",
+                    "hive-metastore-uri": "thrift://hive-metastore:9083",
                     "s3-endpoint": "https://minio.${NAMESPACE}.svc.cluster.local:9000",
                     "s3-path-style-access": "true",
                     "warehouse-location": "s3a://demo/lakehouse"

tests/templates/kuttl/iceberg/README.md

@@ -25,7 +25,7 @@ index 09783fa..23c679f 100644
 @@ -483,7 +485,7 @@
                  "properties": {
                      "AWS Credentials Provider service": "d9e8d00a-c387-3064-add2-c6060f158ae7",
-                     "hive-metastore-uri": "thrift://hive:9083",
+                     "hive-metastore-uri": "thrift://hive-metastore:9083",
 -                    "s3-endpoint": "https://minio.kuttl-test-patient-tarpon.svc.cluster.local:9000",
 +                    "s3-endpoint": "https://minio.${NAMESPACE}.svc.cluster.local:9000",
                      "s3-path-style-access": "true",

tests/templates/kuttl/smoke_v1/test_nifi_metrics.py

@@ -39,13 +39,13 @@
     port = args["port"]
     timeout = int(args["timeout"])
 
-    url = f"http://nifi-node-default-0.nifi-node-default-headless.{namespace}.svc.cluster.local:{port}/metrics"
+    url = f"http://nifi-node-default-metrics.{namespace}.svc.cluster.local:{port}/metrics/"
 
     # wait for 'timeout' seconds
     t_end = time.time() + timeout
     while time.time() < t_end:
         try:
-            response = requests.post(url)
+            response = requests.get(url)
             response.raise_for_status()
             if metric_name in response.text:
                 print("Test metrics succeeded!")

tests/templates/kuttl/upgrade/test_nifi_metrics.py

@@ -39,7 +39,7 @@
     port = args["port"]
     timeout = int(args["timeout"])
 
-    url = f"http://test-nifi-node-default-0.test-nifi-node-default-headless.{namespace}.svc.cluster.local:{port}/metrics"
+    url = f"http://test-nifi-node-default-metrics.{namespace}.svc.cluster.local:{port}/metrics"
 
     # wait for 'timeout' seconds
     t_end = time.time() + timeout