add generic cloud creds secret logic

openshift · Oct 15, 2018 · 37d62e0 · 37d62e0
1 parent 8107502
commit 37d62e0
Show file tree

Hide file tree

Showing 5 changed files with 152 additions and 16 deletions.
diff --git a/pkg/asset/manifests/content/tectonic/aws-creds-secret-and-reader-role.go b/pkg/asset/manifests/content/tectonic/aws-creds-secret-and-reader-role.go
@@ -12,20 +12,20 @@ kind: Secret
 apiVersion: v1
 metadata:
   namespace: kube-system
-  name: aws-creds-secret
+  name: cloud-creds-secret
 data:
-  aws_access_key_id: {{.Base64encodeAWSaccessKeyID}}
-  aws_secret_access_key: {{.Base64encodeAWSsecretAccessKey}}
+  aws_access_key_id: {{.CloudCreds.AwsCredsData.Base64encodeAWSaccessKeyID}}
+  aws_secret_access_key: {{.CloudCreds.AwsCredsData.Base64encodeAWSsecretAccessKey}}
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   namespace: kube-system
-  name: aws-creds-secret-reader
+  name: cloud-creds-secret-reader
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
-  resourceNames: ["aws-creds-secret"]
+  resourceNames: ["cloud-creds-secret"]
   verbs: ["get"]
 `))
 )
diff --git a/pkg/asset/manifests/content/tectonic/libvirt-creds-secret-and-reader-role.go b/pkg/asset/manifests/content/tectonic/libvirt-creds-secret-and-reader-role.go
@@ -0,0 +1,31 @@
+package tectonic
+
+import (
+	"text/template"
+)
+
+var (
+	// LibvirtCredsSecretAndReaderRole is the constant to represent contents of libvirt-creds-secret.yaml file
+	LibvirtCredsSecretAndReaderRole = template.Must(template.New("libvirt-creds-secret-and-reader-role.yaml").Parse(`
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  namespace: kube-system
+  name: cloud-creds-secret
+data:
+  something: {{.CloudCreds.LibvirtCredsData.Base64encodeLibvirtSomething}}
+  somethingelse: {{.CloudCreds.LibvirtCredsData.Base64encodeLibvirtSomethingElse}}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: kube-system
+  name: cloud-creds-secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["cloud-creds-secret"]
+  verbs: ["get"]
+`))
+)
diff --git a/pkg/asset/manifests/content/tectonic/openstack-creds-secret-and-reader-role.go b/pkg/asset/manifests/content/tectonic/openstack-creds-secret-and-reader-role.go
@@ -0,0 +1,31 @@
+package tectonic
+
+import (
+	"text/template"
+)
+
+var (
+	// OpenStackCredsSecretAndReaderRole is the constant to represent contents of openstack-creds-secret.yaml file
+	OpenStackCredsSecretAndReaderRole = template.Must(template.New("openstack-creds-secret-and-reader-role.yaml").Parse(`
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  namespace: kube-system
+  name: cloud-creds-secret
+data:
+  something: {{.CloudCreds.OpenStackCredsData.Base64encodeOpenStackSomething}}
+  somethingelse: {{.CloudCreds.OpenStackCredsData.Base64encodeOpenStackSomethingElse}}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: kube-system
+  name: cloud-creds-secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["cloud-creds-secret"]
+  verbs: ["get"]
+`))
+)
diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go
@@ -10,6 +10,7 @@ import (
 	"github.com/openshift/installer/pkg/asset/installconfig"
 	content "github.com/openshift/installer/pkg/asset/manifests/content/tectonic"
 	"github.com/openshift/installer/pkg/asset/tls"
+	"github.com/pkg/errors"
 )
 
 // Tectonic generates the dependent resource manifests for tectonic (as against bootkube)
@@ -40,21 +41,44 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 	ingressCertKey := &tls.IngressCertKey{}
 	kubeCA := &tls.KubeCA{}
 	dependencies.Get(installConfig, ingressCertKey, kubeCA)
-	// TODO: Find out what the format is for other cloud-provider creds
-	// make the secret/role 'cloud-creds-secret' instead of 'aws-creds-secret'
-	awscreds := credentials.Value{AccessKeyID: "", SecretAccessKey: ""}
-	var err error
-	if installConfig.Config.Platform.AWS != nil {
+	var awsCreds AwsCredsData
+	var libvirtCreds LibvirtCredsData
+	var openStackCreds OpenStackCredsData
+	switch {
+	case installConfig.Config.Platform.AWS != nil:
 		p := credentials.SharedCredentialsProvider{}
-		awscreds, err = p.Retrieve()
+		awscreds, err := p.Retrieve()
 		if err != nil {
 			return err
 		}
+		awsCreds = AwsCredsData{
+			Base64encodeAWSaccessKeyID:     base64.StdEncoding.EncodeToString([]byte(awscreds.AccessKeyID)),
+			Base64encodeAWSsecretAccessKey: base64.StdEncoding.EncodeToString([]byte(awscreds.SecretAccessKey)),
+		}
+	case installConfig.Config.Platform.Libvirt != nil:
+		libvirtCreds = LibvirtCredsData{
+			//TODO: Fill in
+			Base64encodeLibvirtSomething:     base64.StdEncoding.EncodeToString([]byte("something")),
+			Base64encodeLibvirtSomethingElse: base64.StdEncoding.EncodeToString([]byte("somethingelse")),
+		}
+	case installConfig.Config.Platform.OpenStack != nil:
+		openStackCreds = OpenStackCredsData{
+			// TODO: Fill in
+			Base64encodeOpenStackSomething:     base64.StdEncoding.EncodeToString([]byte("something")),
+			Base64encodeOpenStackSomethingElse: base64.StdEncoding.EncodeToString([]byte("somethingElse")),
+		}
+	default:
+		return errors.Errorf("unknown provider, could not populate cloud credentials")
+	}
+
+	cloudCreds := cloudCredsTemplateData{
+		AwsCredsData:       awsCreds,
+		OpenStackCredsData: openStackCreds,
+		LibvirtCredsData:   libvirtCreds,
 	}
 
 	templateData := &tectonicTemplateData{
-		Base64encodeAWSaccessKeyID:             base64.StdEncoding.EncodeToString([]byte(awscreds.AccessKeyID)),
-		Base64encodeAWSsecretAccessKey:         base64.StdEncoding.EncodeToString([]byte(awscreds.SecretAccessKey)),
+		CloudCreds:                             cloudCreds,
 		IngressCaCert:                          base64.StdEncoding.EncodeToString(kubeCA.Cert()),
 		IngressKind:                            "haproxy-router",
 		IngressStatusPassword:                  installConfig.Config.Admin.Password, // FIXME: generate a new random one instead?
@@ -69,7 +93,9 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 	}
 
 	assetData := map[string][]byte{
-		"99_aws-creds-secret-and-reader-role.yaml":   applyTemplateData(content.AwsCredsSecretAndReaderRole, templateData),
+		"99_aws-creds-secret-and-reader-role.yaml":       applyTemplateData(content.AwsCredsSecretAndReaderRole, templateData),
+		"99_openstack-creds-secret-and-reader-role.yaml": applyTemplateData(content.OpenStackCredsSecretAndReaderRole, templateData),
+		"99_libvirt-creds-secret-and-reader-role.yaml":   applyTemplateData(content.LibvirtCredsSecretAndReaderRole, templateData),
 		"99_binding-discovery.yaml":                  []byte(content.BindingDiscovery),
 		"99_kube-addon-00-appversion.yaml":           []byte(content.AppVersionKubeAddon),
 		"99_kube-addon-01-operator.yaml":             applyTemplateData(content.KubeAddonOperator, templateData),
@@ -95,6 +121,19 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 			Data:     data,
 		})
 	}
+	switch {
+	case installConfig.Config.Platform.AWS != nil:
+		t.FileList = remove(t.FileList, "99_openstack-creds-secret-and-reader-role.yaml")
+		t.FileList = remove(t.FileList, "99_libvirt-creds-secret-and-reader-role.yaml")
+	case installConfig.Config.Platform.OpenStack != nil:
+		t.FileList = remove(t.FileList, "99-aws-creds-secret-and-reader-role.yaml")
+		t.FileList = remove(t.FileList, "99_libvirt-creds-secret-and-reader-role.yaml")
+	case installConfig.Config.Platform.Libvirt != nil:
+		t.FileList = remove(t.FileList, "99_aws-creds-secret-and-reader-role.yaml")
+		t.FileList = remove(t.FileList, "99_openstack-creds-secret-and-reader-role.yaml")
+	default:
+		return errors.Errorf("unknown cloud provider")
+	}
 
 	return nil
 }
@@ -103,3 +142,13 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 func (t *Tectonic) Files() []*asset.File {
 	return t.FileList
 }
+
+func remove(s []*asset.File, name string) []*asset.File {
+	for i, v := range s {
+		filename := filepath.Join("tectonic", name)
+		if v.Filename == filename {
+			return append(s[:i], s[i+1:]...)
+		}
+	}
+	return s
+}
diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go
@@ -1,5 +1,31 @@
 package manifests
 
+// AwsCredsData is used to generate cloud-creds-secret
+type AwsCredsData struct {
+	Base64encodeAWSaccessKeyID     string
+	Base64encodeAWSsecretAccessKey string
+}
+
+// OpenStackCredsData is used to generate cloud-creds-secret
+// TODO: Fill this
+type OpenStackCredsData struct {
+	Base64encodeOpenStackSomething     string
+	Base64encodeOpenStackSomethingElse string
+}
+
+// LibvirtCredsData is used to generate cloud-creds-secret
+// TODO: Fill this
+type LibvirtCredsData struct {
+	Base64encodeLibvirtSomething     string
+	Base64encodeLibvirtSomethingElse string
+}
+
+type cloudCredsTemplateData struct {
+	AwsCredsData
+	OpenStackCredsData
+	LibvirtCredsData
+}
+
 type bootkubeTemplateData struct {
 	AggregatorCaCert                string
 	AggregatorCaKey                 string
@@ -35,8 +61,7 @@ type bootkubeTemplateData struct {
 }
 
 type tectonicTemplateData struct {
-	Base64encodeAWSaccessKeyID             string
-	Base64encodeAWSsecretAccessKey         string
+	CloudCreds                             cloudCredsTemplateData
 	IngressCaCert                          string
 	IngressKind                            string
 	IngressStatusPassword                  string