per feedback, specify cloud in secret/role

openshift · Oct 23, 2018 · 956dbbd · 956dbbd
1 parent 653acd4
commit 956dbbd
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 10 deletions.
diff --git a/pkg/asset/manifests/content/tectonic/cloud-creds-secret.go b/pkg/asset/manifests/content/tectonic/cloud-creds-secret.go
@@ -12,13 +12,19 @@ kind: Secret
 apiVersion: v1
 metadata:
   namespace: kube-system
-  name: cloud-creds
+{{- if .CloudCreds.AWS}}
+  name: aws-creds
+{{- else if .CloudCreds.OpenStack}}
+  name: openstack-creds
+{{- else }}
+  name: empty-no-cloud-creds
+{{- end}}
 data:
 {{- if .CloudCreds.AWS}}
   aws_access_key_id: {{.CloudCreds.AWS.Base64encodeAccessKeyID}}
   aws_secret_access_key: {{.CloudCreds.AWS.Base64encodeSecretAccessKey}}
 {{- else if .CloudCreds.OpenStack}}
-  credentials: {{.CloudCreds.OpenStack.Base64encodeCloudCreds}}
+  clouds.yaml: {{.CloudCreds.OpenStack.Base64encodeCloudCreds}}
 {{- end}}
 `))
 )
diff --git a/pkg/asset/manifests/content/tectonic/role-cloud-creds-secret-reader.go b/pkg/asset/manifests/content/tectonic/role-cloud-creds-secret-reader.go
@@ -1,18 +1,34 @@
 package tectonic
 
-const (
-	// RoleCloudCredsSecretReader is the constant to represent contents of corresponding file
-	RoleCloudCredsSecretReader = `
+import (
+	"text/template"
+)
+
+var (
+	// RoleCloudCredsSecretReader is the variable to represent contents of corresponding file
+	RoleCloudCredsSecretReader = template.Must(template.New("role-cloud-creds-secret-reader.yaml").Parse(`
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   namespace: kube-system
-  name: cloud-creds-secret-reader
+{{- if .CloudCreds.AWS}}
+  name: aws-creds-secret-reader
+{{- else if .CloudCreds.OpenStack}}
+  name: openstack-creds-secret-reader
+{{- else}}
+  name: empty-no-cloud-creds-secret-reader
+{{- end}}
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
-  resourceNames: ["cloud-creds"]
+{{- if .CloudCreds.AWS}}
+  resourceNames: ["aws-creds"]
+{{- else if .CloudCreds.OpenStack}}
+  resourceNames: ["openstack-creds"]
+{{- else}}
+  resourceNames: ["empty-no-cloud-creds"]
+{{- end}}
   verbs: ["get"]
-`
+`))
 )
diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go
@@ -21,7 +21,7 @@ import (
 
 const (
 	tectonicManifestDir = "tectonic"
-	// TODO: Verify this works
+	// TODO: Verify this works, if not see var below
 	openStackCredsFile = "/etc/openstack/clouds.yaml"
 )
 
@@ -119,7 +119,7 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 		"99_openshift-cluster-api_worker-machineset.yaml":        worker.MachineSetRaw,
 		"99_openshift-cluster-api_worker-user-data-secret.yaml":  worker.UserDataSecretRaw,
 		"99_role-admin.yaml":                                     []byte(content.RoleAdmin),
-		"99_role-cloud-creds-secret-reader.yaml":                 []byte(content.RoleCloudCredsSecretReader),
+		"99_role-cloud-creds-secret-reader.yaml":                 applyTemplateData(content.RoleCloudCredsSecretReader, templateData),
 		"99_role-user.yaml":                                      []byte(content.RoleUser),
 		"99_tectonic-ingress-00-appversion.yaml":                 []byte(content.AppVersionTectonicIngress),
 		"99_tectonic-ingress-01-cluster-config.yaml":             applyTemplateData(content.ClusterConfigTectonicIngress, templateData),