WIP-add aws-creds-secret

openshift · Oct 6, 2018 · cf0c81d · cf0c81d
1 parent edc4d97
commit cf0c81d
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 0 deletions.
diff --git a/docs/user/environment-variables.md b/docs/user/environment-variables.md
@@ -38,6 +38,8 @@ The installer accepts a number of environment variable that allow the interactiv
 
 ## Platform-Specific
 
+* `AWS_PROFILE`:
+     The AWS profile that corresponds to value in `${HOME}/.aws/credentials`.  If not provided, the default is "default".
 * `OPENSHIFT_INSTALL_AWS_REGION`:
     The AWS region to be used for installation.
 * `OPENSHIFT_INSTALL_LIBVIRT_URI`:

diff --git a/pkg/asset/manifests/content/tectonic/aws-creds-secret.go b/pkg/asset/manifests/content/tectonic/aws-creds-secret.go
@@ -0,0 +1,23 @@
+package tectonic
+
+import (
+	"text/template"
+)
+
+var (
+	// AwsCredsSecret is the constant to represent contents of aws-creds-secret.yaml file
+	AwsCredsSecret = template.Must(template.New("aws-creds-secret.json").Parse(`
+{
+  "apiVersion": "v1",
+  "kind": "Secret",
+  "metadata": {
+    "namespace": "kube-system",
+    "name": "aws-creds-secret"
+  },
+  "data": {
+    "aws_access_key_id": "{{.Base64encodeAWSaccessKeyID}}",
+    "aws_secret_access_key": "{{.Base64encodeAWSsecretAccessKey}}"
+  }
+}
+`))
+)
diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go
@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"path/filepath"
 
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
 	content "github.com/openshift/installer/pkg/asset/manifests/content/tectonic"
@@ -39,8 +40,20 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 	ingressCertKey := &tls.IngressCertKey{}
 	kubeCA := &tls.KubeCA{}
 	dependencies.Get(installConfig, ingressCertKey, kubeCA)
+	// TODO: Fix this... to initiate an empty creds....
+	creds := credentials.Value{AccessKeyID: "", SecretAccessKey: ""}
+	var err error
+	if installConfig.Config.Platform.AWS != nil {
+		p := credentials.SharedCredentialsProvider{}
+		creds, err = p.Retrieve()
+		if err != nil {
+			return err
+		}
+	}
 
 	templateData := &tectonicTemplateData{
+		Base64encodeAWSaccessKeyID:             base64.StdEncoding.EncodeToString([]byte(creds.AccessKeyID)),
+		Base64encodeAWSsecretAccessKey:         base64.StdEncoding.EncodeToString([]byte(creds.SecretAccessKey)),
 		IngressCaCert:                          base64.StdEncoding.EncodeToString(kubeCA.Cert()),
 		IngressKind:                            "haproxy-router",
 		IngressStatusPassword:                  installConfig.Config.Admin.Password, // FIXME: generate a new random one instead?
@@ -55,6 +68,7 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error {
 	}
 
 	assetData := map[string][]byte{
+		"99_aws-creds-secret.json":                   applyTemplateData(content.AwsCredsSecret, templateData),
 		"99_binding-discovery.yaml":                  []byte(content.BindingDiscovery),
 		"99_kube-addon-00-appversion.yaml":           []byte(content.AppVersionKubeAddon),
 		"99_kube-addon-01-operator.yaml":             applyTemplateData(content.KubeAddonOperator, templateData),

diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go
@@ -33,6 +33,8 @@ type bootkubeTemplateData struct {
 }
 
 type tectonicTemplateData struct {
+	Base64encodeAWSaccessKeyID             string
+	Base64encodeAWSsecretAccessKey         string
 	IngressCaCert                          string
 	IngressKind                            string
 	IngressStatusPassword                  string