From dcc1dd1a3135b106e33ebcf0f8caa2e657e0a8b7 Mon Sep 17 00:00:00 2001 From: Christian Schlotter Date: Mon, 3 Jun 2024 09:36:15 +0200 Subject: [PATCH] flavorgen: enforce VSPHERE_USERNAME and VSPHERE_PASSWORD variables to be set as string in templates --- packaging/flavorgen/flavors/crs/cpi.go | 2 +- packaging/flavorgen/flavors/util/helpers.go | 58 +++++++++++++------ ...luster-template-external-loadbalancer.yaml | 20 +++---- templates/cluster-template-ignition.yaml | 20 +++---- templates/cluster-template-node-ipam.yaml | 20 +++---- templates/cluster-template-supervisor.yaml | 20 +++---- .../cluster-template-topology-supervisor.yaml | 20 +++---- templates/cluster-template-topology.yaml | 20 +++---- templates/cluster-template.yaml | 20 +++---- .../clusterclass-template-supervisor.yaml | 3 +- templates/clusterclass-template.yaml | 3 +- 11 files changed, 106 insertions(+), 100 deletions(-) diff --git a/packaging/flavorgen/flavors/crs/cpi.go b/packaging/flavorgen/flavors/crs/cpi.go index 3a7b77006b..4deb25d00f 100644 --- a/packaging/flavorgen/flavors/crs/cpi.go +++ b/packaging/flavorgen/flavors/crs/cpi.go @@ -71,7 +71,7 @@ func CreateCrsResourceObjectsCPI(crs *addonsv1.ClusterResourceSet) []runtime.Obj cpiObjects = append(cpiObjects, cloudConfigConfigMap) manifestsCm := newConfigMapManifests("cpi-manifests", cpiObjects) - manifestsCm.Data["data"] = cpiManifests + manifestsCm.Data["data"] + manifestsCm.Data["data"] = cpiManifests + "---\n" + manifestsCm.Data["data"] appendConfigMapToCrsResource(crs, manifestsCm) // Define the kubeconfig secret for the target cluster. diff --git a/packaging/flavorgen/flavors/util/helpers.go b/packaging/flavorgen/flavors/util/helpers.go index 7e983913b2..14fed50935 100644 --- a/packaging/flavorgen/flavors/util/helpers.go +++ b/packaging/flavorgen/flavors/util/helpers.go @@ -20,11 +20,11 @@ package util import ( "reflect" "regexp" - "strings" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/yaml" + "k8s.io/apimachinery/pkg/runtime/schema" + utilyaml "sigs.k8s.io/cluster-api/util/yaml" "sigs.k8s.io/cluster-api-provider-vsphere/packaging/flavorgen/flavors/env" ) @@ -85,9 +85,13 @@ var ( regexVar(env.VSphereServerVar), regexVar(env.VSphereTemplateVar), regexVar(env.VSphereStoragePolicyVar), - // TODO: Why was thumbprint not here? regexVar(env.VSphereThumbprint), } + + stringVarsDouble = []string{ + regexVar(env.VSphereUsername), + regexVar(env.VSpherePassword), + } ) func regexVar(str string) string { @@ -134,19 +138,11 @@ func deleteZeroValues(o map[string]interface{}) map[string]interface{} { } func GenerateObjectYAML(obj runtime.Object, replacements []Replacement) string { - bytes, err := yaml.Marshal(obj) - if err != nil { - panic(err) - } - json, err := yaml.YAMLToJSONStrict(bytes) + data, err := toUnstructured(obj, obj.GetObjectKind().GroupVersionKind()) if err != nil { panic(err) } - data := unstructured.Unstructured{} - if err := data.UnmarshalJSON(json); err != nil { - panic(err) - } data.Object = deleteZeroValues(data.Object) for _, v := range replacements { @@ -167,7 +163,8 @@ func GenerateObjectYAML(obj runtime.Object, replacements []Replacement) string { _ = unstructured.SetNestedSlice(data.Object, slice, path...) } } - bytes, err = yaml.Marshal(data.Object) + + bytes, err := utilyaml.FromUnstructured([]unstructured.Unstructured{*data}) if err != nil { panic(err) } @@ -182,21 +179,46 @@ func GenerateObjectYAML(obj runtime.Object, replacements []Replacement) string { } str = regex.ReplaceAllString(str, "'$1'") } + for _, s := range stringVarsDouble { + s := s + regex := regexp.MustCompile(s) + if err != nil { + panic(err) + } + str = regex.ReplaceAllString(str, "\"$1\"") + } return str } func GenerateManifestYaml(objs []runtime.Object, replacements []Replacement) string { - var sb strings.Builder - + bytes := [][]byte{} for _, o := range objs { - sb.WriteString("---\n") - sb.WriteString(GenerateObjectYAML(o, replacements)) + bytes = append(bytes, []byte(GenerateObjectYAML(o, replacements))) } - return sb.String() + return string(utilyaml.JoinYaml(bytes...)) } func TypeToKind(i interface{}) string { return reflect.ValueOf(i).Elem().Type().Name() } + +// toUnstructured converts an object to Unstructured. +// We have to pass in a gvk as we can't rely on GVK being set in a runtime.Object. +func toUnstructured(obj runtime.Object, gvk schema.GroupVersionKind) (*unstructured.Unstructured, error) { + // If the incoming object is already unstructured, perform a deep copy first + // otherwise DefaultUnstructuredConverter ends up returning the inner map without + // making a copy. + if _, ok := obj.(runtime.Unstructured); ok { + obj = obj.DeepCopyObject() + } + rawMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, err + } + u := &unstructured.Unstructured{Object: rawMap} + u.SetGroupVersionKind(gvk) + + return u, nil +} diff --git a/templates/cluster-template-external-loadbalancer.yaml b/templates/cluster-template-external-loadbalancer.yaml index 2af1979c73..c2d55b862d 100644 --- a/templates/cluster-template-external-loadbalancer.yaml +++ b/templates/cluster-template-external-loadbalancer.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -222,8 +221,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: v1 kind: Secret @@ -231,7 +230,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -255,8 +254,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1114,7 +1112,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1124,14 +1122,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1375,4 +1373,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template-ignition.yaml b/templates/cluster-template-ignition.yaml index 5e33101532..e43dcaf78c 100644 --- a/templates/cluster-template-ignition.yaml +++ b/templates/cluster-template-ignition.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -436,8 +435,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: v1 kind: Secret @@ -445,7 +444,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -469,8 +468,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1328,7 +1326,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1338,14 +1336,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1589,4 +1587,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template-node-ipam.yaml b/templates/cluster-template-node-ipam.yaml index c8f64feb4b..148fa1d507 100644 --- a/templates/cluster-template-node-ipam.yaml +++ b/templates/cluster-template-node-ipam.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -357,8 +356,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: v1 kind: Secret @@ -366,7 +365,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -390,8 +389,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1249,7 +1247,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1259,14 +1257,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1510,4 +1508,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template-supervisor.yaml b/templates/cluster-template-supervisor.yaml index 6596840280..62f9317888 100644 --- a/templates/cluster-template-supervisor.yaml +++ b/templates/cluster-template-supervisor.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -316,8 +315,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: v1 kind: Secret @@ -325,7 +324,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -349,8 +348,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1208,7 +1206,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1218,14 +1216,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1469,4 +1467,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template-topology-supervisor.yaml b/templates/cluster-template-topology-supervisor.yaml index 14b9930e3c..a645945e74 100644 --- a/templates/cluster-template-topology-supervisor.yaml +++ b/templates/cluster-template-topology-supervisor.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -103,8 +102,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: addons.cluster.x-k8s.io/v1beta1 kind: ClusterResourceSet @@ -133,7 +132,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -157,8 +156,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1016,7 +1014,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1026,14 +1024,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1277,4 +1275,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template-topology.yaml b/templates/cluster-template-topology.yaml index 72ee1f4df8..bf5693064f 100644 --- a/templates/cluster-template-topology.yaml +++ b/templates/cluster-template-topology.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -109,8 +108,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: addons.cluster.x-k8s.io/v1beta1 kind: ClusterResourceSet @@ -139,7 +138,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -163,8 +162,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1022,7 +1020,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1032,14 +1030,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1283,4 +1281,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml index 0dd1791ea9..320cc07c51 100644 --- a/templates/cluster-template.yaml +++ b/templates/cluster-template.yaml @@ -1,4 +1,3 @@ ---- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -347,8 +346,8 @@ metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' stringData: - password: ${VSPHERE_PASSWORD} - username: ${VSPHERE_USERNAME} + password: "${VSPHERE_PASSWORD}" + username: "${VSPHERE_USERNAME}" --- apiVersion: v1 kind: Secret @@ -356,7 +355,7 @@ metadata: name: vsphere-config-secret namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -380,8 +379,7 @@ type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | - --- + data: |- apiVersion: v1 kind: Namespace metadata: @@ -1239,7 +1237,7 @@ metadata: name: cloud-provider-vsphere-credentials namespace: '${NAMESPACE}' stringData: - data: | + data: |- apiVersion: v1 kind: Secret metadata: @@ -1249,14 +1247,14 @@ stringData: name: cloud-provider-vsphere-credentials namespace: kube-system stringData: - ${VSPHERE_SERVER}.password: ${VSPHERE_PASSWORD} - ${VSPHERE_SERVER}.username: ${VSPHERE_USERNAME} + ${VSPHERE_SERVER}.password: "${VSPHERE_PASSWORD}" + ${VSPHERE_SERVER}.username: "${VSPHERE_USERNAME}" type: Opaque type: addons.cluster.x-k8s.io/resource-set --- apiVersion: v1 data: - data: | + data: |- --- # Source: vsphere-cpi/templates/service-account.yaml apiVersion: v1 @@ -1500,4 +1498,4 @@ data: kind: ConfigMap metadata: name: cpi-manifests - namespace: '${NAMESPACE}' + namespace: '${NAMESPACE}' \ No newline at end of file diff --git a/templates/clusterclass-template-supervisor.yaml b/templates/clusterclass-template-supervisor.yaml index ba89b20234..10561ef024 100644 --- a/templates/clusterclass-template-supervisor.yaml +++ b/templates/clusterclass-template-supervisor.yaml @@ -1,4 +1,3 @@ ---- apiVersion: vmware.infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereClusterTemplate metadata: @@ -322,4 +321,4 @@ spec: localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts - mkdir -p /etc/pre-kubeadm-commands - for script in $(find /etc/pre-kubeadm-commands/ -name '*.sh' -type f | sort); - do echo "Running script $script"; "$script"; done + do echo "Running script $script"; "$script"; done \ No newline at end of file diff --git a/templates/clusterclass-template.yaml b/templates/clusterclass-template.yaml index 1451376109..dad9f0c707 100644 --- a/templates/clusterclass-template.yaml +++ b/templates/clusterclass-template.yaml @@ -1,4 +1,3 @@ ---- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereClusterTemplate metadata: @@ -380,4 +379,4 @@ spec: localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts - mkdir -p /etc/pre-kubeadm-commands - for script in $(find /etc/pre-kubeadm-commands/ -name '*.sh' -type f | sort); - do echo "Running script $script"; "$script"; done + do echo "Running script $script"; "$script"; done \ No newline at end of file