From 71f7ea01ef94aec5346eacd7b19fa9c3325403c6 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 4 Dec 2023 12:21:23 +0000 Subject: [PATCH] Fall back to cluster identityRef in absence of machine The 'identityRef' attribute is marked as optional but without it we have no ability to talk to the cloud. In a future API version, we may wish to make this a required attribute but for now, provide the ability to retrieve credentials from the cluster in the absence of the machine. Signed-off-by: Stephen Finucane --- api/v1alpha7/openstackmachine_types.go | 3 ++- ...infrastructure.cluster.x-k8s.io_openstackclusters.yaml | 3 ++- ...ucture.cluster.x-k8s.io_openstackclustertemplates.yaml | 4 +++- ...infrastructure.cluster.x-k8s.io_openstackmachines.yaml | 3 ++- ...ucture.cluster.x-k8s.io_openstackmachinetemplates.yaml | 3 ++- controllers/openstackmachine_controller.go | 2 +- pkg/scope/mock.go | 2 +- pkg/scope/provider.go | 8 +++++++- pkg/scope/scope.go | 2 +- 9 files changed, 21 insertions(+), 9 deletions(-) diff --git a/api/v1alpha7/openstackmachine_types.go b/api/v1alpha7/openstackmachine_types.go index f5f4f698aa..0be14961c6 100644 --- a/api/v1alpha7/openstackmachine_types.go +++ b/api/v1alpha7/openstackmachine_types.go @@ -93,7 +93,8 @@ type OpenStackMachineSpec struct { // The server group to assign the machine to ServerGroupID string `json:"serverGroupID,omitempty"` - // IdentityRef is a reference to a identity to be used when reconciling this cluster + // IdentityRef is a reference to a identity to be used when reconciling this cluster. + // If not specified, the identity ref of the cluster will be used instead. // +optional IdentityRef *OpenStackIdentityReference `json:"identityRef,omitempty"` } diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml index a5114ac6a2..90cdedeca0 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml @@ -3849,7 +3849,8 @@ spec: type: string identityRef: description: IdentityRef is a reference to a identity to be - used when reconciling this cluster + used when reconciling this cluster. If not specified, the + identity ref of the cluster will be used instead. properties: kind: description: Kind of the identity. Must be supported by diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml index 815a3a83fc..77186b4822 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml @@ -1695,7 +1695,9 @@ spec: type: string identityRef: description: IdentityRef is a reference to a identity - to be used when reconciling this cluster + to be used when reconciling this cluster. If not + specified, the identity ref of the cluster will + be used instead. properties: kind: description: Kind of the identity. Must be supported diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml index e5171cd868..1c9ea83b89 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml @@ -1233,7 +1233,8 @@ spec: type: string identityRef: description: IdentityRef is a reference to a identity to be used when - reconciling this cluster + reconciling this cluster. If not specified, the identity ref of + the cluster will be used instead. properties: kind: description: Kind of the identity. Must be supported by the infrastructure diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml index bc88d84fa2..9bcd081868 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml @@ -1037,7 +1037,8 @@ spec: type: string identityRef: description: IdentityRef is a reference to a identity to be - used when reconciling this cluster + used when reconciling this cluster. If not specified, the + identity ref of the cluster will be used instead. properties: kind: description: Kind of the identity. Must be supported by diff --git a/controllers/openstackmachine_controller.go b/controllers/openstackmachine_controller.go index 3ec4643456..1c6da34553 100644 --- a/controllers/openstackmachine_controller.go +++ b/controllers/openstackmachine_controller.go @@ -140,7 +140,7 @@ func (r *OpenStackMachineReconciler) Reconcile(ctx context.Context, req ctrl.Req } }() - scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, r.CaCertificates, log) + scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, infraCluster, r.CaCertificates, log) if err != nil { return reconcile.Result{}, err } diff --git a/pkg/scope/mock.go b/pkg/scope/mock.go index dac09d5ff7..f8b12d8982 100644 --- a/pkg/scope/mock.go +++ b/pkg/scope/mock.go @@ -66,7 +66,7 @@ func (f *MockScopeFactory) SetClientScopeCreateError(err error) { f.clientScopeCreateError = err } -func (f *MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ *infrav1.OpenStackMachine, _ []byte, _ logr.Logger) (Scope, error) { +func (f *MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ *infrav1.OpenStackMachine, _ *infrav1.OpenStackCluster, _ []byte, _ logr.Logger) (Scope, error) { if f.clientScopeCreateError != nil { return nil, f.clientScopeCreateError } diff --git a/pkg/scope/provider.go b/pkg/scope/provider.go index 433c10faaa..1d88c1b6c3 100644 --- a/pkg/scope/provider.go +++ b/pkg/scope/provider.go @@ -52,7 +52,7 @@ type providerScopeFactory struct { clientCache *cache.LRUExpireCache } -func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error) { +func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error) { var cloud clientconfig.Cloud var caCert []byte @@ -62,6 +62,12 @@ func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ct if err != nil { return nil, err } + } else if openStackCluster.Spec.IdentityRef != nil { + var err error + cloud, caCert, err = getCloudFromSecret(ctx, ctrlClient, openStackCluster.Namespace, openStackCluster.Spec.IdentityRef.Name, openStackCluster.Spec.CloudName) + if err != nil { + return nil, err + } } if caCert == nil { diff --git a/pkg/scope/scope.go b/pkg/scope/scope.go index 5a2afd4e7a..a248814554 100644 --- a/pkg/scope/scope.go +++ b/pkg/scope/scope.go @@ -41,7 +41,7 @@ func NewFactory(maxCacheSize int) Factory { // Factory instantiates a new Scope using credentials from either a cluster or a machine. type Factory interface { - NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error) + NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error) NewClientScopeFromCluster(ctx context.Context, ctrlClient client.Client, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error) }