diff --git a/data/data/manifests/openshift/cloud-creds-secret.yaml.template b/data/data/manifests/openshift/cloud-creds-secret.yaml.template index d19bc3a2a87..6083b962673 100644 --- a/data/data/manifests/openshift/cloud-creds-secret.yaml.template +++ b/data/data/manifests/openshift/cloud-creds-secret.yaml.template @@ -17,7 +17,6 @@ data: ibmcloud_api_key: {{.CloudCreds.IBMCloud.Base64encodeAPIKey}} {{- else if .CloudCreds.OpenStack}} clouds.yaml: {{.CloudCreds.OpenStack.Base64encodeCloudsYAML}} - clouds.conf: {{.CloudCreds.OpenStack.Base64encodeCloudsConf}} {{- if .CloudCreds.OpenStack.Base64encodeCACert}} cacert: {{.CloudCreds.OpenStack.Base64encodeCACert}} {{- end}} diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go index c6cd478d25f..af8e965554a 100644 --- a/pkg/asset/manifests/openshift.go +++ b/pkg/asset/manifests/openshift.go @@ -22,7 +22,6 @@ import ( "github.com/openshift/installer/pkg/asset/installconfig/ovirt" "github.com/openshift/installer/pkg/asset/machines" osmachine "github.com/openshift/installer/pkg/asset/machines/openstack" - openstackmanifests "github.com/openshift/installer/pkg/asset/manifests/openstack" "github.com/openshift/installer/pkg/asset/openshiftinstall" "github.com/openshift/installer/pkg/asset/password" "github.com/openshift/installer/pkg/asset/rhcos" @@ -189,18 +188,11 @@ func (o *Openshift) Generate(ctx context.Context, dependencies asset.Parents) er return err } - cloudProviderConf, err := openstackmanifests.CloudProviderConfigSecret(cloud) - if err != nil { - return err - } - credsEncoded := base64.StdEncoding.EncodeToString(marshalled) - cloudProviderConfEncoded := base64.StdEncoding.EncodeToString(cloudProviderConf) caCertEncoded := base64.StdEncoding.EncodeToString(caCert) cloudCreds = cloudCredsSecretData{ OpenStack: &OpenStackCredsSecretData{ Base64encodeCloudsYAML: credsEncoded, - Base64encodeCloudsConf: cloudProviderConfEncoded, Base64encodeCACert: caCertEncoded, }, } diff --git a/pkg/asset/manifests/openstack/cloudproviderconfig.go b/pkg/asset/manifests/openstack/cloudproviderconfig.go index 43c8a66391e..c40b1f571b9 100644 --- a/pkg/asset/manifests/openstack/cloudproviderconfig.go +++ b/pkg/asset/manifests/openstack/cloudproviderconfig.go @@ -3,8 +3,6 @@ package openstack import ( "context" "os" - "strconv" - "strings" "github.com/gophercloud/gophercloud/v2" "github.com/gophercloud/utils/v2/openstack/clientconfig" @@ -25,59 +23,6 @@ type Error struct { func (e Error) Error() string { return e.msg + ": " + e.err.Error() } func (e Error) Unwrap() error { return e.err } -// CloudProviderConfigSecret generates the cloud provider config for the OpenStack -// platform, that will be stored in the system secret. -// TODO: I think this is crud for the legacy cloud-provider and is no longer needed. Burn it with fire? -func CloudProviderConfigSecret(cloud *clientconfig.Cloud) ([]byte, error) { - domainID := cloud.AuthInfo.DomainID - if domainID == "" { - domainID = cloud.AuthInfo.UserDomainID - } - - domainName := cloud.AuthInfo.DomainName - if domainName == "" { - domainName = cloud.AuthInfo.UserDomainName - } - - // We have to generate this config manually without "go-ini" library, because its - // output data is incompatible with "gcfg". - // For instance, if there is a string with a # character, then "go-ini" wraps it in bacticks, - // like `aaa#bbb`, but gcfg doesn't recognize it and parses the data as `aaa, skipping - // everything after the #. - // For more information: https://bugzilla.redhat.com/show_bug.cgi?id=1771358 - var res strings.Builder - res.WriteString("[Global]\n") - if cloud.AuthInfo.AuthURL != "" { - res.WriteString("auth-url = " + strconv.Quote(cloud.AuthInfo.AuthURL) + "\n") - } - if cloud.AuthInfo.Username != "" { - res.WriteString("username = " + strconv.Quote(cloud.AuthInfo.Username) + "\n") - } - if cloud.AuthInfo.Password != "" { - res.WriteString("password = " + strconv.Quote(cloud.AuthInfo.Password) + "\n") - } - if cloud.AuthInfo.ProjectID != "" { - res.WriteString("tenant-id = " + strconv.Quote(cloud.AuthInfo.ProjectID) + "\n") - } - if cloud.AuthInfo.ProjectName != "" { - res.WriteString("tenant-name = " + strconv.Quote(cloud.AuthInfo.ProjectName) + "\n") - } - if domainID != "" { - res.WriteString("domain-id = " + strconv.Quote(domainID) + "\n") - } - if domainName != "" { - res.WriteString("domain-name = " + strconv.Quote(domainName) + "\n") - } - if cloud.RegionName != "" { - res.WriteString("region = " + strconv.Quote(cloud.RegionName) + "\n") - } - if cloud.CACertFile != "" { - res.WriteString("ca-file = /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem\n") - } - - return []byte(res.String()), nil -} - func generateCloudProviderConfig(ctx context.Context, networkClient *gophercloud.ServiceClient, cloudConfig *clientconfig.Cloud, installConfig types.InstallConfig) (cloudProviderConfigData, cloudProviderConfigCABundleData string, err error) { cloudProviderConfigData = `[Global] secret-name = openstack-credentials diff --git a/pkg/asset/manifests/openstack/cloudproviderconfig_test.go b/pkg/asset/manifests/openstack/cloudproviderconfig_test.go index 39bca7fd8d1..6fbaa920e6d 100644 --- a/pkg/asset/manifests/openstack/cloudproviderconfig_test.go +++ b/pkg/asset/manifests/openstack/cloudproviderconfig_test.go @@ -11,89 +11,6 @@ import ( "github.com/openshift/installer/pkg/types/openstack" ) -func TestCloudProviderConfigSecret(t *testing.T) { - cloud := clientconfig.Cloud{ - AuthInfo: &clientconfig.AuthInfo{ - Username: "my_user", - Password: "my_secret_password", - AuthURL: "https://my_auth_url.com/v3/", - ProjectID: "f12f928576ae4d21bdb984da5dd1d3bf", - DomainID: "default", - DomainName: "Default", - }, - RegionName: "my_region", - } - - expectedConfig := `[Global] -auth-url = "https://my_auth_url.com/v3/" -username = "my_user" -password = "my_secret_password" -tenant-id = "f12f928576ae4d21bdb984da5dd1d3bf" -domain-id = "default" -domain-name = "Default" -region = "my_region" -` - actualConfig, err := CloudProviderConfigSecret(&cloud) - assert.NoError(t, err, "failed to create cloud provider config") - assert.Equal(t, expectedConfig, string(actualConfig), "unexpected cloud provider config") -} - -func TestCloudProviderConfigSecretUserDomain(t *testing.T) { - cloud := clientconfig.Cloud{ - AuthInfo: &clientconfig.AuthInfo{ - Username: "my_user", - Password: "my_secret_password", - AuthURL: "https://my_auth_url.com/v3/", - ProjectID: "f12f928576ae4d21bdb984da5dd1d3bf", - UserDomainID: "default", - UserDomainName: "Default", - }, - RegionName: "my_region", - } - - expectedConfig := `[Global] -auth-url = "https://my_auth_url.com/v3/" -username = "my_user" -password = "my_secret_password" -tenant-id = "f12f928576ae4d21bdb984da5dd1d3bf" -domain-id = "default" -domain-name = "Default" -region = "my_region" -` - actualConfig, err := CloudProviderConfigSecret(&cloud) - assert.NoError(t, err, "failed to create cloud provider config") - assert.Equal(t, expectedConfig, string(actualConfig), "unexpected cloud provider config") -} - -func TestCloudProviderConfigSecretQuoting(t *testing.T) { - passwords := map[string]string{ - "regular": "regular", - "with\\n": "with\\\\n", - "with#": "with#", - "with$": "with$", - "with;": "with;", - "with \n \" \\ ": "with \\n \\\" \\\\ ", - "with!": "with!", - "with?": "with?", - "with`": "with`", - } - - for k, v := range passwords { - cloud := clientconfig.Cloud{ - AuthInfo: &clientconfig.AuthInfo{ - Password: k, - }, - } - - expectedConfig := `[Global] -password = "` + v + `" -` - actualConfig, err := CloudProviderConfigSecret(&cloud) - assert.NoError(t, err, "failed to create cloud provider config") - assert.Equal(t, expectedConfig, string(actualConfig), "unexpected cloud provider config") - } -} - func TestCloudProviderConfig(t *testing.T) { cases := []struct { name string diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index f405c9d2ef0..2201cd197b3 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -35,7 +35,6 @@ type IBMCloudCredsSecretData struct { // OpenStackCredsSecretData holds encoded credentials and is used to generate cloud-creds secret type OpenStackCredsSecretData struct { Base64encodeCloudsYAML string - Base64encodeCloudsConf string Base64encodeCACert string }