Rework defaulting of secrets

jpodivin · jpodivin · commit 615a9be17dc6 · 2024-09-27T13:31:43.000+02:00
Signed-off-by: Jiri Podivin &lt;jpodivin@redhat.com&gt;
diff --git a/pkg/openstackbaremetalset/baremetalhost.go b/pkg/openstackbaremetalset/baremetalhost.go
@@ -53,54 +53,123 @@ func BaremetalHostProvision(
 		}
 		bmhStatus.IPAddresses["ctlplane"] = ctlPlaneIP
 	}
-
+	sts := []util.Template{}
 	// Instance UserData/NetworkData overrides the default
 	userDataSecret := instance.Spec.BaremetalHosts[hostName].UserData
 	networkDataSecret := instance.Spec.BaremetalHosts[hostName].NetworkData
 
+	// User data cloud-init secret from instance or template
 	if userDataSecret == nil {
 		userDataSecret = instance.Spec.UserData
+
+		if userDataSecret == nil {
+			templateParameters := make(map[string]interface{})
+			templateParameters["AuthorizedKeys"] = strings.TrimSuffix(string(sshSecret.Data["authorized_keys"]), "\n")
+			templateParameters["HostName"] = bmhStatus.Hostname
+			//If Hostname is fqdn, use it
+			if !hostNameIsFQDN(bmhStatus.Hostname) && instance.Spec.DomainName != "" {
+				templateParameters["FQDN"] = strings.Join([]string{bmhStatus.Hostname, instance.Spec.DomainName}, ".")
+			} else {
+				templateParameters["FQDN"] = bmhStatus.Hostname
+			}
+			templateParameters["CloudUserName"] = instance.Spec.CloudUserName
+
+			// Prepare cloudinit (create secret)
+			secretLabels := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{})
+			if passwordSecret != nil && len(passwordSecret.Data["NodeRootPassword"]) > 0 {
+				templateParameters["NodeRootPassword"] = string(passwordSecret.Data["NodeRootPassword"])
+			}
+
+			userDataSecretName := fmt.Sprintf(CloudInitUserDataSecretName, instance.Name, bmh)
+
+			userDataSt := util.Template{
+				Name:               userDataSecretName,
+				Namespace:          instance.Namespace,
+				Type:               util.TemplateTypeConfig,
+				InstanceType:       instance.Kind,
+				AdditionalTemplate: map[string]string{"userData": "/openstackbaremetalset/cloudinit/userdata"},
+				Labels:             secretLabels,
+				ConfigOptions:      templateParameters,
+			}
+			sts = append(sts, userDataSt)
+			userDataSecret = &corev1.SecretReference{
+				Name:      userDataSecretName,
+				Namespace: instance.Namespace,
+			}
+
+		}
 	}
 
+	// Network data secret from instance or template
 	if networkDataSecret == nil {
 		networkDataSecret = instance.Spec.NetworkData
-	}
+		if instance.Spec.NetworkData == nil {
 
-	sts := []util.Template{}
-	// User data cloud-init secret
-	if userDataSecret == nil {
-		templateParameters := make(map[string]interface{})
-		templateParameters["AuthorizedKeys"] = strings.TrimSuffix(string(sshSecret.Data["authorized_keys"]), "\n")
-		templateParameters["HostName"] = bmhStatus.Hostname
-		//If Hostname is fqdn, use it
-		if !hostNameIsFQDN(bmhStatus.Hostname) && instance.Spec.DomainName != "" {
-			templateParameters["FQDN"] = strings.Join([]string{bmhStatus.Hostname, instance.Spec.DomainName}, ".")
-		} else {
-			templateParameters["FQDN"] = bmhStatus.Hostname
-		}
-		templateParameters["CloudUserName"] = instance.Spec.CloudUserName
+			// Check IP version and set template variables accordingly
+			ipAddr, ipNet, err := net.ParseCIDR(ctlPlaneIP)
+			if err != nil {
+				// TODO: Remove this conversion once all usage sets ctlPlaneIP in CIDR format.
+				ipAddr = net.ParseIP(ctlPlaneIP)
+				if ipAddr == nil {
+					return err
+				}
+
+				var ipPrefix int
+				if ipAddr.To4() != nil {
+					ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To4()).Size()
+				} else {
+					ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To16()).Size()
+				}
+				_, ipNet, err = net.ParseCIDR(fmt.Sprintf("%s/%d", ipAddr, ipPrefix))
+				if err != nil {
+					return err
+				}
+			}
 
-		// Prepare cloudinit (create secret)
-		secretLabels := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{})
-		if passwordSecret != nil && len(passwordSecret.Data["NodeRootPassword"]) > 0 {
-			templateParameters["NodeRootPassword"] = string(passwordSecret.Data["NodeRootPassword"])
-		}
+			CtlplaneIPVersion := "ipv6"
+			if ipAddr.To4() != nil {
+				CtlplaneIPVersion = "ipv4"
+			}
 
-		userDataSecretName := fmt.Sprintf(CloudInitUserDataSecretName, instance.Name, bmh)
+			templateParameters := make(map[string]interface{})
+			templateParameters["CtlplaneIpVersion"] = CtlplaneIPVersion
+			templateParameters["CtlplaneIp"] = ipAddr
+			templateParameters["CtlplaneInterface"] = instance.Spec.CtlplaneInterface
+			templateParameters["CtlplaneGateway"] = instance.Spec.CtlplaneGateway
+			templateParameters["CtlplaneNetmask"] = net.IP(ipNet.Mask)
+			if len(instance.Spec.BootstrapDNS) > 0 {
+				templateParameters["CtlplaneDns"] = instance.Spec.BootstrapDNS
+			} else {
+				templateParameters["CtlplaneDns"] = []string{}
+			}
 
-		userDataSt := util.Template{
-			Name:               userDataSecretName,
-			Namespace:          instance.Namespace,
-			Type:               util.TemplateTypeConfig,
-			InstanceType:       instance.Kind,
-			AdditionalTemplate: map[string]string{"userData": "/openstackbaremetalset/cloudinit/userdata"},
-			Labels:             secretLabels,
-			ConfigOptions:      templateParameters,
-		}
-		sts = append(sts, userDataSt)
-		userDataSecret = &corev1.SecretReference{
-			Name:      userDataSecretName,
-			Namespace: instance.Namespace,
+			if len(instance.Spec.DNSSearchDomains) > 0 {
+				templateParameters["CtlplaneDnsSearch"] = instance.Spec.DNSSearchDomains
+			} else {
+				templateParameters["CtlplaneDnsSearch"] = []string{}
+			}
+
+			networkDataSecretName := fmt.Sprintf(CloudInitNetworkDataSecretName, instance.Name, bmh)
+
+			// Flag the network data secret as safe to collect with must-gather
+			secretLabelsWithMustGather := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{
+				MustGatherSecret: "yes",
+			})
+
+			networkDataSt := util.Template{
+				Name:               networkDataSecretName,
+				Namespace:          instance.Namespace,
+				Type:               util.TemplateTypeConfig,
+				InstanceType:       instance.Kind,
+				AdditionalTemplate: map[string]string{"networkData": "/openstackbaremetalset/cloudinit/networkdata"},
+				Labels:             secretLabelsWithMustGather,
+				ConfigOptions:      templateParameters,
+			}
+			sts = append(sts, networkDataSt)
+			networkDataSecret = &corev1.SecretReference{
+				Name:      networkDataSecretName,
+				Namespace: instance.Namespace,
+			}
 		}
 
 	}
@@ -119,75 +188,6 @@ func BaremetalHostProvision(
 		preProvNetworkData = instance.Spec.BaremetalHosts[hostName].PreprovisioningNetworkDataName
 	}
 
-	if networkDataSecret == nil && preProvNetworkData == "" {
-
-		// Check IP version and set template variables accordingly
-		ipAddr, ipNet, err := net.ParseCIDR(ctlPlaneIP)
-		if err != nil {
-			// TODO: Remove this conversion once all usage sets ctlPlaneIP in CIDR format.
-			ipAddr = net.ParseIP(ctlPlaneIP)
-			if ipAddr == nil {
-				return err
-			}
-
-			var ipPrefix int
-			if ipAddr.To4() != nil {
-				ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To4()).Size()
-			} else {
-				ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To16()).Size()
-			}
-			_, ipNet, err = net.ParseCIDR(fmt.Sprintf("%s/%d", ipAddr, ipPrefix))
-			if err != nil {
-				return err
-			}
-		}
-
-		CtlplaneIPVersion := "ipv6"
-		if ipAddr.To4() != nil {
-			CtlplaneIPVersion = "ipv4"
-		}
-
-		templateParameters := make(map[string]interface{})
-		templateParameters["CtlplaneIpVersion"] = CtlplaneIPVersion
-		templateParameters["CtlplaneIp"] = ipAddr
-		templateParameters["CtlplaneInterface"] = instance.Spec.CtlplaneInterface
-		templateParameters["CtlplaneGateway"] = instance.Spec.CtlplaneGateway
-		templateParameters["CtlplaneNetmask"] = net.IP(ipNet.Mask)
-		if len(instance.Spec.BootstrapDNS) > 0 {
-			templateParameters["CtlplaneDns"] = instance.Spec.BootstrapDNS
-		} else {
-			templateParameters["CtlplaneDns"] = []string{}
-		}
-
-		if len(instance.Spec.DNSSearchDomains) > 0 {
-			templateParameters["CtlplaneDnsSearch"] = instance.Spec.DNSSearchDomains
-		} else {
-			templateParameters["CtlplaneDnsSearch"] = []string{}
-		}
-
-		networkDataSecretName := fmt.Sprintf(CloudInitNetworkDataSecretName, instance.Name, bmh)
-
-		// Flag the network data secret as safe to collect with must-gather
-		secretLabelsWithMustGather := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{
-			MustGatherSecret: "yes",
-		})
-
-		networkDataSt := util.Template{
-			Name:               networkDataSecretName,
-			Namespace:          instance.Namespace,
-			Type:               util.TemplateTypeConfig,
-			InstanceType:       instance.Kind,
-			AdditionalTemplate: map[string]string{"networkData": "/openstackbaremetalset/cloudinit/networkdata"},
-			Labels:             secretLabelsWithMustGather,
-			ConfigOptions:      templateParameters,
-		}
-		sts = append(sts, networkDataSt)
-		networkDataSecret = &corev1.SecretReference{
-			Name:      networkDataSecretName,
-			Namespace: instance.Namespace,
-		}
-	}
-
 	if len(sts) > 0 {
 		err := oko_secret.EnsureSecrets(ctx, helper, instance, sts, envVars)
 		if err != nil {
