Update ephemeral-bmc-secret to use base64 data
Transform stringData into base64-enc data manually so the annotation won't remain from the stringData. Closes: #424 Change-Id: I4bcfd57601d9199307c749e8e6deb5ee5445d821
This commit is contained in:
Graham Steffaniak
parent
0d588c83b1
commit
97377236ec
@ -3,7 +3,6 @@ module opendev.org/airship/airshipctl/functions/cloud-init/image
|
|||||||
go 1.14
|
go 1.14
|
||||||
|
|
||||||
require (
|
require (
|
||||||
opendev.org/airship/airshipctl v0.0.0-20210421143147-014e24cd1591
|
|
||||||
sigs.k8s.io/kustomize/kyaml v0.10.0
|
sigs.k8s.io/kustomize/kyaml v0.10.0
|
||||||
sigs.k8s.io/kustomize/api v0.7.2
|
sigs.k8s.io/kustomize/api v0.7.2
|
||||||
)
|
)
|
||||||
|
|||||||
12
manifests/function/ephemeral/replacements/cleanup.yaml
Normal file
12
manifests/function/ephemeral/replacements/cleanup.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: builtin
|
||||||
|
kind: PatchStrategicMergeTransformer
|
||||||
|
metadata:
|
||||||
|
name: delete-secret-stringData
|
||||||
|
patches: |-
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ephemeral-bmc-secret
|
||||||
|
stringData:
|
||||||
|
$patch: delete
|
||||||
@ -4,3 +4,5 @@ resources:
|
|||||||
- ephemeral-env-vars.yaml
|
- ephemeral-env-vars.yaml
|
||||||
- networking.yaml
|
- networking.yaml
|
||||||
- generated-secrets.yaml
|
- generated-secrets.yaml
|
||||||
|
- stringData-encode.yaml
|
||||||
|
- cleanup.yaml
|
||||||
|
|||||||
@ -0,0 +1,21 @@
|
|||||||
|
# These rules inject networking info artifacts into the ephemeral function.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: secret-encode
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: localhost/replacement-transformer
|
||||||
|
replacements:
|
||||||
|
# converts and moves stringData to data field
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: Secret
|
||||||
|
name: ephemeral-bmc-secret
|
||||||
|
fieldref: stringData.userData
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
name: ephemeral-bmc-secret
|
||||||
|
kind: Secret
|
||||||
|
fieldrefs: ["data.userData"]
|
||||||
@ -6,6 +6,8 @@ metadata:
|
|||||||
airshipit.org/deploy-k8s: "false"
|
airshipit.org/deploy-k8s: "false"
|
||||||
name: ephemeral-bmc-secret # replacement rules key off this name
|
name: ephemeral-bmc-secret # replacement rules key off this name
|
||||||
type: Opaque
|
type: Opaque
|
||||||
|
data:
|
||||||
|
userData: null
|
||||||
stringData:
|
stringData:
|
||||||
# These substrings must be overriden via the `replacements` entrypoint and networking catalogue:
|
# These substrings must be overriden via the `replacements` entrypoint and networking catalogue:
|
||||||
# REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR
|
# REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR
|
||||||
|
|||||||
@ -37,7 +37,7 @@ func GetSecretDataKey(cfg Document, key string) (string, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", ErrDocumentMalformed{
|
return "", ErrDocumentMalformed{
|
||||||
DocName: docName,
|
DocName: docName,
|
||||||
Message: "The secret document lacks a data or stringData top level field",
|
Message: "The data or stringData structure is missing or malformed.",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user