From 97377236eca06a0bd892de207c51374120539abe Mon Sep 17 00:00:00 2001 From: Graham Steffaniak Date: Fri, 12 Mar 2021 13:39:18 -0600 Subject: [PATCH] Update ephemeral-bmc-secret to use base64 data Transform stringData into base64-enc data manually so the annotation won't remain from the stringData. Closes: #424 Change-Id: I4bcfd57601d9199307c749e8e6deb5ee5445d821 --- krm-functions/cloud-init/image/go.mod | 1 - .../ephemeral/replacements/cleanup.yaml | 12 +++++++++++ .../ephemeral/replacements/kustomization.yaml | 2 ++ .../replacements/stringData-encode.yaml | 21 +++++++++++++++++++ manifests/function/ephemeral/secret.yaml | 2 ++ pkg/document/dochelper_utils.go | 2 +- 6 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 manifests/function/ephemeral/replacements/cleanup.yaml create mode 100644 manifests/function/ephemeral/replacements/stringData-encode.yaml diff --git a/krm-functions/cloud-init/image/go.mod b/krm-functions/cloud-init/image/go.mod index 867a71078..b720fb2d0 100644 --- a/krm-functions/cloud-init/image/go.mod +++ b/krm-functions/cloud-init/image/go.mod @@ -3,7 +3,6 @@ module opendev.org/airship/airshipctl/functions/cloud-init/image go 1.14 require ( - opendev.org/airship/airshipctl v0.0.0-20210421143147-014e24cd1591 sigs.k8s.io/kustomize/kyaml v0.10.0 sigs.k8s.io/kustomize/api v0.7.2 ) diff --git a/manifests/function/ephemeral/replacements/cleanup.yaml b/manifests/function/ephemeral/replacements/cleanup.yaml new file mode 100644 index 000000000..43dabfe5b --- /dev/null +++ b/manifests/function/ephemeral/replacements/cleanup.yaml @@ -0,0 +1,12 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: delete-secret-stringData +patches: |- + --- + apiVersion: v1 + kind: Secret + metadata: + name: ephemeral-bmc-secret + stringData: + $patch: delete diff --git a/manifests/function/ephemeral/replacements/kustomization.yaml b/manifests/function/ephemeral/replacements/kustomization.yaml index 200346b7f..1947a24c4 100644 --- a/manifests/function/ephemeral/replacements/kustomization.yaml +++ b/manifests/function/ephemeral/replacements/kustomization.yaml @@ -4,3 +4,5 @@ resources: - ephemeral-env-vars.yaml - networking.yaml - generated-secrets.yaml + - stringData-encode.yaml + - cleanup.yaml diff --git a/manifests/function/ephemeral/replacements/stringData-encode.yaml b/manifests/function/ephemeral/replacements/stringData-encode.yaml new file mode 100644 index 000000000..4faac5a04 --- /dev/null +++ b/manifests/function/ephemeral/replacements/stringData-encode.yaml @@ -0,0 +1,21 @@ +# These rules inject networking info artifacts into the ephemeral function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: secret-encode + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# converts and moves stringData to data field +- source: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldref: stringData.userData + target: + objref: + name: ephemeral-bmc-secret + kind: Secret + fieldrefs: ["data.userData"] \ No newline at end of file diff --git a/manifests/function/ephemeral/secret.yaml b/manifests/function/ephemeral/secret.yaml index 1a7cc0f0f..2e6abbcd7 100644 --- a/manifests/function/ephemeral/secret.yaml +++ b/manifests/function/ephemeral/secret.yaml @@ -6,6 +6,8 @@ metadata: airshipit.org/deploy-k8s: "false" name: ephemeral-bmc-secret # replacement rules key off this name type: Opaque +data: + userData: null stringData: # These substrings must be overriden via the `replacements` entrypoint and networking catalogue: # REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR diff --git a/pkg/document/dochelper_utils.go b/pkg/document/dochelper_utils.go index b09593d9b..3f754423f 100644 --- a/pkg/document/dochelper_utils.go +++ b/pkg/document/dochelper_utils.go @@ -37,7 +37,7 @@ func GetSecretDataKey(cfg Document, key string) (string, error) { if err != nil { return "", ErrDocumentMalformed{ DocName: docName, - Message: "The secret document lacks a data or stringData top level field", + Message: "The data or stringData structure is missing or malformed.", } } }