Skip to content

Commit 85353b3

Browse files
Prajyot-ParabKarthik-K-N
authored andcommitted
- drop PresignedURLDuration spec
- cos access fix Signed-off-by: Prajyot-Parab <[email protected]>
1 parent 67e8057 commit 85353b3

File tree

8 files changed

+61
-64
lines changed

8 files changed

+61
-64
lines changed

api/v1beta2/ibmpowervscluster_types.go

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -191,15 +191,6 @@ type VPCResourceReference struct {
191191

192192
// CosInstance represents IBM Cloud COS instance.
193193
type CosInstance struct {
194-
// PresignedURLDuration defines the duration for which presigned URLs are valid.
195-
//
196-
// This is used to generate presigned URLs for S3 Bucket objects, which are used by
197-
// control-plane and worker nodes to fetch bootstrap data.
198-
//
199-
// When enabled, the IAM instance profiles specified are not used.
200-
// +optional
201-
PresignedURLDuration *metav1.Duration `json:"presignedURLDuration,omitempty"`
202-
203194
// Name defines name of IBM cloud COS instance to be created.
204195
// +kubebuilder:validation:MinLength:=3
205196
// +kubebuilder:validation:MaxLength:=63

api/v1beta2/zz_generated.deepcopy.go

Lines changed: 7 additions & 13 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cloud/scope/powervs_machine.go

Lines changed: 30 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,14 @@ import (
2323
"encoding/json"
2424
"errors"
2525
"fmt"
26-
"github.com/IBM/go-sdk-core/v5/core"
2726
"net/url"
2827
"path"
2928
"regexp"
3029
"strconv"
3130
"strings"
3231

32+
"github.com/IBM/go-sdk-core/v5/core"
33+
3334
"github.com/blang/semver/v4"
3435
ignTypes "github.com/coreos/ignition/config/v2_3/types"
3536
ignV3Types "github.com/coreos/ignition/v2/config/v3_4/types"
@@ -68,6 +69,8 @@ import (
6869
genUtil "sigs.k8s.io/cluster-api-provider-ibmcloud/util"
6970
)
7071

72+
const cosURLDomain = "cloud-object-storage.appdomain.cloud"
73+
7174
// PowerVSMachineScopeParams defines the input parameters used to create a new PowerVSMachineScope.
7275
type PowerVSMachineScopeParams struct {
7376
Logger logr.Logger
@@ -401,18 +404,11 @@ func (m *PowerVSMachineScope) createIgnitionData(data []byte) (string, error) {
401404
return "", fmt.Errorf("putting object to cos bucket %w", err)
402405
}
403406

404-
if exp := m.IBMPowerVSCluster.Spec.CosInstance.PresignedURLDuration; exp != nil {
405-
m.Info("assigning presigned url", "exp", exp)
406-
req, _ := cosClient.GetObjectRequest(&s3.GetObjectInput{
407-
Bucket: aws.String(bucket),
408-
Key: aws.String(key),
409-
})
410-
return req.Presign(exp.Duration)
411-
}
412-
407+
bucketRegion := m.IBMPowerVSCluster.Spec.CosInstance.BucketRegion
408+
objHost := fmt.Sprintf("%s.s3.%s.%s", bucket, bucketRegion, cosURLDomain)
413409
objectURL := &url.URL{
414-
Scheme: "s3",
415-
Host: bucket,
410+
Scheme: "https",
411+
Host: objHost,
416412
Path: key,
417413
}
418414

@@ -424,6 +420,21 @@ func (m *PowerVSMachineScope) ignitionUserData(userData []byte) ([]byte, error)
424420
if err != nil {
425421
return nil, fmt.Errorf("error creating userdata object %w", err)
426422
}
423+
424+
auth, err := authenticator.GetIAMAuthenticator()
425+
if err != nil {
426+
return nil, err
427+
}
428+
429+
iamtoken, err := auth.GetToken()
430+
if err != nil {
431+
return nil, err
432+
}
433+
if iamtoken == "" {
434+
return nil, fmt.Errorf("IAM token empty")
435+
}
436+
token := "Bearer " + iamtoken
437+
427438
ignVersion := getIgnitionVersion(m)
428439
semver, err := semver.ParseTolerant(ignVersion)
429440
if err != nil {
@@ -450,9 +461,13 @@ func (m *PowerVSMachineScope) ignitionUserData(userData []byte) ([]byte, error)
450461
Ignition: ignV3Types.Ignition{
451462
Version: semver.String(),
452463
Config: ignV3Types.IgnitionConfig{
453-
Merge: []ignV3Types.Resource{
454-
{
455-
Source: aws.String(objectURL),
464+
Replace: ignV3Types.Resource{
465+
Source: aws.String(objectURL),
466+
HTTPHeaders: ignV3Types.HTTPHeaders{
467+
{
468+
Name: "Authorization",
469+
Value: aws.String(token),
470+
},
456471
},
457472
},
458473
},

config/crd/bases/infrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -193,13 +193,6 @@ spec:
193193
minLength: 3
194194
pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$
195195
type: string
196-
presignedURLDuration:
197-
description: "PresignedURLDuration defines the duration for which
198-
presigned URLs are valid. \n This is used to generate presigned
199-
URLs for S3 Bucket objects, which are used by control-plane
200-
and worker nodes to fetch bootstrap data. \n When enabled, the
201-
IAM instance profiles specified are not used."
202-
type: string
203196
type: object
204197
loadBalancers:
205198
description: loadBalancers is optional configuration for configuring

config/crd/bases/infrastructure.cluster.x-k8s.io_ibmpowervsclustertemplates.yaml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -218,14 +218,6 @@ spec:
218218
minLength: 3
219219
pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$
220220
type: string
221-
presignedURLDuration:
222-
description: "PresignedURLDuration defines the duration
223-
for which presigned URLs are valid. \n This is used
224-
to generate presigned URLs for S3 Bucket objects, which
225-
are used by control-plane and worker nodes to fetch
226-
bootstrap data. \n When enabled, the IAM instance profiles
227-
specified are not used."
228-
type: string
229221
type: object
230222
loadBalancers:
231223
description: loadBalancers is optional configuration for configuring

docs/proposal/20231109-powervs-infra-creation.md

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -158,15 +158,6 @@ type VPCResourceReference struct {
158158

159159
// CosInstance represents IBM Cloud COS instance.
160160
type CosInstance struct {
161-
// PresignedURLDuration defines the duration for which presigned URLs are valid.
162-
//
163-
// This is used to generate presigned URLs for S3 Bucket objects, which are used by
164-
// control-plane and worker nodes to fetch bootstrap data.
165-
//
166-
// When enabled, the IAM instance profiles specified are not used.
167-
// +optional
168-
PresignedURLDuration *metav1.Duration `json:"presignedURLDuration,omitempty"`
169-
170161
// Name defines name of IBM cloud COS instance to be created.
171162
// +kubebuilder:validation:MinLength:=3
172163
// +kubebuilder:validation:MaxLength:=63

pkg/cloud/services/authenticator/authenticator.go

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,3 +57,22 @@ func GetProperties() (map[string]string, error) {
5757
}
5858
return properties, nil
5959
}
60+
61+
// GetIAMAuthenticator will get the IAM authenticator for ibmcloud.
62+
func GetIAMAuthenticator() (*core.IamAuthenticator, error) {
63+
props, err := GetProperties()
64+
if err != nil {
65+
return nil, fmt.Errorf("error while fetching service properties: %w", err)
66+
}
67+
68+
apiKey := props["APIKEY"]
69+
if len(apiKey) == 0 {
70+
fmt.Printf("ibmcloud api key is not provided, set %s environmental variable", "IBMCLOUD_API_KEY")
71+
}
72+
73+
auth := &core.IamAuthenticator{
74+
ApiKey: apiKey,
75+
}
76+
77+
return auth, nil
78+
}

pkg/cloud/services/cos/service.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,10 @@ import (
3333
)
3434

3535
// iamEndpoint represent the IAM authorisation URL.
36-
const iamEndpoint = "https://iam.cloud.ibm.com/identity/token"
36+
const (
37+
iamEndpoint = "https://iam.cloud.ibm.com/identity/token"
38+
cosURLDomain = "cloud-object-storage.appdomain.cloud"
39+
)
3740

3841
// Service holds the IBM Cloud Resource Controller Service specific information.
3942
type Service struct {
@@ -94,8 +97,7 @@ func NewService(options ServiceOptions, location, apikey, serviceInstance string
9497
if options.Options == nil {
9598
options.Options = &cosSession.Options{}
9699
}
97-
serviceEndpoint := fmt.Sprintf("s3.%s.cloud-object-storage.appdomain.cloud", location)
98-
100+
serviceEndpoint := fmt.Sprintf("s3.%s.%s", location, cosURLDomain)
99101
// TODO(karthik-k-n): handle URL
100102
options.Config = aws.Config{
101103
Endpoint: &serviceEndpoint,

0 commit comments

Comments
 (0)