Merge pull request #1768 from shiftstack/issue-1759

k8s-ci-robot · web-flow · commit a44323cc3cb2 · 2024-01-10T16:04:59.000+01:00
🐛 Fall back to cluster identityRef in absence of machine identityRef
diff --git a/api/v1alpha7/openstackmachine_types.go b/api/v1alpha7/openstackmachine_types.go
@@ -93,7 +93,8 @@ type OpenStackMachineSpec struct {
 	// The server group to assign the machine to
 	ServerGroupID string `json:"serverGroupID,omitempty"`
 
-	// IdentityRef is a reference to a identity to be used when reconciling this cluster
+	// IdentityRef is a reference to a identity to be used when reconciling this cluster.
+	// If not specified, the identity ref of the cluster will be used instead.
 	// +optional
 	IdentityRef *OpenStackIdentityReference `json:"identityRef,omitempty"`
 }
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
@@ -3849,7 +3849,8 @@ spec:
                         type: string
                       identityRef:
                         description: IdentityRef is a reference to a identity to be
-                          used when reconciling this cluster
+                          used when reconciling this cluster. If not specified, the
+                          identity ref of the cluster will be used instead.
                         properties:
                           kind:
                             description: Kind of the identity. Must be supported by
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
@@ -1695,7 +1695,9 @@ spec:
                                 type: string
                               identityRef:
                                 description: IdentityRef is a reference to a identity
-                                  to be used when reconciling this cluster
+                                  to be used when reconciling this cluster. If not
+                                  specified, the identity ref of the cluster will
+                                  be used instead.
                                 properties:
                                   kind:
                                     description: Kind of the identity. Must be supported
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml
@@ -1233,7 +1233,8 @@ spec:
                 type: string
               identityRef:
                 description: IdentityRef is a reference to a identity to be used when
-                  reconciling this cluster
+                  reconciling this cluster. If not specified, the identity ref of
+                  the cluster will be used instead.
                 properties:
                   kind:
                     description: Kind of the identity. Must be supported by the infrastructure
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml
@@ -1037,7 +1037,8 @@ spec:
                         type: string
                       identityRef:
                         description: IdentityRef is a reference to a identity to be
-                          used when reconciling this cluster
+                          used when reconciling this cluster. If not specified, the
+                          identity ref of the cluster will be used instead.
                         properties:
                           kind:
                             description: Kind of the identity. Must be supported by
diff --git a/controllers/openstackmachine_controller.go b/controllers/openstackmachine_controller.go
@@ -140,7 +140,7 @@ func (r *OpenStackMachineReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		}
 	}()
 
-	scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, r.CaCertificates, log)
+	scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, infraCluster, r.CaCertificates, log)
 	if err != nil {
 		return reconcile.Result{}, err
 	}
diff --git a/pkg/scope/mock.go b/pkg/scope/mock.go
@@ -66,7 +66,7 @@ func (f *MockScopeFactory) SetClientScopeCreateError(err error) {
 	f.clientScopeCreateError = err
 }
 
-func (f *MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ *infrav1.OpenStackMachine, _ []byte, _ logr.Logger) (Scope, error) {
+func (f *MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ *infrav1.OpenStackMachine, _ *infrav1.OpenStackCluster, _ []byte, _ logr.Logger) (Scope, error) {
 	if f.clientScopeCreateError != nil {
 		return nil, f.clientScopeCreateError
 	}
diff --git a/pkg/scope/provider.go b/pkg/scope/provider.go
@@ -52,7 +52,7 @@ type providerScopeFactory struct {
 	clientCache *cache.LRUExpireCache
 }
 
-func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error) {
+func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error) {
 	var cloud clientconfig.Cloud
 	var caCert []byte
 
@@ -62,6 +62,12 @@ func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ct
 		if err != nil {
 			return nil, err
 		}
+	} else if openStackCluster.Spec.IdentityRef != nil {
+		var err error
+		cloud, caCert, err = getCloudFromSecret(ctx, ctrlClient, openStackCluster.Namespace, openStackCluster.Spec.IdentityRef.Name, openStackCluster.Spec.CloudName)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if caCert == nil {
diff --git a/pkg/scope/scope.go b/pkg/scope/scope.go
@@ -41,7 +41,7 @@ func NewFactory(maxCacheSize int) Factory {
 
 // Factory instantiates a new Scope using credentials from either a cluster or a machine.
 type Factory interface {
-	NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error)
+	NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error)
 	NewClientScopeFromCluster(ctx context.Context, ctrlClient client.Client, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,8 @@ type OpenStackMachineSpec struct {`
`93`	`93`	`// The server group to assign the machine to`
`94`	`94`	ServerGroupID string `json:"serverGroupID,omitempty"`
`95`	`95`
`96`		`- // IdentityRef is a reference to a identity to be used when reconciling this cluster`
	`96`	`+ // IdentityRef is a reference to a identity to be used when reconciling this cluster.`
	`97`	`+ // If not specified, the identity ref of the cluster will be used instead.`
`97`	`98`	`// +optional`
`98`	`99`	IdentityRef *OpenStackIdentityReference `json:"identityRef,omitempty"`
`99`	`100`	`}`
Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,7 @@ func (r *OpenStackMachineReconciler) Reconcile(ctx context.Context, req ctrl.Req`
`140`	`140`	`}`
`141`	`141`	`}()`
`142`	`142`
`143`		`- scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, r.CaCertificates, log)`
	`143`	`+ scope, err := r.ScopeFactory.NewClientScopeFromMachine(ctx, r.Client, openStackMachine, infraCluster, r.CaCertificates, log)`
`144`	`144`	`if err != nil {`
`145`	`145`	`return reconcile.Result{}, err`
`146`	`146`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (f *MockScopeFactory) SetClientScopeCreateError(err error) {`
`66`	`66`	`f.clientScopeCreateError = err`
`67`	`67`	`}`
`68`	`68`
`69`		`-func (f MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ infrav1.OpenStackMachine, _ []byte, _ logr.Logger) (Scope, error) {`
	`69`	`+func (f MockScopeFactory) NewClientScopeFromMachine(_ context.Context, _ client.Client, _ infrav1.OpenStackMachine, _ *infrav1.OpenStackCluster, _ []byte, _ logr.Logger) (Scope, error) {`
`70`	`70`	`if f.clientScopeCreateError != nil {`
`71`	`71`	`return nil, f.clientScopeCreateError`
`72`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ type providerScopeFactory struct {`
`52`	`52`	`clientCache *cache.LRUExpireCache`
`53`	`53`	`}`
`54`	`54`
`55`		`-func (f providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error) {`
	`55`	`+func (f providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine infrav1.OpenStackMachine, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error) {`
`56`	`56`	`var cloud clientconfig.Cloud`
`57`	`57`	`var caCert []byte`
`58`	`58`
`@@ -62,6 +62,12 @@ func (f *providerScopeFactory) NewClientScopeFromMachine(ctx context.Context, ct`
`62`	`62`	`if err != nil {`
`63`	`63`	`return nil, err`
`64`	`64`	`}`
	`65`	`+ } else if openStackCluster.Spec.IdentityRef != nil {`
	`66`	`+ var err error`
	`67`	`+ cloud, caCert, err = getCloudFromSecret(ctx, ctrlClient, openStackCluster.Namespace, openStackCluster.Spec.IdentityRef.Name, openStackCluster.Spec.CloudName)`
	`68`	`+ if err != nil {`
	`69`	`+ return nil, err`
	`70`	`+ }`
`65`	`71`	`}`
`66`	`72`
`67`	`73`	`if caCert == nil {`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func NewFactory(maxCacheSize int) Factory {`
`41`	`41`
`42`	`42`	`// Factory instantiates a new Scope using credentials from either a cluster or a machine.`
`43`	`43`	`type Factory interface {`
`44`		`- NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine *infrav1.OpenStackMachine, defaultCACert []byte, logger logr.Logger) (Scope, error)`
	`44`	`+ NewClientScopeFromMachine(ctx context.Context, ctrlClient client.Client, openStackMachine infrav1.OpenStackMachine, openStackCluster infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error)`
`45`	`45`	`NewClientScopeFromCluster(ctx context.Context, ctrlClient client.Client, openStackCluster *infrav1.OpenStackCluster, defaultCACert []byte, logger logr.Logger) (Scope, error)`
`46`	`46`	`}`
`47`	`47`