Add config secret support

Author: Fedosin

cmd/plugin/cmd/init.go

@@ -52,11 +52,12 @@ type initOptions struct {
 	infrastructureProviders []string
 	// ipamProviders             []string
 	// runtimeExtensionProviders []string
-	addonProviders      []string
-	targetNamespace     string
-	validate            bool
-	waitProviders       bool
-	waitProviderTimeout int
+	addonProviders        []string
+	targetNamespace       string
+	configSecretName      string
+	configSecretNamespace string
+	waitProviders         bool
+	waitProviderTimeout   int
 }
 
 const (
@@ -142,12 +143,14 @@ func init() {
 		"Add-on providers and versions (e.g. helm:v0.1.0) to add to the management cluster.")
 	initCmd.Flags().StringVarP(&initOpts.targetNamespace, "target-namespace", "n", "capi-operator-system",
 		"The target namespace where the operator should be deployed. If unspecified, the 'capi-operator-system' namespace is used.")
+	initCmd.Flags().StringVar(&initOpts.configSecretName, "config-secret-name", "",
+		"The config secret name to be used for the management cluster.")
+	initCmd.Flags().StringVar(&initOpts.configSecretNamespace, "config-secret-namespace", "capi-operator-system",
+		"The config secret namespace to be used for the management cluster.")
 	initCmd.Flags().BoolVar(&initOpts.waitProviders, "wait-providers", false,
 		"Wait for providers to be installed.")
 	initCmd.Flags().IntVar(&initOpts.waitProviderTimeout, "wait-provider-timeout", 5*60,
 		"Wait timeout per provider installation in seconds. This value is ignored if --wait-providers is false")
-	initCmd.Flags().BoolVar(&initOpts.validate, "validate", true,
-		"If true, capioperator will validate that the deployments will succeed on the management cluster.")
 
 	RootCmd.AddCommand(initCmd)
 }
@@ -212,35 +215,35 @@ func runInit() error {
 func initProviders(ctx context.Context, client ctrlclient.Client, initOpts *initOptions) error {
 	// Deploy Core Provider.
 	if initOpts.coreProvider != "" {
-		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.CoreProviderType), initOpts.coreProvider, initOpts.targetNamespace); err != nil {
+		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.CoreProviderType), initOpts.coreProvider, initOpts.targetNamespace, initOpts.configSecretName, initOpts.configSecretNamespace); err != nil {
 			return fmt.Errorf("cannot create core provider: %w", err)
 		}
 	}
 
 	// Deploy Bootstrap Providers.
 	for _, bootstrapProvider := range initOpts.bootstrapProviders {
-		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.BootstrapProviderType), bootstrapProvider, initOpts.targetNamespace); err != nil {
+		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.BootstrapProviderType), bootstrapProvider, initOpts.targetNamespace, initOpts.configSecretName, initOpts.configSecretNamespace); err != nil {
 			return fmt.Errorf("cannot create bootstrap provider: %w", err)
 		}
 	}
 
 	// Deploy Infrastructure Providers.
 	for _, infrastructureProvider := range initOpts.infrastructureProviders {
-		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.InfrastructureProviderType), infrastructureProvider, initOpts.targetNamespace); err != nil {
+		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.InfrastructureProviderType), infrastructureProvider, initOpts.targetNamespace, initOpts.configSecretName, initOpts.configSecretNamespace); err != nil {
 			return fmt.Errorf("cannot create infrastructure provider: %w", err)
 		}
 	}
 
 	// Deploy Control Plane Providers.
 	for _, controlPlaneProvider := range initOpts.controlPlaneProviders {
-		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.ControlPlaneProviderType), controlPlaneProvider, initOpts.targetNamespace); err != nil {
+		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.ControlPlaneProviderType), controlPlaneProvider, initOpts.targetNamespace, initOpts.configSecretName, initOpts.configSecretNamespace); err != nil {
 			return fmt.Errorf("cannot create control plane provider: %w", err)
 		}
 	}
 
 	// Deploy Add-on Providers.
 	for _, addonProvider := range initOpts.addonProviders {
-		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.AddonProviderType), addonProvider, initOpts.targetNamespace); err != nil {
+		if err := createGenericProvider(ctx, client, newGenericProvider(clusterctlv1.AddonProviderType), addonProvider, initOpts.targetNamespace, initOpts.configSecretName, initOpts.configSecretNamespace); err != nil {
 			return fmt.Errorf("cannot create addon provider: %w", err)
 		}
 	}
@@ -375,7 +378,7 @@ func newGenericProvider(providerType clusterctlv1.ProviderType) genericprovider.
 }
 
 // createGenericProvider creates a generic provider.
-func createGenericProvider(ctx context.Context, client ctrlclient.Client, provider genericprovider.GenericProvider, providerInput string, defaultNamespace string) error {
+func createGenericProvider(ctx context.Context, client ctrlclient.Client, provider genericprovider.GenericProvider, providerInput, defaultNamespace, configSecretName, configSecretNamespace string) error {
 	// Parse the provider string
 	// Format is <provider-name>:<optional-namespace>:<optional-version>
 	// Example: aws:capa-system:v2.1.5 -> name: aws, namespace: capa-system, version: v2.1.5
@@ -421,6 +424,23 @@ func createGenericProvider(ctx context.Context, client ctrlclient.Client, provid
 		version = "latest"
 	}
 
+	// Set config secret
+	if configSecretName != "" {
+		spec := provider.GetSpec()
+
+		if configSecretNamespace == "" {
+			configSecretNamespace = defaultNamespace
+		}
+
+		spec.ConfigSecret = &operatorv1.SecretReference{
+			Name:      configSecretName,
+			Namespace: configSecretNamespace,
+		}
+		provider.SetSpec(spec)
+	} else if configSecretNamespace != "" {
+		return fmt.Errorf("cannot specify config secret namespace without config secret name")
+	}
+
 	// Ensure that desired namespace exists
 	if err := EnsureNamespaceExists(ctx, client, namespace); err != nil {
 		return fmt.Errorf("cannot ensure that namespace exists: %w", err)

cmd/plugin/cmd/init_test.go

@@ -175,7 +175,7 @@ func TestInitProviders(t *testing.T) {
 		{
 			name: "core provider",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", "v1.6.0"),
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", "v1.6.0", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
@@ -186,7 +186,7 @@ func TestInitProviders(t *testing.T) {
 		{
 			name: "core provider in default target namespace",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", "v1.6.0"),
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", "v1.6.0", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
@@ -197,7 +197,7 @@ func TestInitProviders(t *testing.T) {
 		{
 			name: "core provider without version",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", ""),
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", "", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
@@ -208,19 +208,54 @@ func TestInitProviders(t *testing.T) {
 		{
 			name: "core provider without namespace and version",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", ""),
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", "", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
 				coreProvider:    "cluster-api",
 				targetNamespace: "capi-operator-system",
 			},
 		},
+		{
+			name: "core provider with config secret",
+			wantedProviders: []genericprovider.GenericProvider{
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", "", "capi-secrets", ""),
+			},
+			wantErr: false,
+			opts: &initOptions{
+				coreProvider:     "cluster-api",
+				targetNamespace:  "capi-operator-system",
+				configSecretName: "capi-secrets",
+			},
+		},
+		{
+			name: "core provider with config secret in a custom namespace",
+			wantedProviders: []genericprovider.GenericProvider{
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-operator-system", "", "capi-secrets", "custom-namespace"),
+			},
+			wantErr: false,
+			opts: &initOptions{
+				coreProvider:          "cluster-api",
+				targetNamespace:       "capi-operator-system",
+				configSecretName:      "capi-secrets",
+				configSecretNamespace: "custom-namespace",
+			},
+		},
+		{
+			name:            "core provider with config secret namespace but with no name",
+			wantedProviders: []genericprovider.GenericProvider{},
+			wantErr:         true,
+			opts: &initOptions{
+				coreProvider:          "cluster-api",
+				targetNamespace:       "capi-operator-system",
+				configSecretNamespace: "custom-namespace",
+			},
+		},
 		{
 			name: "multiple providers of one type",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "aws", "capa-operator-system", ""),
-				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "docker", "capd-operator-system", ""),
+				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "aws", "capa-operator-system", "", "", ""),
+				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "docker", "capd-operator-system", "", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
@@ -234,12 +269,12 @@ func TestInitProviders(t *testing.T) {
 		{
 			name: "all providers",
 			wantedProviders: []genericprovider.GenericProvider{
-				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", "v1.6.0"),
-				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "aws", "capa-operator-system", ""),
-				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "docker", "capd-operator-system", ""),
-				generateGenericProvider(clusterctlv1.ControlPlaneProviderType, "kubeadm", "kcp-system", ""),
-				generateGenericProvider(clusterctlv1.BootstrapProviderType, "kubeadm", "bootstrap-system", ""),
-				generateGenericProvider(clusterctlv1.AddonProviderType, "helm", "caaph-system", ""),
+				generateGenericProvider(clusterctlv1.CoreProviderType, "cluster-api", "capi-system", "v1.6.0", "", ""),
+				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "aws", "capa-operator-system", "", "", ""),
+				generateGenericProvider(clusterctlv1.InfrastructureProviderType, "docker", "capd-operator-system", "", "", ""),
+				generateGenericProvider(clusterctlv1.ControlPlaneProviderType, "kubeadm", "kcp-system", "", "", ""),
+				generateGenericProvider(clusterctlv1.BootstrapProviderType, "kubeadm", "bootstrap-system", "", "", ""),
+				generateGenericProvider(clusterctlv1.AddonProviderType, "helm", "caaph-system", "", "", ""),
 			},
 			wantErr: false,
 			opts: &initOptions{
@@ -450,7 +485,7 @@ func TestDeployCAPIOperator(t *testing.T) {
 	}
 }
 
-func generateGenericProvider(providerType clusterctlv1.ProviderType, name, namespace, version string) genericprovider.GenericProvider {
+func generateGenericProvider(providerType clusterctlv1.ProviderType, name, namespace, version, configSecretName, configSecretNamespace string) genericprovider.GenericProvider {
 	genericProvider := newGenericProvider(providerType)
 
 	genericProvider.SetName(name)
@@ -459,6 +494,10 @@ func generateGenericProvider(providerType clusterctlv1.ProviderType, name, names
 
 	spec := genericProvider.GetSpec()
 	spec.Version = version
+	spec.ConfigSecret = &operatorv1.SecretReference{
+		Name:      configSecretName,
+		Namespace: configSecretNamespace,
+	}
 	genericProvider.SetSpec(spec)
 
 	return genericProvider