Merge pull request #30 from andfasano/fix-secret-retrieval

Bug 2039227: Fetch secret from mounted file when env var is not specified
openshift · Jan 11, 2022 · e822fe2 · e822fe2
2 parents 778f0a2 + 8342a7e
commit e822fe2
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 7 deletions.
diff --git a/cmd/static-server/main.go b/cmd/static-server/main.go
@@ -16,7 +16,7 @@ package main
 
 import (
 	"flag"
-	"io/ioutil"
+	"io/fs"
 	"net/http"
 	"net/url"
 	"os"
@@ -39,13 +39,24 @@ var (
 	log = ctrl.Log.WithName("static-server")
 )
 
-func loadStaticNMState(env *env.EnvInputs, nmstateDir string, imageServer imagehandler.ImageHandler) error {
+func loadStaticNMState(fsys fs.FS, env *env.EnvInputs, nmstateDir string, imageServer imagehandler.ImageHandler) error {
 	registries, err := env.RegistriesConf()
 	if err != nil {
 		return err
 	}
 
-	files, err := ioutil.ReadDir(nmstateDir)
+	// If not defined via env var, look for the mounted secret file
+	pullSecret := env.IronicAgentPullSecret
+	if env.IronicAgentPullSecret == "" {
+		pullSecretRaw, err := fs.ReadFile(fsys, "run/secrets/pull-secret")
+		if err != nil {
+			return errors.Wrap(err, "unable to read secret")
+		}
+		pullSecret = string(pullSecretRaw)
+	}
+
+	nmstateDir = strings.Trim(nmstateDir, "/")
+	files, err := fs.ReadDir(fsys, nmstateDir)
 	if err != nil {
 		return errors.WithMessagef(err, "problem reading %s", nmstateDir)
 	}
@@ -54,14 +65,14 @@ func loadStaticNMState(env *env.EnvInputs, nmstateDir string, imageServer imageh
 		if f.IsDir() {
 			continue
 		}
-		b, err := os.ReadFile(path.Join(nmstateDir, f.Name()))
+		b, err := fs.ReadFile(fsys, path.Join(nmstateDir, f.Name()))
 		if err != nil {
 			return errors.WithMessagef(err, "problem reading %s", path.Join(nmstateDir, f.Name()))
 		}
 		igBuilder, err := ignition.New(b, registries,
 			env.IronicBaseURL,
 			env.IronicAgentImage,
-			env.IronicAgentPullSecret,
+			pullSecret,
 			env.IronicRAMDiskSSHKey,
 		)
 		if err != nil {
@@ -127,7 +138,7 @@ func main() {
 	imageServer := imagehandler.NewImageHandler(ctrl.Log.WithName("ImageHandler"), env.DeployISO, env.DeployInitrd, publishURL)
 	http.Handle("/", http.FileServer(imageServer.FileSystem()))
 
-	if err := loadStaticNMState(env, nmstateDir, imageServer); err != nil {
+	if err := loadStaticNMState(os.DirFS("/"), env, nmstateDir, imageServer); err != nil {
 		log.Error(err, "problem loading static ignitions")
 		os.Exit(1)
 	}

diff --git a/cmd/static-server/main_test.go b/cmd/static-server/main_test.go
@@ -19,6 +19,7 @@ import (
 	"net/http"
 	"reflect"
 	"testing"
+	"testing/fstest"
 
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 
@@ -54,7 +55,15 @@ func TestLoadStaticNMState(t *testing.T) {
 		IronicBaseURL:    "http://example.com",
 		IronicAgentImage: "quay.io/tantsur/ironic-agent",
 	}
-	if err := loadStaticNMState(env, "../../test/data", fifs); err != nil {
+
+	fs := fstest.MapFS{
+		"run/secrets/pull-secret": {},
+		"tmp/nmstate/nm0":         {},
+		"tmp/nmstate/nm1":         {},
+		"tmp/nmstate/nm2":         {},
+	}
+
+	if err := loadStaticNMState(fs, env, "/tmp/nmstate/", fifs); err != nil {
 		t.Errorf("loadStaticNMState() error = %v", err)
 	}
 	if !reflect.DeepEqual(fifs.imagesServed, []string{"nm0.iso", "nm0.initramfs", "nm1.iso", "nm1.initramfs", "nm2.iso", "nm2.initramfs"}) {

diff --git a/test/data/nm0.yaml b/test/data/nm0.yaml
diff --git a/test/data/nm1.yaml b/test/data/nm1.yaml
diff --git a/test/data/nm2.yaml b/test/data/nm2.yaml