Bug 1813949: ignore local env variables when we create a service client

This commit explicitly disables reading auth data from env variables by setting an invalid EnvPrefix. By doing this, we make sure that the data from clouds.yaml is enough to authenticate. By doing this we don't have to unset OS_CLOUD env variable explicitly anymore. Ref https://issues.redhat.com/browse/OSASINFRA-2152
openshift · Dec 2, 2020 · 6e26d44 · 6e26d44
1 parent 64ec239
commit 6e26d44
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 31 deletions.
diff --git a/pkg/asset/installconfig/openstack/openstack.go b/pkg/asset/installconfig/openstack/openstack.go
@@ -2,7 +2,6 @@
 package openstack
 
 import (
-	"os"
 	"sort"
 	"strings"
 
@@ -46,11 +45,6 @@ func Platform() (*openstack.Platform, error) {
 		return nil, errors.Wrap(err, "failed UserInput")
 	}
 
-	// We should unset OS_CLOUD env variable here, because the real cloud name was defined
-	// on the previous step. OS_CLOUD has more priority, so the value from "cloud" variable
-	// will be ignored if OS_CLOUD contains something.
-	os.Unsetenv("OS_CLOUD")
-
 	networkNames, err := getExternalNetworkNames(cloud)
 	if err != nil {
 		return nil, err

diff --git a/pkg/asset/installconfig/openstack/session.go b/pkg/asset/installconfig/openstack/session.go
@@ -2,7 +2,6 @@
 package openstack
 
 import (
-	"os"
 	"sync"
 
 	"github.com/pkg/errors"
@@ -23,11 +22,6 @@ type Session struct {
 func GetSession(cloudName string) (*Session, error) {
 	opts := defaultClientOpts(cloudName)
 
-	// We should unset OS_CLOUD env variable here, because the real cloud name was
-	// defined on the previous step. OS_CLOUD has more priority, so the value from
-	// "opts" variable will be ignored if OS_CLOUD contains something.
-	os.Unsetenv("OS_CLOUD")
-
 	cloudConfig, err := clientconfig.GetCloudFromYAML(opts)
 	if err != nil {
 		return nil, err
@@ -41,6 +35,10 @@ func defaultClientOpts(cloudName string) *clientconfig.ClientOpts {
 	opts := new(clientconfig.ClientOpts)
 	opts.Cloud = cloudName
 	opts.YAMLOpts = new(yamlLoadOpts)
+	// We explicitly disable reading auth data from env variables by setting an invalid EnvPrefix.
+	// By doing this, we make sure that the data from clouds.yaml is enough to authenticate.
+	// For more information: https://github.com/gophercloud/utils/blob/8677e053dcf1f05d0fa0a616094aace04690eb94/openstack/clientconfig/requests.go#L508
+	opts.EnvPrefix = "NO_ENV_VARIABLES_"
 	return opts
 }
 

diff --git a/pkg/asset/installconfig/openstack/validation/cloudinfo.go b/pkg/asset/installconfig/openstack/validation/cloudinfo.go
@@ -2,7 +2,6 @@ package validation
 
 import (
 	"net/url"
-	"os"
 	"strings"
 
 	"github.com/gophercloud/gophercloud"
@@ -57,10 +56,10 @@ func GetCloudInfo(ic *types.InstallConfig) (*CloudInfo, error) {
 
 	opts := &clientconfig.ClientOpts{Cloud: ic.OpenStack.Cloud}
 
-	// We should unset OS_CLOUD env variable here, because the real cloud name was
-	// defined on the previous step. OS_CLOUD has more priority, so the value from
-	// "opts" variable will be ignored if OS_CLOUD contains something.
-	os.Unsetenv("OS_CLOUD")
+	// We explicitly disable reading auth data from env variables by setting an invalid EnvPrefix.
+	// By doing this, we make sure that the data from clouds.yaml is enough to authenticate.
+	// For more information: https://github.com/gophercloud/utils/blob/8677e053dcf1f05d0fa0a616094aace04690eb94/openstack/clientconfig/requests.go#L508
+	opts.EnvPrefix = "NO_ENV_VARIABLES_"
 
 	ci.clients.networkClient, err = clientconfig.NewServiceClient("network", opts)
 	if err != nil {

diff --git a/pkg/asset/installconfig/openstack/validvaluesfetcher.go b/pkg/asset/installconfig/openstack/validvaluesfetcher.go
@@ -28,9 +28,7 @@ func getCloudNames() ([]string, error) {
 // getExternalNetworkNames interrogates OpenStack to get the external network
 // names.
 func getExternalNetworkNames(cloud string) ([]string, error) {
-	conn, err := clientconfig.NewServiceClient("network", &clientconfig.ClientOpts{
-		Cloud: cloud,
-	})
+	conn, err := clientconfig.NewServiceClient("network", defaultValidValuesFetcherClientOpts(cloud))
 	if err != nil {
 		return nil, err
 	}
@@ -61,9 +59,7 @@ func getExternalNetworkNames(cloud string) ([]string, error) {
 
 // getFlavorNames gets a list of valid flavor names.
 func getFlavorNames(cloud string) ([]string, error) {
-	conn, err := clientconfig.NewServiceClient("compute", &clientconfig.ClientOpts{
-		Cloud: cloud,
-	})
+	conn, err := clientconfig.NewServiceClient("compute", defaultValidValuesFetcherClientOpts(cloud))
 	if err != nil {
 		return nil, err
 	}
@@ -91,9 +87,7 @@ func getFlavorNames(cloud string) ([]string, error) {
 	return flavorNames, nil
 }
 func getFloatingIPNames(cloud string, floatingNetworkName string) ([]string, error) {
-	conn, err := clientconfig.NewServiceClient("network", &clientconfig.ClientOpts{
-		Cloud: cloud,
-	})
+	conn, err := clientconfig.NewServiceClient("network", defaultValidValuesFetcherClientOpts(cloud))
 	if err != nil {
 		return nil, err
 	}
@@ -131,3 +125,13 @@ func getFloatingIPNames(cloud string, floatingNetworkName string) ([]string, err
 
 	return floatingIPNames, nil
 }
+
+func defaultValidValuesFetcherClientOpts(cloudName string) *clientconfig.ClientOpts {
+	opts := new(clientconfig.ClientOpts)
+	opts.Cloud = cloudName
+	// We explicitly disable reading auth data from env variables by setting an invalid EnvPrefix.
+	// By doing this, we make sure that the data from clouds.yaml is enough to authenticate.
+	// For more information: https://github.com/gophercloud/utils/blob/8677e053dcf1f05d0fa0a616094aace04690eb94/openstack/clientconfig/requests.go#L508
+	opts.EnvPrefix = "NO_ENV_VARIABLES_"
+	return opts
+}
diff --git a/pkg/destroy/openstack/openstack.go b/pkg/destroy/openstack/openstack.go
@@ -103,13 +103,12 @@ func (o *ClusterUninstaller) Run() error {
 
 	opts := &clientconfig.ClientOpts{
 		Cloud: o.Cloud,
+		// We explicitly disable reading auth data from env variables by setting an invalid EnvPrefix.
+		// By doing this, we make sure that the data from clouds.yaml is enough to authenticate.
+		// For more information: https://github.com/gophercloud/utils/blob/8677e053dcf1f05d0fa0a616094aace04690eb94/openstack/clientconfig/requests.go#L508
+		EnvPrefix: "NO_ENV_VARIABLES_",
 	}
 
-	// We should unset OS_CLOUD env variable here, because the real cloud name was
-	// defined on the previous step. OS_CLOUD has more priority, so the value from
-	// "opts" variable will be ignored if OS_CLOUD contains something.
-	os.Unsetenv("OS_CLOUD")
-
 	// launch goroutines
 	for name, function := range deleteFuncs {
 		go deleteRunner(name, function, opts, o.Filter, o.Logger, returnChannel)