types: allow manual cred mode for gcp and azure

Allow the user to set `credentialsMode` to "Manual" when installing on GCP and Azure. The cloud-credential-operator has support for the manual mode on those platforms.
openshift · Oct 2, 2020 · b094e14 · b094e14
1 parent e1fe5b5
commit b094e14
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 17 deletions.
diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -639,8 +639,8 @@ spec:
               \"Manual\": CredentialsRequests must be handled manually by the user
               \n For each of the following platforms, the field can set to the specified
               values. For all other platforms, the field must not be set. AWS: \"Mint\",
-              \"Passthrough\", \"Manual\" Azure: \"Mint\", \"Passthrough\" GCP: \"Mint\",
-              \"Passthrough\""
+              \"Passthrough\", \"Manual\" Azure: \"Mint\", \"Passthrough\", \"Manual\"
+              GCP: \"Mint\", \"Passthrough\", \"Manual\""
             enum:
             - ""
             - Mint

diff --git a/pkg/explain/printer_test.go b/pkg/explain/printer_test.go
@@ -40,7 +40,7 @@ func Test_PrintFields(t *testing.T) {
       CredentialsMode is used to explicitly set the mode with which CredentialRequests are satisfied. 
  If this field is set, then the installer will not attempt to query the cloud permissions before attempting installation. If the field is not set or empty, then the installer will perform its normal verification that the credentials provided are sufficient to perform an installation. 
  There are three possible values for this field, but the valid values are dependent upon the platform being used. "Mint": create new credentials with a subset of the overall permissions for each CredentialsRequest "Passthrough": copy the credentials with all of the overall permissions for each CredentialsRequest "Manual": CredentialsRequests must be handled manually by the user 
- For each of the following platforms, the field can set to the specified values. For all other platforms, the field must not be set. AWS: "Mint", "Passthrough", "Manual" Azure: "Mint", "Passthrough" GCP: "Mint", "Passthrough"
+ For each of the following platforms, the field can set to the specified values. For all other platforms, the field must not be set. AWS: "Mint", "Passthrough", "Manual" Azure: "Mint", "Passthrough", "Manual" GCP: "Mint", "Passthrough", "Manual"
 
     fips <boolean>
       Default: false

diff --git a/pkg/types/installconfig.go b/pkg/types/installconfig.go
@@ -135,8 +135,8 @@ type InstallConfig struct {
 	// For each of the following platforms, the field can set to the specified values. For all other platforms, the
 	// field must not be set.
 	// AWS: "Mint", "Passthrough", "Manual"
-	// Azure: "Mint", "Passthrough"
-	// GCP: "Mint", "Passthrough"
+	// Azure: "Mint", "Passthrough", "Manual"
+	// GCP: "Mint", "Passthrough", "Manual"
 	// +optional
 	CredentialsMode CredentialsMode `json:"credentialsMode,omitempty"`
 }

diff --git a/pkg/types/validation/installconfig.go b/pkg/types/validation/installconfig.go
@@ -528,8 +528,8 @@ func validateCloudCredentialsMode(mode types.CredentialsMode, fldPath *field.Pat
 	// for the platform. If a platform name is not in the map, then the credentials mode cannot be set for that platform.
 	validPlatformCredentialsModes := map[string][]types.CredentialsMode{
 		aws.Name:   {types.MintCredentialsMode, types.PassthroughCredentialsMode, types.ManualCredentialsMode},
-		azure.Name: {types.MintCredentialsMode, types.PassthroughCredentialsMode},
-		gcp.Name:   {types.MintCredentialsMode, types.PassthroughCredentialsMode},
+		azure.Name: {types.MintCredentialsMode, types.PassthroughCredentialsMode, types.ManualCredentialsMode},
+		gcp.Name:   {types.MintCredentialsMode, types.PassthroughCredentialsMode, types.ManualCredentialsMode},
 	}
 	if validModes, ok := validPlatformCredentialsModes[platform]; ok {
 		validModesSet := sets.NewString()

diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go
@@ -962,16 +962,6 @@ func TestValidateInstallConfig(t *testing.T) {
 				return c
 			}(),
 		},
-		{
-			name: "unsupported manual cloud credentials mode",
-			installConfig: func() *types.InstallConfig {
-				c := validInstallConfig()
-				c.Platform = types.Platform{GCP: validGCPPlatform()}
-				c.CredentialsMode = types.ManualCredentialsMode
-				return c
-			}(),
-			expectedError: `^credentialsMode: Unsupported value: "Manual": supported values: "Mint", "Passthrough"$`,
-		},
 		{
 			name: "invalidly set cloud credentials mode",
 			installConfig: func() *types.InstallConfig {