Fix issue with registries required fields

Signed-off-by: Alberto Morgante Medina <alberto.morgante@suse.com>
rancher · Jul 5, 2024 · 9889a88 · 9889a88
1 parent 07eef9b
commit 9889a88
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 18 deletions.
diff --git a/pkg/rke2/registries.go b/pkg/rke2/registries.go
@@ -69,24 +69,38 @@ func GenerateRegistries(rke2ConfigRegistry RegistryScope) (*Registry, []bootstra
 				return &Registry{}, []bootstrapv1.File{}, err
 			}
 
-			for _, secretEntry := range []string{"tls.crt", "tls.key", "ca.crt"} {
-				if tlsSecret.Data[secretEntry] == nil {
-					rke2ConfigRegistry.Logger.Error(err, "TLS Secret for the registry is missing entries!", "secret-missing-entry", secretEntry)
+			isCert := tlsSecret.Data["ca.crt"] != nil
+			isSkipVerify := tlsSecret.Data["insecureSkipVerify"] != nil
 
-					return &Registry{}, []bootstrapv1.File{}, err
-				}
+			ok := isCert || isSkipVerify
+
+			if !ok {
+				rke2ConfigRegistry.Logger.Error(
+					err,
+					"TLS Secret for the registry is missing entries! Possible entries are: \"ca.crt\" (with optional: \"tls.crt\" and \"tls.key\") OR \"insecureSkipVerify\"",
+					"secret-entries", bsutil.GetMapKeysAsString(tlsSecret.Data))
 
-				files = append(files, bootstrapv1.File{
-					Path:    registryCertsPath + "/" + secretEntry,
-					Content: string(tlsSecret.Data[secretEntry]),
-				})
+				return &Registry{}, []bootstrapv1.File{}, err
 			}
 
-			registryConfig.TLS = &TLSConfig{
-				InsecureSkipVerify: regConfig.TLS.InsecureSkipVerify,
-				CAFile:             registryCertsPath + "/" + "ca.crt",
-				CertFile:           registryCertsPath + "/" + "tls.crt",
-				KeyFile:            registryCertsPath + "/" + "tls.key",
+			for _, secretEntry := range []string{"tls.crt", "tls.key", "ca.crt"} {
+				if tlsSecret.Data[secretEntry] != nil {
+					files = append(files, bootstrapv1.File{
+						Path:    registryCertsPath + "/" + secretEntry,
+						Content: string(tlsSecret.Data[secretEntry]),
+					})
+					switch secretEntry {
+					case "tls.crt":
+						registryConfig.TLS.CertFile = registryCertsPath + "/" + "tls.crt"
+					case "tls.key":
+						registryConfig.TLS.KeyFile = registryCertsPath + "/" + "tls.key"
+					case "ca.crt":
+						registryConfig.TLS.CAFile = registryCertsPath + "/" + "ca.crt"
+					}
+				}
+			}
+			if regConfig.TLS.InsecureSkipVerify {
+				registryConfig.TLS.InsecureSkipVerify = regConfig.TLS.InsecureSkipVerify
 			}
 		}
 

diff --git a/pkg/rke2/registries_types.go b/pkg/rke2/registries_types.go
@@ -54,10 +54,10 @@ type AuthConfig struct {
 
 // TLSConfig contains the CA/Cert/Key used for a registry.
 type TLSConfig struct {
-	CAFile             string `json:"ca_file"              toml:"ca_file"              yaml:"ca_file"`
-	CertFile           string `json:"cert_file"            toml:"cert_file"            yaml:"cert_file"`
-	KeyFile            string `json:"key_file"             toml:"key_file"             yaml:"key_file"`
-	InsecureSkipVerify bool   `json:"insecure_skip_verify" toml:"insecure_skip_verify" yaml:"insecure_skip_verify"`
+	CAFile             string `json:"ca_file,omitempty"              toml:"ca_file"              yaml:"ca_file,omitempty"`
+	CertFile           string `json:"cert_file,omitempty"            toml:"cert_file"            yaml:"cert_file,omitempty"`
+	KeyFile            string `json:"key_file,omitempty"             toml:"key_file"             yaml:"key_file,omitempty"`
+	InsecureSkipVerify bool   `json:"insecure_skip_verify,omitempty" toml:"insecure_skip_verify" yaml:"insecure_skip_verify,omitempty"`
 }
 
 // Registry is registry settings including mirrors, TLS, and credentials.