Address comments

Signed-off-by: Wenqi Qiu <[email protected]>

.gitignore

@@ -52,5 +52,3 @@ coverage.txt
 /build
 /packages/package-values-sha256.yaml
 /packages/**/.imgpkg
-
-/vendor

addons/controllers/antrea/antreaconfig_util.go

@@ -303,32 +303,39 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An
 			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxManagers = config.Spec.AntreaNsx.BootstrapFrom.Inline.NsxManagers
 			configSpec.AntreaNsx.BootstrapFrom.Inline.ClusterName = config.Spec.AntreaNsx.BootstrapFrom.Inline.ClusterName
 			// NSX cert
-			secret := &corev1.Secret{}
-			err = client.Get(context.TODO(), types.NamespacedName{
-				Namespace: config.Namespace,
-				Name:      config.Name,
-			}, secret)
+			secret, err := getNSXCert(client, config.Name, config.Namespace)
 			if err != nil {
 				return configSpec, err
 			}
-			if secret.Data == nil {
-				return configSpec, fmt.Errorf("missing secret data")
-			}
-			if _, ok := secret.Data["tls.crt"]; !ok {
-				return configSpec, fmt.Errorf("missing tls.crt")
-			}
 			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSCert = string(secret.Data["tls.crt"])
-			if _, ok := secret.Data["tls.key"]; !ok {
-				return configSpec, fmt.Errorf("missing tls.key")
-			}
 			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSKey = string(secret.Data["tls.key"])
 		} else if config.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil {
 			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.ApiVersion = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup
 			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Kind = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind
 			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Name = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Name
 		}
-		configSpec.AntreaNsx.AntreaNsxConfig.InfraType = config.Spec.AntreaNsx.AntreaNsxConfig.InfraType
+
 	}
 
 	return configSpec, nil
 }
+
+func getNSXCert(client client.Client, secretName, secretNamespace string) (secret *corev1.Secret, err error) {
+	secret = &corev1.Secret{}
+	if err := client.Get(context.TODO(), types.NamespacedName{
+		Namespace: secretNamespace,
+		Name:      secretName,
+	}, secret); err != nil {
+		return nil, err
+	}
+	if secret.Data == nil {
+		return nil, fmt.Errorf("missing secret data")
+	}
+	if _, ok := secret.Data["tls.crt"]; !ok {
+		return nil, fmt.Errorf("missing tls.crt")
+	}
+	if _, ok := secret.Data["tls.key"]; !ok {
+		return nil, fmt.Errorf("missing tls.key")
+	}
+	return secret, nil
+}

addons/controllers/antrea/antreaconfig_util_test.go

@@ -0,0 +1,48 @@
+package controllers
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+func TestGetNSXCert(t *testing.T) {
+	fakeClient := fake.NewFakeClientWithScheme(scheme.Scheme)
+
+	secretName := "test-secret"
+	secretNamespace := "test-namespace"
+	testSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: secretNamespace,
+		},
+		Data: map[string][]byte{
+			"tls.crt": []byte("fake-certificate-data"),
+			"tls.key": []byte("fake-key-data"),
+		},
+	}
+	if err := fakeClient.Create(context.Background(), testSecret); err != nil {
+		t.Fatalf("failed to create test secret: %v", err)
+	}
+
+	returnedSecret, err := getNSXCert(fakeClient, secretName, secretNamespace)
+	require.NoError(t, err, "getNSXCert returned an unexpected error")
+	require.NotNil(t, returnedSecret, "getNSXCert returned a nil secret")
+
+	assert.Equal(t, secretName, returnedSecret.Name, "returned secret has unexpected name")
+	assert.Equal(t, secretNamespace, returnedSecret.Namespace, "returned secret has unexpected namespace")
+	assert.Equal(t, 2, len(returnedSecret.Data), "returned secret has unexpected number of data fields")
+
+	if _, ok := returnedSecret.Data["tls.crt"]; !ok {
+		t.Error("returned secret missing tls.crt field")
+	}
+	if _, ok := returnedSecret.Data["tls.key"]; !ok {
+		t.Error("returned secret missing tls.key field")
+	}
+}

addons/go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/onsi/gomega v1.20.2
 	github.com/oracle/cluster-api-provider-oci v0.6.0
 	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.8.0
 	github.com/vmware-tanzu/carvel-kapp-controller v0.35.0
 	github.com/vmware-tanzu/carvel-secretgen-controller v0.5.0
 	github.com/vmware-tanzu/carvel-vendir v0.26.0
@@ -91,6 +92,7 @@ require (
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/oracle/oci-go-sdk/v65 v65.18.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect

addons/go.sum

@@ -856,6 +856,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -865,6 +866,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=

providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-overlay.yaml → providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-overlay.yaml

@@ -47,26 +47,6 @@ data:
   ccp-adapter.conf: #@ yaml.encode(antrea_interworking_ccp_adapter_conf())
 
 
-#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name": "interworking"}})
-#@ if/end values.antrea_nsx.enable:
----
-kind: Deployment
-metadata:
-  #@overlay/match missing_ok=True
-  annotations:
-    kapp.k14s.io/disable-default-label-scoping-rules: ""
-
-
-#@overlay/match by=overlay.subset({"kind":"Job","metadata":{"name": "register"}})
-#@ if/end values.antrea_nsx.enable:
----
-kind: Job
-metadata:
-  #@overlay/match missing_ok=True
-  annotations:
-    kapp.k14s.io/disable-default-label-scoping-rules: ""
-
-
 #! Antrea-interworking-config
 #@overlay/match by=overlay.subset({"metadata":{"namespace": "vmware-system-antrea"}}), expects=10
 #@ if/end values.antrea_nsx.enable == False:

providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml → providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml

@@ -156,20 +156,30 @@ antrea_nsx:
 antrea_interworking:
   #@schema/desc "Configuration for antrea-interworking"
   config:
-    #@schema/desc "echo -n 'dummyAdmin' | base64"
+    #@schema/desc "base64 encoded NSX user name"
     nsxUser: ZHVtbXlBZG1pbg==
-    #@schema/desc " echo -n 'dummyPassword' | base64"
+    #@schema/desc "base64 encoded NSX password"
     nsxPassword: ZHVtbXlQYXNzd29yZA==
-    #@schema/desc "base64 encoded data"
+    #@schema/desc "base64 encoded NSX client certificate data"
     nsxCert: ZHVtbXlBZG1pbg==
-    #@schema/desc "base64 encoded data"
+    #@schema/desc "base64 encoded NSX client key data"
     nsxKey: ZHVtbXlQYXNzd29yZA==
     #@schema/desc " "
     clusterName: dummyClusterName
     #@schema/desc " "
     NSXManagers: [dummyNSXIP1]
     #@schema/desc " "
     vpcPath: dummyVPCPath
+    #@schema/desc "bootstrapFrom can be Inline and SupervisorCluster,If SupervisorCluster is set, bootstrapSupervisorResourceName must be set, and clusterName, NSXManagers, vpcPath, ProxyEndpoints will be filled automatically by register job."
+    bootstrapFrom: Inline
+    #@schema/desc "bootstrapSupervisorResourceName is required if bootstrapFrom is SupervisorCluster"
+    bootstrapSupervisorResourceName: dummyClusterName
+    #@schema/desc " "
+    proxyEndpoints:
+      #@schema/desc " "
+      rest-api: [fake-rest-api]
+      #@schema/desc " "
+      nsx-rpc-fwd-proxy: [fake-nsx-rpc-fwd-proxy]
     #@schema/desc " "
     mp_adapter_conf:
       #@schema/desc " "

providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.yaml → providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml

@@ -86,6 +86,11 @@ antrea_interworking:
     clusterName: dummyClusterName
     NSXManagers: []
     vpcPath: ""
+    bootstrapFrom: Inline
+    bootstrapSupervisorResourceName: dummyClusterName
+    proxyEndpoints:
+      rest-api: [ ]
+      nsx-rpc-fwd-proxy: [ ]
     mp_adapter_conf:
       NSXClientAuthCertFile: /etc/antrea/nsx-cert/tls.crt
       NSXClientAuthKeyFile: /etc/antrea/nsx-cert/tls.key

providers/ytt/vendir/cni/cni.lib.yaml

@@ -1,4 +1,4 @@
 #@ load("@ytt:library", "library")
 
-#@ cni_antrea_lib = library.get("addons/packages/antrea/1.9.0-p1/bundle/config")
+#@ cni_antrea_lib = library.get("addons/packages/antrea/1.9.0/bundle/config")
 #@ cni_calico_lib = library.get("addons/packages/calico/3.24.1/bundle/config")