From 3be91aab301fcf466aaa899a36754dadd4c3c0a2 Mon Sep 17 00:00:00 2001 From: Wenqi Qiu Date: Mon, 27 Mar 2023 16:35:39 +0800 Subject: [PATCH] Address comments Signed-off-by: Wenqi Qiu --- .gitignore | 2 - .../controllers/antrea/antreaconfig_util.go | 37 ++++++++------ .../antrea/antreaconfig_util_test.go | 48 +++++++++++++++++++ addons/go.mod | 2 + addons/go.sum | 2 + .../bundle/config/kapp-config.yaml | 0 .../bundle/config/overlay/antrea-overlay.yaml | 0 .../interworking-bootstrap-overlay.yaml | 0 .../config/overlay/interworking-overlay.yaml | 20 -------- .../overlay/update-strategy-overlay.yaml | 0 .../bundle/config/schema.yaml | 18 +++++-- .../bundle/config/upstream/antrea.yaml | 0 .../config/upstream/bootstrap-config.yaml | 0 .../bundle/config/upstream/interworking.yaml | 0 .../bundle/config/values.star | 0 .../bundle/config/values.yaml | 5 ++ providers/ytt/vendir/cni/cni.lib.yaml | 2 +- 17 files changed, 94 insertions(+), 42 deletions(-) create mode 100644 addons/controllers/antrea/antreaconfig_util_test.go rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/kapp-config.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/overlay/antrea-overlay.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/overlay/interworking-bootstrap-overlay.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/overlay/interworking-overlay.yaml (90%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/overlay/update-strategy-overlay.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/schema.yaml (92%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/upstream/antrea.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/upstream/bootstrap-config.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/upstream/interworking.yaml (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/values.star (100%) rename providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/{1.9.0-p1 => 1.9.0}/bundle/config/values.yaml (95%) diff --git a/.gitignore b/.gitignore index 59806306ddf..637cedd4763 100644 --- a/.gitignore +++ b/.gitignore @@ -52,5 +52,3 @@ coverage.txt /build /packages/package-values-sha256.yaml /packages/**/.imgpkg - -/vendor diff --git a/addons/controllers/antrea/antreaconfig_util.go b/addons/controllers/antrea/antreaconfig_util.go index b346287a348..9fb55f6a5a7 100644 --- a/addons/controllers/antrea/antreaconfig_util.go +++ b/addons/controllers/antrea/antreaconfig_util.go @@ -303,32 +303,39 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An configSpec.AntreaNsx.BootstrapFrom.Inline.NsxManagers = config.Spec.AntreaNsx.BootstrapFrom.Inline.NsxManagers configSpec.AntreaNsx.BootstrapFrom.Inline.ClusterName = config.Spec.AntreaNsx.BootstrapFrom.Inline.ClusterName // NSX cert - secret := &corev1.Secret{} - err = client.Get(context.TODO(), types.NamespacedName{ - Namespace: config.Namespace, - Name: config.Name, - }, secret) + secret, err := getNSXCert(client, config.Name, config.Namespace) if err != nil { return configSpec, err } - if secret.Data == nil { - return configSpec, fmt.Errorf("missing secret data") - } - if _, ok := secret.Data["tls.crt"]; !ok { - return configSpec, fmt.Errorf("missing tls.crt") - } configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSCert = string(secret.Data["tls.crt"]) - if _, ok := secret.Data["tls.key"]; !ok { - return configSpec, fmt.Errorf("missing tls.key") - } configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSKey = string(secret.Data["tls.key"]) } else if config.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil { configSpec.AntreaNsx.BootstrapFrom.ProviderRef.ApiVersion = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Kind = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Name = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Name } - configSpec.AntreaNsx.AntreaNsxConfig.InfraType = config.Spec.AntreaNsx.AntreaNsxConfig.InfraType + } return configSpec, nil } + +func getNSXCert(client client.Client, secretName, secretNamespace string) (secret *corev1.Secret, err error) { + secret = &corev1.Secret{} + if err := client.Get(context.TODO(), types.NamespacedName{ + Namespace: secretNamespace, + Name: secretName, + }, secret); err != nil { + return nil, err + } + if secret.Data == nil { + return nil, fmt.Errorf("missing secret data") + } + if _, ok := secret.Data["tls.crt"]; !ok { + return nil, fmt.Errorf("missing tls.crt") + } + if _, ok := secret.Data["tls.key"]; !ok { + return nil, fmt.Errorf("missing tls.key") + } + return secret, nil +} diff --git a/addons/controllers/antrea/antreaconfig_util_test.go b/addons/controllers/antrea/antreaconfig_util_test.go new file mode 100644 index 00000000000..c5902e5a97b --- /dev/null +++ b/addons/controllers/antrea/antreaconfig_util_test.go @@ -0,0 +1,48 @@ +package controllers + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/scheme" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func TestGetNSXCert(t *testing.T) { + fakeClient := fake.NewFakeClientWithScheme(scheme.Scheme) + + secretName := "test-secret" + secretNamespace := "test-namespace" + testSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: secretNamespace, + }, + Data: map[string][]byte{ + "tls.crt": []byte("fake-certificate-data"), + "tls.key": []byte("fake-key-data"), + }, + } + if err := fakeClient.Create(context.Background(), testSecret); err != nil { + t.Fatalf("failed to create test secret: %v", err) + } + + returnedSecret, err := getNSXCert(fakeClient, secretName, secretNamespace) + require.NoError(t, err, "getNSXCert returned an unexpected error") + require.NotNil(t, returnedSecret, "getNSXCert returned a nil secret") + + assert.Equal(t, secretName, returnedSecret.Name, "returned secret has unexpected name") + assert.Equal(t, secretNamespace, returnedSecret.Namespace, "returned secret has unexpected namespace") + assert.Equal(t, 2, len(returnedSecret.Data), "returned secret has unexpected number of data fields") + + if _, ok := returnedSecret.Data["tls.crt"]; !ok { + t.Error("returned secret missing tls.crt field") + } + if _, ok := returnedSecret.Data["tls.key"]; !ok { + t.Error("returned secret missing tls.key field") + } +} diff --git a/addons/go.mod b/addons/go.mod index d94236ccb13..a5695f93488 100644 --- a/addons/go.mod +++ b/addons/go.mod @@ -15,6 +15,7 @@ require ( github.com/onsi/gomega v1.20.2 github.com/oracle/cluster-api-provider-oci v0.6.0 github.com/pkg/errors v0.9.1 + github.com/stretchr/testify v1.8.0 github.com/vmware-tanzu/carvel-kapp-controller v0.35.0 github.com/vmware-tanzu/carvel-secretgen-controller v0.5.0 github.com/vmware-tanzu/carvel-vendir v0.26.0 @@ -91,6 +92,7 @@ require ( github.com/nxadm/tail v1.4.8 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/oracle/oci-go-sdk/v65 v65.18.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_golang v1.13.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.37.0 // indirect diff --git a/addons/go.sum b/addons/go.sum index 6b67c97aa06..0939e77e605 100644 --- a/addons/go.sum +++ b/addons/go.sum @@ -856,6 +856,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -865,6 +866,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/kapp-config.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/kapp-config.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/kapp-config.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/kapp-config.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/antrea-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/antrea-overlay.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/antrea-overlay.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/antrea-overlay.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-overlay.yaml similarity index 90% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-overlay.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-overlay.yaml index 3511316230a..e2fc0b46a43 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-overlay.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-overlay.yaml @@ -47,26 +47,6 @@ data: ccp-adapter.conf: #@ yaml.encode(antrea_interworking_ccp_adapter_conf()) -#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name": "interworking"}}) -#@ if/end values.antrea_nsx.enable: ---- -kind: Deployment -metadata: - #@overlay/match missing_ok=True - annotations: - kapp.k14s.io/disable-default-label-scoping-rules: "" - - -#@overlay/match by=overlay.subset({"kind":"Job","metadata":{"name": "register"}}) -#@ if/end values.antrea_nsx.enable: ---- -kind: Job -metadata: - #@overlay/match missing_ok=True - annotations: - kapp.k14s.io/disable-default-label-scoping-rules: "" - - #! Antrea-interworking-config #@overlay/match by=overlay.subset({"metadata":{"namespace": "vmware-system-antrea"}}), expects=10 #@ if/end values.antrea_nsx.enable == False: diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/update-strategy-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/update-strategy-overlay.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml similarity index 92% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml index 8ea8207691f..c3feaaf3a6a 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml @@ -156,13 +156,13 @@ antrea_nsx: antrea_interworking: #@schema/desc "Configuration for antrea-interworking" config: - #@schema/desc "echo -n 'dummyAdmin' | base64" + #@schema/desc "base64 encoded NSX user name" nsxUser: ZHVtbXlBZG1pbg== - #@schema/desc " echo -n 'dummyPassword' | base64" + #@schema/desc "base64 encoded NSX password" nsxPassword: ZHVtbXlQYXNzd29yZA== - #@schema/desc "base64 encoded data" + #@schema/desc "base64 encoded NSX client certificate data" nsxCert: ZHVtbXlBZG1pbg== - #@schema/desc "base64 encoded data" + #@schema/desc "base64 encoded NSX client key data" nsxKey: ZHVtbXlQYXNzd29yZA== #@schema/desc " " clusterName: dummyClusterName @@ -170,6 +170,16 @@ antrea_interworking: NSXManagers: [dummyNSXIP1] #@schema/desc " " vpcPath: dummyVPCPath + #@schema/desc "bootstrapFrom can be Inline and SupervisorCluster,If SupervisorCluster is set, bootstrapSupervisorResourceName must be set, and clusterName, NSXManagers, vpcPath, ProxyEndpoints will be filled automatically by register job." + bootstrapFrom: Inline + #@schema/desc "bootstrapSupervisorResourceName is required if bootstrapFrom is SupervisorCluster" + bootstrapSupervisorResourceName: dummyClusterName + #@schema/desc " " + proxyEndpoints: + #@schema/desc " " + rest-api: [fake-rest-api] + #@schema/desc " " + nsx-rpc-fwd-proxy: [fake-nsx-rpc-fwd-proxy] #@schema/desc " " mp_adapter_conf: #@schema/desc " " diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/antrea.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/antrea.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/antrea.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/antrea.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/bootstrap-config.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/bootstrap-config.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/bootstrap-config.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/bootstrap-config.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/interworking.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/interworking.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/interworking.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/upstream/interworking.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.star b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.star similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.star rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.star diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml similarity index 95% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml index 10e8cb0e956..81b6a88fb60 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml @@ -86,6 +86,11 @@ antrea_interworking: clusterName: dummyClusterName NSXManagers: [] vpcPath: "" + bootstrapFrom: Inline + bootstrapSupervisorResourceName: dummyClusterName + proxyEndpoints: + rest-api: [ ] + nsx-rpc-fwd-proxy: [ ] mp_adapter_conf: NSXClientAuthCertFile: /etc/antrea/nsx-cert/tls.crt NSXClientAuthKeyFile: /etc/antrea/nsx-cert/tls.key diff --git a/providers/ytt/vendir/cni/cni.lib.yaml b/providers/ytt/vendir/cni/cni.lib.yaml index 4c39c8e8292..67fb0c3265d 100644 --- a/providers/ytt/vendir/cni/cni.lib.yaml +++ b/providers/ytt/vendir/cni/cni.lib.yaml @@ -1,4 +1,4 @@ #@ load("@ytt:library", "library") -#@ cni_antrea_lib = library.get("addons/packages/antrea/1.9.0-p1/bundle/config") +#@ cni_antrea_lib = library.get("addons/packages/antrea/1.9.0/bundle/config") #@ cni_calico_lib = library.get("addons/packages/calico/3.24.1/bundle/config")