Skip to content

Commit 3ba1cf3

Browse files
kinarashahAlena Prokharchyk
kinarashah
authored and
Alena Prokharchyk
committed
empty cloud credential fields in nodetemplate config if credID is set
we shouldn't store cred field data in nodetemplate config if credID is provided, for instance - on nodetemplate edit of upgraded setups
1 parent 875b1b7 commit 3ba1cf3

2 files changed

Lines changed: 74 additions & 4 deletions

File tree

pkg/api/server/managementstored/setup.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package managementstored
22

33
import (
44
"context"
5+
"github.com/rancher/rancher/pkg/namespace"
56
"net/http"
67

78
"github.com/rancher/norman/store/crd"
@@ -331,8 +332,9 @@ func NodeTemplates(schemas *types.Schemas, management *config.ScaledContext) {
331332
}
332333
schema.Formatter = f.Formatter
333334
s := &nodeTemplateStore.Store{
334-
Store: userscope.NewStore(management.Core.Namespaces(""), schema.Store),
335-
NodePoolLister: npl,
335+
Store: userscope.NewStore(management.Core.Namespaces(""), schema.Store),
336+
NodePoolLister: npl,
337+
CloudCredentialLister: management.Core.Secrets(namespace.GlobalNamespace).Controller().Lister(),
336338
}
337339
schema.Store = s
338340
schema.Validator = nodetemplate.Validator
@@ -369,7 +371,8 @@ func SecretTypes(ctx context.Context, schemas *types.Schemas, management *config
369371
"secrets")
370372

371373
credSchema := schemas.Schema(&managementschema.Version, client.CloudCredentialType)
372-
credSchema.Store = cred.Wrap(mgmtSecretSchema.Store, management.Core.Namespaces(""))
374+
credSchema.Store = cred.Wrap(mgmtSecretSchema.Store,
375+
management.Core.Namespaces(""))
373376
credSchema.Validator = cred.Validator
374377
}
375378

pkg/api/store/nodetemplate/store.go

Lines changed: 68 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,24 @@
11
package nodetemplate
22

33
import (
4+
"fmt"
45
"github.com/rancher/norman/httperror"
56
"github.com/rancher/norman/types"
7+
"github.com/rancher/norman/types/convert"
8+
"github.com/rancher/norman/types/values"
9+
"github.com/rancher/rancher/pkg/namespace"
10+
"github.com/rancher/rancher/pkg/ref"
11+
corev1 "github.com/rancher/types/apis/core/v1"
612
"github.com/rancher/types/apis/management.cattle.io/v3"
13+
"github.com/sirupsen/logrus"
714
"k8s.io/apimachinery/pkg/labels"
15+
"strings"
816
)
917

1018
type Store struct {
1119
types.Store
12-
NodePoolLister v3.NodePoolLister
20+
NodePoolLister v3.NodePoolLister
21+
CloudCredentialLister corev1.SecretLister
1322
}
1423

1524
func (s *Store) Delete(apiContext *types.APIContext, schema *types.Schema, id string) (map[string]interface{}, error) {
@@ -24,3 +33,61 @@ func (s *Store) Delete(apiContext *types.APIContext, schema *types.Schema, id st
2433
}
2534
return s.Store.Delete(apiContext, schema, id)
2635
}
36+
37+
func (s *Store) Create(apiContext *types.APIContext, schema *types.Schema, data map[string]interface{}) (map[string]interface{}, error) {
38+
if err := s.replaceCloudCredFields(data); err != nil {
39+
return data, err
40+
}
41+
return s.Store.Create(apiContext, schema, data)
42+
}
43+
44+
func (s *Store) Update(apiContext *types.APIContext, schema *types.Schema, data map[string]interface{}, id string) (map[string]interface{}, error) {
45+
if err := s.replaceCloudCredFields(data); err != nil {
46+
return data, err
47+
}
48+
return s.Store.Update(apiContext, schema, data, id)
49+
}
50+
51+
func (s *Store) replaceCloudCredFields(data map[string]interface{}) error {
52+
credID := convert.ToString(values.GetValueN(data, "cloudCredentialId"))
53+
if credID == "" {
54+
return nil
55+
}
56+
ns, name := ref.Parse(credID)
57+
if ns == "" || name == "" {
58+
return fmt.Errorf("invalid credID %s", credID)
59+
}
60+
cred, err := s.CloudCredentialLister.Get(namespace.GlobalNamespace, name)
61+
if err != nil {
62+
return fmt.Errorf("error getting cloud cred %s: %v", credID, err)
63+
}
64+
if len(cred.Data) == 0 {
65+
return fmt.Errorf("empty credID data %s", credID)
66+
}
67+
configName, credConfigName := "", ""
68+
for key := range cred.Data {
69+
splitKey := strings.SplitN(key, "-", 2)
70+
if len(splitKey) == 2 && strings.HasSuffix(splitKey[0], "credentialConfig") {
71+
configName = strings.Replace(splitKey[0], "credential", "", 1)
72+
credConfigName = splitKey[0]
73+
break
74+
}
75+
}
76+
if configName == "" {
77+
return fmt.Errorf("empty configName for credID %s", configName)
78+
}
79+
toReplace := convert.ToMapInterface(values.GetValueN(data, configName))
80+
if len(toReplace) == 0 {
81+
return nil
82+
}
83+
var fields []string
84+
for key := range cred.Data {
85+
splitKey := strings.SplitN(key, "-", 2)
86+
if len(splitKey) == 2 && splitKey[0] == credConfigName {
87+
toReplace[splitKey[1]] = ""
88+
fields = append(fields, splitKey[1])
89+
}
90+
}
91+
logrus.Debugf("replaceCloudCredFields: %v for credID %s", fields, credID)
92+
return nil
93+
}

0 commit comments

Comments
 (0)