From eefcb15bdc591adf4736033cfd193967e9bea91d Mon Sep 17 00:00:00 2001 From: Yolanda Robla Date: Mon, 18 Mar 2019 17:34:23 +0100 Subject: [PATCH] Add the ability of using local repos for secrets Change-Id: I03d968f6f23f46a3464957f713d1b35321c653a8 --- README.md | 8 +++++++- pkg/generator/generator.go | 28 +++++++++++++++++++++------- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index c11f7a4..0791240 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,8 @@ you will need to use the following syntax: This repository is needed to store private credentials. It is recommended that you store those credentials on a private repo where only allowed people have -access. Each setting is stored in individual files in the repository: +access, where access to the repositories can be controlled by SSH keys. +Each setting is stored in individual files in the repository: - ssh-pub-key # public key to be used for SSH access into the nodes - coreos-pull-secret # place the file that you created before @@ -37,6 +38,11 @@ access. Each setting is stored in individual files in the repository: The right path to clone a private repo is: git@github.com:repo_user/repo_name.git +You also can use a local directory to store secrets in local deployments. +You should create a directory with a known path, and your directory shall contain the individual files listed before. In that case no SSH key is needed. You can reference you local secrets repo by: + + CREDENTIALS=file:// + **BASE_REPO: Repository for the base manifests** This is the repository where the default manifest templates are stored. There is one specific folder for each blueprint and provider: aws/1-node, libvirt/1-node, etc... This can be any repository with the right templates, but for Akraino it currently defaults to github.com/redhat-nfvpe/kni-edge-base.git diff --git a/pkg/generator/generator.go b/pkg/generator/generator.go index 962ba9f..a6cc23f 100644 --- a/pkg/generator/generator.go +++ b/pkg/generator/generator.go @@ -53,11 +53,16 @@ func (g Generator) DownloadArtifacts() { log.Println("Download secrets repo") secretsPath := fmt.Sprintf("%s/secrets", g.buildPath) - // Retrieve private key and b64encode it - rsaPrivateLocation := fmt.Sprintf("%s/.ssh/id_rsa", os.Getenv("HOME")) - priv, _ := ioutil.ReadFile(rsaPrivateLocation) - sEnc := base64.StdEncoding.EncodeToString(priv) - finalURL := fmt.Sprintf("%s?sshkey=%s", g.secretsRepo, sEnc) + // Retrieve private key and b64encode it, if secrets is not local + finalURL := "" + if !strings.HasPrefix(g.secretsRepo, "file://") { + rsaPrivateLocation := fmt.Sprintf("%s/.ssh/id_rsa", os.Getenv("HOME")) + priv, _ := ioutil.ReadFile(rsaPrivateLocation) + sEnc := base64.StdEncoding.EncodeToString(priv) + finalURL = fmt.Sprintf("%s?sshkey=%s", g.secretsRepo, sEnc) + } else { + finalURL = g.secretsRepo + } client = &getter.Client{Src: finalURL, Dst: secretsPath, Mode: getter.ClientModeAny} err = client.Get() if err != nil { @@ -69,7 +74,6 @@ func (g Generator) DownloadArtifacts() { // Clone the base repository with base manifests log.Println("Cloning the base repository with base manifests") baseBuildPath := fmt.Sprintf("%s/base_manifests", g.buildPath) - log.Println(g.basePath) client = &getter.Client{Src: g.baseRepo, Dst: baseBuildPath, Mode: getter.ClientModeAny} err = client.Get() if err != nil { @@ -142,7 +146,17 @@ func (g Generator) GenerateInstallConfig() { parsedSettings := (*siteSettings)["settings"] // Read secrets - err = filepath.Walk(fmt.Sprintf("%s/secrets", g.buildPath), g.ReadSecretFiles) + secretsPath := fmt.Sprintf("%s/secrets", g.buildPath) + ln, err := filepath.EvalSymlinks(secretsPath) + if err != nil { + log.Fatal(fmt.Sprintf("Error evaluating symlinks: %s", err)) + os.Exit(1) + } + if len(ln) > 0 { + // we need to traverse that instead of the given path + secretsPath = ln + } + err = filepath.Walk(secretsPath, g.ReadSecretFiles) // Prepare the final file to write the template f, err := os.Create(fmt.Sprintf("%s/install-config.yaml", g.buildPath)) -- 2.16.6