Failure domain fetches data and goes ready.

Author: Joshua Reed

api/v1beta2/cloudstackcluster_webhook.go

@@ -45,14 +45,7 @@ func (r *CloudStackCluster) Default() {
 	// No defaulted values supported yet.
 }
 
-// +kubebuilder:webhook:
-// name=vcloudstackcluster.kb.io
-// groups=infrastructure.cluster.x-k8s.io,resources=cloudstackclusters
-// versions=v1beta2
-// verbs=create;update
-// path=/validate-infrastructure-cluster-x-k8s-io-v1beta2-cloudstackcluster
-// mutating=false,failurePolicy=fail,sideEffects=None
-// admissionReviewVersions=v1beta2
+// +kubebuilder:webhook:name=vcloudstackcluster.kb.io,groups=infrastructure.cluster.x-k8s.io,resources=cloudstackclusters,versions=v1beta2,verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta2-cloudstackcluster,mutating=false,failurePolicy=fail,sideEffects=None,admissionReviewVersions=v1beta1
 
 var _ webhook.Validator = &CloudStackCluster{}
 
@@ -83,6 +76,11 @@ func (r *CloudStackCluster) ValidateCreate() error {
 					field.NewPath("spec", "FailureDomains", "Zone", "Network"),
 					"each Zone requires a Network specification"))
 			}
+			if fdSpec.ACSEndpoint.Name == "" || fdSpec.ACSEndpoint.Namespace == "" {
+				errorList = append(errorList, field.Required(
+					field.NewPath("spec", "FailureDomains", "ACSEndpoint"),
+					"Name and Namespace are required"))
+			}
 		}
 	}
 

api/v1beta2/cloudstackfailuredomain_types.go

@@ -43,7 +43,7 @@ type CloudStackFailureDomainSpec struct {
 
 	// Apache CloudStack Endpoint secret reference.
 	// +optional
-	ACSEndpoint corev1.SecretReference `json:"ACSEndpoint,omitempty"`
+	ACSEndpoint corev1.SecretReference `json:"acsendpoint,omitempty"`
 }
 
 // CloudStackFailureDomainStatus defines the observed state of CloudStackFailureDomain

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackclusters.yaml

@@ -226,7 +226,10 @@ spec:
                   description: CloudStackFailureDomainSpec defines the desired state
                     of CloudStackFailureDomain
                   properties:
-                    ACSEndpoint:
+                    account:
+                      description: CloudStack account.
+                      type: string
+                    acsendpoint:
                       description: Apache CloudStack Endpoint secret reference.
                       properties:
                         name:
@@ -238,9 +241,6 @@ spec:
                             secret name must be unique.
                           type: string
                       type: object
-                    account:
-                      description: CloudStack account.
-                      type: string
                     domain:
                       description: CloudStack domain.
                       type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackfailuredomains.yaml

@@ -38,7 +38,10 @@ spec:
             description: CloudStackFailureDomainSpec defines the desired state of
               CloudStackFailureDomain
             properties:
-              ACSEndpoint:
+              account:
+                description: CloudStack account.
+                type: string
+              acsendpoint:
                 description: Apache CloudStack Endpoint secret reference.
                 properties:
                   name:
@@ -50,9 +53,6 @@ spec:
                       name must be unique.
                     type: string
                 type: object
-              account:
-                description: CloudStack account.
-                type: string
               domain:
                 description: CloudStack domain.
                 type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackisolatednetworks.yaml

@@ -122,7 +122,10 @@ spec:
                 description: FailureDomain -- the FailureDomain the network is placed
                   in.
                 properties:
-                  ACSEndpoint:
+                  account:
+                    description: CloudStack account.
+                    type: string
+                  acsendpoint:
                     description: Apache CloudStack Endpoint secret reference.
                     properties:
                       name:
@@ -134,9 +137,6 @@ spec:
                           secret name must be unique.
                         type: string
                     type: object
-                  account:
-                    description: CloudStack account.
-                    type: string
                   domain:
                     description: CloudStack domain.
                     type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachines.yaml

@@ -387,7 +387,10 @@ spec:
                 description: FailureDomain -- the FailureDomain the machine is placed
                   in.
                 properties:
-                  ACSEndpoint:
+                  account:
+                    description: CloudStack account.
+                    type: string
+                  acsendpoint:
                     description: Apache CloudStack Endpoint secret reference.
                     properties:
                       name:
@@ -399,9 +402,6 @@ spec:
                           secret name must be unique.
                         type: string
                     type: object
-                  account:
-                    description: CloudStack account.
-                    type: string
                   domain:
                     description: CloudStack domain.
                     type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachinetemplates.yaml

@@ -340,7 +340,10 @@ spec:
                         description: FailureDomain -- the FailureDomain the machine
                           is placed in.
                         properties:
-                          ACSEndpoint:
+                          account:
+                            description: CloudStack account.
+                            type: string
+                          acsendpoint:
                             description: Apache CloudStack Endpoint secret reference.
                             properties:
                               name:
@@ -352,9 +355,6 @@ spec:
                                   the secret name must be unique.
                                 type: string
                             type: object
-                          account:
-                            description: CloudStack account.
-                            type: string
                           domain:
                             description: CloudStack domain.
                             type: string

config/webhook/manifests.yaml

@@ -34,6 +34,26 @@ metadata:
   creationTimestamp: null
   name: validating-webhook-configuration
 webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-cloudstackcluster
+  failurePolicy: Fail
+  name: vcloudstackcluster.kb.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - cloudstackclusters
+  sideEffects: None
 - admissionReviewVersions:
   - v1beta1
   clientConfig:

controllers/cloudstackcluster_controller.go

@@ -88,9 +88,9 @@ func (r *CloudStackClusterReconciliationRunner) Reconcile() (res ctrl.Result, re
 	return r.RunReconciliationStages(
 		r.RequeueIfMissingBaseCRs,
 		r.CreateFailureDomains(r.ReconciliationSubject.Spec.FailureDomains),
-		r.CheckOwnedCRDsForReadiness(infrav1.GroupVersion.WithKind("CloudStackZone")),
+		r.CheckOwnedCRDsForReadiness(infrav1.GroupVersion.WithKind("CloudStackFailureDomain")),
 		r.GetFailureDomains(r.FailureDomains),
-		r.VerifyZoneCRDs,
+		r.VerifyFailureDomainCRDs,
 		r.SetFailureDomains,
 		r.SetReady)
 }
@@ -102,16 +102,16 @@ func (r *CloudStackClusterReconciliationRunner) SetReady() (ctrl.Result, error)
 	return ctrl.Result{}, nil
 }
 
-// VerifyFailureDomainCRDs verifies the Zone CRDs found match against those requested.
-func (r *CloudStackClusterReconciliationRunner) VerifyZoneCRDs() (ctrl.Result, error) {
+// VerifyFailureDomainCRDs verifies the FailureDomains found match against those requested.
+func (r *CloudStackClusterReconciliationRunner) VerifyFailureDomainCRDs() (ctrl.Result, error) {
 	expected := len(r.ReconciliationSubject.Spec.FailureDomains)
 	actual := len(r.FailureDomains.Items)
 	if expected != actual {
-		return r.RequeueWithMessage(fmt.Sprintf("Expected %d Zones, but found %d", expected, actual))
+		return r.RequeueWithMessage(fmt.Sprintf("Expected %d FailureDomains, but found %d", expected, actual))
 	}
 	for _, fd := range r.FailureDomains.Items {
 		if !fd.Status.Ready {
-			return r.RequeueWithMessage(fmt.Sprintf("Zone %s/%s not ready, requeueing.", fd.Namespace, fd.Name))
+			return r.RequeueWithMessage(fmt.Sprintf("FailureDomains %s/%s not ready, requeueing.", fd.Namespace, fd.Name))
 		}
 	}
 	return ctrl.Result{}, nil
@@ -138,7 +138,7 @@ func (r *CloudStackClusterReconciliationRunner) ReconcileDelete() (ctrl.Result,
 				return ctrl.Result{}, err
 			}
 		}
-		return r.RequeueWithMessage("Child Zones still present, requeueing.")
+		return r.RequeueWithMessage("Child FailureDomains still present, requeueing.")
 	}
 	controllerutil.RemoveFinalizer(r.ReconciliationSubject, infrav1.ClusterFinalizer)
 	return ctrl.Result{}, nil

controllers/utils/failuredomains.go

@@ -90,19 +90,33 @@ func (r *ReconciliationRunner) AsFailureDomainUser(fdSpec infrav1.CloudStackFail
 			return ctrl.Result{}, errors.Wrapf(err, "getting ACSEndpoint secret with ref: %v", fdSpec.ACSEndpoint)
 		}
 
+		config := map[string]interface{}{}
+		for k, v := range endpointCredentials.Data {
+			config[k] = string(v)
+		}
+		// TODO change secret parsing manner.
+		if val, present := config["verify-ssl"]; present {
+			if val == "true" {
+				config["verify-ssl"] = true
+			} else if val == "false" {
+				config["verify-ssl"] = false
+			}
+		}
+
 		var err error
-		if r.CSClient, err = cloud.NewClientFromMap(endpointCredentials.StringData); err != nil {
+		if r.CSClient, err = cloud.NewClientFromMap(config); err != nil {
 			return ctrl.Result{}, errors.Wrapf(err, "parsing ACSEndpoint secret with ref: %v", fdSpec.ACSEndpoint)
 		}
 
+		// Transfer Cluster Domain & Account to FailureDomain as needed.
 		if fdSpec.Account == "" {
 			if r.CSCluster.Spec.Account != "" {
 				fdSpec.Account = r.CSCluster.Spec.Account
 				fdSpec.Domain = r.CSCluster.Spec.Domain
 			}
 		}
 
-		if r.CSCluster.Spec.Account != "" {
+		if r.CSCluster.Spec.Account != "" { // Set r.CSUser CloudStack Client per Account and Domain.
 			user := &cloud.User{}
 			user.Account.Domain.Path = r.CSCluster.Spec.Domain
 			user.Account.Name = r.CSCluster.Spec.Account
@@ -112,7 +126,7 @@ func (r *ReconciliationRunner) AsFailureDomainUser(fdSpec infrav1.CloudStackFail
 				return ctrl.Result{}, errors.Errorf("could not find sufficient user (with API keys) in domain/account %s/%s",
 					r.CSCluster.Spec.Domain, r.CSCluster.Spec.Account)
 			}
-			newUser := endpointCredentials.StringData
+			newUser := config
 			newUser["api-key"] = user.APIKey
 			newUser["secret-key"] = user.SecretKey
 
@@ -121,6 +135,8 @@ func (r *ReconciliationRunner) AsFailureDomainUser(fdSpec infrav1.CloudStackFail
 				return ctrl.Result{}, err
 			}
 			r.CSUser = client
+		} else { // Set r.CSUser CloudStack Client to r.CSClient since Account & Domain weren't provided.
+			r.CSUser = r.CSClient
 		}
 
 		return ctrl.Result{}, nil