Most way to parsing secret config.

Author: Joshua Reed

controllers/cloudstackfailuredomain_controller.go

@@ -19,7 +19,6 @@ package controllers
 import (
 	"context"
 
-
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -73,38 +72,36 @@ func (r *CloudStackFailureDomainReconciliationRunner) Reconcile() (retRes ctrl.R
 	if err := r.K8sClient.Get(r.RequestCtx, key, endpointCredentials); err != nil {
 		return ctrl.Result{}, errors.Wrapf(err, "getting ACSEndpoint secret with ref: %v", ref)
 	}
-	// Prevent premature deletion.
-	controllerutil.AddFinalizer(r.ReconciliationSubject, infrav1.)
-
-	// Start by purely data fetching information about the zone and specified network.
-	if err := r.CSUser.ResolveZone(r.ReconciliationSubject); err != nil {
-		return ctrl.Result{}, errors.Wrap(err, "resolving CloudStack zone information")
-	}
-	if err := r.CSUser.ResolveNetworkForZone(r.ReconciliationSubject); err != nil &&
-		!csCtrlrUtils.ContainsNoMatchSubstring(err) {
-		return ctrl.Result{}, errors.Wrap(err, "resolving Cloudstack network information")
-	}
 
-	// Address Isolated Networks.
-	// Check if the passed network was an isolated network or the network was missing. In either case, create a
-	// CloudStackIsolatedNetwork to manage the many intricacies and wait until CloudStackIsolatedNetwork is ready.
-	if r.ReconciliationSubject.Spec.Network.ID == "" || r.ReconciliationSubject.Spec.Network.Type == infrav1.NetworkTypeIsolated {
-		netName := r.ReconciliationSubject.Spec.Network.Name
-		if res, err := r.GenerateIsolatedNetwork(netName)(); r.ShouldReturn(res, err) {
-			return res, err
-		} else if res, err := r.GetObjectByName(r.IsoNetMetaName(netName), r.IsoNet)(); r.ShouldReturn(res, err) {
-			return res, err
-		}
-		if r.IsoNet.Name == "" {
-			return r.RequeueWithMessage("Couldn't find isolated network.")
-		}
-		if !r.IsoNet.Status.Ready {
-			return r.RequeueWithMessage("Isolated network dependency not ready.")
-		}
-	}
-	r.ReconciliationSubject.Status.Ready = true
-	return ctrl.Result{}, nil
-}
+	// // Prevent premature deletion.
+	// controllerutil.AddFinalizer(r.ReconciliationSubject, infrav1.)
+
+	// // Start by purely data fetching information about the zone and specified network.
+	// if err := r.CSUser.ResolveZone(r.ReconciliationSubject); err != nil {
+	// 	return ctrl.Result{}, errors.Wrap(err, "resolving CloudStack zone information")
+	// }
+	// if err := r.CSUser.ResolveNetworkForZone(r.ReconciliationSubject); err != nil &&
+	// 	!csCtrlrUtils.ContainsNoMatchSubstring(err) {
+	// 	return ctrl.Result{}, errors.Wrap(err, "resolving Cloudstack network information")
+	// }
+
+	// // Address Isolated Networks.
+	// // Check if the passed network was an isolated network or the network was missing. In either case, create a
+	// // CloudStackIsolatedNetwork to manage the many intricacies and wait until CloudStackIsolatedNetwork is ready.
+	// if r.ReconciliationSubject.Spec.Network.ID == "" || r.ReconciliationSubject.Spec.Network.Type == infrav1.NetworkTypeIsolated {
+	// 	netName := r.ReconciliationSubject.Spec.Network.Name
+	// 	if res, err := r.GenerateIsolatedNetwork(netName)(); r.ShouldReturn(res, err) {
+	// 		return res, err
+	// 	} else if res, err := r.GetObjectByName(r.IsoNetMetaName(netName), r.IsoNet)(); r.ShouldReturn(res, err) {
+	// 		return res, err
+	// 	}
+	// 	if r.IsoNet.Name == "" {
+	// 		return r.RequeueWithMessage("Couldn't find isolated network.")
+	// 	}
+	// 	if !r.IsoNet.Status.Ready {
+	// 		return r.RequeueWithMessage("Isolated network dependency not ready.")
+	// 	}
+	// }
 	r.ReconciliationSubject.Status.Ready = true
 	return ctrl.Result{}, nil
 }

controllers/utils/base_reconciler.go

@@ -22,6 +22,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/apache/cloudstack-go/cloudstack"
 	"github.com/go-logr/logr"
 	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
@@ -441,3 +442,25 @@ func (r *ReconciliationRunner) GetObjectByName(name string, target client.Object
 			client.IgnoreNotFound(r.K8sClient.Get(r.RequestCtx, objectKey, target)), "failed to get object")
 	}
 }
+
+// NewClientFromSpec generates a new client from an existing client.
+// VerifySSL will be set to true if either the old or new configs is true.
+func (origC *client) NewClientFromSpec(cfg Config) (Client, error) {
+	newC := &client{config: cfg}
+	newC.config.VerifySSL = cfg.VerifySSL || origC.config.VerifySSL // Prefer the most secure setting given.
+	if newC.config.APIURL == "" {
+		newC.config.APIURL = origC.config.APIURL
+	}
+
+	// The client returned from NewAsyncClient works in a synchronous way. On the other hand,
+	// a client returned from NewClient works in an asynchronous way. Dive into the constructor definition
+	// comments for more details
+	newC.cs = cloudstack.NewAsyncClient(newC.config.APIURL, newC.config.APIKey, newC.config.SecretKey, newC.config.VerifySSL)
+	newC.csAsync = cloudstack.NewClient(newC.config.APIURL, newC.config.APIKey, newC.config.SecretKey, newC.config.VerifySSL)
+
+	_, err := newC.cs.APIDiscovery.ListApis(newC.cs.APIDiscovery.NewListApisParams())
+	if err != nil && strings.Contains(strings.ToLower(err.Error()), "i/o timeout") {
+		return newC, errors.Wrap(err, "timeout while checking CloudStack API Client connectivity")
+	}
+	return newC, errors.Wrap(err, "checking CloudStack API Client connectivity")
+}

controllers/utils/failuredomains.go

@@ -19,7 +19,9 @@ package utils
 import (
 	"strings"
 
+	corev1 "k8s.io/api/core/v1"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta2"
+	"sigs.k8s.io/cluster-api-provider-cloudstack/pkg/cloud"
 
 	"github.com/pkg/errors"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
@@ -78,3 +80,42 @@ func (r *ReconciliationRunner) GetFailureDomainssAndRequeueIfMissing(fds *infrav
 		return ctrl.Result{}, nil
 	}
 }
+
+// AsFailureDomainUser uses the credentials specified in the failure domain to set the ReconciliationSubject's CSUser client.
+func (r *ReconciliationRunner) AsFailureDomainUser(fdSpec infrav1.CloudStackFailureDomainSpec) CloudStackReconcilerMethod {
+	return func() (ctrl.Result, error) {
+		endpointCredentials := &corev1.Secret{}
+		key := client.ObjectKey{Name: fdSpec.ACSEndpoint.Name, Namespace: fdSpec.ACSEndpoint.Namespace}
+		if err := r.K8sClient.Get(r.RequestCtx, key, endpointCredentials); err != nil {
+			return ctrl.Result{}, errors.Wrapf(err, "getting ACSEndpoint secret with ref: %v", fdSpec.ACSEndpoint)
+		}
+
+
+		r.CSUser = r.CSClient
+		cloud.NewClient()
+		if r.CSCluster.Spec.Account != "" {
+			user := &cloud.User{}
+			user.Account.Domain.Path = r.CSCluster.Spec.Domain
+			user.Account.Name = r.CSCluster.Spec.Account
+			if found, err := r.CSClient.GetUserWithKeys(user); err != nil {
+				return ctrl.Result{}, err
+			} else if !found {
+				return ctrl.Result{}, errors.Errorf("could not find sufficient user (with API keys) in domain/account %s/%s",
+					r.CSCluster.Spec.Domain, r.CSCluster.Spec.Account)
+			}
+			cfg := cloud.Config{APIKey: user.APIKey, SecretKey: user.SecretKey}
+			client, err := r.CSClient.NewClientFromSpec(cfg)
+			if err != nil {
+				return ctrl.Result{}, err
+			}
+			r.CSUser = client
+		}
+
+		return ctrl.Result{}, nil
+	}
+}
+
+		endpointCredentials.StringData["api-key"]
+		endpointCredentials.StringData["api-url"]
+		endpointCredentials.StringData["secret-key"]
+		endpointCredentials.StringData["verify-ssl"]

main.go

@@ -20,16 +20,13 @@ import (
 	"fmt"
 	"math/rand"
 	"os"
-	"strings"
 	"time"
 
 	"k8s.io/klog/v2/klogr"
 
 	flag "github.com/spf13/pflag"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 
-	"sigs.k8s.io/cluster-api-provider-cloudstack/pkg/cloud"
-
 	goflag "flag"
 
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
@@ -128,17 +125,6 @@ func main() {
 
 	ctrl.SetLogger(klogr.New())
 
-	// Setup CloudStack api client.
-	client, err := cloud.NewClient(opts.CloudConfigFile)
-	if err != nil {
-		if !strings.Contains(strings.ToLower(err.Error()), "timeout") {
-			setupLog.Error(err, "unable to start manager")
-			os.Exit(1)
-		}
-		setupLog.Info("cannot connect to CloudStack via client at startup time.  Pressing onward...")
-	}
-	setupLog.Info("CloudStack client initialized.")
-
 	// Create the controller manager.
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
@@ -162,8 +148,7 @@ func main() {
 	base := utils.ReconcilerBase{
 		K8sClient:  mgr.GetClient(),
 		BaseLogger: ctrl.Log.WithName("controllers"),
-		Scheme:     mgr.GetScheme(),
-		CSClient:   client}
+		Scheme:     mgr.GetScheme()}
 
 	setupReconcilers(base, mgr)
 

pkg/cloud/client.go

@@ -17,6 +17,7 @@ limitations under the License.
 package cloud
 
 import (
+	"encoding/json"
 	"strings"
 
 	"github.com/apache/cloudstack-go/v2/cloudstack"
@@ -47,10 +48,10 @@ type client struct {
 
 // cloud-config ini structure.
 type Config struct {
-	APIURL    string `ini:"api-url"`
-	APIKey    string `ini:"api-key"`
-	SecretKey string `ini:"secret-key"`
-	VerifySSL bool   `ini:"verify-ssl"`
+	APIURL    string `json:"api-url"`
+	APIKey    string `json:"api-key"`
+	SecretKey string `json:"secret-key"`
+	VerifySSL bool   `json:"verify-ssl"`
 }
 
 func NewClient(ccPath string) (Client, error) {
@@ -103,3 +104,22 @@ func NewClientFromCSAPIClient(cs *cloudstack.CloudStackClient) Client {
 	c := &client{cs: cs, csAsync: cs}
 	return c
 }
+
+// Creates a new Cloud Client form a map of strings to strings.
+func NewClientFromMap(rawCfg map[string]string) (Client, error) {
+	cfg := Config{VerifySSL: true} // Set sane defautl for verify-ssl.
+	// Use JSON methods to enforce schema in parsing.
+	if bytes, err := json.Marshal(rawCfg); err != nil {
+		return nil, err
+	} else if err := json.Unmarshal(bytes, &cfg); err != nil {
+		return nil, err
+	}
+
+	// The client returned from NewAsyncClient works in a synchronous way. On the other hand,
+	// a client returned from NewClient works in an asynchronous way. Dive into the constructor definition
+	// comments for more details
+	c := &client{config: cfg}
+	c.cs = cloudstack.NewAsyncClient(cfg.APIURL, cfg.APIKey, cfg.SecretKey, cfg.VerifySSL)
+	c.csAsync = cloudstack.NewClient(cfg.APIURL, cfg.APIKey, cfg.SecretKey, cfg.VerifySSL)
+	return c, nil
+}