cluster-api: Create credentials for cloud

Signed-off-by: Stephen Finucane <[email protected]>

Author: stephenfin

pkg/asset/machines/openstack/openstackmachines.go

@@ -185,10 +185,9 @@ func generateMachineSpec(clusterID string, platform *openstack.Platform, mpool *
 	spec := capo.OpenStackMachineSpec{
 		CloudName: CloudName,
 		Flavor:    mpool.FlavorName,
-		// TODO(stephenfin): Create credentials
 		IdentityRef: &capo.OpenStackIdentityReference{
 			Kind: "Secret",
-			Name: "openstack-cloud-credentials",
+			Name: clusterID + "-cloud-config",
 		},
 		// FIXME(stephenfin): We probably want a FIP for bootstrap?
 		// TODO: This is an image name. Migrate to a filter with Name when API v1alpha8 is released.

pkg/asset/manifests/openstack/cluster.go

@@ -2,22 +2,25 @@ package openstack
 
 import (
 	"fmt"
+	"os"
 
+	"github.com/gophercloud/utils/openstack/clientconfig"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	capo "sigs.k8s.io/cluster-api-provider-openstack/api/v1alpha7"
 	capi "sigs.k8s.io/cluster-api/api/v1beta1"
+	"sigs.k8s.io/yaml"
 
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 )
 
 const (
-	CloudName             = "openstack"
-	CredentialsSecretName = "openstack-cloud-credentials"
+	cloudName = "openstack"
 )
 
+// GenerateClusterAssets generates the cluster manifests for the cluster-api.
 func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID *installconfig.ClusterID) (*capiutils.GenerateClusterAssetsOutput, error) {
 	manifests := []*asset.RuntimeFile{}
 	openstackInstallConfig := installConfig.Config.OpenStack
@@ -30,11 +33,10 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 			},
 		},
 		Spec: capo.OpenStackClusterSpec{
-			CloudName: CloudName,
-			// TODO(stephenfin): Create credentials
+			CloudName: cloudName,
 			IdentityRef: &capo.OpenStackIdentityReference{
 				Kind: "Secret",
-				Name: CredentialsSecretName,
+				Name: clusterID.InfraID + "-cloud-config",
 			},
 			// We disable management of most networking resources since either
 			// we (the installer) will create them, or the user will have
@@ -68,7 +70,24 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		File:   asset.File{Filename: "02_infra-cluster.yaml"},
 	})
 
-	// TODO(stephenfin): Create credentials request/cloud secret
+	cloudConfig, err := generateCloudConfig(installConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	openStackIdentity := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      clusterID.InfraID + "-cloud-config",
+			Namespace: capiutils.Namespace,
+		},
+		Data: cloudConfig,
+	}
+	openStackIdentity.SetGroupVersionKind(corev1.SchemeGroupVersion.WithKind("Secret"))
+
+	manifests = append(manifests, &asset.RuntimeFile{
+		Object: openStackIdentity,
+		File:   asset.File{Filename: "02_openstack-cloud-config.yaml"},
+	})
 
 	return &capiutils.GenerateClusterAssetsOutput{
 		Manifests: manifests,
@@ -80,3 +99,45 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		},
 	}, nil
 }
+
+func generateCloudConfig(installConfig *installconfig.InstallConfig) (map[string][]byte, error) {
+	opts := new(clientconfig.ClientOpts)
+	opts.Cloud = installConfig.Config.Platform.OpenStack.Cloud
+
+	cloud, err := clientconfig.GetCloudFromYAML(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	// We need to replace the local cacert path with the one used by CAPO
+	caCert := []byte{}
+	if cloud.CACertFile != "" {
+		caCert, err = os.ReadFile(cloud.CACertFile)
+		if err != nil {
+			return nil, err
+		}
+
+		// TODO: Verify this path. This is taken from CAPO directly
+		// https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/main/templates/env.rc
+		cloud.CACertFile = "/etc/certs/cacert"
+	}
+
+	clouds := make(map[string]map[string]*clientconfig.Cloud)
+	clouds["clouds"] = map[string]*clientconfig.Cloud{
+		cloudName: cloud,
+	}
+
+	cloudsYAML, err := yaml.Marshal(clouds)
+	if err != nil {
+		return nil, err
+	}
+
+	creds := map[string][]byte{
+		"clouds.yaml": cloudsYAML,
+	}
+	if len(caCert) != 0 {
+		creds["cacert"] = caCert
+	}
+
+	return creds, nil
+}