node-joiner: allow user to specify sshKey via config file

andfasano · andfasano · commit 6b5c5fa0ba1a · 2024-07-26T14:27:56.000-04:00
diff --git a/pkg/asset/agent/joiner/addnodesconfig.go b/pkg/asset/agent/joiner/addnodesconfig.go
@@ -7,13 +7,13 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"sigs.k8s.io/yaml"
 
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/types/agent"
+	"github.com/openshift/installer/pkg/validate"
 )
 
 const (
@@ -37,6 +37,7 @@ type Config struct {
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	CPUArchitecture string       `json:"cpuArchitecture,omitempty"`
+	SSHKey          string       `json:"sshKey,omitempty"`
 	Hosts           []agent.Host `json:"hosts,omitempty"`
 }
 
@@ -114,10 +115,16 @@ func (a *AddNodesConfig) Load(f asset.FileFetcher) (bool, error) {
 }
 
 func (a *AddNodesConfig) finish() error {
-	if err := a.validateHosts().ToAggregate(); err != nil {
-		return errors.Wrapf(err, "invalid nodes configuration")
+	allErrs := field.ErrorList{}
+
+	if err := a.validateHosts(); err != nil {
+		allErrs = append(allErrs, err...)
 	}
-	return nil
+	if err := a.validateSSHKey(); err != nil {
+		allErrs = append(allErrs, err...)
+	}
+
+	return allErrs.ToAggregate()
 }
 
 func (a *AddNodesConfig) validateHosts() field.ErrorList {
@@ -130,3 +137,16 @@ func (a *AddNodesConfig) validateHosts() field.ErrorList {
 
 	return allErrs
 }
+
+func (a *AddNodesConfig) validateSSHKey() field.ErrorList {
+	var allErrs field.ErrorList
+
+	if a.Config.SSHKey == "" {
+		return nil
+	}
+
+	if err := validate.SSHPublicKey(a.Config.SSHKey); err != nil {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("sshKey"), a.Config.SSHKey, err.Error()))
+	}
+	return allErrs
+}
diff --git a/pkg/asset/agent/joiner/addnodesconfig_test.go b/pkg/asset/agent/joiner/addnodesconfig_test.go
@@ -27,7 +27,26 @@ func TestAddNodesConfig_Load(t *testing.T) {
 		},
 		{
 			name:          "empty nodes-config.yaml",
-			expectedError: "invalid nodes configuration: hosts: Required value: at least one host must be defined",
+			expectedError: "hosts: Required value: at least one host must be defined",
+		},
+		{
+			name: "ssh key",
+			nodesConfigData: `hosts:
+- hostname: master-0
+  interfaces:
+  - name: eth0
+    macAddress: 00:ef:29:72:b9:771
+sshKey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q=="`,
+		},
+		{
+			name: "invalid ssh key",
+			nodesConfigData: `hosts:
+- hostname: master-0
+  interfaces:
+  - name: eth0
+    macAddress: 00:ef:29:72:b9:771
+sshKey: "not a valid ssh key"`,
+			expectedError: "sshKey: Invalid value: \"not a valid ssh key\": ssh: no key found",
 		},
 	}
 	for _, tc := range cases {
diff --git a/pkg/asset/agent/joiner/clusterinfo.go b/pkg/asset/agent/joiner/clusterinfo.go
@@ -122,7 +122,7 @@ func (ci *ClusterInfo) Generate(_ context.Context, dependencies asset.Parents) e
 		return err
 	}
 
-	err = ci.retrieveInstallConfigData()
+	err = ci.retrieveInstallConfigData(addNodesConfig)
 	if err != nil {
 		return err
 	}
@@ -243,7 +243,7 @@ func (ci *ClusterInfo) retrieveArchitecture(addNodesConfig *AddNodesConfig) erro
 	return fmt.Errorf("unable to determine target cluster architecture")
 }
 
-func (ci *ClusterInfo) retrieveInstallConfigData() error {
+func (ci *ClusterInfo) retrieveInstallConfigData(addNodesConfig *AddNodesConfig) error {
 	clusterConfig, err := ci.Client.CoreV1().ConfigMaps("kube-system").Get(context.Background(), "cluster-config-v1", metav1.GetOptions{})
 	if err != nil {
 		if errors.IsNotFound(err) {
@@ -269,6 +269,10 @@ func (ci *ClusterInfo) retrieveInstallConfigData() error {
 	ci.APIDNSName = fmt.Sprintf("api.%s.%s", ci.ClusterName, installConfig.BaseDomain)
 	ci.FIPS = installConfig.FIPS
 
+	if addNodesConfig.Config.SSHKey != "" {
+		ci.SSHKey = addNodesConfig.Config.SSHKey
+	}
+
 	return nil
 }
 
diff --git a/pkg/asset/agent/joiner/clusterinfo_test.go b/pkg/asset/agent/joiner/clusterinfo_test.go
@@ -49,7 +49,7 @@ func TestClusterInfo_Generate(t *testing.T) {
 				Version:      "4.15.0",
 				APIDNSName:   "api.ostest.test.metalkube.org",
 				Namespace:    "cluster0",
-				PullSecret:   "c3VwZXJzZWNyZXQK",
+				PullSecret:   "c3VwZXJzZWNyZXQK", // notsecret
 				UserCaBundle: "--- bundle ---",
 				Architecture: "amd64",
 				Proxy: &types.Proxy{
@@ -103,7 +103,7 @@ func TestClusterInfo_Generate(t *testing.T) {
 				Version:      "4.15.0",
 				APIDNSName:   "api.ostest.test.metalkube.org",
 				Namespace:    "cluster0",
-				PullSecret:   "c3VwZXJzZWNyZXQK",
+				PullSecret:   "c3VwZXJzZWNyZXQK", // notsecret
 				UserCaBundle: "--- bundle ---",
 				Architecture: "arm64",
 				Proxy: &types.Proxy{
@@ -147,6 +147,49 @@ func TestClusterInfo_Generate(t *testing.T) {
 			},
 			expectedError: "Platform: Unsupported value: \"aws\": supported values: \"baremetal\", \"vsphere\", \"none\", \"external\"",
 		},
+		{
+			name:     "sshKey from nodes-config.yaml",
+			workflow: workflow.AgentWorkflowTypeAddNodes,
+			objs:     defaultObjects(),
+			nodesConfig: AddNodesConfig{
+				Config: Config{
+					SSHKey: "ssh-key-from-config",
+				},
+			},
+			expectedClusterInfo: ClusterInfo{
+				ClusterID:    "1b5ba46b-7e56-47b1-a326-a9eebddfb38c",
+				ClusterName:  "ostest",
+				ReleaseImage: "registry.ci.openshift.org/ocp/release@sha256:65d9b652d0d23084bc45cb66001c22e796d43f5e9e005c2bc2702f94397d596e",
+				Version:      "4.15.0",
+				APIDNSName:   "api.ostest.test.metalkube.org",
+				Namespace:    "cluster0",
+				PullSecret:   "c3VwZXJzZWNyZXQK", // notsecret
+				UserCaBundle: "--- bundle ---",
+				Architecture: "amd64",
+				Proxy: &types.Proxy{
+					HTTPProxy:  "http://proxy",
+					HTTPSProxy: "https://proxy",
+					NoProxy:    "localhost",
+				},
+				ImageDigestSources: []types.ImageDigestSource{
+					{
+						Source: "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
+						Mirrors: []string{
+							"registry.example.com:5000/ocp4/openshift4",
+						},
+					},
+				},
+				PlatformType:    v1beta1.BareMetalPlatformType,
+				SSHKey:          "ssh-key-from-config",
+				OSImage:         buildStreamData(),
+				OSImageLocation: "http://my-coreosimage-url/416.94.202402130130-0",
+				IgnitionEndpointWorker: &models.IgnitionEndpoint{
+					URL:           ptr.To("https://192.168.111.5:22623/config/worker"),
+					CaCertificate: ptr.To("LS0tL_FakeCertificate_LS0tCg=="),
+				},
+				FIPS: true,
+			},
+		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ func (ci *ClusterInfo) Generate(_ context.Context, dependencies asset.Parents) e`
`122`	`122`	`return err`
`123`	`123`	`}`
`124`	`124`
`125`		`- err = ci.retrieveInstallConfigData()`
	`125`	`+ err = ci.retrieveInstallConfigData(addNodesConfig)`
`126`	`126`	`if err != nil {`
`127`	`127`	`return err`
`128`	`128`	`}`
`@@ -243,7 +243,7 @@ func (ci ClusterInfo) retrieveArchitecture(addNodesConfig AddNodesConfig) erro`
`243`	`243`	`return fmt.Errorf("unable to determine target cluster architecture")`
`244`	`244`	`}`
`245`	`245`
`246`		`-func (ci *ClusterInfo) retrieveInstallConfigData() error {`
	`246`	`+func (ci ClusterInfo) retrieveInstallConfigData(addNodesConfig AddNodesConfig) error {`
`247`	`247`	`clusterConfig, err := ci.Client.CoreV1().ConfigMaps("kube-system").Get(context.Background(), "cluster-config-v1", metav1.GetOptions{})`
`248`	`248`	`if err != nil {`
`249`	`249`	`if errors.IsNotFound(err) {`
`@@ -269,6 +269,10 @@ func (ci *ClusterInfo) retrieveInstallConfigData() error {`
`269`	`269`	`ci.APIDNSName = fmt.Sprintf("api.%s.%s", ci.ClusterName, installConfig.BaseDomain)`
`270`	`270`	`ci.FIPS = installConfig.FIPS`
`271`	`271`
	`272`	`+ if addNodesConfig.Config.SSHKey != "" {`
	`273`	`+ ci.SSHKey = addNodesConfig.Config.SSHKey`
	`274`	`+ }`
	`275`	`+`
`272`	`276`	`return nil`
`273`	`277`	`}`
`274`	`278`