openshift · openshift-merge-robot · Sep 6, 2018 · Sep 5, 2018 · Sep 5, 2018
diff --git a/Documentation/dev/libvirt-howto.md b/Documentation/dev/libvirt-howto.md
@@ -64,7 +64,7 @@ EOF
     1. Set the `imagePath` to the **absolute** path of the operating system image you downloaded
     1. Set the `name` (e.g. test1)
     1. Look at the `podCIDR` and `serviceCIDR` fields in the `networking` section. Make sure they don't conflict with anything important.
-    1. Set the `pullSecretPath` to the **absolute** path of your downloaded pull secret file.
+    1. Set the `pullSecret` to your JSON pull secret.
 
 #### 1.7 Set up NetworkManager DNS overlay
 This step is optional, but useful for being able to resolve cluster-internal hostnames from your host.

diff --git a/config.tf b/config.tf
@@ -174,12 +174,12 @@ Note: This field MUST be set manually prior to creating the cluster.
 EOF
 }
 
-variable "tectonic_pull_secret_path" {
+variable "tectonic_pull_secret" {
   type    = "string"
   default = ""
 
   description = <<EOF
-The path the pull secret file in JSON format.
+The pull secret in JSON format.
 This is known to be a "Docker pull secret" as produced by the docker login [1] command.
 A sample JSON content is shown in [2].
 You can download the pull secret from your Account overview page at [3].

diff --git a/examples/tectonic.aws.yaml b/examples/tectonic.aws.yaml
@@ -230,7 +230,7 @@ nodePools:
 # The platform used for deploying.
 platform: aws
 
-# The path the pull secret file in JSON format.
+# The pull secret in JSON format.
 # This is known to be a "Docker pull secret" as produced by the docker login [1] command.
 # A sample JSON content is shown in [2].
 # You can download the pull secret from your Account overview page at [3].
@@ -240,7 +240,7 @@ platform: aws
 # [2] https://coreos.com/os/docs/latest/registry-authentication.html#manual-registry-auth-setup
 #
 # [3] https://account.coreos.com/overview
-pullSecretPath:
+pullSecret: '{"auths": {}}'
 
 worker:
   # The name of the node pool(s) to use for workers

diff --git a/examples/tectonic.libvirt.yaml b/examples/tectonic.libvirt.yaml
@@ -98,7 +98,7 @@ nodePools:
 # The platform used for deploying.
 platform: libvirt
 
-# The path the pull secret file in JSON format.
+# The pull secret in JSON format.
 # This is known to be a "Docker pull secret" as produced by the docker login [1] command.
 # A sample JSON content is shown in [2].
 # You can download the pull secret from your Account overview page at [3].
@@ -108,7 +108,7 @@ platform: libvirt
 # [2] https://coreos.com/os/docs/latest/registry-authentication.html#manual-registry-auth-setup
 #
 # [3] https://account.coreos.com/overview
-pullSecretPath:
+pullSecret: '{"auths": {}}'
 
 worker:
   nodePools:

diff --git a/installer/pkg/config-generator/fixtures/test-aws.yaml b/installer/pkg/config-generator/fixtures/test-aws.yaml
@@ -12,7 +12,7 @@ master:
 worker:
   nodePools:
     - worker
-pullSecretPath: /path/config.json
+pullSecret: '{"auths": {}}'
 containerLinux:
   channel: stable
   version: latest

diff --git a/installer/pkg/config/cluster.go b/installer/pkg/config/cluster.go
@@ -88,7 +88,8 @@ type Cluster struct {
 	Networking      `json:",inline" yaml:"networking,omitempty"`
 	NodePools       `json:"-" yaml:"nodePools"`
 	Platform        Platform `json:"tectonic_platform" yaml:"platform,omitempty"`
-	PullSecretPath  string   `json:"tectonic_pull_secret_path,omitempty" yaml:"pullSecretPath,omitempty"`
+	PullSecret      string   `json:"tectonic_pull_secret,omitempty" yaml:"pullSecret,omitempty"`
+	PullSecretPath  string   `json:"-" yaml:"pullSecretPath,omitempty"` // Deprecated: remove after openshift/release is ported to pullSecret
 	Worker          `json:",inline" yaml:"worker,omitempty"`
 }
 

diff --git a/installer/pkg/config/parser.go b/installer/pkg/config/parser.go
@@ -1,6 +1,7 @@
 package config
 
 import (
+	"errors"
 	"io/ioutil"
 
 	"gopkg.in/yaml.v2"
@@ -14,6 +15,19 @@ func ParseConfig(data []byte) (*Cluster, error) {
 		return nil, err
 	}
 
+	// Deprecated: remove after openshift/release is ported to pullSecret
+	if cluster.PullSecretPath != "" {
+		if cluster.PullSecret != "" {
+			return nil, errors.New("pullSecretPath is deprecated; just set pullSecret")
+		}
+
+		data, err := ioutil.ReadFile(cluster.PullSecretPath)
+		if err != nil {
+			return nil, err
+		}
+		cluster.PullSecret = string(data)
+	}
+
 	return &cluster, nil
 }
 

diff --git a/installer/pkg/config/validate.go b/installer/pkg/config/validate.go
@@ -83,7 +83,7 @@ func (c *Cluster) Validate() []error {
 	errs = append(errs, c.validateNetworking()...)
 	errs = append(errs, c.validateAWS()...)
 	errs = append(errs, c.validateCL()...)
-	errs = append(errs, c.validateTectonicFiles()...)
+	errs = append(errs, c.validatePullSecret()...)
 	errs = append(errs, c.validateLibvirt()...)
 	errs = append(errs, c.validateCA()...)
 	if err := validate.PrefixError("cluster name", validate.ClusterName(c.Name)); err != nil {
@@ -280,9 +280,9 @@ func (c *Cluster) validateTNCS3Bucket() error {
 	return nil
 }
 
-func (c *Cluster) validateTectonicFiles() []error {
+func (c *Cluster) validatePullSecret() []error {
 	var errs []error
-	if err := validate.JSONFile(c.PullSecretPath); err != nil {
+	if err := validate.JSON([]byte(c.PullSecret)); err != nil {
 		errs = append(errs, err)
 	}
 	return errs

diff --git a/installer/pkg/validate/validate.go b/installer/pkg/validate/validate.go
@@ -35,12 +35,19 @@ func JSONFile(path string) error {
 	if err != nil {
 		return err
 	}
-	if !json.Valid(b) {
-		return fmt.Errorf("file %q contains invalid JSON", path)
+	err = JSON(b)
+	if err != nil {
+		return fmt.Errorf("file %q contains invalid JSON: %v", path, err)
 	}
 	return nil
 }
 
+// JSON validates that the given data is valid JSON.
+func JSON(data []byte) error {
+	var dummy interface{}
+	return json.Unmarshal(data, &dummy)
+}
+
 // FileExists validates a file exists at the given path.
 func FileExists(path string) error {
 	_, err := os.Stat(path)

diff --git a/installer/pkg/workflow/fixtures/aws.basic.yaml b/installer/pkg/workflow/fixtures/aws.basic.yaml
@@ -32,7 +32,7 @@ nodePools:
   - name: worker
     count: 3
 platform: aws
-pullSecretPath:
+pullSecret: '{"auths": {}}'
 worker:
   nodePools:
     - worker

diff --git a/installer/pkg/workflow/fixtures/terraform.tfvars b/installer/pkg/workflow/fixtures/terraform.tfvars
@@ -29,5 +29,6 @@
   "tectonic_service_cidr": "10.3.0.0/16",
   "tectonic_cluster_cidr": "10.2.0.0/16",
   "tectonic_platform": "aws",
+  "tectonic_pull_secret": "{\"auths\": {}}",
   "tectonic_worker_count": 3
 }
diff --git a/installer/pkg/workflow/init_test.go b/installer/pkg/workflow/init_test.go
@@ -1,7 +1,6 @@
 package workflow
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -13,29 +12,12 @@ import (
 	"github.com/openshift/installer/installer/pkg/config"
 )
 
-func generatePullSecret(name string) (*os.File, error) {
-	pullBytes, err := json.Marshal(&struct{}{})
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal pull secret: %v", err)
-	}
-	p, err := ioutil.TempFile("", fmt.Sprintf("%s_pull_secret", name))
-	if err != nil {
-		return nil, fmt.Errorf("failed to create pull secret file: %v", err)
-	}
-	if _, err := p.Write(pullBytes); err != nil {
-		return nil, fmt.Errorf("failed to write pull secret file: %v", err)
-	}
-	p.Close()
-
-	return p, nil
-}
-
-func initTestCluster(cfg, pullSecret string) (*config.Cluster, error) {
+func initTestCluster(cfg string) (*config.Cluster, error) {
 	testConfig, err := config.ParseConfigFile(cfg)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse test config: %v", err)
 	}
-	testConfig.PullSecretPath = pullSecret
+	testConfig.PullSecret = "{\"auths\": {}}"
 	if len(testConfig.Validate()) != 0 {
 		return nil, errors.New("failed to validate test conifg")
 	}
@@ -54,20 +36,11 @@ func TestGenerateTerraformVariablesStep(t *testing.T) {
 		}
 	}()
 
-	ps, err := generatePullSecret("init_workflow")
-	if err != nil {
-		t.Fatalf("failed to generate pull secret: %v", err)
-	}
-	defer os.Remove(ps.Name())
-
-	cluster, err := initTestCluster("./fixtures/aws.basic.yaml", ps.Name())
+	cluster, err := initTestCluster("./fixtures/aws.basic.yaml")
 	if err != nil {
 		t.Fatalf("failed to init cluster: %v", err)
 	}
 
-	// Remove auto-generated pull secret for comparison.
-	cluster.PullSecretPath = ""
-
 	m := &metadata{
 		cluster:    *cluster,
 		clusterDir: clusterDir,

diff --git a/modules/bootkube/manifests.tf b/modules/bootkube/manifests.tf
@@ -46,7 +46,7 @@ data "template_file" "manifest_file_list" {
     clusterapi_ca_cert       = "${base64encode(var.clusterapi_ca_cert_pem)}"
     clusterapi_ca_key        = "${base64encode(var.clusterapi_ca_key_pem)}"
     oidc_ca_cert             = "${base64encode(var.oidc_ca_cert)}"
-    pull_secret              = "${base64encode(file(var.pull_secret_path))}"
+    pull_secret              = "${base64encode(var.pull_secret)}"
     serviceaccount_pub       = "${base64encode(var.service_account_public_key_pem)}"
     serviceaccount_key       = "${base64encode(var.service_account_private_key_pem)}"
     kube_dns_service_ip      = "${cidrhost(var.service_cidr, 10)}"

diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf
@@ -156,8 +156,7 @@ variable "service_cidr" {
   type        = "string"
 }
 
-variable "pull_secret_path" {
+variable "pull_secret" {
   type        = "string"
-  description = "Path on disk to your Tectonic pull secret. Obtain this from your Tectonic Account: https://account.coreos.com."
-  default     = "/Users/coreos/Desktop/config.json"
+  description = "Your pull secret.  Obtain this from your Tectonic Account: https://account.coreos.com."
 }
diff --git a/modules/tectonic/manifests.tf b/modules/tectonic/manifests.tf
@@ -56,7 +56,7 @@ data "template_file" "manifest_file_list" {
     tectonic_version              = "${var.versions["tectonic"]}"
     tectonic_alm_operator_version = "${var.versions["alm"]}"
 
-    pull_secret = "${base64encode(file(var.pull_secret_path))}"
+    pull_secret = "${base64encode(var.pull_secret)}"
 
     update_server  = "${var.update_server}"
     update_channel = "${var.update_channel}"

diff --git a/modules/tectonic/variables.tf b/modules/tectonic/variables.tf
@@ -23,10 +23,9 @@ variable "ingress_kind" {
   type        = "string"
 }
 
-variable "pull_secret_path" {
+variable "pull_secret" {
   type        = "string"
-  description = "Path on disk to your Tectonic pull secret. Obtain this from your Tectonic Account: https://account.coreos.com."
-  default     = "/Users/coreos/Desktop/config.json"
+  description = "Your pull secret. Obtain this from your Tectonic Account: https://account.coreos.com."
 }
 
 variable "base_address" {

diff --git a/steps/assets/aws/main.tf b/steps/assets/aws/main.tf
@@ -18,7 +18,7 @@ module assets_base {
   tectonic_kubelet_debug_config    = "${var.tectonic_kubelet_debug_config}"
   tectonic_networking              = "${var.tectonic_networking}"
   tectonic_platform                = "${var.tectonic_platform}"
-  tectonic_pull_secret_path        = "${var.tectonic_pull_secret_path}"
+  tectonic_pull_secret             = "${var.tectonic_pull_secret}"
   tectonic_service_cidr            = "${var.tectonic_service_cidr}"
   tectonic_update_channel          = "${var.tectonic_update_channel}"
   tectonic_versions                = "${var.tectonic_versions}"

diff --git a/steps/assets/base/tectonic.tf b/steps/assets/base/tectonic.tf
@@ -19,7 +19,7 @@ module "bootkube" {
 
   service_cidr = "${var.tectonic_service_cidr}"
 
-  pull_secret_path = "${pathexpand(var.tectonic_pull_secret_path)}"
+  pull_secret = "${var.tectonic_pull_secret}"
 
   admin_cert_pem                  = "${local.admin_cert_pem}"
   admin_key_pem                   = "${local.admin_key_pem}"
@@ -62,7 +62,7 @@ module "tectonic" {
   container_base_images = "${var.tectonic_container_base_images}"
   versions              = "${var.tectonic_versions}"
 
-  pull_secret_path = "${pathexpand(var.tectonic_pull_secret_path)}"
+  pull_secret = "${var.tectonic_pull_secret}"
 
   update_channel = "${var.tectonic_update_channel}"
   update_app_id  = "${var.tectonic_update_app_id}"

diff --git a/steps/assets/libvirt/main.tf b/steps/assets/libvirt/main.tf
@@ -18,7 +18,7 @@ module assets_base {
   tectonic_kubelet_debug_config    = "${var.tectonic_kubelet_debug_config}"
   tectonic_networking              = "${var.tectonic_networking}"
   tectonic_platform                = "${var.tectonic_platform}"
-  tectonic_pull_secret_path        = "${var.tectonic_pull_secret_path}"
+  tectonic_pull_secret             = "${var.tectonic_pull_secret}"
   tectonic_service_cidr            = "${var.tectonic_service_cidr}"
   tectonic_update_channel          = "${var.tectonic_update_channel}"
   tectonic_versions                = "${var.tectonic_versions}"

diff --git a/tests/run.sh b/tests/run.sh
@@ -76,7 +76,8 @@ python <<-EOF >"${CLUSTER_NAME}.yaml"
 	with open(os.path.expanduser(os.path.join('~', '.ssh', 'id_rsa.pub'))) as f:
 	    config['admin']['sshKey'] = f.read()
 	config['baseDomain'] = '${DOMAIN}'
-	config['pullSecretPath'] = '${PULL_SECRET_PATH}'
+	with open('${PULL_SECRET_PATH}') as f:
+	    config['pullSecret'] = f.read()
 	config['aws']['region'] = '${AWS_REGION}'
 	config['aws']['extraTags'] = {
 	    'expirationDate': (