Skip to content

[fcos] pkg/server: serve config only to master in bootstrap server #1423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Jan 30, 2020
Merged

[fcos] pkg/server: serve config only to master in bootstrap server #1423

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion pkg/server/bootstrap_server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,9 @@ func NewBootstrapServer(dir, kubeconfig string) (Server, error) {
// 4. Append the machine annotations file.
// 5. Append the KubeConfig file.
func (bsc *bootstrapServer) GetConfig(cr poolRequest) (*igntypes.Config, error) {

if cr.machineConfigPool != "master" {
return nil, fmt.Errorf("refusing to serve bootstrap configuration to pool %q", cr.machineConfigPool)
}
// 1. Read the Machine Config Pool object.
fileName := path.Join(bsc.serverBaseDir, "machine-pools", cr.machineConfigPool+".yaml")
glog.Infof("reading file %q", fileName)
Expand Down
10 changes: 9 additions & 1 deletion pkg/server/server_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ func TestBootstrapServer(t *testing.T) {
t.Fatal(err)
}
res, err := bs.GetConfig(poolRequest{
machineConfigPool: testPool,
machineConfigPool: "master",
})
if err != nil {
t.Fatalf("expected err to be nil, received: %v", err)
Expand All @@ -130,6 +130,14 @@ func TestBootstrapServer(t *testing.T) {
// assert on the output.
validateIgnitionFiles(t, mc.Spec.Config.Storage.Files, res.Storage.Files)
validateIgnitionSystemd(t, mc.Spec.Config.Systemd.Units, res.Systemd.Units)

// verify bootstrap cannot serve ignition to other pool than master
res, err = bs.GetConfig(poolRequest{
machineConfigPool: testPool,
})
if err == nil {
t.Fatalf("expected bootstrap server to not serve ignition to non-master pools")
}
}

// TestClusterServer tests the behavior of the machine config server
Expand Down
24 changes: 24 additions & 0 deletions pkg/server/testdata/machine-pools/master.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfigPool
metadata:
creationTimestamp: null
name: master
spec:
configuration:
name: test-config
machineConfigSelector:
matchLabels:
machineconfiguration.openshift.io/role: test
nodeSelector:
matchLabels:
node-role.kubernetes.io/test: ""
maxUnavailable: null
paused: false
status:
conditions: null
configuration:
name: test-config
machineCount: 0
readyMachineCount: 0
unavailableMachineCount: 0
updatedMachineCount: 0