helm: insert openstack secret for ccm (#2897)

2024-10-01 01:36:09 -04:00 · 2024-02-09 11:14:44 +01:00 · 2024-02-09 11:14:44 +01:00 · 5b73d48bdd
commit 5b73d48bdd
parent a89133ae81
3 changed files with 28 additions and 0 deletions
--- a/internal/constellation/helm/BUILD.bazel
+++ b/internal/constellation/helm/BUILD.bazel
@ -505,6 +505,7 @@ go_test(
        "//internal/cloud/azureshared",
        "//internal/cloud/cloudprovider",
        "//internal/cloud/gcpshared",
+        "//internal/cloud/openstack",
        "//internal/compatibility",
        "//internal/config",
        "//internal/constellation/state",
--- a/internal/constellation/helm/loader_test.go
+++ b/internal/constellation/helm/loader_test.go
@ -27,6 +27,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/cloud/azureshared"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
+	"github.com/edgelesssys/constellation/v2/internal/cloud/openstack"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constellation/state"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
@ -58,6 +59,18 @@ func fakeServiceAccURI(provider cloudprovider.Provider) string {
 			UamiResourceID:      "uid",
 		}
 		return creds.ToCloudServiceAccountURI()
+	case cloudprovider.OpenStack:
+		creds := openstack.AccountKey{
+			AuthURL:           "authURL",
+			Username:          "username",
+			Password:          "password",
+			ProjectID:         "projectID",
+			ProjectName:       "projectName",
+			UserDomainName:    "userDomainName",
+			ProjectDomainName: "projectDomainName",
+			RegionName:        "regionName",
+		}
+		return creds.ToCloudServiceAccountURI()
 	default:
 		return ""
 	}
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@ -97,9 +97,23 @@ func extraConstellationServicesValues(
 	}
 	switch csp {
 	case cloudprovider.OpenStack:
+		creds, err := openstack.AccountKeyFromURI(serviceAccURI)
+		if err != nil {
+			return nil, err
+		}
+		credsIni := creds.CloudINI().FullConfiguration()
 		if openStackCfg == nil {
 			return nil, fmt.Errorf("no OpenStack config")
 		}
+		extraVals["ccm"] = map[string]any{
+			"OpenStack": map[string]any{
+				"secretData": credsIni,
+			},
+		}
+		yawolIni := creds.CloudINI().YawolConfiguration()
+		extraVals["yawol-config"] = map[string]any{
+			"secretData": yawolIni,
+		}
 		extraVals["openstack"] = map[string]any{
 			"deployYawolLoadBalancer": openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer,
 		}