Remove unused code, honor Spec.PropagateCredentials flag

k0rdent · Jan 17, 2025 · c83092d · c83092d
1 parent 8e396c6
commit c83092d
Show file tree

Hide file tree

Showing 10 changed files with 8 additions and 312 deletions.
diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go
@@ -42,8 +42,6 @@ type (
 )
 
 const (
-	// Provider AWS
-	ProviderAWSName = "cluster-api-provider-aws"
 	// Provider K0smotron
 	ProviderK0smotronName = "k0smotron"
 	// Provider Sveltos

diff --git a/go.mod b/go.mod
@@ -10,7 +10,6 @@ require (
 	github.com/fluxcd/pkg/apis/meta v1.9.0
 	github.com/fluxcd/pkg/runtime v0.52.0
 	github.com/fluxcd/source-controller/api v1.4.1
-	github.com/go-logr/logr v1.4.2
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/onsi/ginkgo/v2 v2.22.2
@@ -79,6 +78,7 @@ require (
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.8 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect

diff --git a/internal/controller/clusterdeployment_controller.go b/internal/controller/clusterdeployment_controller.go
@@ -46,7 +46,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	kcm "github.com/K0rdent/kcm/api/v1alpha1"
-	"github.com/K0rdent/kcm/internal/credspropagation"
 	"github.com/K0rdent/kcm/internal/helm"
 	providersloader "github.com/K0rdent/kcm/internal/providers"
 	"github.com/K0rdent/kcm/internal/sveltos"
@@ -372,13 +371,6 @@ func (r *ClusterDeploymentReconciler) updateCluster(ctx context.Context, mc *kcm
 		return ctrl.Result{RequeueAfter: DefaultRequeueInterval}, nil
 	}
 
-	if mc.Spec.PropagateCredentials {
-		if err := r.reconcileCredentialPropagation(ctx, mc, cred); err != nil {
-			l.Error(err, "failed to reconcile credentials propagation")
-			return ctrl.Result{}, err
-		}
-	}
-
 	return ctrl.Result{}, nil
 }
 
@@ -417,8 +409,8 @@ func (r *ClusterDeploymentReconciler) aggregateCapoConditions(ctx context.Contex
 	return requeue, errs
 }
 
-func getProjectTemplateResourceRefs(cred *kcm.Credential) []sveltosv1beta1.TemplateResourceRef {
-	if cred.Spec.IdentityRef == nil {
+func getProjectTemplateResourceRefs(mc *kcm.ClusterDeployment, cred *kcm.Credential) []sveltosv1beta1.TemplateResourceRef {
+	if !mc.Spec.PropagateCredentials || cred.Spec.IdentityRef == nil {
 		return nil
 	}
 
@@ -444,8 +436,8 @@ func getProjectTemplateResourceRefs(cred *kcm.Credential) []sveltosv1beta1.Templ
 	return refs
 }
 
-func getProjectPolicyRefs(cred *kcm.Credential) []sveltosv1beta1.PolicyRef {
-	if cred.Spec.IdentityRef == nil {
+func getProjectPolicyRefs(mc *kcm.ClusterDeployment, cred *kcm.Credential) []sveltosv1beta1.PolicyRef {
+	if !mc.Spec.PropagateCredentials || cred.Spec.IdentityRef == nil {
 		return nil
 	}
 
@@ -530,9 +522,9 @@ func (r *ClusterDeploymentReconciler) updateServices(ctx context.Context, mc *kc
 			StopOnConflict: mc.Spec.ServiceSpec.StopOnConflict,
 			Reload:         mc.Spec.ServiceSpec.Reload,
 			TemplateResourceRefs: append(
-				getProjectTemplateResourceRefs(cred), mc.Spec.ServiceSpec.TemplateResourceRefs...,
+				getProjectTemplateResourceRefs(mc, cred), mc.Spec.ServiceSpec.TemplateResourceRefs...,
 			),
-			PolicyRefs: getProjectPolicyRefs(cred),
+			PolicyRefs: getProjectPolicyRefs(mc, cred),
 		}); err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile Profile: %w", err)
 	}
@@ -734,71 +726,6 @@ func (r *ClusterDeploymentReconciler) objectsAvailable(ctx context.Context, name
 	return len(itemsList.Items) != 0, nil
 }
 
-func (r *ClusterDeploymentReconciler) reconcileCredentialPropagation(ctx context.Context, clusterDeployment *kcm.ClusterDeployment, credential *kcm.Credential) error {
-	l := ctrl.LoggerFrom(ctx)
-	l.Info("Reconciling CCM credentials propagation")
-
-	providers, err := r.getInfraProvidersNames(ctx, clusterDeployment.Namespace, clusterDeployment.Spec.Template)
-	if err != nil {
-		return fmt.Errorf("failed to get cluster providers for cluster %s/%s: %w", clusterDeployment.Namespace, clusterDeployment.Name, err)
-	}
-
-	kubeconfSecret := &corev1.Secret{}
-	if err := r.Client.Get(ctx, client.ObjectKey{
-		Name:      clusterDeployment.Name + "-kubeconfig",
-		Namespace: clusterDeployment.Namespace,
-	}, kubeconfSecret); err != nil {
-		return fmt.Errorf("failed to get kubeconfig secret for cluster %s/%s: %w", clusterDeployment.Namespace, clusterDeployment.Name, err)
-	}
-
-	propnCfg := &credspropagation.PropagationCfg{
-		Client:            r.Client,
-		IdentityRef:       credential.Spec.IdentityRef,
-		KubeconfSecret:    kubeconfSecret,
-		ClusterDeployment: clusterDeployment,
-		SystemNamespace:   r.SystemNamespace,
-	}
-
-	for _, provider := range providers {
-		titleName := providersloader.GetProviderTitleName(provider)
-
-		f, ok := providersloader.CredentialPropagationFunc(provider)
-		if !ok || titleName == "" {
-			apimeta.SetStatusCondition(clusterDeployment.GetConditions(), metav1.Condition{
-				Type:    kcm.CredentialsPropagatedCondition,
-				Status:  metav1.ConditionFalse,
-				Reason:  kcm.FailedReason,
-				Message: "unsupported infrastructure provider " + provider,
-			})
-
-			continue
-		}
-
-		enabled, err := f(ctx, propnCfg, l)
-		if err != nil {
-			errMsg := fmt.Sprintf("failed to create %s CCM credentials: %s", titleName, err)
-			apimeta.SetStatusCondition(clusterDeployment.GetConditions(), metav1.Condition{
-				Type:    kcm.CredentialsPropagatedCondition,
-				Status:  metav1.ConditionFalse,
-				Reason:  kcm.FailedReason,
-				Message: errMsg,
-			})
-			return errors.New(errMsg)
-		} else if enabled {
-			apimeta.SetStatusCondition(clusterDeployment.GetConditions(), metav1.Condition{
-				Type:    kcm.CredentialsPropagatedCondition,
-				Status:  metav1.ConditionTrue,
-				Reason:  kcm.SucceededReason,
-				Message: titleName + " CCM credentials created",
-			})
-		}
-	}
-
-	l.Info("CCM credentials reconcile finished")
-
-	return nil
-}
-
 func (r *ClusterDeploymentReconciler) setAvailableUpgrades(ctx context.Context, clusterDeployment *kcm.ClusterDeployment, template *kcm.ClusterTemplate) error {
 	if template == nil {
 		return nil

diff --git a/internal/credspropagation/common.go b/internal/credspropagation/common.go
diff --git a/internal/providers/aws.go b/internal/providers/aws.go
@@ -15,12 +15,7 @@
 package providers
 
 import (
-	"context"
-
-	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-
-	"github.com/K0rdent/kcm/internal/credspropagation"
 )
 
 type ProviderAWS struct{}
@@ -35,10 +30,6 @@ func (*ProviderAWS) GetName() string {
 	return "aws"
 }
 
-func (*ProviderAWS) GetTitleName() string {
-	return "AWS"
-}
-
 func (*ProviderAWS) GetClusterGVK() schema.GroupVersionKind {
 	return schema.GroupVersionKind{
 		Group:   "infrastructure.cluster.x-k8s.io",
@@ -50,18 +41,3 @@ func (*ProviderAWS) GetClusterGVK() schema.GroupVersionKind {
 func (*ProviderAWS) GetClusterIdentityKinds() []string {
 	return []string{"AWSClusterStaticIdentity", "AWSClusterRoleIdentity", "AWSClusterControllerIdentity"}
 }
-
-func (p *ProviderAWS) CredentialPropagationFunc() func(
-	_ context.Context,
-	_ *credspropagation.PropagationCfg,
-	l logr.Logger,
-) (enabled bool, err error) {
-	return func(
-		_ context.Context,
-		_ *credspropagation.PropagationCfg,
-		l logr.Logger,
-	) (enabled bool, err error) {
-		l.Info("Skipping creds propagation for " + p.GetTitleName())
-		return enabled, err
-	}
-}
diff --git a/internal/providers/azure.go b/internal/providers/azure.go
@@ -15,12 +15,7 @@
 package providers
 
 import (
-	"context"
-
-	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-
-	"github.com/K0rdent/kcm/internal/credspropagation"
 )
 
 type ProviderAzure struct{}
@@ -35,28 +30,10 @@ func (*ProviderAzure) GetName() string {
 	return "azure"
 }
 
-func (*ProviderAzure) GetTitleName() string {
-	return "Azure"
-}
-
 func (*ProviderAzure) GetClusterGVK() schema.GroupVersionKind {
 	return schema.GroupVersionKind{}
 }
 
 func (*ProviderAzure) GetClusterIdentityKinds() []string {
 	return []string{"AzureClusterIdentity"}
 }
-
-func (*ProviderAzure) CredentialPropagationFunc() func(
-	_ context.Context,
-	_ *credspropagation.PropagationCfg,
-	_ logr.Logger,
-) (enabled bool, err error) {
-	return func(
-		_ context.Context,
-		_ *credspropagation.PropagationCfg,
-		_ logr.Logger,
-	) (enabled bool, err error) {
-		return enabled, err
-	}
-}
diff --git a/internal/providers/openstack.go b/internal/providers/openstack.go
@@ -15,12 +15,7 @@
 package providers
 
 import (
-	"context"
-
-	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-
-	"github.com/K0rdent/kcm/internal/credspropagation"
 )
 
 type ProviderOpenStack struct{}
@@ -35,28 +30,10 @@ func (*ProviderOpenStack) GetName() string {
 	return "openstack"
 }
 
-func (*ProviderOpenStack) GetTitleName() string {
-	return "OpenStack"
-}
-
 func (*ProviderOpenStack) GetClusterGVK() schema.GroupVersionKind {
 	return schema.GroupVersionKind{}
 }
 
 func (*ProviderOpenStack) GetClusterIdentityKinds() []string {
 	return []string{"Secret"}
 }
-
-func (*ProviderOpenStack) CredentialPropagationFunc() func(
-	_ context.Context,
-	_ *credspropagation.PropagationCfg,
-	_ logr.Logger,
-) (enabled bool, err error) {
-	return func(
-		_ context.Context,
-		_ *credspropagation.PropagationCfg,
-		_ logr.Logger,
-	) (enabled bool, err error) {
-		return enabled, err
-	}
-}