-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: PoAn Yang <[email protected]>
- Loading branch information
1 parent
45fde4b
commit b78a50d
Showing
23 changed files
with
670 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
package config | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"strings" | ||
|
||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
"github.com/harvester/terraform-provider-harvester/pkg/client" | ||
) | ||
|
||
type Config struct { | ||
Bootstrap bool | ||
APIURL string | ||
KubeConfig string | ||
KubeContext string | ||
} | ||
|
||
func (c *Config) K8sClient() (*client.Client, error) { | ||
return client.NewClient(c.KubeConfig, c.KubeContext) | ||
} | ||
|
||
func (c *Config) CheckVersion() error { | ||
client, err := c.K8sClient() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
// check harvester version from settings | ||
serverVersion, err := client.HarvesterClient.HarvesterhciV1beta1().Settings().Get(context.Background(), "server-version", metav1.GetOptions{}) | ||
if err != nil { | ||
return err | ||
} | ||
// harvester version v1.0-head, v1.0.2, v1.0.3 is not supported | ||
if strings.HasPrefix(serverVersion.Value, "v1.0") { | ||
return fmt.Errorf("current Harvester server version is %s, the minimum supported version is v1.1.0", serverVersion.Value) | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,193 @@ | ||
package bootstrap | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"log" | ||
"net/http" | ||
"os" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/mitchellh/go-homedir" | ||
|
||
"github.com/harvester/terraform-provider-harvester/internal/config" | ||
"github.com/harvester/terraform-provider-harvester/internal/util" | ||
"github.com/harvester/terraform-provider-harvester/pkg/constants" | ||
) | ||
|
||
const ( | ||
bootstrapDefaultUser = "admin" | ||
bootstrapDefaultTTL = "60000" | ||
bootstrapDefaultSessionDesc = "Terraform bootstrap admin session" | ||
) | ||
|
||
func ResourceBootstrap() *schema.Resource { | ||
return &schema.Resource{ | ||
CreateContext: resourceBootstrapCreate, | ||
ReadContext: resourceBootstrapRead, | ||
DeleteContext: resourceBootstrapDelete, | ||
Schema: Schema(), | ||
} | ||
} | ||
|
||
func resourceBootstrapCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
c := meta.(*config.Config) | ||
if !c.Bootstrap { | ||
return diag.FromErr(fmt.Errorf("harvester_bootstrap just available on bootstrap mode")) | ||
} | ||
|
||
kubeConfig, err := homedir.Expand(d.Get(constants.FieldProviderKubeConfig).(string)) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
// login to get token | ||
tokenID, token, err := bootstrapLogin(d, c) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
d.SetId(tokenID) | ||
|
||
// change password | ||
log.Printf("Doing change password") | ||
if d.Get(constants.FieldShouldUpdatePassword).(bool) { | ||
initialPassword := d.Get(constants.FieldBootstrapInitialPassword).(string) | ||
password := d.Get(constants.FieldBootstrapPassword).(string) | ||
changePasswordURL := fmt.Sprintf("%s/%s", c.APIURL, "v3/users?action=changepassword") | ||
changePasswordData := `{"currentPassword":"` + initialPassword + `","newPassword":"` + password + `"}` | ||
changePasswordResp, err := util.DoPost(changePasswordURL, changePasswordData, "", true, map[string]string{"Authorization": fmt.Sprintf("Bearer %s", token)}) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if changePasswordResp.StatusCode != http.StatusOK { | ||
return diag.Errorf("failed to change password, status code %d", changePasswordResp.StatusCode) | ||
} | ||
} | ||
|
||
// get kubeconfig | ||
log.Printf("Doing generate kubeconfig") | ||
genKubeConfigURL := fmt.Sprintf("%s/%s", c.APIURL, "v1/management.cattle.io.clusters/local?action=generateKubeconfig") | ||
genKubeConfigResp, err := util.DoPost(genKubeConfigURL, "", "", true, map[string]string{"Authorization": fmt.Sprintf("Bearer %s", token)}) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if genKubeConfigResp.StatusCode != http.StatusOK { | ||
return diag.Errorf("failed to generate kubeconfig, status code %d", genKubeConfigResp.StatusCode) | ||
} | ||
|
||
genKubeConfigBody, err := util.GetJSONBody(genKubeConfigResp) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if genKubeConfigBody["config"] == nil { | ||
return diag.FromErr(fmt.Errorf("failed to generate kubeconfig")) | ||
} | ||
kubeConfigContent := genKubeConfigBody["config"].(string) | ||
|
||
// write kubeconfig | ||
if err = os.WriteFile(kubeConfig, []byte(kubeConfigContent), 0600); err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func resourceBootstrapRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
c := meta.(*config.Config) | ||
if !c.Bootstrap { | ||
return diag.FromErr(fmt.Errorf("[ERROR] harvester_bootstrap just available on bootstrap mode")) | ||
} | ||
|
||
kubeConfig, err := homedir.Expand(d.Get(constants.FieldProviderKubeConfig).(string)) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
// login to get token | ||
_, token, err := bootstrapLogin(d, c) | ||
if err != nil { | ||
log.Printf("[INFO] Bootstrap is unable to login to Harvester") | ||
d.SetId("") | ||
return diag.FromErr(err) | ||
} | ||
|
||
log.Printf("Doing generate kubeconfig") | ||
genKubeConfigURL := fmt.Sprintf("%s/%s", c.APIURL, "v1/management.cattle.io.clusters/local?action=generateKubeconfig") | ||
genKubeConfigResp, err := util.DoPost(genKubeConfigURL, "", "", true, map[string]string{"Authorization": fmt.Sprintf("Bearer %s", token)}) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if genKubeConfigResp.StatusCode != http.StatusOK { | ||
return diag.Errorf("failed to generate kubeconfig, status code %d", genKubeConfigResp.StatusCode) | ||
} | ||
|
||
genKubeConfigBody, err := util.GetJSONBody(genKubeConfigResp) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
if genKubeConfigBody["config"] == nil { | ||
return diag.FromErr(fmt.Errorf("failed to generate kubeconfig")) | ||
} | ||
kubeConfigContent := genKubeConfigBody["config"].(string) | ||
|
||
// write kubeconfig | ||
if err = os.WriteFile(kubeConfig, []byte(kubeConfigContent), 0600); err != nil { | ||
return diag.FromErr(err) | ||
} | ||
return nil | ||
} | ||
|
||
func resourceBootstrapDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
func bootstrapLogin(d *schema.ResourceData, c *config.Config) (string, string, error) { | ||
initialPassword := d.Get(constants.FieldBootstrapInitialPassword).(string) | ||
|
||
log.Printf("Doing login with initial password") | ||
tokenID, token, err := doUserLogin(c.APIURL, bootstrapDefaultUser, initialPassword, bootstrapDefaultTTL, bootstrapDefaultSessionDesc, "", true) | ||
if err == nil { | ||
err = d.Set(constants.FieldShouldUpdatePassword, true) | ||
return tokenID, token, err | ||
} | ||
|
||
log.Printf("Doing login with password") | ||
password := d.Get(constants.FieldBootstrapPassword).(string) | ||
tokenID, token, err = doUserLogin(c.APIURL, bootstrapDefaultUser, password, bootstrapDefaultTTL, bootstrapDefaultSessionDesc, "", true) | ||
if err == nil { | ||
err = d.Set(constants.FieldShouldUpdatePassword, false) | ||
return tokenID, token, err | ||
} | ||
return "", "", err | ||
} | ||
|
||
func doUserLogin(url, user, pass, ttl, desc, cacert string, insecure bool) (string, string, error) { | ||
loginURL := url + "/v3-public/localProviders/local?action=login" | ||
loginData := `{"username": "` + user + `", "password": "` + pass + `", "ttl": ` + ttl + `, "description": "` + desc + `"}` | ||
loginHead := map[string]string{ | ||
"Accept": "application/json", | ||
"Content-Type": "application/json", | ||
} | ||
|
||
// Login with user and pass | ||
loginResp, err := util.DoPost(loginURL, loginData, cacert, insecure, loginHead) | ||
if err != nil { | ||
return "", "", err | ||
} | ||
if loginResp.StatusCode != http.StatusCreated { | ||
return "", "", fmt.Errorf("can't login successfully, status code %d", loginResp.StatusCode) | ||
} | ||
|
||
loginBody, err := util.GetJSONBody(loginResp) | ||
if err != nil { | ||
return "", "", err | ||
} | ||
|
||
if loginBody["type"].(string) != "token" || loginBody["token"] == nil { | ||
return "", "", fmt.Errorf("doing user logging: %s %s", loginBody["type"].(string), loginBody["code"].(string)) | ||
} | ||
|
||
return loginBody["id"].(string), loginBody["token"].(string), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package bootstrap | ||
|
||
import ( | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" | ||
|
||
"github.com/harvester/terraform-provider-harvester/pkg/constants" | ||
) | ||
|
||
func Schema() map[string]*schema.Schema { | ||
s := map[string]*schema.Schema{ | ||
constants.FieldBootstrapInitialPassword: { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Sensitive: true, | ||
ForceNew: true, | ||
Default: "admin", | ||
ValidateFunc: validation.NoZeroValues, | ||
Description: "Default password in the harvester", | ||
}, | ||
constants.FieldBootstrapPassword: { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Sensitive: true, | ||
ForceNew: true, | ||
ValidateFunc: validation.NoZeroValues, | ||
Description: "New password for admin user", | ||
}, | ||
constants.FieldBootstrapKubeConfig: { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ForceNew: true, | ||
Default: "~/.kube/config", | ||
ValidateFunc: validation.NoZeroValues, | ||
Description: "Path to store the kubeconfig file", | ||
}, | ||
constants.FieldShouldUpdatePassword: { | ||
Type: schema.TypeBool, | ||
Computed: true, | ||
}, | ||
} | ||
return s | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.