From d9baac057b9374e562fc937f4f0cb9de7e121c44 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Wed, 21 Jan 2026 12:58:36 +0100 Subject: [PATCH] METAL-1668: simplify BMC CA assets A separate asset is not needed to just generate a file, use template instead. Follow-up to PR #10072. Signed-off-by: Dmitry Tantsur --- .../openshift/bmc-ca/verify_ca.crt.template | 1 + pkg/asset/ignition/bootstrap/common.go | 2 - pkg/asset/manifests/bmcverifycaconfigmap.go | 16 ++--- pkg/asset/tls/bmcverifyca.go | 65 ------------------- 4 files changed, 9 insertions(+), 75 deletions(-) create mode 100644 data/data/bootstrap/baremetal/files/opt/openshift/bmc-ca/verify_ca.crt.template delete mode 100644 pkg/asset/tls/bmcverifyca.go diff --git a/data/data/bootstrap/baremetal/files/opt/openshift/bmc-ca/verify_ca.crt.template b/data/data/bootstrap/baremetal/files/opt/openshift/bmc-ca/verify_ca.crt.template new file mode 100644 index 00000000000..23ac7774db1 --- /dev/null +++ b/data/data/bootstrap/baremetal/files/opt/openshift/bmc-ca/verify_ca.crt.template @@ -0,0 +1 @@ +{{ .PlatformData.BareMetal.BMCVerifyCA }} diff --git a/pkg/asset/ignition/bootstrap/common.go b/pkg/asset/ignition/bootstrap/common.go index 1ea2d88994f..1ebcc3abb92 100644 --- a/pkg/asset/ignition/bootstrap/common.go +++ b/pkg/asset/ignition/bootstrap/common.go @@ -172,7 +172,6 @@ func (a *Common) Dependencies() []asset.Asset { &tls.RootCA{}, &tls.ServiceAccountKeyPair{}, &tls.IronicTLSCert{}, - &tls.BMCVerifyCA{}, &releaseimage.Image{}, new(rhcos.Image), } @@ -675,7 +674,6 @@ func (a *Common) addParentFiles(dependencies asset.Parents) { &tls.ServiceAccountKeyPair{}, &tls.JournalCertKey{}, &tls.IronicTLSCert{}, - &tls.BMCVerifyCA{}, } { dependencies.Get(asset) diff --git a/pkg/asset/manifests/bmcverifycaconfigmap.go b/pkg/asset/manifests/bmcverifycaconfigmap.go index 1e3b38f93b5..7303698838a 100644 --- a/pkg/asset/manifests/bmcverifycaconfigmap.go +++ b/pkg/asset/manifests/bmcverifycaconfigmap.go @@ -10,7 +10,8 @@ import ( "sigs.k8s.io/yaml" "github.com/openshift/installer/pkg/asset" - "github.com/openshift/installer/pkg/asset/tls" + "github.com/openshift/installer/pkg/asset/installconfig" + "github.com/openshift/installer/pkg/types/baremetal" ) var ( @@ -40,18 +41,17 @@ func (*BMCVerifyCAConfigMap) Name() string { // the asset. func (*BMCVerifyCAConfigMap) Dependencies() []asset.Asset { return []asset.Asset{ - &tls.BMCVerifyCA{}, + &installconfig.InstallConfig{}, } } // Generate generates the BMC Verify CA ConfigMap. func (bvc *BMCVerifyCAConfigMap) Generate(_ context.Context, dependencies asset.Parents) error { - bmcVerifyCA := &tls.BMCVerifyCA{} - dependencies.Get(bmcVerifyCA) + installConfig := &installconfig.InstallConfig{} + dependencies.Get(installConfig) - // Only generate the ConfigMap if BMCVerifyCA has content - files := bmcVerifyCA.Files() - if len(files) == 0 { + // Only generate the file for baremetal platform with BMCVerifyCA configured + if installConfig.Config.Platform.Name() != baremetal.Name || installConfig.Config.Platform.BareMetal == nil || installConfig.Config.Platform.BareMetal.BMCVerifyCA == "" { return nil } @@ -65,7 +65,7 @@ func (bvc *BMCVerifyCAConfigMap) Generate(_ context.Context, dependencies asset. Name: bmcVerifyCAConfigMapName, }, Data: map[string]string{ - bmcVerifyCAConfigMapDataKey: string(files[0].Data), + bmcVerifyCAConfigMapDataKey: installConfig.Config.Platform.BareMetal.BMCVerifyCA, }, } diff --git a/pkg/asset/tls/bmcverifyca.go b/pkg/asset/tls/bmcverifyca.go deleted file mode 100644 index 0e336f07127..00000000000 --- a/pkg/asset/tls/bmcverifyca.go +++ /dev/null @@ -1,65 +0,0 @@ -package tls - -import ( - "context" - - "github.com/openshift/installer/pkg/asset" - "github.com/openshift/installer/pkg/asset/installconfig" - "github.com/openshift/installer/pkg/types/baremetal" -) - -// BMCVerifyCA is the asset for the user-provided BMC verify CA certificate file. -// This CA certificate is used to verify BMC TLS certificates. -type BMCVerifyCA struct { - File *asset.File -} - -var _ asset.WritableAsset = (*BMCVerifyCA)(nil) - -// Name returns the human-friendly name of the asset. -func (*BMCVerifyCA) Name() string { - return "BMC Verify CA Certificate" -} - -// Dependencies returns the dependency of the asset. -func (*BMCVerifyCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &installconfig.InstallConfig{}, - } -} - -// Generate generates the BMC verify CA file from the install config. -func (a *BMCVerifyCA) Generate(_ context.Context, dependencies asset.Parents) error { - installConfig := &installconfig.InstallConfig{} - dependencies.Get(installConfig) - - // Only generate the file for baremetal platform with BMCVerifyCA configured - if installConfig.Config.Platform.Name() != baremetal.Name { - return nil - } - - if installConfig.Config.Platform.BareMetal == nil || installConfig.Config.Platform.BareMetal.BMCVerifyCA == "" { - return nil - } - - // Create the file at rootDir/bmc-ca/verify_ca.crt (rootDir = /opt/openshift) - a.File = &asset.File{ - Filename: "bmc-ca/verify_ca.crt", - Data: []byte(installConfig.Config.Platform.BareMetal.BMCVerifyCA), - } - - return nil -} - -// Files returns the files generated by the asset. -func (a *BMCVerifyCA) Files() []*asset.File { - if a.File != nil { - return []*asset.File{a.File} - } - return []*asset.File{} -} - -// Load loads the already-generated files back from disk. -func (a *BMCVerifyCA) Load(f asset.FileFetcher) (bool, error) { - return false, nil -}