From eda3300093a03566fb2508fbb6d82781dc75b669 Mon Sep 17 00:00:00 2001
From: Kostiantyn Kalynovskyi <kkalinovskiy@gmail.com>
Date: Fri, 26 Feb 2021 20:32:41 +0000
Subject: [PATCH] Add BMH credentials support

With this change there will be only one supported credential per
VINO CR. Since the CR is mounted inside the sushy tools container,
sushy startup script can access these credentials and set up
authentication. This approach allows to get basic functionality
working, in the future, we would probably want to hide these
credentials in a secret so they can't be seen in plain text from
VINO CR.

Change-Id: I4aa2fb1ee1f5633b889acfa901283f5fa51ad2c1
---
 .../bases/airship.airshipit.org_vinoes.yaml   | 14 ++++
 config/samples/vino_cr.yaml                   |  3 +
 docs/api/vino.md                              | 70 +++++++++++++++++++
 pkg/api/v1/vino_types.go                      | 10 +++
 pkg/api/v1/zz_generated.deepcopy.go           | 16 +++++
 pkg/controllers/bmh.go                        | 23 +++++-
 tools/deployment/test-cr.sh                   |  1 +
 7 files changed, 135 insertions(+), 2 deletions(-)

diff --git a/config/crd/bases/airship.airshipit.org_vinoes.yaml b/config/crd/bases/airship.airshipit.org_vinoes.yaml
index 86fffb7..f29d243 100644
--- a/config/crd/bases/airship.airshipit.org_vinoes.yaml
+++ b/config/crd/bases/airship.airshipit.org_vinoes.yaml
@@ -36,6 +36,19 @@ spec:
         spec:
           description: VinoSpec defines the desired state of Vino
           properties:
+            bmcCredentials:
+              description: BMCCredentials contain credentials that will be used to
+                create BMH nodes sushy tools will use these credentials as well, to
+                set up authentication
+              properties:
+                password:
+                  type: string
+                username:
+                  type: string
+              required:
+              - password
+              - username
+              type: object
             configuration:
               description: Define CPU configuration
               properties:
@@ -182,6 +195,7 @@ spec:
                 a bridge for VMs
               type: string
           required:
+          - bmcCredentials
           - vmBridge
           type: object
         status:
diff --git a/config/samples/vino_cr.yaml b/config/samples/vino_cr.yaml
index ff61b1d..ce2f0eb 100644
--- a/config/samples/vino_cr.yaml
+++ b/config/samples/vino_cr.yaml
@@ -34,4 +34,7 @@ spec:
       networkDataTemplate:
         name: "test-template"
         namespace: "default"
+  bmcCredentials:
+    username: "admin"
+    password: "passw0rd"
 
diff --git a/docs/api/vino.md b/docs/api/vino.md
index 5a057cb..bbd6968 100644
--- a/docs/api/vino.md
+++ b/docs/api/vino.md
@@ -9,6 +9,48 @@
 <p>Package v1 contains API Schema definitions for the airship v1 API group</p>
 Resource Types:
 <ul class="simple"></ul>
+<h3 id="airship.airshipit.org/v1.BMCCredentials">BMCCredentials
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#airship.airshipit.org/v1.VinoSpec">VinoSpec</a>)
+</p>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>username</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>password</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="airship.airshipit.org/v1.CPUConfiguration">CPUConfiguration
 </h3>
 <p>
@@ -934,6 +976,20 @@ string
 <p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>bmcCredentials</code><br>
+<em>
+<a href="#airship.airshipit.org/v1.BMCCredentials">
+BMCCredentials
+</a>
+</em>
+</td>
+<td>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -1046,6 +1102,20 @@ string
 <p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>bmcCredentials</code><br>
+<em>
+<a href="#airship.airshipit.org/v1.BMCCredentials">
+BMCCredentials
+</a>
+</em>
+</td>
+<td>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
diff --git a/pkg/api/v1/vino_types.go b/pkg/api/v1/vino_types.go
index d8906d5..d0246bf 100644
--- a/pkg/api/v1/vino_types.go
+++ b/pkg/api/v1/vino_types.go
@@ -49,6 +49,16 @@ type VinoSpec struct {
 	DaemonSetOptions DaemonSetOptions `json:"daemonSetOptions,omitempty"`
 	// VMBridge defines the single interface name to be used as a bridge for VMs
 	VMBridge string `json:"vmBridge"`
+	// BMCCredentials contain credentials that will be used to create BMH nodes
+	// sushy tools will use these credentials as well, to set up authentication
+	BMCCredentials BMCCredentials `json:"bmcCredentials"`
+}
+
+// BMCCredentials contain credentials that will be used to create BMH nodes
+// sushy tools will use these credentials as well, to set up authentication
+type BMCCredentials struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
 }
 
 // NodeSelector identifies nodes to create VMs on
diff --git a/pkg/api/v1/zz_generated.deepcopy.go b/pkg/api/v1/zz_generated.deepcopy.go
index cd6f743..a2bd3a5 100644
--- a/pkg/api/v1/zz_generated.deepcopy.go
+++ b/pkg/api/v1/zz_generated.deepcopy.go
@@ -25,6 +25,21 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BMCCredentials) DeepCopyInto(out *BMCCredentials) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BMCCredentials.
+func (in *BMCCredentials) DeepCopy() *BMCCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(BMCCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CPUConfiguration) DeepCopyInto(out *CPUConfiguration) {
 	*out = *in
@@ -445,6 +460,7 @@ func (in *VinoSpec) DeepCopyInto(out *VinoSpec) {
 		}
 	}
 	out.DaemonSetOptions = in.DaemonSetOptions
+	out.BMCCredentials = in.BMCCredentials
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VinoSpec.
diff --git a/pkg/controllers/bmh.go b/pkg/controllers/bmh.go
index 087e84c..4f215f9 100644
--- a/pkg/controllers/bmh.go
+++ b/pkg/controllers/bmh.go
@@ -182,8 +182,27 @@ func (r *VinoReconciler) getBMCAddress(
 
 // reconcileBMHCredentials returns secret name with credentials and error
 func (r *VinoReconciler) reconcileBMHCredentials(ctx context.Context, vino *vinov1.Vino) (string, error) {
-	// TODO implement this
-	return "credentials", nil
+	ns := getRuntimeNamespace()
+	// coresponds to DS name, since we have only one DS per vino CR
+	credentialSecretName := fmt.Sprintf("%s-%s", r.getDaemonSetName(vino), "credentials")
+	netSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      credentialSecretName,
+			Namespace: ns,
+		},
+		StringData: map[string]string{
+			"username": vino.Spec.BMCCredentials.Username,
+			"password": vino.Spec.BMCCredentials.Password,
+		},
+		Type: corev1.SecretTypeOpaque,
+	}
+
+	objKey := client.ObjectKeyFromObject(netSecret)
+
+	if err := applyRuntimeObject(ctx, objKey, netSecret, r.Client); err != nil {
+		return "", err
+	}
+	return credentialSecretName, nil
 }
 
 func (r *VinoReconciler) reconcileBMHNetworkData(
diff --git a/tools/deployment/test-cr.sh b/tools/deployment/test-cr.sh
index 588333f..8ca5473 100755
--- a/tools/deployment/test-cr.sh
+++ b/tools/deployment/test-cr.sh
@@ -51,3 +51,4 @@ bmhCount=$(kubectl get baremetalhosts -n vino-system -o name | wc -l)
 [[ "$bmhCount" -eq "3" ]]
 
 kubectl get secret -o yaml -n vino-system default-vino-test-cr-worker
+kubectl get secret -o yaml -n vino-system default-vino-test-cr-credentials