Merge pull request #6472 from kinvolk/invidian/ignition-fixes

🐛 CABPK: Add Ignition base64 and file ownership support, reject gzipped content and fix unit tests

bootstrap/kubeadm/api/v1beta1/kubeadmconfig_webhook.go

@@ -254,6 +254,18 @@ func (c *KubeadmConfigSpec) validateIgnition(pathPrefix *field.Path) field.Error
 		)
 	}
 
+	for i, file := range c.Files {
+		if file.Encoding == Gzip || file.Encoding == GzipBase64 {
+			allErrs = append(
+				allErrs,
+				field.Forbidden(
+					pathPrefix.Child("files").Index(i).Child("encoding"),
+					cannotUseWithIgnition,
+				),
+			)
+		}
+	}
+
 	if c.DiskSetup == nil {
 		return allErrs
 	}

bootstrap/kubeadm/api/v1beta1/kubeadmconfig_webhook_test.go

@@ -416,6 +416,42 @@ func TestKubeadmConfigValidate(t *testing.T) {
 			},
 			expectErr: true,
 		},
+		"file encoding gzip specified with Ignition": {
+			enableIgnitionFeature: true,
+			in: &KubeadmConfig{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "baz",
+					Namespace: "default",
+				},
+				Spec: KubeadmConfigSpec{
+					Format: Ignition,
+					Files: []File{
+						{
+							Encoding: Gzip,
+						},
+					},
+				},
+			},
+			expectErr: true,
+		},
+		"file encoding gzip+base64 specified with Ignition": {
+			enableIgnitionFeature: true,
+			in: &KubeadmConfig{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "baz",
+					Namespace: "default",
+				},
+				Spec: KubeadmConfigSpec{
+					Format: Ignition,
+					Files: []File{
+						{
+							Encoding: GzipBase64,
+						},
+					},
+				},
+			},
+			expectErr: true,
+		},
 	}
 
 	for name, tt := range cases {

bootstrap/kubeadm/internal/ignition/clc/clc.go

@@ -184,20 +184,25 @@ storage:
     {{- end }}
     {{- range .WriteFiles }}
     - path: {{ .Path }}
+      {{- $owner := ParseOwner .Owner }}
+      {{ if $owner.User -}}
+      user:
+        name: {{ $owner.User }}
+      {{- end }}
+      {{ if $owner.Group -}}
+      group:
+        name: {{ $owner.Group }}
+      {{- end }}
       # Owner
-      #
-      # If Encoding == gzip+base64 || Encoding == gzip
-      # compression: true
-      #
-      # If Encoding == gzip+base64 || Encoding == "base64"
-      # Put "!!binary" notation before the content to let YAML decoder treat data as
-      # base64 data.
-      #
       {{ if ne .Permissions "" -}}
       mode: {{ .Permissions }}
       {{ end -}}
       contents:
+        {{ if eq .Encoding "base64" -}}
+        inline: !!binary |
+        {{- else -}}
         inline: |
+        {{- end }}
           {{ .Content | Indent 10 }}
     {{- end }}
     - path: /etc/kubeadm.sh
@@ -263,6 +268,7 @@ func defaultTemplateFuncMap() template.FuncMap {
 		"Split":          strings.Split,
 		"Join":           strings.Join,
 		"MountpointName": mountpointName,
+		"ParseOwner":     parseOwner,
 	}
 }
 
@@ -276,6 +282,40 @@ func templateYAMLIndent(i int, input string) string {
 	return strings.Join(split, ident)
 }
 
+type owner struct {
+	User  *string
+	Group *string
+}
+
+func parseOwner(ownerRaw string) owner {
+	if ownerRaw == "" {
+		return owner{}
+	}
+
+	ownerSlice := strings.Split(ownerRaw, ":")
+
+	parseEntity := func(entity string) *string {
+		if entity == "" {
+			return nil
+		}
+
+		entityTrimmed := strings.TrimSpace(entity)
+
+		return &entityTrimmed
+	}
+
+	if len(ownerSlice) == 1 {
+		return owner{
+			User: parseEntity(ownerSlice[0]),
+		}
+	}
+
+	return owner{
+		User:  parseEntity(ownerSlice[0]),
+		Group: parseEntity(ownerSlice[1]),
+	}
+}
+
 func renderCLC(input *cloudinit.BaseUserData, kubeadmConfig string) ([]byte, error) {
 	t := template.Must(template.New("template").Funcs(defaultTemplateFuncMap()).Parse(clcTemplate))