github.com/openshift/installer@v1.4.17/pkg/asset/ignition/bootstrap/bootstrap_ignition.go (about)

     1  package bootstrap
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/pem"
     6  	"fmt"
     7  	"strings"
     8  
     9  	ignutil "github.com/coreos/ignition/v2/config/util"
    10  	igntypes "github.com/coreos/ignition/v2/config/v3_2/types"
    11  	"github.com/vincent-petithory/dataurl"
    12  
    13  	"github.com/openshift/installer/pkg/asset/ignition"
    14  	"github.com/openshift/installer/pkg/types"
    15  )
    16  
    17  // parseCertificateBundle loads each certificate in the bundle to the Ingition
    18  // carrier type, ignoring any invisible character before, after and in between
    19  // certificates.
    20  func parseCertificateBundle(userCA []byte) ([]igntypes.Resource, error) {
    21  	userCA = bytes.TrimSpace(userCA)
    22  
    23  	var carefs []igntypes.Resource
    24  	for len(userCA) > 0 {
    25  		var block *pem.Block
    26  		block, userCA = pem.Decode(userCA)
    27  		if block == nil {
    28  			return nil, fmt.Errorf("unable to parse certificate, please check the certificates")
    29  		}
    30  
    31  		carefs = append(carefs, igntypes.Resource{Source: ignutil.StrToPtr(dataurl.EncodeBytes(pem.EncodeToMemory(block)))})
    32  
    33  		userCA = bytes.TrimSpace(userCA)
    34  	}
    35  
    36  	return carefs, nil
    37  }
    38  
    39  // GenerateIgnitionShimWithCertBundleAndProxy is used to generate an ignition file that contains both a user ca bundle
    40  // in its Security section and proxy settings (if any).
    41  func GenerateIgnitionShimWithCertBundleAndProxy(bootstrapConfigURL string, userCA string, proxy *types.Proxy) ([]byte, error) {
    42  	ign := igntypes.Config{
    43  		Ignition: igntypes.Ignition{
    44  			Version: igntypes.MaxVersion.String(),
    45  			Config: igntypes.IgnitionConfig{
    46  				Replace: igntypes.Resource{
    47  					Source: ignutil.StrToPtr(bootstrapConfigURL),
    48  				},
    49  			},
    50  		},
    51  	}
    52  
    53  	carefs, err := parseCertificateBundle([]byte(userCA))
    54  	if err != nil {
    55  		return nil, err
    56  	}
    57  	if len(carefs) > 0 {
    58  		ign.Ignition.Security = igntypes.Security{
    59  			TLS: igntypes.TLS{
    60  				CertificateAuthorities: carefs,
    61  			},
    62  		}
    63  	}
    64  
    65  	if proxy != nil {
    66  		ign.Ignition.Proxy = ignitionProxy(proxy)
    67  	}
    68  
    69  	data, err := ignition.Marshal(ign)
    70  	if err != nil {
    71  		return nil, err
    72  	}
    73  
    74  	return data, nil
    75  }
    76  
    77  func ignitionProxy(proxy *types.Proxy) igntypes.Proxy {
    78  	var ignProxy igntypes.Proxy
    79  	if proxy == nil {
    80  		return ignProxy
    81  	}
    82  	if httpProxy := proxy.HTTPProxy; httpProxy != "" {
    83  		ignProxy.HTTPProxy = &httpProxy
    84  	}
    85  	if httpsProxy := proxy.HTTPSProxy; httpsProxy != "" {
    86  		ignProxy.HTTPSProxy = &httpsProxy
    87  	}
    88  	ignProxy.NoProxy = make([]igntypes.NoProxyItem, 0, len(proxy.NoProxy))
    89  	if noProxy := proxy.NoProxy; noProxy != "" {
    90  		noProxySplit := strings.Split(noProxy, ",")
    91  		for _, p := range noProxySplit {
    92  			ignProxy.NoProxy = append(ignProxy.NoProxy, igntypes.NoProxyItem(p))
    93  		}
    94  	}
    95  	return ignProxy
    96  }