From eb060f93569adf7a9c36a66bace05548341e0ba6 Mon Sep 17 00:00:00 2001 From: Alan Bishop Date: Wed, 18 Oct 2023 13:16:47 -0700 Subject: [PATCH] Support template parameters in configmap/secret customData Template parameter expansion has only been supported in template files themselves, and not in any other sources supplied in the customData. This patch extends support for expanding parameters in all customData strings. The intent is to support template parameters in customServiceConfig data. A common use case is when a service's config parameter needs to be set to a value that can be templated, e.g. the service's own password. Consider the glance service when it's configured to use cinder for a backend. The final configuration needs to specify the 'cinder_store_password', which currently requires two things. 1. The cloud admin will need to create a secret containing the setting, and reference it in the customServiceConfigSecrets. 2. The cloud admin will need to track down the actual value (i.e. glance's password) in order to put it in the secret. An alternative approach would allow the cloud admin to use a template parameter, whereby glance's CR could reference the password like this: glance: template: customServiceConfig: | [cinder_backend] cinder_store_password = {{ .ServicePassword }} The only restriction is the service's controller must support the parameter, meaning it must include it in its templateParameters. If any error occurs when expanding a customData string, an INFO message logged and the original string is retained (no expansion). For example, if a CR references a parameter that isn't supported, the log message will state: Skipped customData expansion due to: template: tmp:x:y: \ executing "tmp" at <.BadParam>: map has no entry for key "BadParam" --- modules/common/configmap/configmap.go | 8 +++++++- modules/common/secret/secret.go | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/common/configmap/configmap.go b/modules/common/configmap/configmap.go index 1d81787c..060766c9 100644 --- a/modules/common/configmap/configmap.go +++ b/modules/common/configmap/configmap.go @@ -85,7 +85,13 @@ func createOrPatchConfigMap( // Note: this can overwrite data rendered from GetTemplateData() if key is same if len(cm.CustomData) > 0 { for k, v := range cm.CustomData { - configMap.Data[k] = v + v_expanded, err := util.ExecuteTemplateData(v, cm.ConfigOptions) + if err == nil { + configMap.Data[k] = v_expanded + } else { + h.GetLogger().Info(fmt.Sprintf("Skipped customData expansion due to: %s", err)) + configMap.Data[k] = v + } } } diff --git a/modules/common/secret/secret.go b/modules/common/secret/secret.go index be4f418b..21472da3 100644 --- a/modules/common/secret/secret.go +++ b/modules/common/secret/secret.go @@ -165,7 +165,13 @@ func createOrUpdateSecret( // Note: this can overwrite data rendered from GetTemplateData() if key is same if len(st.CustomData) > 0 { for k, v := range st.CustomData { - dataString[k] = v + v_expanded, err := util.ExecuteTemplateData(v, st.ConfigOptions) + if err == nil { + dataString[k] = v_expanded + } else { + h.GetLogger().Info(fmt.Sprintf("Skipped customData expansion due to: %s", err)) + dataString[k] = v + } } }