diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-01-15 15:55:16 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-15 15:55:16 +0100 |
commit | fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6 (patch) | |
tree | c55db3da4690865235d19266e5dce713f587c600 /pkg/machine | |
parent | a50d0837b633bf780b32a20b8d4f23ccd9521c8d (diff) | |
parent | 420303b9433d081b2507202221a2e912b3509f4c (diff) | |
download | podman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.tar.gz podman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.tar.bz2 podman-fff9e8755c298bfe2b3b0c33c4b96ffd43a1eab6.zip |
Merge pull request #12861 from aklajnert/recursively_copy_certs
ignition: recursively copy cert files
Diffstat (limited to 'pkg/machine')
-rw-r--r-- | pkg/machine/ignition.go | 85 |
1 files changed, 46 insertions, 39 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index ac2cf71cf..09228553c 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -1,3 +1,4 @@ +//go:build amd64 || arm64 // +build amd64 arm64 package machine @@ -423,61 +424,67 @@ func getCerts(certsDir string, isDir bool) []File { files []File ) - certs, err := ioutil.ReadDir(certsDir) if isDir { - if err == nil { - for _, cert := range certs { - b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) + err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error { + if err == nil && !info.IsDir() { + certPath, err := filepath.Rel(certsDir, path) if err != nil { - logrus.Warnf("Unable to read cert file %s", err.Error()) - continue + logrus.Warnf("%s", err) + return nil + } + + file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath) + if err == nil { + files = append(files, file) } - files = append(files, File{ - Node: Node{ - Group: getNodeGrp("root"), - Path: filepath.Join("/etc/containers/certs.d/", cert.Name()), - User: getNodeUsr("root"), - }, - FileEmbedded1: FileEmbedded1{ - Append: nil, - Contents: Resource{ - Source: encodeDataURLPtr(string(b)), - }, - Mode: intToPtr(0644), - }, - }) } - } else { + + return nil + }) + if err != nil { if !os.IsNotExist(err) { logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) } } } else { fileName := filepath.Base(certsDir) - b, err := ioutil.ReadFile(certsDir) - if err != nil { - logrus.Warnf("Unable to read cert file %s", err.Error()) - return files + file, err := prepareCertFile(certsDir, fileName) + if err == nil { + files = append(files, file) } - files = append(files, File{ - Node: Node{ - Group: getNodeGrp("root"), - Path: filepath.Join("/etc/containers/certs.d/", fileName), - User: getNodeUsr("root"), - }, - FileEmbedded1: FileEmbedded1{ - Append: nil, - Contents: Resource{ - Source: encodeDataURLPtr(string(b)), - }, - Mode: intToPtr(0644), - }, - }) } return files } +func prepareCertFile(path string, name string) (File, error) { + b, err := ioutil.ReadFile(path) + if err != nil { + logrus.Warnf("Unable to read cert file %s", err.Error()) + return File{}, err + } + + targetPath := filepath.Join("/etc/containers/certs.d", name) + + logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath) + + file := File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: targetPath, + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(string(b)), + }, + Mode: intToPtr(0644), + }, + } + return file, nil +} + func getProxyVariables() string { proxyOpts := "" for _, variable := range config.ProxyEnv { |