Fix wksctl os to correctly handle file and flux configuration

cmd/wksctl/apply/apply.go

@@ -12,12 +12,17 @@ import (
 	existinginfrav1 "github.com/weaveworks/cluster-api-provider-existinginfra/apis/cluster.weave.works/v1alpha3"
 	"github.com/weaveworks/cluster-api-provider-existinginfra/pkg/apis/wksprovider/machine/config"
 	capeios "github.com/weaveworks/cluster-api-provider-existinginfra/pkg/apis/wksprovider/machine/os"
+	"github.com/weaveworks/cluster-api-provider-existinginfra/pkg/scheme"
 	"github.com/weaveworks/cluster-api-provider-existinginfra/pkg/utilities/kubeadm"
+	"github.com/weaveworks/libgitops/pkg/serializer"
 	"github.com/weaveworks/wksctl/pkg/addons"
+	wksos "github.com/weaveworks/wksctl/pkg/apis/wksprovider/machine/os"
 	"github.com/weaveworks/wksctl/pkg/manifests"
 	"github.com/weaveworks/wksctl/pkg/plan/runners/ssh"
 	"github.com/weaveworks/wksctl/pkg/specs"
+	"github.com/weaveworks/wksctl/pkg/utilities"
 	"github.com/weaveworks/wksctl/pkg/utilities/manifest"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
 )
 
 // Cmd represents the apply command
@@ -98,9 +103,19 @@ func (a *Applier) Apply() error {
 }
 
 // parseCluster converts the manifest file into a Cluster
-func parseCluster(clusterManifest []byte) (eic *existinginfrav1.ExistingInfraCluster, err error) {
-	_, b, err := specs.ParseCluster(ioutil.NopCloser(bytes.NewReader(clusterManifest)))
-	return b, err
+func parseCluster(clusterManifest []byte) (c *clusterv1.Cluster, eic *existinginfrav1.ExistingInfraCluster, err error) {
+	return specs.ParseCluster(ioutil.NopCloser(bytes.NewReader(clusterManifest)))
+}
+
+func unparseCluster(c *clusterv1.Cluster, eic *existinginfrav1.ExistingInfraCluster) ([]byte, error) {
+	var buf bytes.Buffer
+	s := serializer.NewSerializer(scheme.Scheme, nil)
+	fw := serializer.NewYAMLFrameWriter(&buf)
+	err := s.Encoder().Encode(fw, c, eic)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
 }
 
 func (a *Applier) initiateCluster(clusterManifestPath, machinesManifestPath string) error {
@@ -169,11 +184,21 @@ func (a *Applier) initiateCluster(clusterManifestPath, machinesManifestPath stri
 	}
 
 	// Read manifests and pass in the contents
-	cluster, err := parseCluster(clusterManifest)
+	cluster, eic, err := parseCluster(clusterManifest)
 	if err != nil {
 		return errors.Wrap(err, "failed to parse cluster manifest: ")
 	}
 
+	// Mark the cluster as local so that it will not try to create other clusters
+	if eic.Annotations == nil {
+		eic.Annotations = map[string]string{}
+	}
+	eic.Annotations[capeios.LocalCluster] = "true"
+	clusterManifest, err = unparseCluster(cluster, eic)
+	if err != nil {
+		return errors.Wrap(err, "failed to annotate cluster manifest: ")
+	}
+
 	machinesManifest, err := ioutil.ReadFile(machinesManifestPath)
 	if err != nil {
 		return errors.Wrap(err, "failed to read machines manifest: ")
@@ -185,12 +210,27 @@ func (a *Applier) initiateCluster(clusterManifestPath, machinesManifestPath stri
 		return errors.Wrap(err, "failed to read ssh key: ")
 	}
 
-	if err := capeios.SetupSeedNode(installer, capeios.SeedNodeParams{
+	// Read sealed secret cert and key
+	var cert []byte
+	var key []byte
+	if utilities.FileExists(a.Params.sealedSecretCertPath) && utilities.FileExists(sealedSecretKeyPath) {
+		cert, err = ioutil.ReadFile(a.Params.sealedSecretCertPath)
+		if err != nil {
+			return errors.Wrap(err, "failed to read sealed secret certificate: ")
+		}
+
+		key, err = ioutil.ReadFile(sealedSecretKeyPath)
+		if err != nil {
+			return errors.Wrap(err, "failed to read sealed secret key: ")
+		}
+	}
+
+	if err := wksos.SetupSeedNode(installer, capeios.SeedNodeParams{
 		PublicIP:             sp.GetMasterPublicAddress(),
 		PrivateIP:            sp.GetMasterPrivateAddress(),
 		ServicesCIDRBlocks:   sp.Cluster.Spec.ClusterNetwork.Services.CIDRBlocks,
 		PodsCIDRBlocks:       sp.Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks,
-		ExistingInfraCluster: *cluster,
+		ExistingInfraCluster: *eic,
 		ClusterManifest:      string(clusterManifest),
 		MachinesManifest:     string(machinesManifest),
 		SSHKey:               string(sshKey),
@@ -209,8 +249,8 @@ func (a *Applier) initiateCluster(clusterManifestPath, machinesManifestPath stri
 			GitPath:          a.Params.gitPath,
 			GitDeployKeyPath: a.Params.gitDeployKeyPath,
 		},
-		SealedSecretKeyPath:  sealedSecretKeyPath,
-		SealedSecretCertPath: a.Params.sealedSecretCertPath,
+		SealedSecretKey:      string(key),
+		SealedSecretCert:     string(cert),
 		ConfigDirectory:      configDir,
 		ImageRepository:      sp.ClusterSpec.ImageRepository,
 		ControlPlaneEndpoint: sp.ClusterSpec.ControlPlaneEndpoint,

cmd/wksctl/plan/view/view.go

@@ -12,6 +12,7 @@ import (
 	"github.com/weaveworks/wksctl/pkg/manifests"
 	"github.com/weaveworks/wksctl/pkg/plan/runners/ssh"
 	"github.com/weaveworks/wksctl/pkg/specs"
+	"github.com/weaveworks/wksctl/pkg/utilities"
 	"github.com/weaveworks/wksctl/pkg/utilities/manifest"
 )
 
@@ -34,6 +35,7 @@ var viewOptions struct {
 	gitDeployKeyPath     string
 	sshKeyPath           string
 	sealedSecretCertPath string
+	sealedSecretKeyPath  string
 	configDirectory      string
 	verbose              bool
 }
@@ -49,6 +51,7 @@ func init() {
 	Cmd.Flags().StringVar(&viewOptions.gitDeployKeyPath, "git-deploy-key", "", "Path to the Git deploy key")
 	Cmd.Flags().StringVar(&viewOptions.sshKeyPath, "ssh-key", "./cluster-key", "Path to a key authorized to log in to machines by SSH")
 	Cmd.Flags().StringVar(&viewOptions.sealedSecretCertPath, "sealed-secret-cert", "", "Path to a certificate used to encrypt sealed secrets")
+	Cmd.Flags().StringVar(&viewOptions.sealedSecretKeyPath, "sealed-secret-key", "", "Path to a key used to encrypt sealed secrets")
 	Cmd.Flags().StringVar(&viewOptions.configDirectory, "config-directory", ".", "Directory containing configuration information for the cluster")
 
 	// Intentionally shadows the globally defined --verbose flag.
@@ -118,6 +121,27 @@ func displayPlan(clusterManifestPath, machinesManifestPath string) error {
 		return errors.Wrap(err, "failed to read ssh key: ")
 	}
 
+	sealedSecretKeyPath := viewOptions.sealedSecretKeyPath
+	if sealedSecretKeyPath == "" {
+		// Default to using the git deploy key to decrypt sealed secrets
+		sealedSecretKeyPath = viewOptions.gitDeployKeyPath
+	}
+
+	// Read sealed secret cert and key
+	var cert []byte
+	var key []byte
+	if utilities.FileExists(viewOptions.sealedSecretCertPath) && utilities.FileExists(viewOptions.sealedSecretKeyPath) {
+		cert, err = ioutil.ReadFile(viewOptions.sealedSecretCertPath)
+		if err != nil {
+			return errors.Wrap(err, "failed to read sealed secret certificate: ")
+		}
+
+		key, err = ioutil.ReadFile(viewOptions.sealedSecretKeyPath)
+		if err != nil {
+			return errors.Wrap(err, "failed to read sealed secret key: ")
+		}
+	}
+
 	params := capeios.SeedNodeParams{
 		PublicIP:         sp.GetMasterPublicAddress(),
 		PrivateIP:        sp.GetMasterPrivateAddress(),
@@ -137,10 +161,11 @@ func displayPlan(clusterManifestPath, machinesManifestPath string) error {
 			GitPath:          viewOptions.gitPath,
 			GitDeployKeyPath: viewOptions.gitDeployKeyPath,
 		},
-		SealedSecretCertPath: viewOptions.sealedSecretCertPath,
-		Namespace:            manifest.DefaultNamespace,
-		AddonNamespaces:      manifest.DefaultAddonNamespaces,
-		ConfigDirectory:      configDir,
+		SealedSecretCert: string(cert),
+		SealedSecretKey:  string(key),
+		Namespace:        manifest.DefaultNamespace,
+		AddonNamespaces:  manifest.DefaultAddonNamespaces,
+		ConfigDirectory:  configDir,
 	}
 	plan, err := capeios.CreateSeedNodeSetupPlan(installer, params)
 	if err != nil {

go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-logr/zapr v0.1.1 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golangci/golangci-lint v1.27.0 // indirect
 	github.com/google/go-jsonnet v0.16.0
 	github.com/googleapis/gnostic v0.4.1 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect