HIVE-2302: Refactor ConfigureCreds to modify installer metadata

A couple of providers (nutanix, vsphere) need bespoke code to populate
credentials in the metadata.json object for destroying a cluster. In a
prior commit this was being done in the deprovisioner (the new one, that
uses metadata.json directly, per HIVE-2302) after ConfigureCreds.

Since ConfigureCreds is where we (stay with me) configure creds, and is
already platform-specific, it makes more sense to do this work there.
This commit refactors to do so.

Legacy code paths pass in a `nil` metadata object, which is coded to
result in no change from the previous functionality. (In particular,
ConfigureCreds is also used when provisioning, where no metadata object
is present/necessary.)

Author: 2uasimojo

contrib/pkg/deprovision/awstagdeprovision.go

@@ -65,7 +65,7 @@ func completeAWSUninstaller(o *aws.ClusterUninstaller, logLevel string, args []s
 			"This is expected when in standalone mode. "+
 			"We expect to find your AWS credentials in one of the usual places.", err)
 	}
-	awsutils.ConfigureCreds(client)
+	awsutils.ConfigureCreds(client, nil)
 
 	return nil
 }

contrib/pkg/deprovision/azure.go

@@ -74,7 +74,7 @@ func (opt *AzureOptions) completeAzureUninstaller(args []string) (providers.Dest
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get client")
 	}
-	azureutils.ConfigureCreds(client)
+	azureutils.ConfigureCreds(client, nil)
 
 	metadata := &types.ClusterMetadata{
 		InfraID: args[0],

contrib/pkg/deprovision/deprovision.go

@@ -81,53 +81,7 @@ To run the generic destroyer, use the --metadata-json-secret-name parameter.`,
 				logger.Fatal("no platform configured in metadata.json")
 			}
 
-			// TODO: Make a registry or interface for this
-			var ConfigureCreds func(client.Client)
-			switch platform {
-			case aws.Name:
-				ConfigureCreds = awsutil.ConfigureCreds
-			case azure.Name:
-				ConfigureCreds = azureutil.ConfigureCreds
-			case gcp.Name:
-				ConfigureCreds = gcputil.ConfigureCreds
-			case ibmcloud.Name:
-				ConfigureCreds = ibmcloudutil.ConfigureCreds
-			case nutanix.Name:
-				// Snowflake! We need to inject the creds into the metadata.
-				// If env vars are unset, the destroyer will fail organically.
-				ConfigureCreds = func(c client.Client) {
-					nutanixutil.ConfigureCreds(c)
-					metadata.Nutanix.Username = os.Getenv(constants.NutanixUsernameEnvVar)
-					metadata.Nutanix.Password = os.Getenv(constants.NutanixPasswordEnvVar)
-				}
-			case openstack.Name:
-				ConfigureCreds = openstackutil.ConfigureCreds
-			case vsphere.Name:
-				// Snowflake! We need to (re)inject the creds into the metadata.
-				// (They were there originally, but we scrubbed them for security.)
-				// If env vars are unset, the destroyer will fail organically.
-				ConfigureCreds = func(c client.Client) {
-					vsphereutil.ConfigureCreds(c)
-					username, password := os.Getenv(constants.VSphereUsernameEnvVar), os.Getenv(constants.VSpherePasswordEnvVar)
-					// Accommodate both pre- and post-zonal formats
-					if metadata.VSphere.Username != "" {
-						metadata.VSphere.Username = username
-					}
-					if metadata.VSphere.Password != "" {
-						metadata.VSphere.Password = password
-					}
-					for i := range metadata.VSphere.VCenters {
-						if metadata.VSphere.VCenters[i].Username != "" {
-							metadata.VSphere.VCenters[i].Username = username
-						}
-						if metadata.VSphere.VCenters[i].Password != "" {
-							metadata.VSphere.VCenters[i].Password = password
-						}
-					}
-				}
-			}
-
-			ConfigureCreds(c)
+			ConfigureCreds[platform](c, metadata)
 
 			destroyerBuilder, ok := providers.Registry[platform]
 			if !ok {
@@ -162,3 +116,13 @@ To run the generic destroyer, use the --metadata-json-secret-name parameter.`,
 	cmd.AddCommand(NewDeprovisionNutanixCommand(logLevel))
 	return cmd
 }
+
+var ConfigureCreds = map[string]func(client.Client, *types.ClusterMetadata){
+	aws.Name:       awsutil.ConfigureCreds,
+	azure.Name:     azureutil.ConfigureCreds,
+	gcp.Name:       gcputil.ConfigureCreds,
+	ibmcloud.Name:  ibmcloudutil.ConfigureCreds,
+	nutanix.Name:   nutanixutil.ConfigureCreds,
+	openstack.Name: openstackutil.ConfigureCreds,
+	vsphere.Name:   vsphereutil.ConfigureCreds,
+}

contrib/pkg/deprovision/gcp.go

@@ -60,7 +60,7 @@ func (o *gcpOptions) Complete(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to get client")
 	}
-	gcputils.ConfigureCreds(client)
+	gcputils.ConfigureCreds(client, nil)
 
 	return nil
 }

contrib/pkg/deprovision/ibmcloud.go

@@ -69,7 +69,7 @@ func (o *ibmCloudDeprovisionOptions) Complete(cmd *cobra.Command, args []string)
 	if err != nil {
 		return errors.Wrap(err, "failed to get client")
 	}
-	ibmutils.ConfigureCreds(client)
+	ibmutils.ConfigureCreds(client, nil)
 
 	// Create IBMCloud Client
 	ibmCloudAPIKey := os.Getenv(constants.IBMCloudAPIKeyEnvVar)

contrib/pkg/deprovision/nutanix.go

@@ -61,7 +61,7 @@ func (o *nutanixOptions) Complete(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to get client")
 	}
-	nutanixutils.ConfigureCreds(client)
+	nutanixutils.ConfigureCreds(client, nil)
 
 	return nil
 }

contrib/pkg/deprovision/openstack.go

@@ -56,7 +56,7 @@ func (o *openStackOptions) Complete(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to get client")
 	}
-	openstackutils.ConfigureCreds(client)
+	openstackutils.ConfigureCreds(client, nil)
 
 	return nil
 }

contrib/pkg/deprovision/vsphere.go

@@ -60,7 +60,7 @@ func (o *vSphereOptions) Complete(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to get client")
 	}
-	vsphereutils.ConfigureCreds(client)
+	vsphereutils.ConfigureCreds(client, nil)
 
 	return nil
 }

contrib/pkg/utils/aws/aws.go

@@ -7,7 +7,12 @@ import (
 	"path/filepath"
 	"strings"
 
+	log "github.com/sirupsen/logrus"
+	ini "gopkg.in/ini.v1"
+
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
@@ -18,10 +23,7 @@ import (
 	"github.com/openshift/hive/pkg/awsclient"
 	"github.com/openshift/hive/pkg/constants"
 
-	log "github.com/sirupsen/logrus"
-	ini "gopkg.in/ini.v1"
-	"k8s.io/apimachinery/pkg/util/sets"
-	"sigs.k8s.io/controller-runtime/pkg/client"
+	installertypes "github.com/openshift/installer/pkg/types"
 )
 
 const (
@@ -258,7 +260,7 @@ var awsConfigForbidCredentialProcess utils.ProjectToDirFileFilter = func(key str
 // ConfigureCreds loads a secret designated by the environment variables CLUSTERDEPLOYMENT_NAMESPACE
 // and CREDS_SECRET_NAME and configures AWS credential environment variables and config files
 // accordingly.
-func ConfigureCreds(c client.Client) {
+func ConfigureCreds(c client.Client, metadata *installertypes.ClusterMetadata) {
 	credsSecret := utils.LoadSecretOrDie(c, "CREDS_SECRET_NAME")
 	if credsSecret == nil {
 		return

contrib/pkg/utils/azure/azure.go

@@ -4,10 +4,11 @@ import (
 	"os"
 	"path/filepath"
 
+	installertypes "github.com/openshift/installer/pkg/types"
 	log "github.com/sirupsen/logrus"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"k8s.io/client-go/util/homedir"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/openshift/hive/contrib/pkg/utils"
 	"github.com/openshift/hive/pkg/constants"
@@ -31,7 +32,7 @@ func GetCreds(credsFile string) ([]byte, error) {
 // ConfigureCreds loads a secret designated by the environment variables CLUSTERDEPLOYMENT_NAMESPACE
 // and CREDS_SECRET_NAME and configures Azure credential environment variables and config files
 // accordingly.
-func ConfigureCreds(c client.Client) {
+func ConfigureCreds(c client.Client, metadata *installertypes.ClusterMetadata) {
 	credsSecret := utils.LoadSecretOrDie(c, "CREDS_SECRET_NAME")
 	if credsSecret == nil {
 		return