Remove last traces of auth-config

It was only used for cross-service communication. Now that the deployment scripts no longer support inspector, it is unused. Signed-off-by: Dmitry Tantsur <[email protected]>
metal3-io · Mar 6, 2024 · b0fb5d7 · b0fb5d7
1 parent 06f7d39
commit b0fb5d7
Show file tree

Hide file tree

Showing 9 changed files with 4 additions and 46 deletions.
diff --git a/docs/deploying.md b/docs/deploying.md
@@ -107,8 +107,6 @@ ironic-deployment/
 ├── components
 │   ├── basic-auth
 │   │   ├── auth.yaml
-│   │   ├── ironic-auth-config
-│   │   ├── ironic-auth-config-tpl
 │   │   ├── ironic-htpasswd
 │   │   └── kustomization.yaml
 │   ├── keepalived

diff --git a/hack/ci-e2e.sh b/hack/ci-e2e.sh
@@ -140,9 +140,6 @@ for overlay in "${BMO_OVERLAYS[@]}"; do
   fi
 done
 
-envsubst < "${REPO_ROOT}/ironic-deployment/components/basic-auth/ironic-auth-config-tpl" > \
-  "${IRONIC_OVERLAY}/ironic-auth-config"
-
 echo "IRONIC_HTPASSWD=$(htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}")" > \
   "${IRONIC_OVERLAY}/ironic-htpasswd"
 

diff --git a/ironic-deployment/components/basic-auth/auth.yaml b/ironic-deployment/components/basic-auth/auth.yaml
@@ -8,12 +8,8 @@ spec:
       containers:
       - name: ironic
         envFrom:
-        # This is the htpassword matching the ironic-auth-config
+        # This is the htpassword matching the ironic password
         - secretRef:
             name: ironic-htpasswd
         - configMapRef:
             name: ironic-bmo-configmap
-      volumes:
-      - name: ironic-auth-config
-        secret:
-          secretName: ironic-auth-config
diff --git a/ironic-deployment/components/basic-auth/kustomization.yaml b/ironic-deployment/components/basic-auth/kustomization.yaml
@@ -1,11 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 
-# NOTE: This component requires secrets with the basic auth credentials and config!
-# How you create them is up to you.
-# The required secrets are:
-# - ironic-htpasswd
-# - ironic-auth-config
+# NOTE: This component requires secrets with the basic auth credential!
+# How you create them is up to you. The required secret is ironic-htpasswd.
 #
 # The content should be as in these examples:
 #
@@ -15,15 +12,6 @@ kind: Component
 #   name: ironic-htpasswd
 # data:
 #   IRONIC_HTPASSWD: <base64-encoded-htpasswd-string>
-# ---
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: ironic-auth-config
-# data:
-#   auth-config: <base64-encoded-auth-config>
-#
-# Check `ironic-auth-config-tpl` for a template of what to put in the auth-config.
 
 patches:
   - path: auth.yaml
diff --git a/ironic-deployment/overlays/basic-auth_tls/basic-auth_tls.yaml b/ironic-deployment/overlays/basic-auth_tls/basic-auth_tls.yaml
@@ -12,11 +12,3 @@ spec:
             name: ironic-htpasswd
         - configMapRef:
             name: ironic-bmo-configmap
-        volumeMounts:
-        - mountPath: /auth/ironic
-          name: ironic-auth-config
-          readOnly: true
-      volumes:
-      - name: ironic-auth-config
-        secret:
-          secretName: ironic-auth-config
diff --git a/ironic-deployment/overlays/basic-auth_tls/kustomization.yaml b/ironic-deployment/overlays/basic-auth_tls/kustomization.yaml
@@ -20,6 +20,3 @@ patches:
 #   envs:
 #   - ironic-htpasswd
 #   name: ironic-htpasswd
-# - name: ironic-auth-config
-#   files:
-#   - auth-config=ironic-auth-config
diff --git a/ironic-deployment/overlays/e2e/kustomization.yaml b/ironic-deployment/overlays/e2e/kustomization.yaml
@@ -24,9 +24,6 @@ secretGenerator:
   behavior: create
   envs:
   - ironic-htpasswd
-- name: ironic-auth-config
-  files:
-  - auth-config=ironic-auth-config
 
 replacements:
   # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap

diff --git a/tools/deploy.sh b/tools/deploy.sh
@@ -149,9 +149,6 @@ if [[ "${DEPLOY_BASIC_AUTH}" == "true" ]]; then
     fi
 
     if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
-        envsubst < "${IRONIC_BASIC_AUTH_COMPONENT}/ironic-auth-config-tpl" > \
-        "${TEMP_IRONIC_OVERLAY}/ironic-auth-config"
-
         echo "IRONIC_HTPASSWD=$(htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}")" > \
         "${TEMP_IRONIC_OVERLAY}/ironic-htpasswd"
     fi
@@ -169,7 +166,6 @@ if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
 
     if [ "${DEPLOY_BASIC_AUTH}" == "true" ]; then
         ${KUSTOMIZE} edit add secret ironic-htpasswd --from-env-file=ironic-htpasswd
-        ${KUSTOMIZE} edit add secret ironic-auth-config --from-file=auth-config=ironic-auth-config
 
         if [[ "${DEPLOY_TLS}" == "true" ]]; then
             # Basic-auth + TLS is special since TLS also means reverse proxy, which affects basic-auth.
@@ -275,9 +271,9 @@ if [[ "${DEPLOY_BASIC_AUTH}" == "true" ]]; then
     fi
 
     if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
-        rm "${TEMP_IRONIC_OVERLAY}/ironic-auth-config"
         rm "${TEMP_IRONIC_OVERLAY}/ironic-htpasswd"
 
+        rm -f "${TEMP_IRONIC_OVERLAY}/ironic-auth-config"
         rm -f "${TEMP_IRONIC_OVERLAY}/ironic-inspector-auth-config"
         rm -f "${TEMP_IRONIC_OVERLAY}/ironic-inspector-htpasswd"
     fi

diff --git a/tools/run_local_ironic.sh b/tools/run_local_ironic.sh
@@ -171,9 +171,6 @@ fi
 BASIC_AUTH_MOUNTS=""
 IRONIC_HTPASSWD=""
 if [ -n "$IRONIC_USERNAME" ]; then
-     envsubst < "${SCRIPTDIR}/ironic-deployment/components/basic-auth/ironic-auth-config-tpl" > \
-        "${IRONIC_DATA_DIR}/auth/ironic-auth-config"
-     BASIC_AUTH_MOUNTS="-v ${IRONIC_DATA_DIR}/auth/ironic-auth-config:/auth/ironic/auth-config"
      IRONIC_HTPASSWD="$(htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}")"
      IRONIC_HTPASSWD="--env HTTP_BASIC_HTPASSWD=${IRONIC_HTPASSWD} --env IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
 fi