merge: updates from default secret store (PR #87/90)

2025-12-20 03:27:03 -07:00 · 2025-04-21 17:03:09 -06:00 · 2025-04-21 17:03:09 -06:00 · 6bcfea2803
commit 6bcfea2803
parent 835b678e75 fcfe76295e
10 changed files with 308 additions and 161 deletions
--- a/pkg/bmc/bmc.go
+++ b/pkg/bmc/bmc.go
@ -0,0 +1,65 @@
+package bmc
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/OpenCHAMI/magellan/pkg/secrets"
+)
+
+type BMCCredentials struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func GetBMCCredentialsDefault(store secrets.SecretStore) (BMCCredentials, error) {
+	var creds BMCCredentials
+	if strCreds, err := store.GetSecretByID(secrets.DEFAULT_KEY); err != nil {
+		return creds, fmt.Errorf("get default BMC credentials from secret store: %w", err)
+	} else {
+		// Default URI credentials found, use them.
+		if err = json.Unmarshal([]byte(strCreds), &creds); err != nil {
+			return creds, fmt.Errorf("get default BMC credentials from secret store: failed to unmarshal: %w", err)
+		}
+		return creds, nil
+	}
+}
+
+func GetBMCCredentials(store secrets.SecretStore, id string) (BMCCredentials, error) {
+	var creds BMCCredentials
+	if strCreds, err := store.GetSecretByID(id); err != nil {
+		return creds, fmt.Errorf("get BMC credentials from secret store: %w", err)
+	} else {
+		// Specific URI credentials found, use them.
+		if err = json.Unmarshal([]byte(strCreds), &creds); err != nil {
+			return creds, fmt.Errorf("get BMC credentials from secret store: failed to unmarshal: %w", err)
+		}
+	}
+
+	return creds, nil
+}
+
+func GetBMCCredentialsOrDefault(store secrets.SecretStore, id string) BMCCredentials {
+	var (
+		creds BMCCredentials
+		err   error
+	)
+
+	if id == "" {
+		return creds
+	}
+
+	if id == secrets.DEFAULT_KEY {
+		creds, _ = GetBMCCredentialsDefault(store)
+		return creds
+	}
+
+	if creds, err = GetBMCCredentials(store, id); err != nil {
+		if defaultSecret, err := GetBMCCredentialsDefault(store); err == nil {
+			// Default credentials found, use them.
+			creds = defaultSecret
+		}
+	}
+
+	return creds
+}
--- a/pkg/collect.go
+++ b/pkg/collect.go
@ -15,6 +15,7 @@ import (
 	"sync"
 	"time"

+	"github.com/OpenCHAMI/magellan/pkg/bmc"
 	"github.com/OpenCHAMI/magellan/pkg/client"
 	"github.com/OpenCHAMI/magellan/pkg/crawler"
 	"github.com/OpenCHAMI/magellan/pkg/secrets"
@ -32,18 +33,16 @@ import (
 // CollectParams is a collection of common parameters passed to the CLI
 // for the 'collect' subcommand.
 type CollectParams struct {
-	URI         string // set by the 'host' flag
-	Username    string // set the BMC username with the 'username' flag
-	Password    string // set the BMC password with the 'password' flag
-	Concurrency int    // set the of concurrent jobs with the 'concurrency' flag
-	Timeout     int    // set the timeout with the 'timeout' flag
-	CaCertPath  string // set the cert path with the 'cacert' flag
-	Verbose     bool   // set whether to include verbose output with 'verbose' flag
-	OutputPath  string // set the path to save output with 'output' flag
-	Format      string // set the output format
-	ForceUpdate bool   // set whether to force updating SMD with 'force-update' flag
-	AccessToken string // set the access token to include in request with 'access-token' flag
-	SecretsFile string // set the path to secrets file
+	URI         string              // set by the 'host' flag
+	Concurrency int                 // set the of concurrent jobs with the 'concurrency' flag
+	Timeout     int                 // set the timeout with the 'timeout' flag
+	CaCertPath  string              // set the cert path with the 'cacert' flag
+	Verbose     bool                // set whether to include verbose output with 'verbose' flag
+	OutputPath  string              // set the path to save output with 'output' flag
+	Format      string              // set the output format
+	ForceUpdate bool                // set whether to force updating SMD with 'force-update' flag
+	AccessToken string              // set the access token to include in request with 'access-token' flag
+	SecretStore secrets.SecretStore // set BMC credentials
 }

 // This is the main function used to collect information from the BMC nodes via Redfish.
@ -52,7 +51,7 @@ type CollectParams struct {
 //
 // Requests can be made to several of the nodes using a goroutine by setting the q.Concurrency
 // property value between 1 and 10000.
-func CollectInventory(assets *[]RemoteAsset, params *CollectParams, localStore secrets.SecretStore) ([]map[string]any, error) {
+func CollectInventory(assets *[]RemoteAsset, params *CollectParams) ([]map[string]any, error) {
 	// check for available remote assets found from scan
 	if assets == nil {
 		return nil, fmt.Errorf("no assets found")
@ -122,46 +121,36 @@ func CollectInventory(assets *[]RemoteAsset, params *CollectParams, localStore s

 				// crawl BMC node to fetch inventory data via Redfish
 				var (
-					fallbackStore = secrets.NewStaticStore(params.Username, params.Password)
-					systems       []crawler.InventoryDetail
-					managers      []crawler.Manager
-					config        = crawler.CrawlerConfig{
+					systems  []crawler.InventoryDetail
+					managers []crawler.Manager
+					config   = crawler.CrawlerConfig{
 						URI:             uri,
-						CredentialStore: localStore,
+						CredentialStore: params.SecretStore,
 						Insecure:        true,
 						UseDefault:      true,
 					}
 					err error
 				)

-				// determine if local store exists and has credentials for
-				// the provided secretID...
-				// if it does not, use the fallback static store instead with
-				// the username and password provided as arguments
-				if localStore != nil {
-					_, err := localStore.GetSecretByID(uri)
-					if err != nil {
-						log.Warn().Err(err).Msgf("could not retrieve secrets for '%s'...falling back to credentials provided with flags -u/-p for user '%s'", uri, params.Username)
-						if params.Username != "" && params.Password != "" {
-							config.CredentialStore = fallbackStore
-						} else if !config.UseDefault {
-							log.Warn().Msgf("no fallback credentials provided for '%s'", params.Username)
-							continue
-						}
-					}
-				} else {
-					log.Warn().Msgf("invalid store for %s...falling back to default provided credentials for user '%s'", uri, params.Username)
-					config.CredentialStore = fallbackStore
-				}
-
 				// crawl for node and BMC information
 				systems, err = crawler.CrawlBMCForSystems(config)
 				if err != nil {
-					log.Error().Err(err).Msg("failed to crawl BMC for systems")
+					log.Error().Err(err).Str("uri", uri).Msg("failed to crawl BMC for systems")
 				}
 				managers, err = crawler.CrawlBMCForManagers(config)
 				if err != nil {
-					log.Error().Err(err).Msg("failed to crawl BMC for managers")
+					log.Error().Err(err).Str("uri", uri).Msg("failed to crawl BMC for managers")
+				}
+
+				// we didn't find anything so do not proceed
+				if len(systems) == 0 && len(managers) == 0 {
+					continue
+				}
+
+				// get BMC username to send
+				bmcCreds := bmc.GetBMCCredentialsOrDefault(params.SecretStore, config.URI)
+				if bmcCreds == (bmc.BMCCredentials{}) {
+					log.Warn().Str("id", config.URI).Msg("username will be blank")
 				}

 				// data to be sent to smd
@ -170,7 +159,7 @@ func CollectInventory(assets *[]RemoteAsset, params *CollectParams, localStore s
 					"Type":               "",
 					"Name":               "",
 					"FQDN":               sr.Host,
-					"User":               params.Username,
+					"User":               bmcCreds.Username,
 					"MACRequired":        true,
 					"RediscoverOnUpdate": false,
 					"Systems":            systems,
--- a/pkg/crawler/main.go
+++ b/pkg/crawler/main.go
@ -1,10 +1,11 @@
 package crawler

 import (
-	"encoding/json"
 	"fmt"
 	"strings"

+	"github.com/OpenCHAMI/magellan/internal/util"
+	"github.com/OpenCHAMI/magellan/pkg/bmc"
 	"github.com/OpenCHAMI/magellan/pkg/secrets"
 	"github.com/rs/zerolog/log"
 	"github.com/stmcginnis/gofish"
@ -18,15 +19,10 @@ type CrawlerConfig struct {
 	UseDefault      bool
 }

-func (cc *CrawlerConfig) GetUserPass() (BMCUsernamePassword, error) {
+func (cc *CrawlerConfig) GetUserPass() (bmc.BMCCredentials, error) {
 	return loadBMCCreds(*cc)
 }

-type BMCUsernamePassword struct {
-	Username string `json:"username"`
-	Password string `json:"password"`
-}
-
 type EthernetInterface struct {
 	URI         string `json:"uri,omitempty"`         // URI of the interface
 	MAC         string `json:"mac,omitempty"`         // MAC address of the interface
@ -373,37 +369,14 @@ func walkManagers(rf_managers []*redfish.Manager, baseURI string) ([]Manager, er
 	return managers, nil
 }

-func loadBMCCreds(config CrawlerConfig) (BMCUsernamePassword, error) {
+func loadBMCCreds(config CrawlerConfig) (bmc.BMCCredentials, error) {
 	// NOTE: it is possible for the SecretStore to be nil, so we need a check
 	if config.CredentialStore == nil {
-		return BMCUsernamePassword{}, fmt.Errorf("credential store is invalid")
+		return bmc.BMCCredentials{}, fmt.Errorf("credential store is invalid")
 	}
-	creds, err := config.CredentialStore.GetSecretByID(config.URI)
-	if err != nil {
-		event := log.Error()
-		event.Err(err)
-		event.Msg("failed to get credentials from secret store")
-		// try to get default if parameter is set
-		if config.UseDefault {
-			creds, err = config.CredentialStore.GetSecretByID(secrets.DEFAULT_KEY)
-			// no default credentials
-			if err != nil {
-				event := log.Error()
-				event.Err(err)
-				event.Msg("failed to get default credentials from secret store")
-				return BMCUsernamePassword{}, err
-			}
-		} else {
-			return BMCUsernamePassword{}, err
-		}
+	if creds := util.GetBMCCredentials(config.CredentialStore, config.URI); creds == (bmc.BMCCredentials{}) {
+		return creds, fmt.Errorf("%s: credentials blank for BNC", config.URI)
+	} else {
+		return creds, nil
 	}
-	var bmc_creds BMCUsernamePassword
-	err = json.Unmarshal([]byte(creds), &bmc_creds)
-	if err != nil {
-		event := log.Error()
-		event.Err(err)
-		event.Msg("failed to unmarshal credentials")
-		return BMCUsernamePassword{}, err
-	}
-	return bmc_creds, nil
 }
--- a/pkg/update.go
+++ b/pkg/update.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"

+	"github.com/OpenCHAMI/magellan/pkg/bmc"
 	"github.com/stmcginnis/gofish"
 	"github.com/stmcginnis/gofish/redfish"
 )
@ -34,8 +35,14 @@ func UpdateFirmwareRemote(q *UpdateParams) error {
 		return fmt.Errorf("failed to parse URI: %w", err)
 	}

+	// Get BMC credentials from secret store in update parameters
+	bmcCreds, err := bmc.GetBMCCredentials(q.SecretStore, q.URI)
+	if err != nil {
+		return fmt.Errorf("failed to get BMC credentials: %w", err)
+	}
+
 	// Connect to the Redfish service using gofish
-	client, err := gofish.Connect(gofish.ClientConfig{Endpoint: uri.String(), Username: q.Username, Password: q.Password, Insecure: q.Insecure})
+	client, err := gofish.Connect(gofish.ClientConfig{Endpoint: uri.String(), Username: bmcCreds.Username, Password: bmcCreds.Password, Insecure: q.Insecure})
 	if err != nil {
 		return fmt.Errorf("failed to connect to Redfish service: %w", err)
 	}
@ -70,8 +77,14 @@ func GetUpdateStatus(q *UpdateParams) error {
 		return fmt.Errorf("failed to parse URI: %w", err)
 	}

+	// Get BMC credentials from secret store in update parameters
+	bmcCreds, err := bmc.GetBMCCredentials(q.SecretStore, q.URI)
+	if err != nil {
+		return fmt.Errorf("failed to get BMC credentials: %w", err)
+	}
+
 	// Connect to the Redfish service using gofish
-	client, err := gofish.Connect(gofish.ClientConfig{Endpoint: uri.String(), Username: q.Username, Password: q.Password, Insecure: q.Insecure})
+	client, err := gofish.Connect(gofish.ClientConfig{Endpoint: uri.String(), Username: bmcCreds.Username, Password: bmcCreds.Password, Insecure: q.Insecure})
 	if err != nil {
 		return fmt.Errorf("failed to connect to Redfish service: %w", err)
 	}