Merge pull request #111 from canonical/eaudetcobello/proxy-scheme

add new SnapstoreProxyScheme field

apis/v1beta1/microk8sconfig_types.go

@@ -85,6 +85,11 @@ type InitConfiguration struct {
 	// +optional
 	DisableDefaultCNI bool `json:"disableDefaultCNI,omitempty"`
 
+	// The snap store proxy domain's scheme, e.g. "http" or "https" without "://"
+	// Defaults to "http".
+	// +optional
+	SnapstoreProxyScheme string `json:"snapstoreProxyScheme,omitempty"`
+
 	// The snap store proxy domain
 	// +optional
 	SnapstoreProxyDomain string `json:"snapstoreProxyDomain,omitempty"`

config/crd/bases/bootstrap.cluster.x-k8s.io_microk8sconfigs.yaml

@@ -180,6 +180,10 @@ spec:
                   snapstoreProxyId:
                     description: The snap store proxy ID
                     type: string
+                  snapstoreProxyScheme:
+                    description: The snap store proxy domain's scheme, e.g. "http"
+                      or "https" without "://" Defaults to "http".
+                    type: string
                 type: object
             type: object
           status:

config/crd/bases/bootstrap.cluster.x-k8s.io_microk8sconfigtemplates.yaml

@@ -191,6 +191,10 @@ spec:
                           snapstoreProxyId:
                             description: The snap store proxy ID
                             type: string
+                          snapstoreProxyScheme:
+                            description: The snap store proxy domain's scheme, e.g.
+                              "http" or "https" without "://" Defaults to "http".
+                            type: string
                         type: object
                     type: object
                 type: object

controllers/cloudinit/cloudinit_common_test.go

@@ -228,38 +228,41 @@ func TestCloudConfigInput(t *testing.T) {
 	t.Run("SnapstoreProxy", func(t *testing.T) {
 		for _, tc := range []struct {
 			name            string
-			makeCloudConfig func() (*cloudinit.CloudConfig, error)
+			makeCloudConfig func(scheme string) (*cloudinit.CloudConfig, error)
 		}{
 			{
 				name: "ControlPlaneInit",
-				makeCloudConfig: func() (*cloudinit.CloudConfig, error) {
+				makeCloudConfig: func(scheme string) (*cloudinit.CloudConfig, error) {
 					return cloudinit.NewInitControlPlane(&cloudinit.ControlPlaneInitInput{
 						KubernetesVersion:    "v1.25.0",
 						Token:                strings.Repeat("a", 32),
 						TokenTTL:             100,
+						SnapstoreProxyScheme: scheme,
 						SnapstoreProxyDomain: "snapstore.domain.com",
 						SnapstoreProxyId:     "ID123456789",
 					})
 				},
 			},
 			{
 				name: "ControlPlaneJoin",
-				makeCloudConfig: func() (*cloudinit.CloudConfig, error) {
+				makeCloudConfig: func(scheme string) (*cloudinit.CloudConfig, error) {
 					return cloudinit.NewJoinControlPlane(&cloudinit.ControlPlaneJoinInput{
 						KubernetesVersion:    "v1.25.0",
 						Token:                strings.Repeat("a", 32),
 						TokenTTL:             100,
+						SnapstoreProxyScheme: scheme,
 						SnapstoreProxyDomain: "snapstore.domain.com",
 						SnapstoreProxyId:     "ID123456789",
 					})
 				},
 			},
 			{
 				name: "Worker",
-				makeCloudConfig: func() (*cloudinit.CloudConfig, error) {
+				makeCloudConfig: func(scheme string) (*cloudinit.CloudConfig, error) {
 					return cloudinit.NewJoinWorker(&cloudinit.WorkerInput{
 						KubernetesVersion:    "v1.25.0",
 						Token:                strings.Repeat("a", 32),
+						SnapstoreProxyScheme: scheme,
 						SnapstoreProxyDomain: "snapstore.domain.com",
 						SnapstoreProxyId:     "ID123456789",
 					})
@@ -268,10 +271,22 @@ func TestCloudConfigInput(t *testing.T) {
 		} {
 			t.Run(tc.name, func(t *testing.T) {
 				g := NewWithT(t)
-				c, err := tc.makeCloudConfig()
-				g.Expect(err).NotTo(HaveOccurred())
 
-				g.Expect(c.RunCommands).To(ContainElement(`/capi-scripts/00-configure-snapstore-proxy.sh "snapstore.domain.com" "ID123456789"`))
+				for _, withScheme := range []string{"", "http", "https"} {
+					t.Run(fmt.Sprintf("withScheme=%q", withScheme), func(t *testing.T) {
+						c, err := tc.makeCloudConfig(withScheme)
+						g.Expect(err).NotTo(HaveOccurred())
+
+						// if scheme is unspecified, default to http
+						var expectedScheme string
+						if withScheme == "" {
+							expectedScheme = "http"
+						} else {
+							expectedScheme = withScheme
+						}
+						g.Expect(c.RunCommands).To(ContainElement(fmt.Sprintf(`/capi-scripts/00-configure-snapstore-proxy.sh %q "snapstore.domain.com" "ID123456789"`, expectedScheme)))
+					})
+				}
 			})
 		}
 	})

controllers/cloudinit/controlplane_init.go

@@ -59,6 +59,8 @@ type ControlPlaneInitInput struct {
 	RiskLevel string
 	// DisableDefaultCNI specifies whether to disable the default CNI plugin.
 	DisableDefaultCNI bool
+	// SnapstoreProxyScheme specifies the scheme (e.g. http or https) of the domain. Defaults to "http".
+	SnapstoreProxyScheme string
 	// SnapstoreProxyDomain specifies the domain of the snapstore proxy if one is to be used.
 	SnapstoreProxyDomain string
 	// SnapstoreProxyId specifies the snapstore proxy ID if one is to be used.
@@ -88,6 +90,10 @@ func NewInitControlPlane(input *ControlPlaneInitInput) (*CloudConfig, error) {
 		return nil, fmt.Errorf("join token TTL %q is not a positive number", input.TokenTTL)
 	}
 
+	if input.SnapstoreProxyScheme == "" {
+		input.SnapstoreProxyScheme = "http"
+	}
+
 	// figure out endpoint type
 	endpointType := "DNS"
 	if net.ParseIP(input.ControlPlaneEndpoint) != nil {
@@ -141,7 +147,7 @@ func NewInitControlPlane(input *ControlPlaneInitInput) (*CloudConfig, error) {
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands, input.PreRunCommands...)
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands,
 		fmt.Sprintf("%s %q %q", scriptPath(snapstoreHTTPProxyScript), input.SnapstoreHTTPProxy, input.SnapstoreHTTPSProxy),
-		fmt.Sprintf("%s %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyDomain, input.SnapstoreProxyId),
+		fmt.Sprintf("%s %q %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyScheme, input.SnapstoreProxyDomain, input.SnapstoreProxyId),
 		scriptPath(disableHostServicesScript),
 		fmt.Sprintf("%s %q", scriptPath(installMicroK8sScript), installArgs),
 		fmt.Sprintf("%s %q %q %q", scriptPath(configureContainerdProxyScript), input.ContainerdHTTPProxy, input.ContainerdHTTPSProxy, input.ContainerdNoProxy),

controllers/cloudinit/controlplane_init_test.go

@@ -46,7 +46,7 @@ func TestControlPlaneInit(t *testing.T) {
 		g.Expect(cloudConfig.RunCommands).To(Equal([]string{
 			`set -x`,
 			`/capi-scripts/00-configure-snapstore-http-proxy.sh "" ""`,
-			`/capi-scripts/00-configure-snapstore-proxy.sh "" ""`,
+			`/capi-scripts/00-configure-snapstore-proxy.sh "http" "" ""`,
 			`/capi-scripts/00-disable-host-services.sh`,
 			`/capi-scripts/00-install-microk8s.sh "--channel 1.25 --classic"`,
 			`/capi-scripts/10-configure-containerd-proxy.sh "" "" ""`,

controllers/cloudinit/controlplane_join.go

@@ -55,6 +55,8 @@ type ControlPlaneJoinInput struct {
 	RiskLevel string
 	// DisableDefaultCNI specifies whether to use the default CNI plugin.
 	DisableDefaultCNI bool
+	// SnapstoreProxyScheme specifies the scheme (e.g. http or https) of the domain. Defaults to "http".
+	SnapstoreProxyScheme string
 	// SnapstoreProxyDomain specifies the domain of the snapstore proxy if one is to be used.
 	SnapstoreProxyDomain string
 	// SnapstoreProxyId specifies the snapstore proxy ID if one is to be used.
@@ -102,6 +104,10 @@ func NewJoinControlPlane(input *ControlPlaneJoinInput) (*CloudConfig, error) {
 	}
 	installArgs := createInstallArgs(input.Confinement, input.RiskLevel, kubernetesVersion)
 
+	if input.SnapstoreProxyScheme == "" {
+		input.SnapstoreProxyScheme = "http"
+	}
+
 	cloudConfig := NewBaseCloudConfig()
 	cloudConfig.WriteFiles = append(cloudConfig.WriteFiles, input.ExtraWriteFiles...)
 	if args := input.ExtraKubeletArgs; len(args) > 0 {
@@ -123,7 +129,7 @@ func NewJoinControlPlane(input *ControlPlaneJoinInput) (*CloudConfig, error) {
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands, input.PreRunCommands...)
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands,
 		fmt.Sprintf("%s %q %q", scriptPath(snapstoreHTTPProxyScript), input.SnapstoreHTTPProxy, input.SnapstoreHTTPSProxy),
-		fmt.Sprintf("%s %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyDomain, input.SnapstoreProxyId),
+		fmt.Sprintf("%s %q %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyScheme, input.SnapstoreProxyDomain, input.SnapstoreProxyId),
 		scriptPath(disableHostServicesScript),
 		fmt.Sprintf("%s %q", scriptPath(installMicroK8sScript), installArgs),
 		fmt.Sprintf("%s %q %q %q", scriptPath(configureContainerdProxyScript), input.ContainerdHTTPProxy, input.ContainerdHTTPSProxy, input.ContainerdNoProxy),

controllers/cloudinit/controlplane_join_test.go

@@ -44,7 +44,7 @@ func TestControlPlaneJoin(t *testing.T) {
 		g.Expect(cloudConfig.RunCommands).To(Equal([]string{
 			`set -x`,
 			`/capi-scripts/00-configure-snapstore-http-proxy.sh "" ""`,
-			`/capi-scripts/00-configure-snapstore-proxy.sh "" ""`,
+			`/capi-scripts/00-configure-snapstore-proxy.sh "http" "" ""`,
 			`/capi-scripts/00-disable-host-services.sh`,
 			`/capi-scripts/00-install-microk8s.sh "--channel 1.25 --classic"`,
 			`/capi-scripts/10-configure-containerd-proxy.sh "" "" ""`,

controllers/cloudinit/scripts/00-configure-snapstore-proxy.sh

@@ -1,12 +1,17 @@
 #!/bin/bash -xe
 
 # Usage:
-#   $0 $snapstore-domain $snapstore-id
+#   $0 $snapstore-scheme $snapstore-domain $snapstore-id
+#
+# Arguments:
+#   $snapstore-scheme     The scheme for the domain (e.g. https or http without the ://)
+#   $snapstore-domain     The domain name (e.g. snapstore.domain.com)
+#   $snapstore-id         The store id (e.g. ID123456789)
 #
 # Assumptions:
 #   - snapd is installed
 
-if [ "$#" -ne 2 ] || [ -z "${1}" ] || [ -z "${2}" ] ; then
+if [ "$#" -ne 3 ] || [ -z "${1}" ] || [ -z "${2}" ] || [ -z "${3}" ] ; then
   echo "Using the default snapstore"
   exit 0
 fi
@@ -18,12 +23,12 @@ if ! type -P curl ; then
   done
 fi
 
-while ! curl -sL http://"${1}"/v2/auth/store/assertions | snap ack /dev/stdin ; do
+while ! curl -sL "${1}"://"${2}"/v2/auth/store/assertions | snap ack /dev/stdin ; do
   echo "Failed to ACK store assertions, will retry"
   sleep 5
 done
 
-while ! snap set core proxy.store="${2}" ; do
-  echo "Failed to configure snapd with stire ID, will retry"
+while ! snap set core proxy.store="${3}" ; do
+  echo "Failed to configure snapd with store ID, will retry"
   sleep 5
 done

controllers/cloudinit/worker_join.go

@@ -46,6 +46,8 @@ type WorkerInput struct {
 	Confinement string
 	// RiskLevel specifies the risk level (strict, candidate, beta, edge) for the snap channels.
 	RiskLevel string
+	// SnapstoreProxyScheme specifies the scheme (e.g http or https) of the domain. Defaults to http.
+	SnapstoreProxyScheme string
 	// SnapstoreProxyDomain specifies the domain of the snapstore proxy if one is to be used.
 	SnapstoreProxyDomain string
 	// SnapstoreProxyId specifies the snapstore proxy ID if one is to be used.
@@ -83,6 +85,10 @@ func NewJoinWorker(input *WorkerInput) (*CloudConfig, error) {
 		return nil, fmt.Errorf("strict confinement is only available for microk8s v1.25+")
 	}
 
+	if input.SnapstoreProxyScheme == "" {
+		input.SnapstoreProxyScheme = "http"
+	}
+
 	stopApiServerProxyRefreshes := "no"
 	if kubernetesVersion.Minor() > 24 {
 		stopApiServerProxyRefreshes = "yes"
@@ -110,7 +116,7 @@ func NewJoinWorker(input *WorkerInput) (*CloudConfig, error) {
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands, input.PreRunCommands...)
 	cloudConfig.RunCommands = append(cloudConfig.RunCommands,
 		fmt.Sprintf("%s %q %q", scriptPath(snapstoreHTTPProxyScript), input.SnapstoreHTTPProxy, input.SnapstoreHTTPSProxy),
-		fmt.Sprintf("%s %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyDomain, input.SnapstoreProxyId),
+		fmt.Sprintf("%s %q %q %q", scriptPath(snapstoreProxyScript), input.SnapstoreProxyScheme, input.SnapstoreProxyDomain, input.SnapstoreProxyId),
 		scriptPath(disableHostServicesScript),
 		fmt.Sprintf("%s %q", scriptPath(installMicroK8sScript), installArgs),
 		fmt.Sprintf("%s %q %q %q", scriptPath(configureContainerdProxyScript), input.ContainerdHTTPProxy, input.ContainerdHTTPSProxy, input.ContainerdNoProxy),

controllers/cloudinit/worker_join_test.go

@@ -40,7 +40,7 @@ func TestWorkerJoin(t *testing.T) {
 		g.Expect(cloudConfig.RunCommands).To(Equal([]string{
 			`set -x`,
 			`/capi-scripts/00-configure-snapstore-http-proxy.sh "" ""`,
-			`/capi-scripts/00-configure-snapstore-proxy.sh "" ""`,
+			`/capi-scripts/00-configure-snapstore-proxy.sh "http" "" ""`,
 			`/capi-scripts/00-disable-host-services.sh`,
 			`/capi-scripts/00-install-microk8s.sh "--channel 1.24 --classic"`,
 			`/capi-scripts/10-configure-containerd-proxy.sh "" "" ""`,

controllers/microk8sconfig_controller.go

@@ -310,6 +310,7 @@ func (r *MicroK8sConfigReconciler) handleClusterNotInitialized(ctx context.Conte
 		ContainerdHTTPProxy:  microk8sConfig.Spec.InitConfiguration.HTTPProxy,
 		ContainerdHTTPSProxy: microk8sConfig.Spec.InitConfiguration.HTTPSProxy,
 		ContainerdNoProxy:    microk8sConfig.Spec.InitConfiguration.NoProxy,
+		SnapstoreProxyScheme: microk8sConfig.Spec.InitConfiguration.SnapstoreProxyScheme,
 		SnapstoreProxyDomain: microk8sConfig.Spec.InitConfiguration.SnapstoreProxyDomain,
 		SnapstoreProxyId:     microk8sConfig.Spec.InitConfiguration.SnapstoreProxyId,
 		Confinement:          microk8sConfig.Spec.InitConfiguration.Confinement,
@@ -414,6 +415,7 @@ func (r *MicroK8sConfigReconciler) handleJoiningControlPlaneNode(ctx context.Con
 		ContainerdHTTPProxy:  microk8sConfig.Spec.InitConfiguration.HTTPProxy,
 		ContainerdHTTPSProxy: microk8sConfig.Spec.InitConfiguration.HTTPSProxy,
 		ContainerdNoProxy:    microk8sConfig.Spec.InitConfiguration.NoProxy,
+		SnapstoreProxyScheme: microk8sConfig.Spec.InitConfiguration.SnapstoreProxyScheme,
 		SnapstoreProxyDomain: microk8sConfig.Spec.InitConfiguration.SnapstoreProxyDomain,
 		SnapstoreProxyId:     microk8sConfig.Spec.InitConfiguration.SnapstoreProxyId,
 		RiskLevel:            microk8sConfig.Spec.InitConfiguration.RiskLevel,
@@ -515,6 +517,7 @@ func (r *MicroK8sConfigReconciler) handleJoiningWorkerNode(ctx context.Context,
 		workerInput.ContainerdHTTPSProxy = c.HTTPSProxy
 		workerInput.ContainerdHTTPProxy = c.HTTPProxy
 		workerInput.ContainerdNoProxy = c.NoProxy
+		workerInput.SnapstoreProxyScheme = c.SnapstoreProxyScheme
 		workerInput.SnapstoreProxyDomain = c.SnapstoreProxyDomain
 		workerInput.SnapstoreProxyId = c.SnapstoreProxyId
 		workerInput.SnapstoreHTTPProxy = c.SnapstoreHTTPProxy