Mutate ESXi secret before testing connection

Signed-off-by: yaacov <[email protected]>
kubev2v · Dec 30, 2024 · 4a041b8 · 4a041b8
1 parent bfb0a81
commit 4a041b8
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/pkg/forklift-api/webhooks/mutating-webhook/mutators/secret-mutator.go b/pkg/forklift-api/webhooks/mutating-webhook/mutators/secret-mutator.go
@@ -159,7 +159,7 @@ func (mutator *SecretMutator) patchSecret() *admissionv1.AdmissionResponse {
 func (mutator *SecretMutator) mutateHostSecret() *admissionv1.AdmissionResponse {
 	if _, ok := mutator.secret.GetLabels()["createdForResource"]; ok { // checking this just because there's no point in mutating an invalid secret
 		var secretChanged bool
-		if _, ok := mutator.secret.Data["user"]; !ok {
+		if user, ok := mutator.secret.Data["user"]; !ok || string(user) == "" {
 			provider := &api.Provider{}
 			providerName := string(mutator.secret.Data["provider"])
 			providerNamespace := mutator.secret.Namespace

diff --git a/pkg/forklift-api/webhooks/validating-webhook/admitters/secret-admitter.go b/pkg/forklift-api/webhooks/validating-webhook/admitters/secret-admitter.go
@@ -203,6 +203,31 @@ func (admitter *SecretAdmitter) testConnectionToHost(hostName string) (tested bo
 		}
 		admitter.secret.Data["thumbprint"] = []byte(hostModel.Thumbprint)
 		url := fmt.Sprintf("https://%s/sdk", admitter.secret.Data["ip"])
+
+		// if no user is provided in ths secret and the provider is ESXi, we need to
+		// copy the credentials from the provider secret to the host secret
+		user, ok := admitter.secret.Data["user"]
+		if provider.Spec.Settings[api.SDK] == api.ESXI && (!ok || string(user) == "") {
+			ref := provider.Spec.Secret
+			providerSecret := &core.Secret{}
+			if err := admitter.Client.Get(context.TODO(), client.ObjectKey{Namespace: ref.Namespace, Name: ref.Name}, providerSecret); err != nil {
+				log.Error(err, "failed to get provider secret for Host secret without credentials")
+				return false, err
+			}
+
+			// Create a new secret object with updated user and password
+			updatedSecret := admitter.secret.DeepCopy()
+			updatedSecret.Data["user"] = providerSecret.Data["user"]
+			updatedSecret.Data["password"] = providerSecret.Data["password"]
+
+			h := adapter.EsxHost{
+				Secret: updatedSecret,
+				URL:    url,
+			}
+			log.Info("Testing provider connection using ESXi credentials")
+			return true, h.TestConnection()
+		}
+
 		h := adapter.EsxHost{
 			Secret: &admitter.secret,
 			URL:    url,