Merge pull request #950 from Pacho20/ibm-cloud-support

ibmcloud: initial support for IBM Cloud as a provider

Author: gkurz

config/peerpods/podvm/Dockerfile.podvm-builder

@@ -24,7 +24,7 @@ ARG ACTIVATION_KEY
 
 RUN mkdir -p /scripts
 
-ADD ami-helper.sh lib.sh libvirt-podvm-image-handler.sh aws-podvm-image-handler.sh azure-podvm-image-handler.sh gcp-podvm-image-handler.sh /scripts/
+ADD ami-helper.sh lib.sh libvirt-podvm-image-handler.sh aws-podvm-image-handler.sh azure-podvm-image-handler.sh gcp-podvm-image-handler.sh ibmcloud-podvm-image-handler.sh /scripts/
 
 RUN mkdir -p /scripts/bootc
 ADD bootc/config.toml /scripts/bootc/

config/peerpods/podvm/ibmcloud-podvm-image-cm.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ibmcloud-podvm-image-cm
+  namespace: openshift-sandboxed-containers-operator
+# these are just placeholders for now
+data:
+  # Booleans
+  INSTALL_PACKAGES: "no"
+  DOWNLOAD_SOURCES: "no"
+  CONFIDENTIAL_COMPUTE_ENABLED: "no"
+  DISABLE_CLOUD_CONFIG: "true"
+  ENABLE_NVIDIA_GPU: "no"
+  UPDATE_PEERPODS_CM: "yes"
+  BOOT_FIPS: "no"
+
+  # precreated artifacts
+  #COS_BUCKET_NAME: existing-bucket-name
+  PODVM_IMAGE_URI: bootc::image-registry.openshift-image-registry.svc:5000/openshift-sandboxed-containers-operator/podvm-bootc

config/peerpods/podvm/ibmcloud-podvm-image-handler.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+# FILEPATH: ibmcloud-podvm-image-handler.sh
+
+# This script is used to import PodVM images to IBM Cloud
+# The basic assumption is that the required variables are set as environment variables in the pod
+# Typically the variables are read from configmaps and set as environment variables in the pod
+# The script will be called with one of the following options:
+# Create image (-c)
+# Delete image (-C)
+
+# include common functions from lib.sh
+# shellcheck source=/dev/null
+# The directory is where ibmcloud-podvm-image-handler.sh is located
+source "$(dirname "$0")"/lib.sh
+
+# function to download and install ibmcloud cli
+
+function install_ibmcloud_cli() {
+    # Install ibmcloud cli
+    # If any error occurs, exit the script with an error message
+
+    # Check if ibmcloud cli is already installed
+    if command -v ibmcloud &>/dev/null; then
+        echo "ibmcloud cli is already installed"
+        return
+    fi
+
+    # Download ibmcloud cli
+    curl -fsSL https://clis.cloud.ibm.com/install/linux -o /tmp/ibmcloud_install.sh ||
+        error_exit "Failed to download ibmcloud cli"
+
+    # Install ibmcloud cli
+    sh /tmp/ibmcloud_install.sh ||
+        error_exit "Failed to execute ibmcloud cli installer"
+
+    # Install ibmcloud cli plugins
+    ibmcloud plugin install -a ||
+        error_exit "Failed to install ibmcloud cli plugins"
+
+    # Clean up temporary files
+    rm -f "/tmp/ibmcloud_install.sh"
+}
+
+function create_image() {
+    error_exit "currently not supported"
+}
+
+function delete_image() {
+    error_exit "currently not supported"
+}
+
+# display help message
+
+function display_help() {
+    echo "This script is used to import PodVM images to IBM Cloud"
+    echo "Usage: $0 [-c|-C] [-- install_binaries|install_rpms|install_cli]"
+    echo "Options:"
+    echo "-c  Create image"
+    echo "-C  Delete image"
+}
+
+# main function
+
+if [ "$#" -eq 0 ]; then
+    display_help
+    exit 1
+fi
+
+if [ "$1" = "--" ]; then
+    shift
+    # Handle positional parameters
+    case "$1" in
+
+    install_binaries)
+        install_binary_packages
+        ;;
+    install_rpms)
+        install_rpm_packages
+        ;;
+    install_cli)
+        install_ibmcloud_cli
+        ;;
+    *)
+        echo "Unknown argument: $1"
+        exit 1
+        ;;
+    esac
+else
+    while getopts "cCh" opt; do
+        verify_vars
+        case ${opt} in
+        c)
+            create_image
+            ;;
+        C)
+            delete_image
+            ;;
+        h)
+            # Display help
+            display_help
+            exit 0
+            ;;
+        *)
+            # Invalid option
+            display_help
+            exit 1
+            ;;
+        esac
+    done
+fi

config/peerpods/podvm/osc-podvm-create-job.yaml

@@ -34,6 +34,7 @@ spec:
           # azure-podvm-image-handler.sh script under /scripts/azure-podvm-image-handler.sh
           # aws-podvm-image-handler.sh script under /scripts/aws-podvm-image-handler.sh
           # gcp-podvm-image-handler.sh script under /scripts/gcp-podvm-image-handler.sh
+          # ibmcloud-podvm-image-handler.sh script under /scripts/ibmcloud-podvm-image-handler.sh
           # sources for cloud-api-adaptor under /src/cloud-api-adaptor
           lifecycle: 
             preStop: 
@@ -67,6 +68,9 @@ spec:
             - configMapRef:
                 name: gcp-podvm-image-cm
                 optional: true
+            - configMapRef:
+                name: ibmcloud-podvm-image-cm
+                optional: true
             - configMapRef:
                 name: libvirt-podvm-image-cm
                 optional: true

config/peerpods/podvm/osc-podvm-delete-job.yaml

@@ -18,6 +18,7 @@ spec:
           # azure-podvm-image-handler.sh script under /scripts/azure-podvm-image-handler.sh
           # aws-podvm-image-handler.sh script under /scripts/aws-podvm-image-handler.sh
           # gcp-podvm-image-handler.sh script under /scripts/gcp-podvm-image-handler.sh
+          # ibmcloud-podvm-image-handler.sh script under /scripts/ibmcloud-podvm-image-handler.sh
           # sources for cloud-api-adaptor under /src/cloud-api-adaptor
           # Binaries like kubectl, packer and yq under /usr/local/bin
           image: registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9:1.10.1  ## OSC_VERSION
@@ -47,6 +48,9 @@ spec:
             - configMapRef:
                 name: gcp-podvm-image-cm
                 optional: true
+            - configMapRef:
+                name: ibmcloud-podvm-image-cm
+                optional: true
             - configMapRef:
                 name: libvirt-podvm-image-cm
                 optional: true

config/peerpods/podvm/podvm-builder.sh

@@ -31,6 +31,11 @@ function install_gcp_deps() {
   /scripts/gcp-podvm-image-handler.sh -- install_binaries
 }
 
+# Function to install IBM Cloud deps
+function install_ibmcloud_deps() {
+  /scripts/ibmcloud-podvm-image-handler.sh -- install_cli
+  /scripts/ibmcloud-podvm-image-handler.sh -- install_binaries
+}
 
 # Function to check if peer-pods-cm configmap exists
 function check_peer_pods_cm_exists() {
@@ -382,6 +387,10 @@ libvirt)
 gcp)
   install_gcp_deps
   ;;
+ibmcloud)
+  echo "IBM Cloud doesn't support this feature, please provide IBMCLOUD_PODVM_IMAGE_ID in your peer-pods-cm"
+  exit 1
+  ;;
 *)
   echo "CLOUD_PROVIDER is not set to azure or aws or libvirt"
   display_usage

controllers/image_generator.go

@@ -54,12 +54,14 @@ const (
 	peerpodsCMAzureImageKey       = "AZURE_IMAGE_ID"
 	peerpodsCMGCPImageKey         = "PODVM_IMAGE_NAME"
 	peerpodsLibvirtImageKey       = "LIBVIRT_IMAGE_ID"
+	peerpodsCMIBMCloudImageKey    = "IBMCLOUD_PODVM_IMAGE_ID"
 	fipsCMKey                     = "BOOT_FIPS"
 	procFIPS                      = "/proc/sys/crypto/fips_enabled"
 	AWSProvider                   = "aws"
 	AzureProvider                 = "azure"
 	GCPProvider                   = "gcp"
 	LibvirtProvider               = "libvirt"
+	IBMCloudProvider              = "ibmcloud"
 	peerpodsImageJobsPathLocation = "/config/peerpods/podvm"
 	azureImageGalleryPrefix       = "PodVMGallery"
 )
@@ -259,6 +261,9 @@ func newImageGenerator(client client.Client) (*ImageGenerator, error) {
 		igLogger.Info("libvirt is our provider", "provider", provider)
 		ig.CMimageIDKey = peerpodsLibvirtImageKey
 		ig.provider = provider
+	case IBMCloudProvider:
+		ig.provider = provider
+		ig.CMimageIDKey = peerpodsCMIBMCloudImageKey
 	default:
 		igLogger.Info("unsupported cloud provider, image creation/deletion will be disabled", "provider", ig.provider)
 		ig.provider = unsupportedCloudProvider
@@ -415,6 +420,7 @@ func (r *ImageGenerator) getPeerPodsCM() (*corev1.ConfigMap, error) {
 // azure-podvm-image-cm.yaml for Azure
 // aws-podvm-image-cm.yaml for AWS
 // libvirt-podvm-image-cm.yaml for Libvirt
+// ibmcloud-podvm-image-cm.yaml for IBM Cloud
 
 func (r *ImageGenerator) imageCreateJobRunner() (int, error) {
 	igLogger.Info("imageCreateJobRunner: Start")
@@ -617,6 +623,10 @@ func (r *ImageGenerator) validatePeerPodsConfigs() error {
 	libvirtSecretKeys := []string{"CLOUD_PROVIDER", "LIBVIRT_URI"}
 	// libvirt ConfigMap Keys
 	libvirtConfigMapKeys := []string{"CLOUD_PROVIDER", "LIBVIRT_POOL", "LIBVIRT_VOL_NAME", "LIBVIRT_DIR_NAME"}
+	// ibmcloud Secret Keys
+	ibmcloudSecretKeys := []string{"IBMCLOUD_IAM_PROFILE_ID", "IBMCLOUD_API_KEY"}
+	// ibmcloud ConfigMap Keys
+	ibmcloudConfigMapKeys := []string{"CLOUD_PROVIDER"}
 
 	// Check for each cloud provider if respective ConfigMap keys are present in the peerPodsConfigMap
 	switch r.provider {
@@ -665,6 +675,16 @@ func (r *ImageGenerator) validatePeerPodsConfigs() error {
 			return fmt.Errorf("validatePeerPodsConfigs: cannot find the required keys in peer-pods-cm ConfigMap")
 		}
 
+	case IBMCloudProvider:
+		// Check if ibmcloud Secret Keys are present in the peerPodsSecret
+		if !checkAnyKeyPresentWithValue(peerPodsSecret.Data, ibmcloudSecretKeys) {
+			return fmt.Errorf("validatePeerPodsConfigs: cannot find the required keys in peer-pods-secret Secret")
+		}
+
+		// Check if ibmcloud ConfigMap Keys are present in the peerPodsConfigMap
+		if !checkKeysPresentAndNotEmpty(peerPodsCM.Data, ibmcloudConfigMapKeys) {
+			return fmt.Errorf("validatePeerPodsConfigs: cannot find the required keys in peer-pods-cm ConfigMap")
+		}
 	default:
 		return fmt.Errorf("validatePeerPodsConfigs: unsupported cloud provider %s", r.provider)
 	}
@@ -680,18 +700,8 @@ func (r *ImageGenerator) validatePeerPodsConfigs() error {
 
 func checkKeysPresentAndNotEmpty(data interface{}, keys []string) bool {
 	// Convert the input map to a map[string]string
-	var strMap map[string]string
-
-	switch v := data.(type) {
-	case map[string]string:
-		strMap = v
-	case map[string][]byte:
-		strMap = make(map[string]string)
-		for key, value := range v {
-			strMap[key] = string(value)
-		}
-	default:
-		// Unsupported type
+	strMap := toStrMap(data)
+	if strMap == nil {
 		return false
 	}
 
@@ -708,6 +718,49 @@ func checkKeysPresentAndNotEmpty(data interface{}, keys []string) bool {
 	return true
 }
 
+// checkAnyKeyPresentWithValue checks if any of the specified keys are present in the input map
+// and have non-empty string values.
+// It accepts a map of type map[string][]byte or map[string]string as `data`,
+// and a slice of keys to search for.
+// Returns true if any key exists in the map and its value is not an empty string.
+func checkAnyKeyPresentWithValue(data interface{}, keys []string) bool {
+	// Convert the input to a map[string]string using a helper function.
+	strMap := toStrMap(data)
+	if strMap == nil {
+		return false // Return false if conversion fails.
+	}
+
+	// Iterate over the list of keys and check if any key exists with a non-empty value.
+	for _, key := range keys {
+		value, ok := strMap[key]
+		if ok && value != "" {
+			return true // Found a key with a non-empty value.
+		}
+	}
+
+	igLogger.Info("checkAnyKeyPresentWithValue: no key is present or has non-empty value", "searchedKeys", keys)
+
+	return false // No matching key with a non-empty value found.
+}
+
+func toStrMap(data interface{}) map[string]string {
+	var strMap map[string]string
+
+	switch v := data.(type) {
+	case map[string]string:
+		strMap = v
+	case map[string][]byte:
+		strMap = make(map[string]string)
+		for key, value := range v {
+			strMap[key] = string(value)
+		}
+	default:
+		// Unsupported type
+		return nil
+	}
+	return strMap
+}
+
 func (r *ImageGenerator) getImageConfigMapName() string {
 	return r.provider + "-podvm-image-cm"
 }
@@ -716,6 +769,7 @@ func (r *ImageGenerator) getImageConfigMapName() string {
 // azure-podvm-image-cm.yaml for Azure
 // aws-podvm-image-cm.yaml for AWS
 // libvirt-podvm-image-cm.yaml for Libvirt
+// ibmcloud-podvm-image-cm.yaml for IBM Cloud
 // Returns error if the ConfigMap creation fails
 
 func (r *ImageGenerator) createImageConfigMapFromFile() error {