From 0205e7ccb2fa4d0ceed2528b08e666d54fe9cd1c Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Thu, 13 Jul 2023 03:42:45 +0300
Subject: [PATCH] Add ramen cloud credentials secret in managed clusters

We configured ramen to access velero cloud-credentials secret:

    veleroNamespaceSecretKeyRef:
      key: cloud
      name: cloud-credentials

Using the secret created by `velero install`. However this secret is
installed in `velero` namespace and we need it in `ramen-system`
namespace.

Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 ramenctl/ramenctl/config.py                   | 22 +++++++++++++++++++
 .../resources/cloud-credentials-secret.yaml   | 12 ++++++++++
 ramenctl/ramenctl/unconfig.py                 | 13 +++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 ramenctl/ramenctl/resources/cloud-credentials-secret.yaml

diff --git a/ramenctl/ramenctl/config.py b/ramenctl/ramenctl/config.py
index d4626f872f..08a4778221 100644
--- a/ramenctl/ramenctl/config.py
+++ b/ramenctl/ramenctl/config.py
@@ -40,6 +40,28 @@ def run(args):
         log=command.debug,
     )
 
+    command.debug(
+        "Getting velero cloud credentials from cluster '%s'",
+        env["clusters"][0],
+    )
+    cloud = kubectl.get(
+        "secret/cloud-credentials",
+        "--namespace=velero",
+        "--output=jsonpath={.data.cloud}",
+        context=env["clusters"][0],
+    )
+    template = drenv.template(command.resource("cloud-credentials-secret.yaml"))
+    yaml = template.substitute(cloud=cloud, namespace=args.ramen_namespace)
+
+    for cluster in env["clusters"]:
+        command.info("Creating cloud credentials secret in cluster '%s'", cluster)
+        kubectl.apply(
+            "--filename=-",
+            input=yaml,
+            context=cluster,
+            log=command.debug,
+        )
+
     command.info("Updating ramen config map")
     template = drenv.template(command.resource("configmap.yaml"))
     yaml = template.substitute(
diff --git a/ramenctl/ramenctl/resources/cloud-credentials-secret.yaml b/ramenctl/ramenctl/resources/cloud-credentials-secret.yaml
new file mode 100644
index 0000000000..299a553499
--- /dev/null
+++ b/ramenctl/ramenctl/resources/cloud-credentials-secret.yaml
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: The RamenDR authors
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: cloud-credentials
+  namespace: $namespace
+data:
+  cloud: $cloud
diff --git a/ramenctl/ramenctl/unconfig.py b/ramenctl/ramenctl/unconfig.py
index bf1b748a56..e12f09d91f 100644
--- a/ramenctl/ramenctl/unconfig.py
+++ b/ramenctl/ramenctl/unconfig.py
@@ -47,3 +47,16 @@ def run(args):
         context=env["hub"],
         log=command.debug,
     )
+
+    template = drenv.template(command.resource("cloud-credentials-secret.yaml"))
+    yaml = template.substitute(cloud="", namespace=args.ramen_namespace)
+
+    for cluster in env["clusters"]:
+        command.info("Deleting cloud credentials secret in cluster '%s'", cluster)
+        kubectl.delete(
+            "--filename=-",
+            "--ignore-not-found",
+            input=yaml,
+            context=cluster,
+            log=command.debug,
+        )