Merge pull request #12861 from aklajnert/recursively_copy_certs

ignition: recursively copy cert files
2025-06-25 20:26:51 +08:00 · 2022-01-15 15:55:16 +01:00
parent a50d0837b6 420303b943
commit fff9e8755c
1 changed files with 46 additions and 39 deletions
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@ -1,3 +1,4 @@
+//go:build amd64 || arm64
 // +build amd64 arm64

 package machine
@ -423,46 +424,54 @@ func getCerts(certsDir string, isDir bool) []File {
 		files []File
 	)

-	certs, err := ioutil.ReadDir(certsDir)
 	if isDir {
-		if err == nil {
-			for _, cert := range certs {
-				b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
+		err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error {
+			if err == nil && !info.IsDir() {
+				certPath, err := filepath.Rel(certsDir, path)
 				if err != nil {
-					logrus.Warnf("Unable to read cert file %s", err.Error())
-					continue
+					logrus.Warnf("%s", err)
+					return nil
 				}
-				files = append(files, File{
-					Node: Node{
-						Group: getNodeGrp("root"),
-						Path:  filepath.Join("/etc/containers/certs.d/", cert.Name()),
-						User:  getNodeUsr("root"),
-					},
-					FileEmbedded1: FileEmbedded1{
-						Append: nil,
-						Contents: Resource{
-							Source: encodeDataURLPtr(string(b)),
-						},
-						Mode: intToPtr(0644),
-					},
+
+				file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath)
+				if err == nil {
+					files = append(files, file)
+				}
+			}
+
+			return nil
 		})
-			}
-		} else {
+		if err != nil {
 			if !os.IsNotExist(err) {
 				logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s:  %s", certsDir, err.Error())
 			}
 		}
 	} else {
 		fileName := filepath.Base(certsDir)
-		b, err := ioutil.ReadFile(certsDir)
+		file, err := prepareCertFile(certsDir, fileName)
+		if err == nil {
+			files = append(files, file)
+		}
+	}
+
+	return files
+}
+
+func prepareCertFile(path string, name string) (File, error) {
+	b, err := ioutil.ReadFile(path)
 	if err != nil {
 		logrus.Warnf("Unable to read cert file %s", err.Error())
-			return files
+		return File{}, err
 	}
-		files = append(files, File{
+
+	targetPath := filepath.Join("/etc/containers/certs.d", name)
+
+	logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath)
+
+	file := File{
 		Node: Node{
 			Group: getNodeGrp("root"),
-				Path:  filepath.Join("/etc/containers/certs.d/", fileName),
+			Path:  targetPath,
 			User:  getNodeUsr("root"),
 		},
 		FileEmbedded1: FileEmbedded1{
@ -472,10 +481,8 @@ func getCerts(certsDir string, isDir bool) []File {
 			},
 			Mode: intToPtr(0644),
 		},
-		})
 	}
-
-	return files
+	return file, nil
 }

 func getProxyVariables() string {