From 9f9f0ebdd4933a47056632b78763347909edea59 Mon Sep 17 00:00:00 2001
From: Ramesh Sencha <ramesh.sencha@perforce.com>
Date: Mon, 5 Jun 2023 17:22:27 +0530
Subject: [PATCH] (CONT-585) allow deferred function for auth password

---
 REFERENCE.md                                  |  4 +-
 manifests/init.pp                             |  4 +-
 manifests/packages.pp                         | 26 ++++-
 spec/classes/packages_spec.rb                 | 20 ++--
 .../{config.toml.erb => config.toml.epp}      | 98 +++++++++----------
 5 files changed, 85 insertions(+), 67 deletions(-)
 rename templates/containerd/{config.toml.erb => config.toml.epp} (68%)

diff --git a/REFERENCE.md b/REFERENCE.md
index 84b6deac..29be4d6e 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -626,7 +626,7 @@ the files if they do not exist.
 [*containerd_config_template*]
   The template to use for containerd configuration
   This value is ignored if containerd_config_source is defined
-  Default to 'kubernetes/containerd/config.toml.erb'
+  Default to 'kubernetes/containerd/config.toml.epp'
 
 [*containerd_config_source*]
   The source of the containerd configuration
@@ -1946,7 +1946,7 @@ Data type: `String`
 
 
 
-Default value: `'kubernetes/containerd/config.toml.erb'`
+Default value: `'kubernetes/containerd/config.toml.epp'`
 
 ##### <a name="-kubernetes--containerd_socket"></a>`containerd_socket`
 
diff --git a/manifests/init.pp b/manifests/init.pp
index 468eed4c..303a75e9 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -53,7 +53,7 @@
 # [*containerd_config_template*]
 #   The template to use for containerd configuration
 #   This value is ignored if containerd_config_source is defined
-#   Default to 'kubernetes/containerd/config.toml.erb'
+#   Default to 'kubernetes/containerd/config.toml.epp'
 #
 # [*containerd_config_source*]
 #   The source of the containerd configuration
@@ -686,7 +686,7 @@
   Optional[String] $containerd_archive_checksum           = undef,
   String $containerd_source                               =
     "https://github.com/containerd/containerd/releases/download/v${containerd_version}/${containerd_archive}",
-  String $containerd_config_template                      = 'kubernetes/containerd/config.toml.erb',
+  String $containerd_config_template                      = 'kubernetes/containerd/config.toml.epp',
   Variant[Stdlib::Unixpath, String] $containerd_socket    = '/run/containerd/containerd.sock',
   Optional[String] $containerd_config_source              = undef,
   Hash $containerd_plugins_registry                       = {
diff --git a/manifests/packages.pp b/manifests/packages.pp
index 82174b04..bfebd568 100644
--- a/manifests/packages.pp
+++ b/manifests/packages.pp
@@ -55,7 +55,7 @@
 #   Defaults to https://github.com/containerd/containerd/releases/download/v${containerd_version}/${containerd_archive}
 # @param containerd_config_template
 #   The template to use for containerd configuration
-#   This value is ignored if containerd_config_source is defined. Default to 'kubernetes/containerd/config.toml.erb'
+#   This value is ignored if containerd_config_source is defined. Default to 'kubernetes/containerd/config.toml.epp'
 # @param containerd_config_source
 #   The source of the containerd configuration
 #   This value overrides containerd_config_template. Default to undef
@@ -350,7 +350,13 @@
         if $containerd_config_source {
           $_containerd_config_content = undef
         } else {
-          $_containerd_config_content = template($containerd_config_template)
+          $_containerd_config_content = stdlib::deferrable_epp($containerd_config_template, {
+              'containerd_plugins_registry' => $containerd_plugins_registry,
+              'containerd_socket' => $containerd_socket,
+              'containerd_sandbox_image' => $containerd_sandbox_image,
+              'docker_cgroup_driver' => $docker_cgroup_driver,
+              'containerd_default_runtime_name' => $containerd_default_runtime_name,
+          })
         }
         # Generate using 'containerd config default'
         file { '/etc/containerd/config.toml':
@@ -379,7 +385,13 @@
         if $containerd_config_source {
           $_containerd_config_content = undef
         } else {
-          $_containerd_config_content = template($containerd_config_template)
+          $_containerd_config_content = stdlib::deferrable_epp($containerd_config_template, {
+              'containerd_plugins_registry' => $containerd_plugins_registry,
+              'containerd_socket' => $containerd_socket,
+              'containerd_sandbox_image' => $containerd_sandbox_image,
+              'docker_cgroup_driver' => $docker_cgroup_driver,
+              'containerd_default_runtime_name' => $containerd_default_runtime_name,
+          })
         }
         # Generate using 'containerd config default'
         file { '/etc/containerd/config.toml':
@@ -430,7 +442,13 @@
       owner   => 'root',
       group   => 'root',
       mode    => '0644',
-      content => template('kubernetes/containerd/config.toml.erb'),
+      content => stdlib::deferrable_epp('kubernetes/containerd/config.toml.epp', {
+          'containerd_plugins_registry'     => $containerd_plugins_registry,
+          'containerd_socket'               => $containerd_socket,
+          'containerd_sandbox_image'        => $containerd_sandbox_image,
+          'docker_cgroup_driver'            => $docker_cgroup_driver,
+          'containerd_default_runtime_name' => $containerd_default_runtime_name,
+      }),
       require => [File['/etc/containerd'], Archive[$containerd_archive]],
       notify  => Service['containerd'],
     }
diff --git a/spec/classes/packages_spec.rb b/spec/classes/packages_spec.rb
index bd2e2a4e..8d656dfe 100644
--- a/spec/classes/packages_spec.rb
+++ b/spec/classes/packages_spec.rb
@@ -44,7 +44,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -145,7 +145,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -245,7 +245,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -466,7 +466,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'nvidia',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -549,7 +549,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -648,7 +648,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -753,7 +753,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -835,7 +835,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -930,7 +930,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
@@ -1030,7 +1030,7 @@
         'containerd_package_name' => 'containerd.io',
         'containerd_archive' => 'containerd-1.4.3-linux-amd64.tar.gz',
         'containerd_source' => 'https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz',
-        'containerd_config_template' => 'kubernetes/containerd/config.toml.erb',
+        'containerd_config_template' => 'kubernetes/containerd/config.toml.epp',
         'containerd_default_runtime_name' => 'runc',
         'etcd_archive' => 'etcd-v3.1.12-linux-amd64.tar.gz',
         'etcd_source' => 'https://github.com/etcd-v3.1.12.tar.gz',
diff --git a/templates/containerd/config.toml.erb b/templates/containerd/config.toml.epp
similarity index 68%
rename from templates/containerd/config.toml.erb
rename to templates/containerd/config.toml.epp
index 948c7d23..6b34d116 100644
--- a/templates/containerd/config.toml.erb
+++ b/templates/containerd/config.toml.epp
@@ -7,7 +7,7 @@ required_plugins = []
 oom_score = 0
 
 [grpc]
-  address = "<%= @containerd_socket -%>"
+  address = "<%= $containerd_socket -%>"
   tcp_address = ""
   tcp_tls_cert = ""
   tcp_tls_key = ""
@@ -54,7 +54,7 @@ oom_score = 0
     stream_idle_timeout = "4h0m0s"
     enable_selinux = false
     selinux_category_range = 1024
-    sandbox_image = "<%= @containerd_sandbox_image %>"
+    sandbox_image = "<%= $containerd_sandbox_image %>"
     stats_collect_period = 10
     systemd_cgroup = false
     enable_tls_streaming = false
@@ -70,7 +70,7 @@ oom_score = 0
     ignore_image_defined_volumes = false
     [plugins."io.containerd.grpc.v1.cri".containerd]
       snapshotter = "overlayfs"
-      default_runtime_name = "<%= @containerd_default_runtime_name %>"
+      default_runtime_name = "<%= $containerd_default_runtime_name %>"
       no_pivot = false
       disable_snapshot_annotations = true
       discard_unpacked_layers = false
@@ -94,10 +94,10 @@ oom_score = 0
           privileged_without_host_devices = false
           base_runtime_spec = ""
           [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-<%- if @docker_cgroup_driver == 'systemd' -%>
+<% if $docker_cgroup_driver == 'systemd' { -%>
             SystemdCgroup = true
-<%- end -%>
-<%- if @containerd_default_runtime_name == 'nvidia' -%>
+<% } -%>
+<% if $containerd_default_runtime_name == 'nvidia' { -%>
         [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
           runtime_type = "io.containerd.runc.v2"
           runtime_engine = ""
@@ -106,7 +106,7 @@ oom_score = 0
           base_runtime_spec = ""
           [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
             BinaryName = "/usr/bin/nvidia-container-runtime"
-<%- end -%>
+<% } -%>
     [plugins."io.containerd.grpc.v1.cri".cni]
       bin_dir = "/opt/cni/bin"
       conf_dir = "/etc/cni/net.d"
@@ -114,49 +114,49 @@ oom_score = 0
       conf_template = ""
     [plugins."io.containerd.grpc.v1.cri".registry]
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-      <%- @containerd_plugins_registry.each do |registry, sections| -%>
-      <%- if sections['mirrors'] and not sections['mirrors'].empty? -%>
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."<%= registry %>"]
-        <%- if sections['mirrors']['endpoint'] -%>
-          endpoint = ["<%= sections['mirrors']['endpoint'] %>"]
-        <%- end -%>
-      <%- end -%>
-      <%- end -%>
+      <% $containerd_plugins_registry.map |Any $registry, Any $sections| { -%>
+      <% if $sections['mirrors'] and !$sections['mirrors'].empty { -%>
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."<%= $registry %>"]
+        <% if $sections['mirrors']['endpoint'] { -%>
+          endpoint = ["<%= $sections['mirrors']['endpoint'] %>"]
+        <% } -%>
+      <% } -%>
+      <% } -%>
       [plugins."io.containerd.grpc.v1.cri".registry.configs]
-      <%- @containerd_plugins_registry.each do |registry, sections| -%>
-      <%- if sections['auth'] and not sections['auth'].empty? -%>
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."<%= registry %>".auth]
-        <%- if sections['auth']['username'] -%>
-          username = "<%= sections['auth']['username'] %>"
-        <%- end -%>
-        <%- if sections['auth']['password'] -%>
-          password = "<%= sections['auth']['password'] %>"
-        <%- end -%>
-        <%- if sections['auth']['auth'] -%>
-          auth = "<%= sections['auth']['auth'] %>"
-        <%- end -%>
-        <%- if sections['auth']['identitytoken'] -%>
-          identitytoken = "<%= sections['auth']['identitytoken'] %>"
-        <%- end -%>
-      <%- end -%>
-      <%- end -%>
-      <%- @containerd_plugins_registry.each do |registry, sections| -%>
-      <%- if sections['tls'] and not sections['tls'].empty? -%>
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."<%= registry %>".tls]
-        <%- if sections['tls']['ca_file'] -%>
-          ca_file = "<%= sections['tls']['ca_file'] %>"
-        <%- end -%>
-        <%- if sections['tls']['cert_file'] -%>
-          cert_file = "<%= sections['tls']['cert_file'] %>"
-        <%- end -%>
-        <%- if sections['tls']['key_file'] -%>
-          key_file = "<%= sections['tls']['key_file'] %>"
-        <%- end -%>
-        <%- if sections['tls']['insecure_skip_verify'] -%>
-          insecure_skip_verify = <%= sections['tls']['insecure_skip_verify'] %>
-        <%- end -%>
-      <%- end -%>
-      <%- end -%>
+      <% $containerd_plugins_registry.map |Any $registry, Any $sections| { -%>
+      <% if $sections['auth'] and !$sections['auth'].empty { -%>
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."<%= $registry %>".auth]
+        <% if $sections['auth']['username'] { -%>
+          username = "<%= $sections['auth']['username'] %>"
+        <% } -%>
+        <% if $sections['auth']['password'] { -%>
+          password = "<%= $sections['auth']['password'] %>"
+        <% } -%>
+        <% if $sections['auth']['auth'] { -%>
+          auth = "<%= $sections['auth']['auth'] %>"
+        <% } -%>
+        <% if $sections['auth']['identitytoken'] { -%>
+          identitytoken = "<%= $sections['auth']['identitytoken'] %>"
+        <% } -%>
+      <% } -%>
+      <% } -%>
+      <% $containerd_plugins_registry.map |Any $registry, Any $sections| { -%>
+      <% if $sections['tls'] and !$sections['tls'].empty { -%>
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."<%= $registry %>".tls]
+        <% if $sections['tls']['ca_file'] { -%>
+          ca_file = "<%= $sections['tls']['ca_file'] %>"
+        <% } -%>
+        <% if $sections['tls']['cert_file'] { -%>
+          cert_file = "<%= $sections['tls']['cert_file'] %>"
+        <% } -%>
+        <% if $sections['tls']['key_file'] { -%>
+          key_file = "<%= $sections['tls']['key_file'] %>"
+        <% } -%>
+        <% if $sections['tls']['insecure_skip_verify'] { -%>
+          insecure_skip_verify = <%= $sections['tls']['insecure_skip_verify'] %>
+        <% } -%>
+      <% } -%>
+      <% } -%>
     [plugins."io.containerd.grpc.v1.cri".image_decryption]
       key_model = ""
     [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]