From 72b62f3dc74215d2219b37f629b047f8a0354e18 Mon Sep 17 00:00:00 2001
From: Travis Rhoden <trhoden@vmware.com>
Date: Tue, 17 Mar 2020 14:12:57 -0600
Subject: [PATCH] capi: Allow CNI checksum to be overridden

When installing CNI from an http source, allow the checksum to be passed
in as an ansible extra_var.
---
 images/capi/ansible/roles/kubernetes/defaults/main.yml | 2 ++
 images/capi/ansible/roles/kubernetes/tasks/url.yml     | 2 +-
 images/capi/packer/config/ansible-args.json            | 2 +-
 images/capi/packer/config/cni.json                     | 5 +++--
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/images/capi/ansible/roles/kubernetes/defaults/main.yml b/images/capi/ansible/roles/kubernetes/defaults/main.yml
index 97f329e1f2..c6de461228 100644
--- a/images/capi/ansible/roles/kubernetes/defaults/main.yml
+++ b/images/capi/ansible/roles/kubernetes/defaults/main.yml
@@ -27,3 +27,5 @@ kubernetes_imgs:
 - pause.tar
 - coredns.tar
 - etcd.tar
+
+kubernetes_cni_http_checksum: "sha1:{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz.sha1"
diff --git a/images/capi/ansible/roles/kubernetes/tasks/url.yml b/images/capi/ansible/roles/kubernetes/tasks/url.yml
index f902f9dbd9..90b455a261 100644
--- a/images/capi/ansible/roles/kubernetes/tasks/url.yml
+++ b/images/capi/ansible/roles/kubernetes/tasks/url.yml
@@ -34,7 +34,7 @@
 - name: Download CNI tarball
   get_url:
     url: "{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz"
-    checksum: "sha1:{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz.sha1"
+    checksum: "{{ kubernetes_cni_http_checksum }}"
     dest: /tmp/cni.tar.gz
     mode: 0755
     owner: root
diff --git a/images/capi/packer/config/ansible-args.json b/images/capi/packer/config/ansible-args.json
index 88a49e1ffc..f4ad8d45cd 100644
--- a/images/capi/packer/config/ansible-args.json
+++ b/images/capi/packer/config/ansible-args.json
@@ -1,3 +1,3 @@
 {
-  "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} disable_public_repos={{user `disable_public_repos`}} extra_debs={{user `extra_debs`}} extra_repos={{user `extra_repos`}} extra_rpms={{user `extra_rpms`}} http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}}"
+  "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} disable_public_repos={{user `disable_public_repos`}} extra_debs={{user `extra_debs`}} extra_repos={{user `extra_repos`}} extra_rpms={{user `extra_rpms`}} http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}}"
 }
diff --git a/images/capi/packer/config/cni.json b/images/capi/packer/config/cni.json
index 2f55af8e35..e2fe8b9b3d 100644
--- a/images/capi/packer/config/cni.json
+++ b/images/capi/packer/config/cni.json
@@ -3,5 +3,6 @@
     "kubernetes_cni_rpm_version": "0.7.5-0",
     "kubernetes_cni_deb_version": "0.7.5-00",
     "kubernetes_cni_source_type": "pkg",
-    "kubernetes_cni_http_source": "https://github.com/containernetworking/plugins/releases/download"
-}
\ No newline at end of file
+    "kubernetes_cni_http_source": "https://github.com/containernetworking/plugins/releases/download",
+    "kubernetes_cni_http_checksum": "sha256:https://github.com/containernetworking/plugins/releases/download/v0.7.5/cni-plugins-amd64-v0.7.5.tgz.sha256"
+}