VSphereCPIConfig derives the insecure flags from the TLS thumbprint in cluster variable.

[HanFa]

What this PR does / why we need it

This PR changes the data values reconcile logics in the VSphereCPIConfig controller.

First, in the reconcile loop, the tlsthumbprint will be resolved in the following priority

• spec.vsphereCPI.thumbprint in the VSphereCPIConfig CR that user specified
• thumbprint derived from the cluster variables

Second, the controller then determine the value of insecureFlag, and make it possible to be overriden if user specifies in spec.vsphereCPI.insecure.

Which issue(s) this PR fixes

#3381

This PR aims to fix cpi package reconcilation error vsphereCPI tlsThumbprint should be provided when insecureFlag is False

Describe testing done for PR

Release note

package-based-lcm: VSphereCPIConfig derives the insecure flags from the TLS thumbprint in cluster variable.

Additional information

Special notes for your reviewer

[codecov]

Codecov Report

Merging #3300 (06011a6) into main (81ab277) will increase coverage by 4.87%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3300      +/-   ##
==========================================
+ Coverage   46.70%   51.58%   +4.87%     
==========================================
  Files         281      122     -159     
  Lines       29654    11197   -18457     
==========================================
- Hits        13850     5776    -8074     
+ Misses      14553     4942    -9611     
+ Partials     1251      479     -772     

Impacted Files	Coverage Δ
addons/controllers/machine_controller.go	65.65% <0.00%> (-3.04%)	⬇️
addons/controllers/clusterbootstrap_controller.go	63.52% <0.00%> (-1.63%)	⬇️
...ons/controllers/packageinstallstatus_controller.go	77.99% <0.00%> (-1.16%)	⬇️
pkg/v1/tkg/clusterclient/clusterclient.go
pkg/v1/tkg/cmd/common.go
pkg/v1/tkg/cmd/create.go
cmd/cli/plugin/feature/list.go
pkg/v1/cli/carvelhelpers/registry.go
pkg/v1/tkg/cmd/get_cluster.go
pkg/v1/tkg/tkgctl/describe_cluster.go
... and 152 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[adduarte]

Please add link to isue number this fixes with description of original problem.
Also not sure what will happen if

spec.vsphereCPI.thumbprint in the VSphereCPIConfig CR that user specified ="" (not provided)
&
thumbprint derived from the cluster variables = "" (not provided)
&
and user did not specify spec.vsphereCPI.insecure.

[HanFa]

Also not sure what will happen if

In that case, the final values of thumbprint is resolved to be empty. Hence, the insecure flag will be set to true with d.InsecureFlag = d.TLSThumbprint == ""

[adduarte]

Please make the error message a bit clearer, right now they don't quite match the logic. thanks.

[adduarte]

Please provide testing details to verify this patches fixes problem.

[adduarte]

Currently this patch will turn insecureFlag=True if thumbprintTLS is not available.
This is probably not a behavior we want. I could result in the connection being insecure without user knowing..
i.e. the absense of thumbprintTLS could be an oversight or bug.

[HanFa]

per @srm09, the insecure flag from CAPV will be deprecated. An empty string in thumbprint should imply to use insecure connection.

[vuil]

lgtm