refactor: Determine which Azure environment should be used.

rancher · Mar 25, 2024 · 6081335 · 6081335
1 parent 32317db
commit 6081335
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 70 deletions.
diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	azcoreto "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
@@ -960,26 +959,24 @@ func (h *Handler) getAzureClients(config *aksv1.AKSClusterConfig) error {
 		return fmt.Errorf("error getting credentials: %w", err)
 	}
 
-	//TODO: Determine which Azure Cloud to use
-	cloud := cloud.AzurePublic
-	clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud)
+	clientSecretCredential, err := aks.NewClientSecretCredential(credentials)
 	if err != nil {
 		return fmt.Errorf("error creating client secret credential: %w", err)
 	}
 
-	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return fmt.Errorf("error creating managed cluster client: %w", err)
 	}
-	rgClient, err := services.NewResourceGroupsClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	rgClient, err := services.NewResourceGroupsClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return fmt.Errorf("error creating resource group client: %w", err)
 	}
-	agentPoolsClient, err := services.NewAgentPoolClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	agentPoolsClient, err := services.NewAgentPoolClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return fmt.Errorf("error creating agent pool client: %w", err)
 	}
-	workplacesClient, err := services.NewWorkplacesClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	workplacesClient, err := services.NewWorkplacesClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return fmt.Errorf("error creating workplace client: %w", err)
 	}

diff --git a/controller/external.go b/controller/external.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/rancher/aks-operator/pkg/aks"
 	"github.com/rancher/aks-operator/pkg/aks/services"
 	aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1"
@@ -19,14 +18,12 @@ func GetClusterKubeConfig(ctx context.Context, secretsCache wranglerv1.SecretCac
 		return nil, fmt.Errorf("error getting credentials secret: %w", err)
 	}
 
-	//TODO: Determine which Azure Cloud to use
-	cloud := cloud.AzurePublic
-	clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud)
+	clientSecretCredential, err := aks.NewClientSecretCredential(credentials)
 	if err != nil {
 		return nil, fmt.Errorf("error creating client secret credential: %w", err)
 	}
 
-	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return nil, fmt.Errorf("error creating managed cluster client: %w", err)
 	}
@@ -47,14 +44,12 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
 		return nil, fmt.Errorf("error getting credentials secret: %w", err)
 	}
 
-	//TODO: Determine which Azure Cloud to use
-	cloud := cloud.AzurePublic
-	clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud)
+	clientSecretCredential, err := aks.NewClientSecretCredential(credentials)
 	if err != nil {
 		return nil, fmt.Errorf("error creating client secret credential: %w", err)
 	}
 
-	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return nil, fmt.Errorf("error creating managed cluster client: %w", err)
 	}

diff --git a/pkg/aks/client.go b/pkg/aks/client.go
@@ -10,12 +10,8 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-11-01/containerservice"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-11-01/subscriptions"
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
-	"github.com/Azure/go-autorest/autorest/to"
 	aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1"
 	"github.com/rancher/aks-operator/pkg/utils"
 	wranglerv1 "github.com/rancher/wrangler/v2/pkg/generated/controllers/core/v1"
@@ -43,38 +39,17 @@ type Credentials struct {
 	TenantID       string
 	ClientID       string
 	ClientSecret   string
+	Cloud          cloud.Configuration
 }
 
-func NewClientSecretCredential(cred *Credentials, cloud cloud.Configuration) (*azidentity.ClientSecretCredential, error) {
+func NewClientSecretCredential(cred *Credentials) (*azidentity.ClientSecretCredential, error) {
 	return azidentity.NewClientSecretCredential(cred.TenantID, cred.ClientID, cred.ClientSecret, &azidentity.ClientSecretCredentialOptions{
 		ClientOptions: azcore.ClientOptions{
-			Cloud: cloud,
+			Cloud: cred.Cloud,
 		},
 	})
 }
 
-func NewClientAuthorizer(cred *Credentials) (autorest.Authorizer, error) {
-	if cred.AuthBaseURL == nil {
-		cred.AuthBaseURL = to.StringPtr(azure.PublicCloud.ActiveDirectoryEndpoint)
-	}
-
-	if cred.BaseURL == nil {
-		cred.BaseURL = to.StringPtr(azure.PublicCloud.ResourceManagerEndpoint)
-	}
-
-	oauthConfig, err := adal.NewOAuthConfig(to.String(cred.AuthBaseURL), cred.TenantID)
-	if err != nil {
-		return nil, err
-	}
-
-	spToken, err := adal.NewServicePrincipalToken(*oauthConfig, cred.ClientID, cred.ClientSecret, to.String(cred.BaseURL))
-	if err != nil {
-		return nil, fmt.Errorf("couldn't authenticate to Azure cloud with error: %v", err)
-	}
-
-	return autorest.NewBearerAuthorizer(spToken), nil
-}
-
 func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient, spec *aksv1.AKSClusterConfigSpec) (*Credentials, error) {
 	var cred Credentials
 
@@ -96,7 +71,7 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient,
 	if secret.Data["azurecredentialConfig-environment"] != nil {
 		clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
 	}
-	azureEnvironment := GetEnvironment(clientEnvironment)
+	cloud, env := GetEnvironment(clientEnvironment)
 
 	cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential"
 	if subscriptionIDBytes == nil {
@@ -113,8 +88,9 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient,
 	cred.SubscriptionID = string(subscriptionIDBytes)
 	cred.ClientID = string(clientIDBytes)
 	cred.ClientSecret = string(clientSecretBytes)
-	cred.AuthBaseURL = &azureEnvironment.ActiveDirectoryEndpoint
-	cred.BaseURL = &azureEnvironment.ResourceManagerEndpoint
+	cred.Cloud = cloud
+	cred.AuthBaseURL = &env.ActiveDirectoryEndpoint
+	cred.BaseURL = &env.ResourceManagerEndpoint
 
 	if cred.TenantID == "" {
 		cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret)
@@ -153,9 +129,9 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	if secret.Data["azurecredentialConfig-environment"] != nil {
 		clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
 	}
-	azureEnvironment := GetEnvironment(clientEnvironment)
+	_, env := GetEnvironment(clientEnvironment)
 
-	tenantID, err := FindTenantID(ctx, azureEnvironment, subscriptionID)
+	tenantID, err := FindTenantID(ctx, env, subscriptionID)
 	if err != nil {
 		return "", err
 	}
@@ -172,28 +148,14 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	return tenantID, err
 }
 
-func NewClusterClient(cred *Credentials) (*containerservice.ManagedClustersClient, error) {
-	authorizer, err := NewClientAuthorizer(cred)
-	if err != nil {
-		return nil, err
-	}
-
-	client := containerservice.NewManagedClustersClientWithBaseURI(to.String(cred.BaseURL), cred.SubscriptionID)
-	client.Authorizer = authorizer
-
-	return &client, nil
-}
-
-func GetEnvironment(env string) azure.Environment {
+func GetEnvironment(env string) (cloud.Configuration, azure.Environment) {
 	switch env {
-	case "AzureGermanCloud":
-		return azure.GermanCloud
 	case "AzureChinaCloud":
-		return azure.ChinaCloud
+		return cloud.AzureChina, azure.ChinaCloud
 	case "AzureUSGovernmentCloud":
-		return azure.USGovernmentCloud
+		return cloud.AzureGovernment, azure.USGovernmentCloud
 	default:
-		return azure.PublicCloud
+		return cloud.AzurePublic, azure.PublicCloud
 	}
 }
 

diff --git a/pkg/utils/convert.go b/pkg/utils/convert.go
@@ -3,7 +3,7 @@ package utils
 import "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 
 func ConvertToSliceOfPointers[T any](ptrToSlice *[]T) []*T {
-	var ret []*T
+	ret := make([]*T, 0)
 	if ptrToSlice == nil {
 		return ret
 	}
@@ -16,7 +16,7 @@ func ConvertToSliceOfPointers[T any](ptrToSlice *[]T) []*T {
 }
 
 func ConvertToPointerOfSlice[T any](sliceToPtr []*T) *[]T {
-	var ret []T
+	ret := make([]T, 0)
 	if sliceToPtr == nil {
 		return nil
 	}