From 6081335d8508f3f16113585d61341f0ad0dcaf63 Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:46:47 +0000 Subject: [PATCH] refactor: Determine which Azure environment should be used. --- controller/aks-cluster-config-handler.go | 13 ++--- controller/external.go | 13 ++--- pkg/aks/client.go | 64 +++++------------------- pkg/utils/convert.go | 4 +- 4 files changed, 24 insertions(+), 70 deletions(-) diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go index e60f3fbf..6a1fdc32 100644 --- a/controller/aks-cluster-config-handler.go +++ b/controller/aks-cluster-config-handler.go @@ -10,7 +10,6 @@ import ( "strings" "time" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" azcoreto "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4" @@ -960,26 +959,24 @@ func (h *Handler) getAzureClients(config *aksv1.AKSClusterConfig) error { return fmt.Errorf("error getting credentials: %w", err) } - //TODO: Determine which Azure Cloud to use - cloud := cloud.AzurePublic - clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud) + clientSecretCredential, err := aks.NewClientSecretCredential(credentials) if err != nil { return fmt.Errorf("error creating client secret credential: %w", err) } - clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud) + clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return fmt.Errorf("error creating managed cluster client: %w", err) } - rgClient, err := services.NewResourceGroupsClient(credentials.SubscriptionID, clientSecretCredential, cloud) + rgClient, err := services.NewResourceGroupsClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return fmt.Errorf("error creating resource group client: %w", err) } - agentPoolsClient, err := services.NewAgentPoolClient(credentials.SubscriptionID, clientSecretCredential, cloud) + agentPoolsClient, err := services.NewAgentPoolClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return fmt.Errorf("error creating agent pool client: %w", err) } - workplacesClient, err := services.NewWorkplacesClient(credentials.SubscriptionID, clientSecretCredential, cloud) + workplacesClient, err := services.NewWorkplacesClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return fmt.Errorf("error creating workplace client: %w", err) } diff --git a/controller/external.go b/controller/external.go index 1bdf4207..a83b05d1 100644 --- a/controller/external.go +++ b/controller/external.go @@ -4,7 +4,6 @@ import ( "context" "fmt" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" "github.com/rancher/aks-operator/pkg/aks" "github.com/rancher/aks-operator/pkg/aks/services" aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1" @@ -19,14 +18,12 @@ func GetClusterKubeConfig(ctx context.Context, secretsCache wranglerv1.SecretCac return nil, fmt.Errorf("error getting credentials secret: %w", err) } - //TODO: Determine which Azure Cloud to use - cloud := cloud.AzurePublic - clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud) + clientSecretCredential, err := aks.NewClientSecretCredential(credentials) if err != nil { return nil, fmt.Errorf("error creating client secret credential: %w", err) } - clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud) + clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return nil, fmt.Errorf("error creating managed cluster client: %w", err) } @@ -47,14 +44,12 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr return nil, fmt.Errorf("error getting credentials secret: %w", err) } - //TODO: Determine which Azure Cloud to use - cloud := cloud.AzurePublic - clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud) + clientSecretCredential, err := aks.NewClientSecretCredential(credentials) if err != nil { return nil, fmt.Errorf("error creating client secret credential: %w", err) } - clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud) + clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud) if err != nil { return nil, fmt.Errorf("error creating managed cluster client: %w", err) } diff --git a/pkg/aks/client.go b/pkg/aks/client.go index f29d16be..a064ba39 100644 --- a/pkg/aks/client.go +++ b/pkg/aks/client.go @@ -10,12 +10,8 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-11-01/containerservice" "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-11-01/subscriptions" - "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/azure" - "github.com/Azure/go-autorest/autorest/to" aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1" "github.com/rancher/aks-operator/pkg/utils" wranglerv1 "github.com/rancher/wrangler/v2/pkg/generated/controllers/core/v1" @@ -43,38 +39,17 @@ type Credentials struct { TenantID string ClientID string ClientSecret string + Cloud cloud.Configuration } -func NewClientSecretCredential(cred *Credentials, cloud cloud.Configuration) (*azidentity.ClientSecretCredential, error) { +func NewClientSecretCredential(cred *Credentials) (*azidentity.ClientSecretCredential, error) { return azidentity.NewClientSecretCredential(cred.TenantID, cred.ClientID, cred.ClientSecret, &azidentity.ClientSecretCredentialOptions{ ClientOptions: azcore.ClientOptions{ - Cloud: cloud, + Cloud: cred.Cloud, }, }) } -func NewClientAuthorizer(cred *Credentials) (autorest.Authorizer, error) { - if cred.AuthBaseURL == nil { - cred.AuthBaseURL = to.StringPtr(azure.PublicCloud.ActiveDirectoryEndpoint) - } - - if cred.BaseURL == nil { - cred.BaseURL = to.StringPtr(azure.PublicCloud.ResourceManagerEndpoint) - } - - oauthConfig, err := adal.NewOAuthConfig(to.String(cred.AuthBaseURL), cred.TenantID) - if err != nil { - return nil, err - } - - spToken, err := adal.NewServicePrincipalToken(*oauthConfig, cred.ClientID, cred.ClientSecret, to.String(cred.BaseURL)) - if err != nil { - return nil, fmt.Errorf("couldn't authenticate to Azure cloud with error: %v", err) - } - - return autorest.NewBearerAuthorizer(spToken), nil -} - func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient, spec *aksv1.AKSClusterConfigSpec) (*Credentials, error) { var cred Credentials @@ -96,7 +71,7 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient, if secret.Data["azurecredentialConfig-environment"] != nil { clientEnvironment = string(secret.Data["azurecredentialConfig-environment"]) } - azureEnvironment := GetEnvironment(clientEnvironment) + cloud, env := GetEnvironment(clientEnvironment) cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential" if subscriptionIDBytes == nil { @@ -113,8 +88,9 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient, cred.SubscriptionID = string(subscriptionIDBytes) cred.ClientID = string(clientIDBytes) cred.ClientSecret = string(clientSecretBytes) - cred.AuthBaseURL = &azureEnvironment.ActiveDirectoryEndpoint - cred.BaseURL = &azureEnvironment.ResourceManagerEndpoint + cred.Cloud = cloud + cred.AuthBaseURL = &env.ActiveDirectoryEndpoint + cred.BaseURL = &env.ResourceManagerEndpoint if cred.TenantID == "" { cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret) @@ -153,9 +129,9 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret if secret.Data["azurecredentialConfig-environment"] != nil { clientEnvironment = string(secret.Data["azurecredentialConfig-environment"]) } - azureEnvironment := GetEnvironment(clientEnvironment) + _, env := GetEnvironment(clientEnvironment) - tenantID, err := FindTenantID(ctx, azureEnvironment, subscriptionID) + tenantID, err := FindTenantID(ctx, env, subscriptionID) if err != nil { return "", err } @@ -172,28 +148,14 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret return tenantID, err } -func NewClusterClient(cred *Credentials) (*containerservice.ManagedClustersClient, error) { - authorizer, err := NewClientAuthorizer(cred) - if err != nil { - return nil, err - } - - client := containerservice.NewManagedClustersClientWithBaseURI(to.String(cred.BaseURL), cred.SubscriptionID) - client.Authorizer = authorizer - - return &client, nil -} - -func GetEnvironment(env string) azure.Environment { +func GetEnvironment(env string) (cloud.Configuration, azure.Environment) { switch env { - case "AzureGermanCloud": - return azure.GermanCloud case "AzureChinaCloud": - return azure.ChinaCloud + return cloud.AzureChina, azure.ChinaCloud case "AzureUSGovernmentCloud": - return azure.USGovernmentCloud + return cloud.AzureGovernment, azure.USGovernmentCloud default: - return azure.PublicCloud + return cloud.AzurePublic, azure.PublicCloud } } diff --git a/pkg/utils/convert.go b/pkg/utils/convert.go index 6b9b9ad8..86fd6622 100644 --- a/pkg/utils/convert.go +++ b/pkg/utils/convert.go @@ -3,7 +3,7 @@ package utils import "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" func ConvertToSliceOfPointers[T any](ptrToSlice *[]T) []*T { - var ret []*T + ret := make([]*T, 0) if ptrToSlice == nil { return ret } @@ -16,7 +16,7 @@ func ConvertToSliceOfPointers[T any](ptrToSlice *[]T) []*T { } func ConvertToPointerOfSlice[T any](sliceToPtr []*T) *[]T { - var ret []T + ret := make([]T, 0) if sliceToPtr == nil { return nil }