refactor: Determine which Azure environment should be used.

rancher · Mar 26, 2024 · 847b6f4 · 847b6f4
1 parent 32317db
commit 847b6f4
Show file tree

Hide file tree

Showing 16 changed files with 363 additions and 354 deletions.
diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
diff --git a/controller/aks-cluster-config-handler_test.go b/controller/aks-cluster-config-handler_test.go
@@ -6,7 +6,6 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
-	autorestto "github.com/Azure/go-autorest/autorest/to"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/rancher/aks-operator/pkg/aks"
@@ -247,20 +246,20 @@ var _ = Describe("validateConfig", func() {
 				NodePools: []aksv1.AKSNodePool{
 					{
 						Name:         to.Ptr("test1"),
-						Count:        autorestto.Int32Ptr(1),
-						MaxPods:      autorestto.Int32Ptr(1),
+						Count:        to.Ptr(int32(1)),
+						MaxPods:      to.Ptr(int32(1)),
 						VMSize:       "test",
-						OsDiskSizeGB: autorestto.Int32Ptr(1),
+						OsDiskSizeGB: to.Ptr(int32(1)),
 						OsDiskType:   "test",
 						Mode:         "System",
 						OsType:       "test",
 					},
 					{
 						Name:         to.Ptr("test2"),
-						Count:        autorestto.Int32Ptr(1),
-						MaxPods:      autorestto.Int32Ptr(1),
+						Count:        to.Ptr(int32(1)),
+						MaxPods:      to.Ptr(int32(1)),
 						VMSize:       "test",
-						OsDiskSizeGB: autorestto.Int32Ptr(1),
+						OsDiskSizeGB: to.Ptr(int32(1)),
 						OsDiskType:   "test",
 						Mode:         "User",
 						OsType:       "test",
@@ -518,10 +517,10 @@ var _ = Describe("createCluster", func() {
 				NodePools: []aksv1.AKSNodePool{
 					{
 						Name:         to.Ptr("test"),
-						Count:        autorestto.Int32Ptr(1),
-						MaxPods:      autorestto.Int32Ptr(1),
+						Count:        to.Ptr(int32(1)),
+						MaxPods:      to.Ptr(int32(1)),
 						VMSize:       "test",
-						OsDiskSizeGB: autorestto.Int32Ptr(1),
+						OsDiskSizeGB: to.Ptr(int32(1)),
 						OsDiskType:   "test",
 						Mode:         "System",
 						OsType:       "test",
@@ -795,19 +794,19 @@ var _ = Describe("buildUpstreamClusterState", func() {
 				AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
 					{
 						Name:                to.Ptr("test"),
-						Count:               autorestto.Int32Ptr(1),
-						MaxPods:             autorestto.Int32Ptr(1),
+						Count:               to.Ptr(int32(1)),
+						MaxPods:             to.Ptr(int32(1)),
 						VMSize:              to.Ptr("Standard_DS2_v2"),
-						OSDiskSizeGB:        autorestto.Int32Ptr(1),
+						OSDiskSizeGB:        to.Ptr(int32(1)),
 						OSType:              to.Ptr(armcontainerservice.OSTypeLinux),
 						Mode:                to.Ptr(armcontainerservice.AgentPoolModeUser),
 						OrchestratorVersion: to.Ptr("test"),
 						AvailabilityZones:   utils.ConvertToSliceOfPointers(to.Ptr([]string{"test"})),
-						EnableAutoScaling:   autorestto.BoolPtr(true),
-						MaxCount:            autorestto.Int32Ptr(1),
-						MinCount:            autorestto.Int32Ptr(1),
+						EnableAutoScaling:   to.Ptr(true),
+						MaxCount:            to.Ptr(int32(1)),
+						MinCount:            to.Ptr(int32(1)),
 						VnetSubnetID:        to.Ptr("test"),
-						NodeLabels:          *autorestto.StringMapPtr(map[string]string{"test": "test"}),
+						NodeLabels:          *aks.StringMapPtr(map[string]string{"test": "test"}),
 						NodeTaints:          utils.ConvertToSliceOfPointers(to.Ptr([]string{"test"})),
 						UpgradeSettings: &armcontainerservice.AgentPoolUpgradeSettings{
 							MaxSurge: to.Ptr("test"),
@@ -834,22 +833,22 @@ var _ = Describe("buildUpstreamClusterState", func() {
 				},
 				AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
 					"httpApplicationRouting": {
-						Enabled: autorestto.BoolPtr(true),
+						Enabled: to.Ptr(true),
 					},
 					"omsAgent": {
-						Enabled: autorestto.BoolPtr(true),
+						Enabled: to.Ptr(true),
 						Config: map[string]*string{
 							"logAnalyticsWorkspaceResourceID": to.Ptr("/workspaces/test/resourcegroups/test/"),
 						},
 					},
 				},
 				APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
-					EnablePrivateCluster: autorestto.BoolPtr(true),
+					EnablePrivateCluster: to.Ptr(true),
 					AuthorizedIPRanges:   utils.ConvertToSliceOfPointers(to.Ptr([]string{"test"})),
 					PrivateDNSZone:       to.Ptr("test-private-dns-zone-id"),
 				},
 			},
-			Tags: *autorestto.StringMapPtr(map[string]string{"test": "test"}),
+			Tags: *aks.StringMapPtr(map[string]string{"test": "test"}),
 		}
 
 		handler = &Handler{
@@ -871,7 +870,7 @@ var _ = Describe("buildUpstreamClusterState", func() {
 
 		Expect(upstreamSpec.KubernetesVersion).To(Equal(clusterState.Properties.KubernetesVersion))
 		Expect(upstreamSpec.DNSPrefix).To(Equal(clusterState.Properties.DNSPrefix))
-		Expect(upstreamSpec.Tags).To(Equal(autorestto.StringMap(clusterState.Tags)))
+		Expect(upstreamSpec.Tags).To(Equal(aks.StringMap(clusterState.Tags)))
 		Expect(upstreamSpec.NodePools).To(HaveLen(1))
 		nodePools := clusterState.Properties.AgentPoolProfiles
 		Expect(upstreamSpec.NodePools[0].Name).To(Equal(nodePools[0].Name))
@@ -898,11 +897,11 @@ var _ = Describe("buildUpstreamClusterState", func() {
 		Expect(upstreamSpec.LoadBalancerSKU).To(Equal(to.Ptr(string(*clusterState.Properties.NetworkProfile.LoadBalancerSKU))))
 		Expect(upstreamSpec.LinuxAdminUsername).To(Equal(clusterState.Properties.LinuxProfile.AdminUsername))
 		Expect(upstreamSpec.LinuxSSHPublicKey).To(Equal((clusterState.Properties.LinuxProfile.SSH.PublicKeys)[0].KeyData))
-		Expect(upstreamSpec.HTTPApplicationRouting).To(Equal(autorestto.BoolPtr(*clusterState.Properties.AddonProfiles["httpApplicationRouting"].Enabled)))
-		Expect(upstreamSpec.Monitoring).To(Equal(autorestto.BoolPtr(*clusterState.Properties.AddonProfiles["omsAgent"].Enabled)))
+		Expect(upstreamSpec.HTTPApplicationRouting).To(Equal(to.Ptr(*clusterState.Properties.AddonProfiles["httpApplicationRouting"].Enabled)))
+		Expect(upstreamSpec.Monitoring).To(Equal(to.Ptr(*clusterState.Properties.AddonProfiles["omsAgent"].Enabled)))
 		Expect(upstreamSpec.LogAnalyticsWorkspaceGroup).To(Equal(to.Ptr("test")))
 		Expect(upstreamSpec.LogAnalyticsWorkspaceName).To(Equal(to.Ptr("test/resourcegroups/test/")))
-		Expect(upstreamSpec.PrivateCluster).To(Equal(autorestto.BoolPtr(*clusterState.Properties.APIServerAccessProfile.EnablePrivateCluster)))
+		Expect(upstreamSpec.PrivateCluster).To(Equal(to.Ptr(*clusterState.Properties.APIServerAccessProfile.EnablePrivateCluster)))
 		Expect(upstreamSpec.PrivateDNSZone).To(Equal(to.Ptr(*clusterState.Properties.APIServerAccessProfile.PrivateDNSZone)))
 		Expect(upstreamSpec.AuthorizedIPRanges).To(Equal(utils.ConvertToPointerOfSlice(clusterState.Properties.APIServerAccessProfile.AuthorizedIPRanges)))
 	})

diff --git a/controller/external.go b/controller/external.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/rancher/aks-operator/pkg/aks"
 	"github.com/rancher/aks-operator/pkg/aks/services"
 	aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1"
@@ -19,14 +18,12 @@ func GetClusterKubeConfig(ctx context.Context, secretsCache wranglerv1.SecretCac
 		return nil, fmt.Errorf("error getting credentials secret: %w", err)
 	}
 
-	//TODO: Determine which Azure Cloud to use
-	cloud := cloud.AzurePublic
-	clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud)
+	clientSecretCredential, err := aks.NewClientSecretCredential(credentials)
 	if err != nil {
 		return nil, fmt.Errorf("error creating client secret credential: %w", err)
 	}
 
-	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return nil, fmt.Errorf("error creating managed cluster client: %w", err)
 	}
@@ -47,14 +44,12 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
 		return nil, fmt.Errorf("error getting credentials secret: %w", err)
 	}
 
-	//TODO: Determine which Azure Cloud to use
-	cloud := cloud.AzurePublic
-	clientSecretCredential, err := aks.NewClientSecretCredential(credentials, cloud)
+	clientSecretCredential, err := aks.NewClientSecretCredential(credentials)
 	if err != nil {
 		return nil, fmt.Errorf("error creating client secret credential: %w", err)
 	}
 
-	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, cloud)
+	clustersClient, err := services.NewManagedClustersClient(credentials.SubscriptionID, clientSecretCredential, credentials.Cloud)
 	if err != nil {
 		return nil, fmt.Errorf("error creating managed cluster client: %w", err)
 	}

diff --git a/go.mod b/go.mod
@@ -8,11 +8,10 @@ require (
 	github.com/Azure/azure-sdk-for-go v55.7.0+incompatible
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
 	github.com/Azure/go-autorest/autorest v0.11.29
-	github.com/Azure/go-autorest/autorest/adal v0.9.23
 	github.com/Azure/go-autorest/autorest/to v0.4.1-0.20210111195520-9fc88b15294e
 	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46
 	github.com/onsi/ginkgo/v2 v2.16.0
@@ -39,6 +38,7 @@ require (
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.2-0.20210111195520-9fc88b15294e // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect

diff --git a/go.sum b/go.sum
@@ -8,8 +8,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.7.0 h1:g65N4m1sAjm0BkjIJYtp5qnJlkoFtd6oqfa27KO9fI4=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.7.0/go.mod h1:noQIdW75SiQFB3mSFJBr4iRRH83S9skaFiBv4C0uEs0=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0/go.mod h1:gYq8wyDgv6JLhGbAU6gg8amCPgQWRE+aCvrV2gyzdfs=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o=

diff --git a/pkg/aks/check_test.go b/pkg/aks/check_test.go
@@ -4,8 +4,8 @@ import (
 	"errors"
 	"testing"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
-	"github.com/Azure/go-autorest/autorest/to"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/rancher/aks-operator/pkg/aks/services/mock_services"
@@ -74,7 +74,7 @@ var _ = Describe("CheckLogAnalyticsWorkspaceForMonitoring", func() {
 		workplacesClientMock.EXPECT().Get(ctx, workspaceResourceGroup, workspaceName, nil).Return(armoperationalinsights.WorkspacesClientGetResponse{}, errors.New("not found"))
 		workplacesClientMock.EXPECT().BeginCreateOrUpdate(ctx, workspaceResourceGroup, workspaceName,
 			armoperationalinsights.Workspace{
-				Location: to.StringPtr("eastus"),
+				Location: to.Ptr("eastus"),
 				Properties: &armoperationalinsights.WorkspaceProperties{
 					SKU: &armoperationalinsights.WorkspaceSKU{
 						Name: &skuName,
@@ -85,7 +85,7 @@ var _ = Describe("CheckLogAnalyticsWorkspaceForMonitoring", func() {
 		).Return(pollerMock, nil)
 		pollerMock.EXPECT().PollUntilDone(ctx, nil).Return(armoperationalinsights.WorkspacesClientCreateOrUpdateResponse{
 			Workspace: armoperationalinsights.Workspace{
-				ID: to.StringPtr(id),
+				ID: to.Ptr(id),
 			},
 		}, nil)
 

diff --git a/pkg/aks/client.go b/pkg/aks/client.go
@@ -10,12 +10,8 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-11-01/containerservice"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-11-01/subscriptions"
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
-	"github.com/Azure/go-autorest/autorest/to"
 	aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1"
 	"github.com/rancher/aks-operator/pkg/utils"
 	wranglerv1 "github.com/rancher/wrangler/v2/pkg/generated/controllers/core/v1"
@@ -43,38 +39,17 @@ type Credentials struct {
 	TenantID       string
 	ClientID       string
 	ClientSecret   string
+	Cloud          cloud.Configuration
 }
 
-func NewClientSecretCredential(cred *Credentials, cloud cloud.Configuration) (*azidentity.ClientSecretCredential, error) {
+func NewClientSecretCredential(cred *Credentials) (*azidentity.ClientSecretCredential, error) {
 	return azidentity.NewClientSecretCredential(cred.TenantID, cred.ClientID, cred.ClientSecret, &azidentity.ClientSecretCredentialOptions{
 		ClientOptions: azcore.ClientOptions{
-			Cloud: cloud,
+			Cloud: cred.Cloud,
 		},
 	})
 }
 
-func NewClientAuthorizer(cred *Credentials) (autorest.Authorizer, error) {
-	if cred.AuthBaseURL == nil {
-		cred.AuthBaseURL = to.StringPtr(azure.PublicCloud.ActiveDirectoryEndpoint)
-	}
-
-	if cred.BaseURL == nil {
-		cred.BaseURL = to.StringPtr(azure.PublicCloud.ResourceManagerEndpoint)
-	}
-
-	oauthConfig, err := adal.NewOAuthConfig(to.String(cred.AuthBaseURL), cred.TenantID)
-	if err != nil {
-		return nil, err
-	}
-
-	spToken, err := adal.NewServicePrincipalToken(*oauthConfig, cred.ClientID, cred.ClientSecret, to.String(cred.BaseURL))
-	if err != nil {
-		return nil, fmt.Errorf("couldn't authenticate to Azure cloud with error: %v", err)
-	}
-
-	return autorest.NewBearerAuthorizer(spToken), nil
-}
-
 func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient, spec *aksv1.AKSClusterConfigSpec) (*Credentials, error) {
 	var cred Credentials
 
@@ -96,7 +71,7 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient,
 	if secret.Data["azurecredentialConfig-environment"] != nil {
 		clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
 	}
-	azureEnvironment := GetEnvironment(clientEnvironment)
+	cloud, env := GetEnvironment(clientEnvironment)
 
 	cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential"
 	if subscriptionIDBytes == nil {
@@ -113,8 +88,9 @@ func GetSecrets(_ wranglerv1.SecretCache, secretClient wranglerv1.SecretClient,
 	cred.SubscriptionID = string(subscriptionIDBytes)
 	cred.ClientID = string(clientIDBytes)
 	cred.ClientSecret = string(clientSecretBytes)
-	cred.AuthBaseURL = &azureEnvironment.ActiveDirectoryEndpoint
-	cred.BaseURL = &azureEnvironment.ResourceManagerEndpoint
+	cred.Cloud = cloud
+	cred.AuthBaseURL = &env.ActiveDirectoryEndpoint
+	cred.BaseURL = &env.ResourceManagerEndpoint
 
 	if cred.TenantID == "" {
 		cred.TenantID, err = GetCachedTenantID(secretClient, cred.SubscriptionID, secret)
@@ -153,9 +129,9 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	if secret.Data["azurecredentialConfig-environment"] != nil {
 		clientEnvironment = string(secret.Data["azurecredentialConfig-environment"])
 	}
-	azureEnvironment := GetEnvironment(clientEnvironment)
+	_, env := GetEnvironment(clientEnvironment)
 
-	tenantID, err := FindTenantID(ctx, azureEnvironment, subscriptionID)
+	tenantID, err := FindTenantID(ctx, env, subscriptionID)
 	if err != nil {
 		return "", err
 	}
@@ -172,28 +148,14 @@ func GetCachedTenantID(secretClient secretClient, subscriptionID string, secret
 	return tenantID, err
 }
 
-func NewClusterClient(cred *Credentials) (*containerservice.ManagedClustersClient, error) {
-	authorizer, err := NewClientAuthorizer(cred)
-	if err != nil {
-		return nil, err
-	}
-
-	client := containerservice.NewManagedClustersClientWithBaseURI(to.String(cred.BaseURL), cred.SubscriptionID)
-	client.Authorizer = authorizer
-
-	return &client, nil
-}
-
-func GetEnvironment(env string) azure.Environment {
+func GetEnvironment(env string) (cloud.Configuration, azure.Environment) {
 	switch env {
-	case "AzureGermanCloud":
-		return azure.GermanCloud
 	case "AzureChinaCloud":
-		return azure.ChinaCloud
+		return cloud.AzureChina, azure.ChinaCloud
 	case "AzureUSGovernmentCloud":
-		return azure.USGovernmentCloud
+		return cloud.AzureGovernment, azure.USGovernmentCloud
 	default:
-		return azure.PublicCloud
+		return cloud.AzurePublic, azure.PublicCloud
 	}
 }