Skip to content

Commit

Permalink
feat(AzureEnvironments): use upstream func for validation
Browse files Browse the repository at this point in the history
remove hard-coded maps for Azure environments and
call EnvironmentFromName function from go-autorest/azure
library to leverage upstream provider to validate Azure
Environments also enables initial ability to specify custom
endpoints for AzureStackCloud by using the Environment 'AzureStackCloud'
and specifying AZURE_ENVIRONMENT_FILEPATH and providing an
AzureEnvironment json file

Closes Issue vmware-tanzu#3162

Signed-off-by: Jeff Davis <[email protected]>
  • Loading branch information
Jeff Davis committed Apr 21, 2023
1 parent 7081502 commit 34f8ae0
Show file tree
Hide file tree
Showing 5 changed files with 116 additions and 25 deletions.
2 changes: 1 addition & 1 deletion providers/config_default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ CONTROL_PLANE_NODE_LABELS:
#! Azure account configurations

#! The Azure cloud to deploy to, supported clouds are :
#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud
#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud, AzureStackCloud
AZURE_ENVIRONMENT: "AzurePublicCloud"
#! The tenant ID is the ID of the AAD directory in which the app for Tanzu Kubernetes Grid is created
#! A Tenant is representative of an organization within Azure Active Directory.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -780,7 +780,7 @@ spec:
description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
type: object
azureEnvironment:
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"'
type: string
bastionSpec:
description: BastionSpec encapsulates all things related to the Bastions in the cluster.
Expand Down Expand Up @@ -1444,7 +1444,7 @@ spec:
description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
type: object
azureEnvironment:
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"'
type: string
bastionSpec:
description: BastionSpec encapsulates all things related to the Bastions in the cluster.
Expand Down Expand Up @@ -2303,7 +2303,7 @@ spec:
description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
type: object
azureEnvironment:
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"'
type: string
bastionSpec:
description: BastionSpec encapsulates all things related to the Bastions in the cluster.
Expand Down
28 changes: 7 additions & 21 deletions tkg/azure/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,8 @@ const (
)

const (
// ChinaCloud defines China cloud
ChinaCloud = "AzureChinaCloud"
// GermanCloud defines German cloud
GermanCloud = "AzureGermanCloud"
// PublicCloud defines Public cloud
PublicCloud = "AzurePublicCloud"
// USGovernmentCloud defines US Government cloud
USGovernmentCloud = "AzureUSGovernmentCloud"
)

// Supported Azure VM family types
Expand Down Expand Up @@ -108,22 +102,14 @@ func New(creds *Credentials) (Client, error) {
}

func setActiveDirectoryEndpoint(config *auth.ClientCredentialsConfig, azureCloud string) error {
switch azureCloud {
case USGovernmentCloud:
config.Resource = azure.USGovernmentCloud.ResourceManagerEndpoint
config.AADEndpoint = azure.USGovernmentCloud.ActiveDirectoryEndpoint
case ChinaCloud:
config.Resource = azure.ChinaCloud.ResourceManagerEndpoint
config.AADEndpoint = azure.ChinaCloud.ActiveDirectoryEndpoint
case GermanCloud:
config.Resource = azure.GermanCloud.ResourceManagerEndpoint
config.AADEndpoint = azure.GermanCloud.ActiveDirectoryEndpoint
case PublicCloud:
config.Resource = azure.PublicCloud.ResourceManagerEndpoint
config.AADEndpoint = azure.PublicCloud.ActiveDirectoryEndpoint
default:
return errors.Errorf("%q is not a supported cloud in Azure. Supported clouds are AzurePublicCloud, AzureUSGovernmentCloud, AzureGermanCloud, AzureChinaCloud", azureCloud)
environment, err := azure.EnvironmentFromName(azureCloud)
if err != nil {
return err
}

config.Resource = environment.ResourceManagerEndpoint
config.AADEndpoint = environment.ActiveDirectoryEndpoint

return nil
}

Expand Down
69 changes: 69 additions & 0 deletions tkg/azure/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ package azure
import (
"context"
"errors"
"os"
"path"
"path/filepath"
"runtime"
"testing"

"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-12-01/compute"
Expand Down Expand Up @@ -170,6 +174,48 @@ var _ = Describe("Azure client", func() {
})
})

Context("with azureCloud set to 'AzureStackCloud'", func() {
Context("with AZURE_ENVIRONMENT_FILEPATH unset", func() {
It("should return error", func() {
config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureStackCloud")
Expect(err).To(HaveOccurred())
})
})

Context("with AZURE_ENVIRONMENT_FILEPATH set", func() {
It("should not return error with valid file", func() {
_, currentFile, _, _ := runtime.Caller(0)
os.Setenv("AZURE_ENVIRONMENT_FILEPATH", filepath.Join(path.Dir(currentFile), "testdata", "test_environment_1.json"))

config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureStackCloud")
Expect(err).ToNot(HaveOccurred())

Expect(config.Resource).To(Equal("--resource-management-endpoint--"))
Expect(config.AADEndpoint).To(Equal("--active-directory-endpoint--"))
})

It("should return error with missing file", func() {
_, currentFile, _, _ := runtime.Caller(0)
os.Setenv("AZURE_ENVIRONMENT_FILEPATH", filepath.Join(path.Dir(currentFile), "testdata", "test_environment_2.json"))

config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureStackCloud")
Expect(err).To(HaveOccurred())
})

It("should return error with invalid file", func() {
_, currentFile, _, _ := runtime.Caller(0)
os.Setenv("AZURE_ENVIRONMENT_FILEPATH", filepath.Join(path.Dir(currentFile), "mocks", "azure_mock.go"))

config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureStackCloud")
Expect(err).To(HaveOccurred())
})
})
})

Context("with azureCloud set to 'AzurePublicCloud'", func() {
It("should not return error", func() {
config := &auth.ClientCredentialsConfig{}
Expand All @@ -180,5 +226,28 @@ var _ = Describe("Azure client", func() {
Expect(config.AADEndpoint).To(Equal(autorest.PublicCloud.ActiveDirectoryEndpoint))
})
})

Context("with azureCloud set to 'AzureGermanCloud'", func() {
It("should not return error", func() {
config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureGermanCloud")
Expect(err).ToNot(HaveOccurred())

Expect(config.Resource).To(Equal(autorest.GermanCloud.ResourceManagerEndpoint))
Expect(config.AADEndpoint).To(Equal(autorest.GermanCloud.ActiveDirectoryEndpoint))
})
})

Context("with azureCloud set to 'AzureChinaCloud'", func() {
It("should not return error", func() {
config := &auth.ClientCredentialsConfig{}
err := setActiveDirectoryEndpoint(config, "AzureChinaCloud")
Expect(err).ToNot(HaveOccurred())

Expect(config.Resource).To(Equal(autorest.ChinaCloud.ResourceManagerEndpoint))
Expect(config.AADEndpoint).To(Equal(autorest.ChinaCloud.ActiveDirectoryEndpoint))
})
})

})
})
36 changes: 36 additions & 0 deletions tkg/azure/testdata/test_environment_1.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"name": "--unit-test--",
"managementPortalURL": "--management-portal-url",
"publishSettingsURL": "--publish-settings-url--",
"serviceManagementEndpoint": "--service-management-endpoint--",
"resourceManagerEndpoint": "--resource-management-endpoint--",
"activeDirectoryEndpoint": "--active-directory-endpoint--",
"galleryEndpoint": "--gallery-endpoint--",
"keyVaultEndpoint": "--key-vault--endpoint--",
"managedHSMEndpoint": "--managed-hsm-endpoint--",
"graphEndpoint": "--graph-endpoint--",
"storageEndpointSuffix": "--storage-endpoint-suffix--",
"cosmosDBDNSSuffix": "--cosmos-db-dns-suffix--",
"mariaDBDNSSuffix": "--maria-db-dns-suffix--",
"mySqlDatabaseDNSSuffix": "--mysql-database-dns-suffix--",
"postgresqlDatabaseDNSSuffix": "--postgresql-database-dns-suffix--",
"sqlDatabaseDNSSuffix": "--sql-database-dns-suffix--",
"trafficManagerDNSSuffix": "--traffic-manager-dns-suffix--",
"keyVaultDNSSuffix": "--key-vault-dns-suffix--",
"managedHSMDNSSuffix": "--managed-hsm-dns-suffix--",
"serviceBusEndpointSuffix": "--service-bus-endpoint-suffix--",
"serviceManagementVMDNSSuffix": "--asm-vm-dns-suffix--",
"resourceManagerVMDNSSuffix": "--arm-vm-dns-suffix--",
"containerRegistryDNSSuffix": "--container-registry-dns-suffix--",
"tokenAudience": "--token-audience",
"resourceIdentifiers": {
"batch": "--batch-resource-id--",
"datalake": "--datalake-resource-id--",
"graph": "--graph-resource-id--",
"keyVault": "--keyvault-resource-id--",
"operationalInsights": "--operational-insights-resource-id--",
"ossRDBMS": "--oss-rdbms-resource-id--",
"cosmosDB": "--cosmosdb-resource-id--",
"managedHSM": "--managed-hsm-resource-id--"
}
}

0 comments on commit 34f8ae0

Please sign in to comment.