From 841d29735e44418fb57c2bba3c88ef88b994b4ba Mon Sep 17 00:00:00 2001 From: conzetti Date: Wed, 25 May 2022 16:49:35 -0400 Subject: [PATCH] :knife: Dynamically assign AD endpoints for Azure TL;DR ===== - See https://github.com/vmware-tanzu/tanzu-framework/issues/3162 - Leverage go-autorest for AD endpoints; open up possibility of using AzureStack / custom Azure clouds in doing so - Needs appropriate test/fake for AzureStack Detail ====== ddbbbea48dc522d20095f1b2d426a5c8057ae7a9 introduced several constants in `client.go` that are already defined in `Azure/go-autorest`. This commit simply relies on the cloud definitions in `Azure/go-autorest` so we can do the following: 1. Remain DRY 2. Maintain up-to-date values for all cloud endpoints, since Microsoft helps maintain that project 3. Open the possibility of additional Azure clouds that are defined entirely by configuration file (e.g. `AzureStack`, TS/S regions) Current shortcomings of this commit: * Missing appropriate fake for AzureStack * Doesn't remove all of the constants that are defined (e.g. the `PublicCloud` definition is required by `validate.go`, and I wasn't certain if we should import something outside of the project for input validation of the CLI) --- pkg/v1/providers/config_default.yaml | 2 +- .../v1.4.0/infrastructure-components.yaml | 6 ++-- pkg/v1/tkg/azure/client.go | 28 ++++--------------- 3 files changed, 10 insertions(+), 26 deletions(-) diff --git a/pkg/v1/providers/config_default.yaml b/pkg/v1/providers/config_default.yaml index 4e2d6729ba..634ea81a71 100644 --- a/pkg/v1/providers/config_default.yaml +++ b/pkg/v1/providers/config_default.yaml @@ -308,7 +308,7 @@ NODE_POOL_0_TAINTS: #! Azure account configurations #! The Azure cloud to deploy to, supported clouds are : -#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud +#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud, AzureStackCloud AZURE_ENVIRONMENT: "AzurePublicCloud" #! The tenant ID is the ID of the AAD directory in which the app for Tanzu Kubernetes Grid is created #! A Tenant is representative of an organization within Azure Active Directory. diff --git a/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml b/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml index 0806bfddc2..7dc98cb9e7 100644 --- a/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml +++ b/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml @@ -776,7 +776,7 @@ spec: description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default. type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"' + description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"' type: string bastionSpec: description: BastionSpec encapsulates all things related to the Bastions in the cluster. @@ -1439,7 +1439,7 @@ spec: description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default. type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"' + description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"' type: string bastionSpec: description: BastionSpec encapsulates all things related to the Bastions in the cluster. @@ -2165,7 +2165,7 @@ spec: description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default. type: object azureEnvironment: - description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"' + description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud" - - StackCloud: "AzureStackCloud"' type: string bastionSpec: description: BastionSpec encapsulates all things related to the Bastions in the cluster. diff --git a/pkg/v1/tkg/azure/client.go b/pkg/v1/tkg/azure/client.go index 0dfdd77774..a837593baa 100644 --- a/pkg/v1/tkg/azure/client.go +++ b/pkg/v1/tkg/azure/client.go @@ -17,7 +17,7 @@ import ( "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-11-01/subscriptions/subscriptionsapi" "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/azure" + azureAutorest "github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure/auth" "github.com/pkg/errors" @@ -30,14 +30,8 @@ const ( ) const ( - // ChinaCloud defines China cloud - ChinaCloud = "AzureChinaCloud" - // GermanCloud defines German cloud - GermanCloud = "AzureGermanCloud" // PublicCloud defines Public cloud PublicCloud = "AzurePublicCloud" - // USGovernmentCloud defines US Government cloud - USGovernmentCloud = "AzureUSGovernmentCloud" ) // Supported Azure VM family types @@ -107,22 +101,12 @@ func New(creds *Credentials) (Client, error) { } func setActiveDirectoryEndpoint(config *auth.ClientCredentialsConfig, azureCloud string) error { - switch azureCloud { - case USGovernmentCloud: - config.Resource = azure.USGovernmentCloud.ResourceManagerEndpoint - config.AADEndpoint = azure.USGovernmentCloud.ActiveDirectoryEndpoint - case ChinaCloud: - config.Resource = azure.ChinaCloud.ResourceManagerEndpoint - config.AADEndpoint = azure.ChinaCloud.ActiveDirectoryEndpoint - case GermanCloud: - config.Resource = azure.GermanCloud.ResourceManagerEndpoint - config.AADEndpoint = azure.GermanCloud.ActiveDirectoryEndpoint - case PublicCloud: - config.Resource = azure.PublicCloud.ResourceManagerEndpoint - config.AADEndpoint = azure.PublicCloud.ActiveDirectoryEndpoint - default: - return errors.Errorf("%q is not a supported cloud in Azure. Supported clouds are AzurePublicCloud, AzureUSGovernmentCloud, AzureGermanCloud, AzureChinaCloud", azureCloud) + environment, err := azureAutorest.EnvironmentFromName(azureCloud) + if err != nil { + return err } + config.Resource = environment.ResourceManagerEndpoint + config.AADEndpoint = environment.ActiveDirectoryEndpoint return nil }