Adding code for kube secrets into sqlserver_controller.go

Azure · Oct 10, 2019 · 84db911 · 84db911
1 parent 5433ccc
commit 84db911
Showing 1 changed file with 89 additions and 2 deletions.
diff --git a/controllers/sqlserver_controller.go b/controllers/sqlserver_controller.go
@@ -18,6 +18,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"math/rand"
 	"strings"
 	"time"
 
@@ -29,15 +30,21 @@ import (
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	azurev1 "github.com/Azure/azure-service-operator/api/v1"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 // SqlServerReconciler reconciles a SqlServer object
 type SqlServerReconciler struct {
 	client.Client
 	Log      logr.Logger
 	Recorder record.EventRecorder
+	Scheme   *runtime.Scheme
 }
 
 // +kubebuilder:rbac:groups=azure.microsoft.com,resources=sqlservers,verbs=get;list;watch;create;update;patch;delete
@@ -132,10 +139,75 @@ func (r *SqlServerReconciler) reconcileExternal(instance *azurev1.SqlServer) err
 	}
 
 	sqlServerProperties := sql.SQLServerProperties{
-		AdministratorLogin:         to.StringPtr("iamadmin"),
-		AdministratorLoginPassword: to.StringPtr("generate_me_1234"),
+		AdministratorLogin:         to.StringPtr(""),
+		AdministratorLoginPassword: to.StringPtr(""),
 	}
 
+	// check to see if secret already exists for admin username/password
+	var checkForSecretsErr error
+	secret := &v1.Secret{}
+
+	checkForSecretsErr = r.Get(context.Background(), types.NamespacedName{Name: name, Namespace: instance.Namespace}, secret)
+
+	// if secret doesn't exist, generate creds
+	// note: sql server enforces password policy:
+	// https://docs.microsoft.com/en-us/sql/relational-databases/security/password-policy?view=sql-server-2017
+	if checkForSecretsErr != nil {
+		r.Log.Info("secret did not exist, generating creds now")
+		sqlServerProperties.AdministratorLogin = to.StringPtr(generateRandomString(8))
+		sqlServerProperties.AdministratorLoginPassword = to.StringPtr(generateRandomString(16))
+	} else {
+		r.Log.Info("secret already exists, pulling creds now")
+		sqlServerProperties.AdministratorLogin = to.StringPtr(string(secret.Data["username"]))
+		sqlServerProperties.AdministratorLoginPassword = to.StringPtr(string(secret.Data["password"]))
+	}
+
+	// debugging
+	r.Log.Info("sqlServerProperties.AdministratorLogin: " + *sqlServerProperties.AdministratorLogin)
+	r.Log.Info("sqlServerProperties.AdministratorLoginPassword: " + *sqlServerProperties.AdministratorLoginPassword)
+
+	csecret := &v1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: "apps/v1beta1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: instance.Namespace,
+		},
+		Data: map[string][]byte{
+			"username":           []byte(*sqlServerProperties.AdministratorLogin),
+			"password":           []byte(*sqlServerProperties.AdministratorLoginPassword),
+			"sqlservernamespace": []byte(instance.Namespace),
+			"sqlservername":      []byte(name),
+		},
+		Type: "Opaque",
+	}
+
+	// TODO: nil pointer dereference error is happening in this block
+	_, createOrUpdateSecretErr := controllerutil.CreateOrUpdate(context.Background(), r.Client, csecret, func() error {
+		r.Log.Info("mutating secret bundle")
+		//r.Log.Info("after CreateorupdateSecret", "error", createOrUpdateSecretErr)
+		r.Log.Info("Just before logging scheme")
+		r.Log.Info("logging r.Scheme", "info", r.Scheme)
+		r.Log.Info("logging instance", "info", instance)
+		r.Log.Info("logging csecret", "info", csecret)
+		innerErr := controllerutil.SetControllerReference(instance, csecret, r.Scheme)
+		if innerErr != nil {
+			r.Log.Info("innerErr is not nil")
+			return innerErr
+		}
+
+		return nil
+	})
+
+	if createOrUpdateSecretErr != nil {
+		r.Log.Info("createOrUpdateSecretErr is not nil ")
+		return createOrUpdateSecretErr
+
+	}
+
+	// create the sql server
 	instance.Status.Provisioning = true
 	_, err := sdkClient.CreateOrUpdateSQLServer(sqlServerProperties)
 	if err != nil {
@@ -226,3 +298,18 @@ func (r *SqlServerReconciler) deleteExternal(instance *azurev1.SqlServer) error
 	r.Recorder.Event(instance, "Normal", "Deleted", name+" deleted")
 	return nil
 }
+
+// helper function to generate username/password for secrets
+func generateRandomString(n int) string {
+	rand.Seed(time.Now().UnixNano())
+
+	const characterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~!@#$%^&*()_+-=<>"
+
+	// TODO: add logic to enforce password policy rules for sql server
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = characterBytes[rand.Intn(len(characterBytes))]
+	}
+
+	return string(b)
+}