Ability to Set SecretName When Creating Event Hub (#151)

* Updated eventhub_types - Added `secretName`.

* Added `secretName` to sample manifest.

* Set secret name to `secretName` if set, otherwise use eventhub name.

* Updated Makefile to update Azure Operator.

Also added the ability to rebuild image without cache.

* Updated README on how to update the Azure Operator.

* Updated CRD with SecretName description.

* Added tests to ensure `SecretName` was being used if present.

* Fix test.

Makefile

@@ -33,6 +33,13 @@ deploy: manifests
 	kubectl apply -f config/crd/bases
 	kustomize build config/default | kubectl apply -f -
 
+update:
+	IMG="docker.io/controllertest:1" make ARGS="${ARGS}" docker-build
+	kind load docker-image docker.io/controllertest:1 --loglevel "trace"
+	make install
+	make deploy
+	sed -i'' -e 's@image: .*@image: '"IMAGE_URL"'@' ./config/default/manager_image_patch.yaml
+
 delete:
 	kubectl delete -f config/crd/bases
 	kustomize build config/default | kubectl delete -f -
@@ -55,7 +62,7 @@ generate: controller-gen
 
 # Build the docker image
 docker-build: 
-	docker build . -t ${IMG}
+	docker build . -t ${IMG} ${ARGS}
 	@echo "updating kustomize image patch file for manager resource"
 	sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml
 

README.md

@@ -162,8 +162,9 @@ To Extend the operator `github.com/Azure/azure-service-operator`:
 5. Generate code `make generate`
 6. Update operator `controller\eventhub_controller.go`
 7. Update tests and run `make test`
-8. Build `make build`
-9. Deploy `make deploy`
+8. Deploy `make deploy`
+
+If you make changes to the operator and want to update the deployment without recreating the cluster (when testing locally), you can use the `make update` to update your Azure Operator pod. If you need to rebuild the docker image without cache, use `make ARGS="--no-cache" update`.
 
 ## Contributing
 

api/v1/eventhub_types.go

@@ -41,6 +41,8 @@ type EventhubSpec struct {
 	Properties        EventhubProperties        `json:"properties,omitempty"`
 	ResourceGroup     string                    `json:"resourcegroup,omitempty"`
 	AuthorizationRule EventhubAuthorizationRule `json:"authorizationrule,omitempty"`
+	// SecretName - Used to specify the name of the secret. Defaults to Event Hub name if omitted.
+	SecretName string `json:"secretname,omitempty"`
 }
 
 // EventhubStatus defines the observed state of Eventhub

config/crd/bases/azure.microsoft.com_eventhubs.yaml

@@ -438,6 +438,10 @@ spec:
               type: object
             resourcegroup:
               type: string
+            secretname:
+              description: SecretName - Used to specify the name of the secret. Defaults
+                to Event Hub name if omitted.
+              type: string
           required:
           - location
           type: object

config/rbac/role.yaml

@@ -7,9 +7,9 @@ metadata:
   name: manager-role
 rules:
 - apiGroups:
-  - azure.microsoft.com
+  - ""
   resources:
-  - eventhubs
+  - secrets
   verbs:
   - create
   - delete
@@ -19,17 +19,16 @@ rules:
   - update
   - watch
 - apiGroups:
-  - azure.microsoft.com
+  - ""
   resources:
-  - eventhubs/status
+  - events
   verbs:
-  - get
-  - patch
-  - update
+  - create
+  - watch
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - keyvaults
+  - consumergroups
   verbs:
   - create
   - delete
@@ -41,15 +40,15 @@ rules:
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - keyvaults/status
+  - consumergroups/status
   verbs:
   - get
   - patch
   - update
 - apiGroups:
-  - ""
+  - azure.microsoft.com
   resources:
-  - secrets
+  - keyvaults
   verbs:
   - create
   - delete
@@ -61,50 +60,50 @@ rules:
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - consumergroups
+  - resourcegroups/status
   verbs:
-  - create
-  - delete
   - get
-  - list
   - patch
   - update
-  - watch
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - consumergroups/status
+  - events
   verbs:
-  - get
+  - create
   - patch
-  - update
 - apiGroups:
-  - azure.microsoft.com
+  - apps
   resources:
-  - eventhubnamespaces/status
+  - deployments/status
   verbs:
   - get
   - patch
   - update
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - resourcegroups/status
+  - eventhubs
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch
 - apiGroups:
-  - ""
+  - azure.microsoft.com
   resources:
-  - events
+  - eventhubs/status
   verbs:
-  - create
-  - watch
+  - get
+  - patch
+  - update
 - apiGroups:
-  - apps
+  - azure.microsoft.com
   resources:
-  - deployments
+  - eventhubnamespaces
   verbs:
   - create
   - delete
@@ -116,39 +115,40 @@ rules:
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - eventhubnamespaces
+  - keyvaults/status
   verbs:
-  - create
-  - delete
   - get
-  - list
   - patch
   - update
-  - watch
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - resourcegroups
+  - eventhubnamespaces/status
   verbs:
-  - create
-  - delete
   - get
-  - list
   - patch
   - update
-  - watch
 - apiGroups:
   - azure.microsoft.com
   resources:
-  - events
+  - resourcegroups
   verbs:
   - create
+  - delete
+  - get
+  - list
   - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:
-  - deployments/status
+  - deployments
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch

config/samples/azure_v1_eventhub.yaml

@@ -15,3 +15,4 @@ spec:
       - "Listen"
       - "Manage"
       - "Send"
+  secretname: "secret-stream-eventhub-sample"

controllers/eventhub_controller.go

@@ -124,6 +124,11 @@ func (r *EventhubReconciler) reconcileExternal(instance *azurev1.Eventhub) error
 	resourcegroup := instance.Spec.ResourceGroup
 	partitionCount := instance.Spec.Properties.PartitionCount
 	messageRetentionInDays := instance.Spec.Properties.MessageRetentionInDays
+	secretName := instance.Spec.SecretName
+
+	if secretName == "" {
+		secretName = eventhubName
+	}
 
 	// write information back to instance
 	instance.Status.Provisioning = true
@@ -173,7 +178,7 @@ func (r *EventhubReconciler) reconcileExternal(instance *azurev1.Eventhub) error
 		return err
 	}
 
-	err = r.listAccessKeysAndCreateSecrets(resourcegroup, eventhubNamespace, eventhubName, instance.Spec.AuthorizationRule.Name, instance)
+	err = r.listAccessKeysAndCreateSecrets(resourcegroup, eventhubNamespace, eventhubName, secretName, instance.Spec.AuthorizationRule.Name, instance)
 	if err != nil {
 		r.Recorder.Event(instance, "Warning", "Failed", "Unable to listAccessKeysAndCreateSecrets")
 		return err
@@ -231,7 +236,7 @@ func (r *EventhubReconciler) createOrUpdateAccessPolicyEventHub(resourcegroup st
 	return nil
 }
 
-func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string, eventhubNamespace string, eventhubName string, authorizationRuleName string, instance *azurev1.Eventhub) error {
+func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string, eventhubNamespace string, eventhubName string, secretName string, authorizationRuleName string, instance *azurev1.Eventhub) error {
 
 	var err error
 	var result model.AccessKeys
@@ -251,6 +256,7 @@ func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string
 			*result.PrimaryKey,
 			*result.SecondaryKey,
 			eventhubNamespace,
+			secretName,
 			authorizationRuleName,
 			instance,
 		)
@@ -271,6 +277,7 @@ func (r *EventhubReconciler) createEventhubSecrets(
 	primaryKey string,
 	secondaryKey string,
 	eventhubNamespace string,
+	secretName string,
 	sharedAccessKey string,
 	instance *azurev1.Eventhub) error {
 
@@ -280,7 +287,7 @@ func (r *EventhubReconciler) createEventhubSecrets(
 			APIVersion: "apps/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      eventhubName,
+			Name:      secretName,
 			Namespace: namespace,
 		},
 		Data: map[string][]byte{
@@ -290,6 +297,7 @@ func (r *EventhubReconciler) createEventhubSecrets(
 			"secondaryKey":              []byte(secondaryKey),
 			"sharedaccesskey":           []byte(sharedAccessKey),
 			"eventhubnamespace":         []byte(eventhubNamespace),
+			"eventhubName":              []byte(eventhubName),
 		},
 		Type: "Opaque",
 	}

controllers/eventhub_controller_test.go

@@ -148,6 +148,7 @@ var _ = Describe("EventHub Controller", func() {
 					"secondaryKey":              []byte("secondaryKeyValue"),
 					"sharedaccesskey":           []byte("sharedAccessKeyValue"),
 					"eventhubnamespace":         []byte(eventhubInstance.Namespace),
+					"eventhubName":              []byte(eventhubName),
 				},
 				Type: "Opaque",
 			}
@@ -170,5 +171,93 @@ var _ = Describe("EventHub Controller", func() {
 			).Should(BeTrue())
 
 		})
+
+		It("should create and delete eventhubs with custom secret name", func() {
+
+			eventhubName := "t-eh-" + helpers.RandomString(10)
+			secretName := "secret-" + eventhubName
+
+			var err error
+
+			// Create the EventHub object and expect the Reconcile to be created
+			eventhubInstance := &azurev1.Eventhub{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      eventhubName,
+					Namespace: "default",
+				},
+				Spec: azurev1.EventhubSpec{
+					Location:      "westus",
+					Namespace:     ehnName,
+					ResourceGroup: rgName,
+					Properties: azurev1.EventhubProperties{
+						MessageRetentionInDays: 7,
+						PartitionCount:         1,
+					},
+					AuthorizationRule: azurev1.EventhubAuthorizationRule{
+						Name:   "RootManageSharedAccessKey",
+						Rights: []string{"Listen"},
+					},
+					SecretName: secretName,
+				},
+			}
+
+			err = k8sClient.Create(context.Background(), eventhubInstance)
+			Expect(apierrors.IsInvalid(err)).To(Equal(false))
+			Expect(err).NotTo(HaveOccurred())
+
+			eventhubNamespacedName := types.NamespacedName{Name: eventhubName, Namespace: "default"}
+
+			Eventually(func() bool {
+				_ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance)
+				return eventhubInstance.HasFinalizer(eventhubFinalizerName)
+			}, timeout,
+			).Should(BeTrue())
+
+			Eventually(func() bool {
+				_ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance)
+				return eventhubInstance.IsSubmitted()
+			}, timeout,
+			).Should(BeTrue())
+
+			//create secret in k8s
+			csecret := &v1.Secret{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "Secret",
+					APIVersion: "apps/v1beta1",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      secretName,
+					Namespace: "default",
+				},
+				Data: map[string][]byte{
+					"primaryconnectionstring":   []byte("primaryConnectionValue"),
+					"secondaryconnectionstring": []byte("secondaryConnectionValue"),
+					"primaryKey":                []byte("primaryKeyValue"),
+					"secondaryKey":              []byte("secondaryKeyValue"),
+					"sharedaccesskey":           []byte("sharedAccessKeyValue"),
+					"eventhubnamespace":         []byte(eventhubInstance.Namespace),
+					"eventhubName":              []byte(eventhubName),
+				},
+				Type: "Opaque",
+			}
+
+			err = k8sClient.Create(context.Background(), csecret)
+			Expect(err).NotTo(HaveOccurred())
+
+			//get secret from k8s
+			secret := &v1.Secret{}
+			err = k8sClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: eventhubInstance.Namespace}, secret)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(secret.Data).To(Equal(csecret.Data))
+			Expect(secret.ObjectMeta).To(Equal(csecret.ObjectMeta))
+
+			k8sClient.Delete(context.Background(), eventhubInstance)
+			Eventually(func() bool {
+				_ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance)
+				return eventhubInstance.IsBeingDeleted()
+			}, timeout,
+			).Should(BeTrue())
+
+		})
 	})
 })