From c22f7c0329ad028c717865156b87373dd43a6d06 Mon Sep 17 00:00:00 2001 From: JasonTheDeveloper Date: Wed, 28 Aug 2019 15:00:02 +1000 Subject: [PATCH] Ability to Set SecretName When Creating Event Hub (#151) * Updated eventhub_types - Added `secretName`. * Added `secretName` to sample manifest. * Set secret name to `secretName` if set, otherwise use eventhub name. * Updated Makefile to update Azure Operator. Also added the ability to rebuild image without cache. * Updated README on how to update the Azure Operator. * Updated CRD with SecretName description. * Added tests to ensure `SecretName` was being used if present. * Fix test. --- Makefile | 9 +- README.md | 5 +- api/v1/eventhub_types.go | 2 + .../bases/azure.microsoft.com_eventhubs.yaml | 4 + config/rbac/role.yaml | 80 ++++++++--------- config/samples/azure_v1_eventhub.yaml | 1 + controllers/eventhub_controller.go | 14 ++- controllers/eventhub_controller_test.go | 89 +++++++++++++++++++ go.mod | 2 +- 9 files changed, 159 insertions(+), 47 deletions(-) diff --git a/Makefile b/Makefile index eb5dbb1af75..610cbfccf89 100644 --- a/Makefile +++ b/Makefile @@ -33,6 +33,13 @@ deploy: manifests kubectl apply -f config/crd/bases kustomize build config/default | kubectl apply -f - +update: + IMG="docker.io/controllertest:1" make ARGS="${ARGS}" docker-build + kind load docker-image docker.io/controllertest:1 --loglevel "trace" + make install + make deploy + sed -i'' -e 's@image: .*@image: '"IMAGE_URL"'@' ./config/default/manager_image_patch.yaml + delete: kubectl delete -f config/crd/bases kustomize build config/default | kubectl delete -f - @@ -55,7 +62,7 @@ generate: controller-gen # Build the docker image docker-build: - docker build . -t ${IMG} + docker build . -t ${IMG} ${ARGS} @echo "updating kustomize image patch file for manager resource" sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml diff --git a/README.md b/README.md index 316878e9c00..eb64e4897d4 100644 --- a/README.md +++ b/README.md @@ -162,8 +162,9 @@ To Extend the operator `github.com/Azure/azure-service-operator`: 5. Generate code `make generate` 6. Update operator `controller\eventhub_controller.go` 7. Update tests and run `make test` -8. Build `make build` -9. Deploy `make deploy` +8. Deploy `make deploy` + +If you make changes to the operator and want to update the deployment without recreating the cluster (when testing locally), you can use the `make update` to update your Azure Operator pod. If you need to rebuild the docker image without cache, use `make ARGS="--no-cache" update`. ## Contributing diff --git a/api/v1/eventhub_types.go b/api/v1/eventhub_types.go index 9b6f071a43c..89d0f5f6dda 100644 --- a/api/v1/eventhub_types.go +++ b/api/v1/eventhub_types.go @@ -41,6 +41,8 @@ type EventhubSpec struct { Properties EventhubProperties `json:"properties,omitempty"` ResourceGroup string `json:"resourcegroup,omitempty"` AuthorizationRule EventhubAuthorizationRule `json:"authorizationrule,omitempty"` + // SecretName - Used to specify the name of the secret. Defaults to Event Hub name if omitted. + SecretName string `json:"secretname,omitempty"` } // EventhubStatus defines the observed state of Eventhub diff --git a/config/crd/bases/azure.microsoft.com_eventhubs.yaml b/config/crd/bases/azure.microsoft.com_eventhubs.yaml index 76c5fd857ec..249dc37d014 100644 --- a/config/crd/bases/azure.microsoft.com_eventhubs.yaml +++ b/config/crd/bases/azure.microsoft.com_eventhubs.yaml @@ -438,6 +438,10 @@ spec: type: object resourcegroup: type: string + secretname: + description: SecretName - Used to specify the name of the secret. Defaults + to Event Hub name if omitted. + type: string required: - location type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f4216c8c96d..54f2aeb0bff 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -7,9 +7,9 @@ metadata: name: manager-role rules: - apiGroups: - - azure.microsoft.com + - "" resources: - - eventhubs + - secrets verbs: - create - delete @@ -19,17 +19,16 @@ rules: - update - watch - apiGroups: - - azure.microsoft.com + - "" resources: - - eventhubs/status + - events verbs: - - get - - patch - - update + - create + - watch - apiGroups: - azure.microsoft.com resources: - - keyvaults + - consumergroups verbs: - create - delete @@ -41,15 +40,15 @@ rules: - apiGroups: - azure.microsoft.com resources: - - keyvaults/status + - consumergroups/status verbs: - get - patch - update - apiGroups: - - "" + - azure.microsoft.com resources: - - secrets + - keyvaults verbs: - create - delete @@ -61,27 +60,22 @@ rules: - apiGroups: - azure.microsoft.com resources: - - consumergroups + - resourcegroups/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - azure.microsoft.com resources: - - consumergroups/status + - events verbs: - - get + - create - patch - - update - apiGroups: - - azure.microsoft.com + - apps resources: - - eventhubnamespaces/status + - deployments/status verbs: - get - patch @@ -89,22 +83,27 @@ rules: - apiGroups: - azure.microsoft.com resources: - - resourcegroups/status + - eventhubs verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - "" + - azure.microsoft.com resources: - - events + - eventhubs/status verbs: - - create - - watch + - get + - patch + - update - apiGroups: - - apps + - azure.microsoft.com resources: - - deployments + - eventhubnamespaces verbs: - create - delete @@ -116,39 +115,40 @@ rules: - apiGroups: - azure.microsoft.com resources: - - eventhubnamespaces + - keyvaults/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - azure.microsoft.com resources: - - resourcegroups + - eventhubnamespaces/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - azure.microsoft.com resources: - - events + - resourcegroups verbs: - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - apps resources: - - deployments/status + - deployments verbs: + - create + - delete - get + - list - patch - update + - watch diff --git a/config/samples/azure_v1_eventhub.yaml b/config/samples/azure_v1_eventhub.yaml index fa0fd7989a9..89f98afc3b1 100644 --- a/config/samples/azure_v1_eventhub.yaml +++ b/config/samples/azure_v1_eventhub.yaml @@ -15,3 +15,4 @@ spec: - "Listen" - "Manage" - "Send" + secretname: "secret-stream-eventhub-sample" diff --git a/controllers/eventhub_controller.go b/controllers/eventhub_controller.go index 57ff6558797..6712fa8b2ee 100644 --- a/controllers/eventhub_controller.go +++ b/controllers/eventhub_controller.go @@ -124,6 +124,11 @@ func (r *EventhubReconciler) reconcileExternal(instance *azurev1.Eventhub) error resourcegroup := instance.Spec.ResourceGroup partitionCount := instance.Spec.Properties.PartitionCount messageRetentionInDays := instance.Spec.Properties.MessageRetentionInDays + secretName := instance.Spec.SecretName + + if secretName == "" { + secretName = eventhubName + } // write information back to instance instance.Status.Provisioning = true @@ -173,7 +178,7 @@ func (r *EventhubReconciler) reconcileExternal(instance *azurev1.Eventhub) error return err } - err = r.listAccessKeysAndCreateSecrets(resourcegroup, eventhubNamespace, eventhubName, instance.Spec.AuthorizationRule.Name, instance) + err = r.listAccessKeysAndCreateSecrets(resourcegroup, eventhubNamespace, eventhubName, secretName, instance.Spec.AuthorizationRule.Name, instance) if err != nil { r.Recorder.Event(instance, "Warning", "Failed", "Unable to listAccessKeysAndCreateSecrets") return err @@ -231,7 +236,7 @@ func (r *EventhubReconciler) createOrUpdateAccessPolicyEventHub(resourcegroup st return nil } -func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string, eventhubNamespace string, eventhubName string, authorizationRuleName string, instance *azurev1.Eventhub) error { +func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string, eventhubNamespace string, eventhubName string, secretName string, authorizationRuleName string, instance *azurev1.Eventhub) error { var err error var result model.AccessKeys @@ -251,6 +256,7 @@ func (r *EventhubReconciler) listAccessKeysAndCreateSecrets(resourcegroup string *result.PrimaryKey, *result.SecondaryKey, eventhubNamespace, + secretName, authorizationRuleName, instance, ) @@ -271,6 +277,7 @@ func (r *EventhubReconciler) createEventhubSecrets( primaryKey string, secondaryKey string, eventhubNamespace string, + secretName string, sharedAccessKey string, instance *azurev1.Eventhub) error { @@ -280,7 +287,7 @@ func (r *EventhubReconciler) createEventhubSecrets( APIVersion: "apps/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ - Name: eventhubName, + Name: secretName, Namespace: namespace, }, Data: map[string][]byte{ @@ -290,6 +297,7 @@ func (r *EventhubReconciler) createEventhubSecrets( "secondaryKey": []byte(secondaryKey), "sharedaccesskey": []byte(sharedAccessKey), "eventhubnamespace": []byte(eventhubNamespace), + "eventhubName": []byte(eventhubName), }, Type: "Opaque", } diff --git a/controllers/eventhub_controller_test.go b/controllers/eventhub_controller_test.go index c63eebe0396..0411204bf6e 100644 --- a/controllers/eventhub_controller_test.go +++ b/controllers/eventhub_controller_test.go @@ -148,6 +148,7 @@ var _ = Describe("EventHub Controller", func() { "secondaryKey": []byte("secondaryKeyValue"), "sharedaccesskey": []byte("sharedAccessKeyValue"), "eventhubnamespace": []byte(eventhubInstance.Namespace), + "eventhubName": []byte(eventhubName), }, Type: "Opaque", } @@ -170,5 +171,93 @@ var _ = Describe("EventHub Controller", func() { ).Should(BeTrue()) }) + + It("should create and delete eventhubs with custom secret name", func() { + + eventhubName := "t-eh-" + helpers.RandomString(10) + secretName := "secret-" + eventhubName + + var err error + + // Create the EventHub object and expect the Reconcile to be created + eventhubInstance := &azurev1.Eventhub{ + ObjectMeta: metav1.ObjectMeta{ + Name: eventhubName, + Namespace: "default", + }, + Spec: azurev1.EventhubSpec{ + Location: "westus", + Namespace: ehnName, + ResourceGroup: rgName, + Properties: azurev1.EventhubProperties{ + MessageRetentionInDays: 7, + PartitionCount: 1, + }, + AuthorizationRule: azurev1.EventhubAuthorizationRule{ + Name: "RootManageSharedAccessKey", + Rights: []string{"Listen"}, + }, + SecretName: secretName, + }, + } + + err = k8sClient.Create(context.Background(), eventhubInstance) + Expect(apierrors.IsInvalid(err)).To(Equal(false)) + Expect(err).NotTo(HaveOccurred()) + + eventhubNamespacedName := types.NamespacedName{Name: eventhubName, Namespace: "default"} + + Eventually(func() bool { + _ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance) + return eventhubInstance.HasFinalizer(eventhubFinalizerName) + }, timeout, + ).Should(BeTrue()) + + Eventually(func() bool { + _ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance) + return eventhubInstance.IsSubmitted() + }, timeout, + ).Should(BeTrue()) + + //create secret in k8s + csecret := &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "apps/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: "default", + }, + Data: map[string][]byte{ + "primaryconnectionstring": []byte("primaryConnectionValue"), + "secondaryconnectionstring": []byte("secondaryConnectionValue"), + "primaryKey": []byte("primaryKeyValue"), + "secondaryKey": []byte("secondaryKeyValue"), + "sharedaccesskey": []byte("sharedAccessKeyValue"), + "eventhubnamespace": []byte(eventhubInstance.Namespace), + "eventhubName": []byte(eventhubName), + }, + Type: "Opaque", + } + + err = k8sClient.Create(context.Background(), csecret) + Expect(err).NotTo(HaveOccurred()) + + //get secret from k8s + secret := &v1.Secret{} + err = k8sClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: eventhubInstance.Namespace}, secret) + Expect(err).NotTo(HaveOccurred()) + Expect(secret.Data).To(Equal(csecret.Data)) + Expect(secret.ObjectMeta).To(Equal(csecret.ObjectMeta)) + + k8sClient.Delete(context.Background(), eventhubInstance) + Eventually(func() bool { + _ = k8sClient.Get(context.Background(), eventhubNamespacedName, eventhubInstance) + return eventhubInstance.IsBeingDeleted() + }, timeout, + ).Should(BeTrue()) + + }) }) }) diff --git a/go.mod b/go.mod index 24079a36543..ad261c7cb3b 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/marstr/randname v0.0.0-20181206212954-d5b0f288ab8c github.com/onsi/ginkgo v1.8.0 github.com/onsi/gomega v1.5.0 - github.com/satori/go.uuid v1.2.0 // indirect + github.com/satori/go.uuid v1.2.0 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 // indirect golang.org/x/net v0.0.0-20190620200207-3b0461eec859 golang.org/x/sys v0.0.0-20190621203818-d432491b9138 // indirect