Add support to export eventhub keys #3882
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,115 @@ | ||||||
| /* | ||||||
| * Copyright (c) Microsoft Corporation. | ||||||
| * Licensed under the MIT license. | ||||||
| */ | ||||||
|
|
||||||
| package customizations | ||||||
|
|
||||||
| import ( | ||||||
| "context" | ||||||
|
|
||||||
| "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub" | ||||||
| "github.com/go-logr/logr" | ||||||
| "github.com/pkg/errors" | ||||||
| v1 "k8s.io/api/core/v1" | ||||||
| "sigs.k8s.io/controller-runtime/pkg/client" | ||||||
| "sigs.k8s.io/controller-runtime/pkg/conversion" | ||||||
|
|
||||||
| "github.com/Azure/azure-service-operator/v2/api/eventhub/v1api20211101/storage" | ||||||
| "github.com/Azure/azure-service-operator/v2/internal/genericarmclient" | ||||||
| . "github.com/Azure/azure-service-operator/v2/internal/logging" | ||||||
| "github.com/Azure/azure-service-operator/v2/pkg/genruntime" | ||||||
| "github.com/Azure/azure-service-operator/v2/pkg/genruntime/secrets" | ||||||
| ) | ||||||
|
|
||||||
| var _ genruntime.KubernetesExporter = &NamespaceExtension{} | ||||||
|
|
||||||
| func (ext *NamespaceExtension) ExportKubernetesResources( | ||||||
| ctx context.Context, | ||||||
| obj genruntime.MetaObject, | ||||||
| armClient *genericarmclient.GenericClient, | ||||||
| log logr.Logger, | ||||||
| ) ([]client.Object, error) { | ||||||
| // This has to be the current hub storage version. It will need to be updated | ||||||
| // if the hub storage version changes. | ||||||
| typedObj, ok := obj.(*storage.Namespace) | ||||||
| if !ok { | ||||||
| return nil, errors.Errorf("cannot run on unknown resource type %T, expected *eventhub.Namespace", obj) | ||||||
| } | ||||||
|
|
||||||
| // Type assert that we are the hub type. This will fail to compile if | ||||||
| // the hub type has been changed but this extension has not | ||||||
| var _ conversion.Hub = typedObj | ||||||
|
|
||||||
| hasSecrets := namespaceSecretsSpecified(typedObj) | ||||||
| if !hasSecrets { | ||||||
| log.V(Debug).Info("No secrets retrieval to perform as operatorSpec is empty") | ||||||
| return nil, nil | ||||||
| } | ||||||
|
|
||||||
| id, err := genruntime.GetAndParseResourceID(typedObj) | ||||||
| if err != nil { | ||||||
| return nil, err | ||||||
| } | ||||||
|
|
||||||
| // Only bother calling ListKeys if there are secrets to retrieve | ||||||
| var res armeventhub.NamespacesClientListKeysResponse | ||||||
| if hasSecrets { | ||||||
| subscription := id.SubscriptionID | ||||||
| // Using armClient.ClientOptions() here ensures we share the same HTTP connection, so this is not opening a new | ||||||
| // connection each time through | ||||||
| var confClient *armeventhub.NamespacesClient | ||||||
| confClient, err = armeventhub.NewNamespacesClient(subscription, armClient.Creds(), armClient.ClientOptions()) | ||||||
| if err != nil { | ||||||
| return nil, errors.Wrapf(err, "failed to create new NamespaceClient") | ||||||
| } | ||||||
|
|
||||||
| // RootManageSharedAccessKey is the default auth rule for namespace. | ||||||
| // See https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string | ||||||
| res, err = confClient.ListKeys(ctx, id.ResourceGroupName, typedObj.AzureName(), "RootManageSharedAccessKey", nil) | ||||||
| if err != nil { | ||||||
| return nil, errors.Wrapf(err, "failed to retreive response") | ||||||
| } | ||||||
|
|
||||||
| } | ||||||
|
|
||||||
| secretSlice, err := namespaceSecretsToWrite(typedObj, res.AccessKeys) | ||||||
| if err != nil { | ||||||
| return nil, err | ||||||
| } | ||||||
|
|
||||||
| return secrets.SliceToClientObjectSlice(secretSlice), nil | ||||||
| } | ||||||
|
|
||||||
| func namespaceSecretsSpecified(obj *storage.Namespace) bool { | ||||||
| if obj.Spec.OperatorSpec == nil || obj.Spec.OperatorSpec.Secrets == nil { | ||||||
| return false | ||||||
| } | ||||||
|
|
||||||
| secrets := obj.Spec.OperatorSpec.Secrets | ||||||
|
|
||||||
| if secrets.PrimaryKey != nil || | ||||||
| secrets.SecondaryKey != nil || | ||||||
| secrets.PrimaryConnectionString != nil || | ||||||
| secrets.SecondaryConnectionString != nil { | ||||||
| return true | ||||||
| } | ||||||
|
|
||||||
| return false | ||||||
| } | ||||||
|
|
||||||
| func namespaceSecretsToWrite(obj *storage.Namespace, keys armeventhub.AccessKeys) ([]*v1.Secret, error) { | ||||||
| operatorSpecSecrets := obj.Spec.OperatorSpec.Secrets | ||||||
| if operatorSpecSecrets == nil { | ||||||
| return nil, errors.Errorf("unexpected nil operatorspec") | ||||||
| } | ||||||
|
|
||||||
| collector := secrets.NewCollector(obj.Namespace) | ||||||
|
|
||||||
| collector.AddValue(operatorSpecSecrets.PrimaryKey, *keys.PrimaryKey) | ||||||
|
There was a problem hiding this comment. use
Suggested change
|
||||||
| collector.AddValue(operatorSpecSecrets.SecondaryKey, *keys.SecondaryKey) | ||||||
| collector.AddValue(operatorSpecSecrets.PrimaryConnectionString, *keys.PrimaryConnectionString) | ||||||
| collector.AddValue(operatorSpecSecrets.SecondaryConnectionString, *keys.SecondaryConnectionString) | ||||||
|
|
||||||
| return collector.Values() | ||||||
| } | ||||||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| /* | ||
| * Copyright (c) Microsoft Corporation. | ||
| * Licensed under the MIT license. | ||
| */ | ||
|
|
||
| package customizations | ||
|
|
||
| import ( | ||
| "context" | ||
|
|
||
| "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub" | ||
| "github.com/go-logr/logr" | ||
| "github.com/pkg/errors" | ||
| v1 "k8s.io/api/core/v1" | ||
| "sigs.k8s.io/controller-runtime/pkg/client" | ||
| "sigs.k8s.io/controller-runtime/pkg/conversion" | ||
|
|
||
| "github.com/Azure/azure-service-operator/v2/api/eventhub/v1api20211101/storage" | ||
| "github.com/Azure/azure-service-operator/v2/internal/genericarmclient" | ||
| . "github.com/Azure/azure-service-operator/v2/internal/logging" | ||
| "github.com/Azure/azure-service-operator/v2/pkg/genruntime" | ||
| "github.com/Azure/azure-service-operator/v2/pkg/genruntime/secrets" | ||
| ) | ||
|
|
||
| var _ genruntime.KubernetesExporter = &NamespacesAuthorizationRuleExtension{} | ||
|
|
||
| func (ext *NamespacesAuthorizationRuleExtension) ExportKubernetesResources( | ||
| ctx context.Context, | ||
| obj genruntime.MetaObject, | ||
| armClient *genericarmclient.GenericClient, | ||
| log logr.Logger, | ||
| ) ([]client.Object, error) { | ||
| // This has to be the current hub storage version. It will need to be updated | ||
| // if the hub storage version changes. | ||
| typedObj, ok := obj.(*storage.NamespacesAuthorizationRule) | ||
| if !ok { | ||
| return nil, errors.Errorf("cannot run on unknown resource type %T, expected *eventhub.NamespacesAuthorizationRule", obj) | ||
| } | ||
|
|
||
| // Type assert that we are the hub type. This will fail to compile if | ||
| // the hub type has been changed but this extension has not | ||
| var _ conversion.Hub = typedObj | ||
|
|
||
| hasSecrets := namespacesAuthorizationRuleSecretsSpecified(typedObj) | ||
| if !hasSecrets { | ||
| log.V(Debug).Info("No secrets retrieval to perform as operatorSpec is empty") | ||
| return nil, nil | ||
| } | ||
|
|
||
| id, err := genruntime.GetAndParseResourceID(typedObj) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| // Only bother calling ListKeys if there are secrets to retrieve | ||
| var res armeventhub.NamespacesClientListKeysResponse | ||
| if hasSecrets { | ||
| subscription := id.SubscriptionID | ||
| // Using armClient.ClientOptions() here ensures we share the same HTTP connection, so this is not opening a new | ||
| // connection each time through | ||
| var confClient *armeventhub.NamespacesClient | ||
| confClient, err = armeventhub.NewNamespacesClient(subscription, armClient.Creds(), armClient.ClientOptions()) | ||
| if err != nil { | ||
| return nil, errors.Wrapf(err, "failed to create new NamespaceClient") | ||
| } | ||
|
|
||
| res, err = confClient.ListKeys(ctx, id.ResourceGroupName, id.Parent.Name, typedObj.AzureName(), nil) | ||
| if err != nil { | ||
| return nil, errors.Wrapf(err, "failed to retreive response") | ||
| } | ||
|
|
||
|
|
||
| } | ||
|
|
||
| secretSlice, err := namespacesAuthorizationRuleSecretsToWrite(typedObj, res.AccessKeys) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return secrets.SliceToClientObjectSlice(secretSlice), nil | ||
| } | ||
|
|
||
| func namespacesAuthorizationRuleSecretsSpecified(obj *storage.NamespacesAuthorizationRule) bool { | ||
| if obj.Spec.OperatorSpec == nil || obj.Spec.OperatorSpec.Secrets == nil { | ||
| return false | ||
| } | ||
|
|
||
| secrets := obj.Spec.OperatorSpec.Secrets | ||
|
|
||
| if secrets.PrimaryKey != nil || | ||
| secrets.SecondaryKey != nil || | ||
| secrets.PrimaryConnectionString != nil || | ||
| secrets.SecondaryConnectionString != nil { | ||
| return true | ||
| } | ||
|
|
||
| return false | ||
| } | ||
|
|
||
| func namespacesAuthorizationRuleSecretsToWrite(obj *storage.NamespacesAuthorizationRule, keys armeventhub.AccessKeys) ([]*v1.Secret, error) { | ||
| operatorSpecSecrets := obj.Spec.OperatorSpec.Secrets | ||
| if operatorSpecSecrets == nil { | ||
| return nil, errors.Errorf("unexpected nil operatorspec") | ||
| } | ||
|
|
||
| collector := secrets.NewCollector(obj.Namespace) | ||
|
|
||
| collector.AddValue(operatorSpecSecrets.PrimaryKey, *keys.PrimaryKey) | ||
|
|
||
| collector.AddValue(operatorSpecSecrets.SecondaryKey, *keys.SecondaryKey) | ||
| collector.AddValue(operatorSpecSecrets.PrimaryConnectionString, *keys.PrimaryConnectionString) | ||
| collector.AddValue(operatorSpecSecrets.SecondaryConnectionString, *keys.SecondaryConnectionString) | ||
|
|
||
| return collector.Values() | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: unneeded newline