From 868610c186164bcba7efe2a53063907af88496a5 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Tue, 29 Oct 2024 02:55:01 +0000 Subject: [PATCH 1/7] add cloud config parser and update hub-net-controller-manager chart --- charts/hub-net-controller-manager/README.md | 35 +++ .../templates/azurecloudconfig.yaml | 8 + .../templates/deployment.yaml | 9 + charts/hub-net-controller-manager/values.yaml | 13 + cmd/hub-net-controller-manager/main.go | 17 ++ go.mod | 22 +- go.sum | 25 ++ pkg/common/cloudconfig/config.go | 105 +++++++ pkg/common/cloudconfig/config_test.go | 277 ++++++++++++++++++ .../test/azure_config_invalid.json | 9 + .../cloudconfig/test/azure_config_nojson.txt | 1 + .../cloudconfig/test/azure_config_valid.json | 9 + 12 files changed, 528 insertions(+), 2 deletions(-) create mode 100644 charts/hub-net-controller-manager/templates/azurecloudconfig.yaml create mode 100644 pkg/common/cloudconfig/config.go create mode 100644 pkg/common/cloudconfig/config_test.go create mode 100644 pkg/common/cloudconfig/test/azure_config_invalid.json create mode 100644 pkg/common/cloudconfig/test/azure_config_nojson.txt create mode 100644 pkg/common/cloudconfig/test/azure_config_valid.json diff --git a/charts/hub-net-controller-manager/README.md b/charts/hub-net-controller-manager/README.md index cfc48d77..bdc44aa8 100644 --- a/charts/hub-net-controller-manager/README.md +++ b/charts/hub-net-controller-manager/README.md @@ -39,5 +39,40 @@ helm upgrade hub-net-controller-manager ./charts/hub-net-controller-manager/ | podAnnotations | Pod Annotations | `{}` | | affinity | The node affinity to use for pod scheduling | `{}` | | tolerations | The toleration to use for pod scheduling | `[]` | +| config.azureCloudConfig | The Azure cloud provider configuration | **required if AzureTrafficManager feature is enabled** | + +## Override Azure cloud config + +**If AzureTrafficManager feature is enabled, then an Azure cloud configuration is required.** Azure cloud configuration provides resource metadata and credentials for `fleet-hub-net-controller-manager` and `fleet-member-net-controller-manager` to manipulate Azure resources. It's embedded into a Kubernetes secret and mounted to the pods. The values can be modified under `config.azureCloudConfig` section in values.yaml or can be provided as a separate file. + +| configuration value | description | Remark | +|-------------------------------------------------------| --- |--------------------------------------------------------------------------------------| +| `cloud` | The cloud where Azure resources belong. Choose from `AzurePublicCloud`, `AzureChinaCloud`, and `AzureGovernmentCloud`. | Required, helm chart defaults to `AzurePublicCloud` | +| `tenantId` | The AAD Tenant ID for the subscription where the Azure resources are deployed. | | +| `subscriptionId` | The ID of the subscription where Azure resources are deployed. | | +| `useManagedIdentityExtension` | Boolean indicating whether or not to use a managed identity. | `true` or `false` | +| `userAssignedIdentityID` | ClientID of the user-assigned managed identity with RBAC access to Azure resources. | Required for UserAssignedIdentity and ommited for SystemAssignedIdentity. | +| `aadClientId` | The ClientID for an AAD application with RBAC access to Azure resources. | Required if `useManagedIdentityExtension` is set to `false`. | +| `aadClientSecret` | The ClientSecret for an AAD application with RBAC access to Azure resources. | Required if `useManagedIdentityExtension` is set to `false`. | +| `resourceGroup` | The name of the resource group where cluster resources are deployed. | | +| `userAgent` | The userAgent provided to Azure when accessing Azure resources. | | +| `location` | The azure region where resource group and its resources is deployed. | | + +You can create a file `azure.yaml` with the following content, and pass it to `helm install` command: `helm install -f azure.yaml` + +```yaml +config: + azureCloudConfig: + cloud: "AzurePublicCloud" + tenantId: "00000000-0000-0000-0000-000000000000" + subscriptionId: "00000000-0000-0000-0000-000000000000" + useManagedIdentityExtension: false + userAssignedIdentityID: "00000000-0000-0000-0000-000000000000" + aadClientId: "00000000-0000-0000-0000-000000000000" + aadClientSecret: "" + userAgent: "fleet-hub-net-controller-controller" + resourceGroup: "" + location: "" +``` ## Contributing Changes diff --git a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml new file mode 100644 index 00000000..bef4db85 --- /dev/null +++ b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: azure-cloud-config + namespace: {{ .Values.fleetSystemNamespace }} +type: Opaque +data: + azure.json: {{ .Values.config.azureCloudConfig | toJson | indent 4 | b64enc | quote }} \ No newline at end of file diff --git a/charts/hub-net-controller-manager/templates/deployment.yaml b/charts/hub-net-controller-manager/templates/deployment.yaml index 14bb53e4..8e82c166 100644 --- a/charts/hub-net-controller-manager/templates/deployment.yaml +++ b/charts/hub-net-controller-manager/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: - --v={{ .Values.logVerbosity }} - --add_dir_header - --force-delete-wait-time={{ .Values.forceDeleteWaitTime }} + - --cloud-config=/etc/kubernetes/provider/azure.json ports: - name: metrics containerPort: 8080 @@ -46,6 +47,10 @@ spec: port: healthz resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: cloud-provider-config + mountPath: /etc/kubernetes/provider + readOnly: true {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -58,3 +63,7 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumes: + - name: cloud-provider-config + secret: + secretName: azure-cloud-config diff --git a/charts/hub-net-controller-manager/values.yaml b/charts/hub-net-controller-manager/values.yaml index f6fa97dd..cf82c93b 100644 --- a/charts/hub-net-controller-manager/values.yaml +++ b/charts/hub-net-controller-manager/values.yaml @@ -31,3 +31,16 @@ nodeSelector: {} tolerations: [] affinity: {} + +config: + azureCloudConfig: + cloud: "AzurePublicCloud" + tenantId: "" + subscriptionId: "" + useManagedIdentityExtension: false + userAssignedIdentityID: "" + aadClientId: "" + aadClientSecret: "" + userAgent: "" + resourceGroup: "" + location: "" diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go index 9b66f886..891b37d1 100644 --- a/cmd/hub-net-controller-manager/main.go +++ b/cmd/hub-net-controller-manager/main.go @@ -32,6 +32,7 @@ import ( "go.goms.io/fleet/pkg/utils" fleetnetv1alpha1 "go.goms.io/fleet-networking/api/v1alpha1" + "go.goms.io/fleet-networking/pkg/common/cloudconfig" "go.goms.io/fleet-networking/pkg/controllers/hub/endpointsliceexport" "go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceexport" "go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceimport" @@ -58,6 +59,8 @@ var ( enableV1Beta1APIs = flag.Bool("enable-v1beta1-apis", true, "If set, the agents will watch for the v1beta1 APIs.") enableTrafficManagerFeature = flag.Bool("enable-traffic-manager-feature", false, "If set, the traffic manager feature will be enabled.") + + cloudConfigFile = flag.String("cloud-config", "/etc/kubernetes/provider/azure.json", "The path to the cloud config file which will be used to access the Azure resource.") ) var ( @@ -67,6 +70,11 @@ var ( } ) +const ( + // defaultUserAgent is the default user agent string to access Azure resources. + defaultUserAgent = "fleet-net-controller-manager" +) + func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(fleetnetv1alpha1.AddToScheme(scheme)) @@ -184,6 +192,15 @@ func main() { } } // TODO: start the traffic manager controllers + + cloudConfig, err := cloudconfig.NewCloudConfigFromFile(*cloudConfigFile) + if err != nil { + klog.ErrorS(err, "Unable to load cloud config", "file name", *cloudConfigFile) + exitWithErrorFunc() + } + cloudConfig.SetUserAgent(defaultUserAgent) + // TODO: replace this with a proper usage of the cloud config + klog.V(1).InfoS("Cloud config loaded", "config", cloudConfig) } klog.V(1).InfoS("Starting ServiceExportImport controller manager") diff --git a/go.mod b/go.mod index 2622b318..43ed10d0 100644 --- a/go.mod +++ b/go.mod @@ -22,10 +22,25 @@ require ( sigs.k8s.io/controller-runtime v0.19.0 ) -require go.goms.io/fleet v0.10.10 +require ( + go.goms.io/fleet v0.10.10 + sigs.k8s.io/yaml v1.4.0 +) require ( + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -40,6 +55,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect @@ -49,10 +65,12 @@ require ( github.com/imdario/mergo v0.3.16 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 // indirect @@ -63,6 +81,7 @@ require ( go.opentelemetry.io/otel/metric v1.30.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.28.0 // indirect golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect @@ -83,7 +102,6 @@ require ( sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/work-api v0.0.0-20220407021756-586d707fdb2c // indirect - sigs.k8s.io/yaml v1.4.0 // indirect ) // Fleet repo is using a custom version of work-api. diff --git a/go.sum b/go.sum index b44acc25..8e98b553 100644 --- a/go.sum +++ b/go.sum @@ -4,14 +4,36 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 h1:Hp+EScFOu9HeCbeW8WU2yQPJd4gGwhMgKxWe+G6jNzw= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0/go.mod h1:/pz8dyNQe+Ey3yBp/XuYz7oqX8YDNWVpPB0hH3XWfbc= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 h1:DWlwvVV5r/Wy1561nZ3wrpI1/vDIBRY/Wd1HWaRBZWA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0/go.mod h1:E7ltexgRDmeJ0fJWv0D/HLwY2xbDdN+uv+X2uZtOx3w= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0/go.mod h1:gYq8wyDgv6JLhGbAU6gg8amCPgQWRE+aCvrV2gyzdfs= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 h1:HlZMUZW8S4P9oob1nCHxCCKrytxyLc+24nUJGssoEto= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0/go.mod h1:StGsLbuJh06Bd8IBfnAlIFV3fLb+gkczONWf15hpX2E= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 h1:bXwSugBiSbgtz7rOtbfGf+woewp4f06orW9OP5BjHLA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0/go.mod h1:Y/HgrePTmGy9HjdSGTqZNa+apUpTVIEVKXJyARP2lrk= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0 h1:e3kTG23M5ps+DjvPolK4dcgohDY8sHsXU7zrdHj1WzY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0/go.mod h1:Os5dq8Cvvz97rJauZhZJAfKHN+OEvF/0nVmHzF4aVys= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= github.com/Azure/k8s-work-api v0.5.0 h1:DVOBt68NFTEVVV+vzz82WdTm4lroXuMd9ktfrfb/kU0= github.com/Azure/k8s-work-api v0.5.0/go.mod h1:CQiDOlNvMeKvGVer80PtvbW9X1cXq7EID9aMXyxkqPU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= @@ -136,6 +158,8 @@ go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8d go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= +go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= @@ -165,6 +189,7 @@ golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= diff --git a/pkg/common/cloudconfig/config.go b/pkg/common/cloudconfig/config.go new file mode 100644 index 00000000..a66d8a2e --- /dev/null +++ b/pkg/common/cloudconfig/config.go @@ -0,0 +1,105 @@ +/* +Copyright (c) Microsoft Corporation. +Licensed under the MIT license. +*/ + +// Package cloudconfig defines azure cloud provider configuration. +package cloudconfig + +import ( + "fmt" + "io" + "os" + "strings" + + "sigs.k8s.io/cloud-provider-azure/pkg/azclient" + "sigs.k8s.io/yaml" +) + +// CloudConfig defines the necessary configurations to access Azure resources. +type CloudConfig struct { + azclient.ARMClientConfig `json:",inline" mapstructure:",squash"` + azclient.AzureAuthConfig `json:",inline" mapstructure:",squash"` + // subscription ID + SubscriptionID string `json:"subscriptionID,omitempty" mapstructure:"subscriptionID,omitempty"` + // azure resource location + Location string `json:"location,omitempty" mapstructure:"location,omitempty"` + // default resource group where the azure resources are deployed + ResourceGroup string `json:"resourceGroup,omitempty" mapstructure:"resourceGroup,omitempty"` +} + +// NewCloudConfigFromFile loads cloud config from a file given the file path. +func NewCloudConfigFromFile(filePath string) (*CloudConfig, error) { + if filePath == "" { + return nil, fmt.Errorf("failed to load cloud config: file path is empty") + } + + var config CloudConfig + configReader, err := os.Open(filePath) + if err != nil { + return nil, fmt.Errorf("failed to open cloud config file: %w, file path: %s", err, filePath) + } + defer configReader.Close() + + contents, err := io.ReadAll(configReader) + if err != nil { + return nil, fmt.Errorf("failed to read cloud config file: %w, file path: %s", err, filePath) + } + + if err := yaml.Unmarshal(contents, &config); err != nil { + return nil, fmt.Errorf("failed to unmarshal cloud config: %w, file path: %s", err, filePath) + } + + config.trimSpace() + if err := config.validate(); err != nil { + return nil, fmt.Errorf("failed to validate cloud config: %w, file contents: `%s`", err, string(contents)) + } + + return &config, nil +} + +// SetUserAgent sets the user agent string to access Azure resources. +func (cfg *CloudConfig) SetUserAgent(userAgent string) { + cfg.UserAgent = userAgent +} + +func (cfg *CloudConfig) validate() error { + if cfg.Cloud == "" { + return fmt.Errorf("cloud is empty") + } + + if cfg.Location == "" { + return fmt.Errorf("location is empty") + } + + if cfg.SubscriptionID == "" { + return fmt.Errorf("subscription ID is empty") + } + + if cfg.ResourceGroup == "" { + return fmt.Errorf("resource group is empty") + } + + if !cfg.UseManagedIdentityExtension { + if cfg.UserAssignedIdentityID != "" { + return fmt.Errorf("useManagedIdentityExtension needs to be true when userAssignedIdentityID is provided") + } + if cfg.AADClientID == "" || cfg.AADClientSecret == "" { + return fmt.Errorf("AAD client ID or AAD client secret is empty") + } + } + + return nil +} + +func (cfg *CloudConfig) trimSpace() { + cfg.Cloud = strings.TrimSpace(cfg.Cloud) + cfg.TenantID = strings.TrimSpace(cfg.TenantID) + cfg.UserAgent = strings.TrimSpace(cfg.UserAgent) + cfg.SubscriptionID = strings.TrimSpace(cfg.SubscriptionID) + cfg.Location = strings.TrimSpace(cfg.Location) + cfg.ResourceGroup = strings.TrimSpace(cfg.ResourceGroup) + cfg.UserAssignedIdentityID = strings.TrimSpace(cfg.UserAssignedIdentityID) + cfg.AADClientID = strings.TrimSpace(cfg.AADClientID) + cfg.AADClientSecret = strings.TrimSpace(cfg.AADClientSecret) +} diff --git a/pkg/common/cloudconfig/config_test.go b/pkg/common/cloudconfig/config_test.go new file mode 100644 index 00000000..e301ae7b --- /dev/null +++ b/pkg/common/cloudconfig/config_test.go @@ -0,0 +1,277 @@ +/* +Copyright (c) Microsoft Corporation. +Licensed under the MIT license. +*/ + +// Package cloudconfig defines azure cloud provider configuration. +package cloudconfig + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "sigs.k8s.io/cloud-provider-azure/pkg/azclient" +) + +func TestNewCloudConfigFromFile(t *testing.T) { + tests := map[string]struct { + filePath string + expectErr bool + expectedConfig *CloudConfig + }{ + "file path is empty": { + filePath: "", + expectErr: true, + }, + "failed to open file": { + filePath: "./test/not_exist.json", + expectErr: true, + }, + "failed to unmarshal file": { + filePath: "./test/azure_config_nojson.txt", + expectErr: true, + }, + "failed to validate config": { + filePath: "./test/azure_config_invalid.json", + expectErr: true, + }, + "succeeded to load config": { + filePath: "./test/azure_config_valid.json", + expectedConfig: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "AzurePublicCloud", + TenantID: "00000000-0000-0000-0000-000000000000", + UserAgent: "", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "11111111-1111-1111-1111-111111111111", + AADClientID: "", + AADClientSecret: "", + }, + Location: "eastus", + SubscriptionID: "00000000-0000-0000-0000-000000000000", + ResourceGroup: "test-rg", + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + config, err := NewCloudConfigFromFile(test.filePath) + if got := err != nil; got != test.expectErr { + t.Errorf("failed to run NewCloudConfigFromFile(%s): got %v, want %v", test.filePath, got, test.expectErr) + } + if !cmp.Equal(config, test.expectedConfig) { + t.Errorf("NewCloudConfigFromFile(%s) = %v, want %v", test.filePath, config, test.expectedConfig) + } + }) + } +} + +func TestSetUserAgent(t *testing.T) { + config := &CloudConfig{} + config.SetUserAgent("test") + if config.UserAgent != "test" { + t.Errorf("SetUserAgent(test) = %s, want test", config.UserAgent) + } +} + +func TestTrimSpace(t *testing.T) { + t.Run("test spaces are trimmed", func(t *testing.T) { + config := CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: " test \n", + UserAgent: " test \n", + TenantID: " test \t \n", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UserAssignedIdentityID: " test \n", + UseManagedIdentityExtension: true, + AADClientID: "\n test \n", + AADClientSecret: " test \n", + }, + Location: " test \n", + SubscriptionID: " test \n", + ResourceGroup: "\r\n test \n", + } + + expected := CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "test", + TenantID: "test", + UserAgent: "test", + }, + Location: "test", + SubscriptionID: "test", + ResourceGroup: "test", + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "test", + AADClientID: "test", + AADClientSecret: "test", + }, + } + config.trimSpace() + if !cmp.Equal(config, expected) { + t.Errorf("failed to test TrimSpace: expect config fields are trimmed, got: %v, want: %v", config, expected) + } + }) +} + +func TestDefaultAndValidate(t *testing.T) { + tests := map[string]struct { + config *CloudConfig + expectPass bool + }{ + "Cloud empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "a", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: false, + }, + "Location empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "a", + }, + Location: "", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: false, + }, + "SubscriptionID empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "a", + }, + Location: "l", + SubscriptionID: "", + ResourceGroup: "v", + }, + expectPass: false, + }, + "ResourceGroup empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "a", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "", + }, + expectPass: false, + }, + "UserAssignedIdentityID not empty when UseManagedIdentityExtension is false": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: false, + UserAssignedIdentityID: "aaaa", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: false, + }, + "AADClientID empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: false, + UserAssignedIdentityID: "", + AADClientID: "", + AADClientSecret: "2", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: false, + }, + "AADClientSecret empty": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: false, + UserAssignedIdentityID: "", + AADClientID: "1", + AADClientSecret: "", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: false, + }, + "has all required properties with secret and default values": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: false, + UserAssignedIdentityID: "", + AADClientID: "1", + AADClientSecret: "2", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: true, + }, + "has all required properties with msi and specified values": { + config: &CloudConfig{ + ARMClientConfig: azclient.ARMClientConfig{ + Cloud: "c", + }, + AzureAuthConfig: azclient.AzureAuthConfig{ + UseManagedIdentityExtension: true, + UserAssignedIdentityID: "u", + }, + Location: "l", + SubscriptionID: "s", + ResourceGroup: "v", + }, + expectPass: true, + }, + } + + for name, test := range tests { + t.Run(name, func(t *testing.T) { + err := test.config.validate() + if got := err == nil; got != test.expectPass { + t.Errorf("failed to test whether validate returns error: got %v, want %v", got, test.expectPass) + } + }) + } +} diff --git a/pkg/common/cloudconfig/test/azure_config_invalid.json b/pkg/common/cloudconfig/test/azure_config_invalid.json new file mode 100644 index 00000000..09292542 --- /dev/null +++ b/pkg/common/cloudconfig/test/azure_config_invalid.json @@ -0,0 +1,9 @@ +{ + "cloud": "AzurePublicCloud", + "tenantId": "00000000-0000-0000-0000-000000000000", + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "useManagedIdentityExtension": false, + "aadClientId": "00000000-0000-0000-0000-000000000000", + "resourceGroup": " test-rg ", + "location": " eastus " + } \ No newline at end of file diff --git a/pkg/common/cloudconfig/test/azure_config_nojson.txt b/pkg/common/cloudconfig/test/azure_config_nojson.txt new file mode 100644 index 00000000..6454f882 --- /dev/null +++ b/pkg/common/cloudconfig/test/azure_config_nojson.txt @@ -0,0 +1 @@ +This is an invalid json file for testing purposes. \ No newline at end of file diff --git a/pkg/common/cloudconfig/test/azure_config_valid.json b/pkg/common/cloudconfig/test/azure_config_valid.json new file mode 100644 index 00000000..ef4b6973 --- /dev/null +++ b/pkg/common/cloudconfig/test/azure_config_valid.json @@ -0,0 +1,9 @@ +{ + "cloud": "AzurePublicCloud", + "tenantId": "00000000-0000-0000-0000-000000000000", + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "useManagedIdentityExtension": true, + "userAssignedIdentityID": "11111111-1111-1111-1111-111111111111", + "resourceGroup": " test-rg ", + "location": " eastus " +} \ No newline at end of file From 2543e2bb45e4dffbce4c17c5bd2cdf342397e313 Mon Sep 17 00:00:00 2001 From: Wantong Date: Fri, 1 Nov 2024 11:57:59 -0700 Subject: [PATCH 2/7] Apply suggestions from code review Co-authored-by: Zhiying Lin <54013513+zhiying-lin@users.noreply.github.com> --- cmd/hub-net-controller-manager/main.go | 2 +- pkg/common/cloudconfig/config_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go index 891b37d1..eaf238df 100644 --- a/cmd/hub-net-controller-manager/main.go +++ b/cmd/hub-net-controller-manager/main.go @@ -72,7 +72,7 @@ var ( const ( // defaultUserAgent is the default user agent string to access Azure resources. - defaultUserAgent = "fleet-net-controller-manager" + defaultUserAgent = "fleet-hub-net-controller-manager" ) func init() { diff --git a/pkg/common/cloudconfig/config_test.go b/pkg/common/cloudconfig/config_test.go index e301ae7b..388ac076 100644 --- a/pkg/common/cloudconfig/config_test.go +++ b/pkg/common/cloudconfig/config_test.go @@ -59,7 +59,7 @@ func TestNewCloudConfigFromFile(t *testing.T) { t.Run(name, func(t *testing.T) { config, err := NewCloudConfigFromFile(test.filePath) if got := err != nil; got != test.expectErr { - t.Errorf("failed to run NewCloudConfigFromFile(%s): got %v, want %v", test.filePath, got, test.expectErr) + t.Errorf("Failed to run NewCloudConfigFromFile(%s): got %v, want %v", test.filePath, got, test.expectErr) } if !cmp.Equal(config, test.expectedConfig) { t.Errorf("NewCloudConfigFromFile(%s) = %v, want %v", test.filePath, config, test.expectedConfig) @@ -270,7 +270,7 @@ func TestDefaultAndValidate(t *testing.T) { t.Run(name, func(t *testing.T) { err := test.config.validate() if got := err == nil; got != test.expectPass { - t.Errorf("failed to test whether validate returns error: got %v, want %v", got, test.expectPass) + t.Errorf("validate() = %v, want %v", got, test.expectPass) } }) } From 8e65f3b8a629df011276ef6668d49c33efcddd03 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Fri, 1 Nov 2024 19:06:57 +0000 Subject: [PATCH 3/7] fix comment --- pkg/common/cloudconfig/config_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/common/cloudconfig/config_test.go b/pkg/common/cloudconfig/config_test.go index 388ac076..ed48ef26 100644 --- a/pkg/common/cloudconfig/config_test.go +++ b/pkg/common/cloudconfig/config_test.go @@ -61,8 +61,8 @@ func TestNewCloudConfigFromFile(t *testing.T) { if got := err != nil; got != test.expectErr { t.Errorf("Failed to run NewCloudConfigFromFile(%s): got %v, want %v", test.filePath, got, test.expectErr) } - if !cmp.Equal(config, test.expectedConfig) { - t.Errorf("NewCloudConfigFromFile(%s) = %v, want %v", test.filePath, config, test.expectedConfig) + if diff := cmp.Diff(config, test.expectedConfig); diff != "" { + t.Errorf("NewCloudConfigFromFile(%s) = %v, want %v, diff %s", test.filePath, config, test.expectedConfig, diff) } }) } @@ -112,8 +112,8 @@ func TestTrimSpace(t *testing.T) { }, } config.trimSpace() - if !cmp.Equal(config, expected) { - t.Errorf("failed to test TrimSpace: expect config fields are trimmed, got: %v, want: %v", config, expected) + if diff := cmp.Diff(config, expected); diff != "" { + t.Errorf("failed to test TrimSpace: expect config fields are trimmed, got: %v, want: %v, diff: %s", config, expected, diff) } }) } From 515d9a56cb333e5b7ab125e3a249a8da01805713 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Tue, 5 Nov 2024 02:45:15 +0000 Subject: [PATCH 4/7] update helm chart --- charts/hub-net-controller-manager/README.md | 5 +++-- .../templates/azurecloudconfig.yaml | 4 +++- .../hub-net-controller-manager/templates/deployment.yaml | 7 +++++++ charts/hub-net-controller-manager/values.yaml | 1 + 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/hub-net-controller-manager/README.md b/charts/hub-net-controller-manager/README.md index bdc44aa8..811d1a42 100644 --- a/charts/hub-net-controller-manager/README.md +++ b/charts/hub-net-controller-manager/README.md @@ -35,11 +35,12 @@ helm upgrade hub-net-controller-manager ./charts/hub-net-controller-manager/ | logVerbosity | Log level. Uses V logs (klog) | `2` | | leaderElectionNamespace | The namespace in which the leader election resource will be created. | `fleet-system` | | fleetSystemNamespace | The namespace that this Helm chart is installed on and reserved by fleet. | `fleet-system` | +| enableTrafficManagerFeature | Set to true to enable the Azure Traffic Manager feature. | `false` | | resources | The resource request/limits for the container image | limits: 500m CPU, 1Gi, requests: 100m CPU, 128Mi | | podAnnotations | Pod Annotations | `{}` | | affinity | The node affinity to use for pod scheduling | `{}` | | tolerations | The toleration to use for pod scheduling | `[]` | -| config.azureCloudConfig | The Azure cloud provider configuration | **required if AzureTrafficManager feature is enabled** | +| config.azureCloudConfig | The Azure cloud provider configuration | **required if AzureTrafficManager feature is enabled (enableTrafficManagerFeature == true)** | ## Override Azure cloud config @@ -58,7 +59,7 @@ helm upgrade hub-net-controller-manager ./charts/hub-net-controller-manager/ | `userAgent` | The userAgent provided to Azure when accessing Azure resources. | | | `location` | The azure region where resource group and its resources is deployed. | | -You can create a file `azure.yaml` with the following content, and pass it to `helm install` command: `helm install -f azure.yaml` +You can create a file `azure.yaml` with the following content, and pass it to `helm install` command: `helm install --set enableTrafficManagerFeature=true -f azure.yaml` ```yaml config: diff --git a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml index bef4db85..29d55c1e 100644 --- a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml +++ b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml @@ -1,3 +1,4 @@ +{{- if .Values.enableTrafficManagerFeature }} apiVersion: v1 kind: Secret metadata: @@ -5,4 +6,5 @@ metadata: namespace: {{ .Values.fleetSystemNamespace }} type: Opaque data: - azure.json: {{ .Values.config.azureCloudConfig | toJson | indent 4 | b64enc | quote }} \ No newline at end of file + azure.json: {{ .Values.config.azureCloudConfig | toJson | indent 4 | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/hub-net-controller-manager/templates/deployment.yaml b/charts/hub-net-controller-manager/templates/deployment.yaml index 8e82c166..ac601fb9 100644 --- a/charts/hub-net-controller-manager/templates/deployment.yaml +++ b/charts/hub-net-controller-manager/templates/deployment.yaml @@ -29,7 +29,10 @@ spec: - --v={{ .Values.logVerbosity }} - --add_dir_header - --force-delete-wait-time={{ .Values.forceDeleteWaitTime }} + - --enable-traffic-manager-feature={{ .Values.enableTrafficManagerFeature }} + {{- if .Values.enableTrafficManagerFeature }} - --cloud-config=/etc/kubernetes/provider/azure.json + {{- end }} ports: - name: metrics containerPort: 8080 @@ -47,10 +50,12 @@ spec: port: healthz resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.enableTrafficManagerFeature }} volumeMounts: - name: cloud-provider-config mountPath: /etc/kubernetes/provider readOnly: true + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -63,7 +68,9 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.enableTrafficManagerFeature }} volumes: - name: cloud-provider-config secret: secretName: azure-cloud-config + {{- end }} diff --git a/charts/hub-net-controller-manager/values.yaml b/charts/hub-net-controller-manager/values.yaml index cf82c93b..cda6d2fa 100644 --- a/charts/hub-net-controller-manager/values.yaml +++ b/charts/hub-net-controller-manager/values.yaml @@ -15,6 +15,7 @@ logVerbosity: 2 leaderElectionNamespace: fleet-system fleetSystemNamespace: fleet-system forceDeleteWaitTime: 2m0s +enableTrafficManagerFeature: false resources: limits: From 39c35fd19cca5ef60d09ea5ff0cf2d2b5af16643 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Tue, 5 Nov 2024 03:02:53 +0000 Subject: [PATCH 5/7] move cloudconfig change to fleet repo --- cmd/hub-net-controller-manager/main.go | 17 +- go.mod | 22 +- go.sum | 25 -- pkg/common/cloudconfig/config.go | 105 ------- pkg/common/cloudconfig/config_test.go | 277 ------------------ .../test/azure_config_invalid.json | 9 - .../cloudconfig/test/azure_config_nojson.txt | 1 - .../cloudconfig/test/azure_config_valid.json | 9 - 8 files changed, 10 insertions(+), 455 deletions(-) delete mode 100644 pkg/common/cloudconfig/config.go delete mode 100644 pkg/common/cloudconfig/config_test.go delete mode 100644 pkg/common/cloudconfig/test/azure_config_invalid.json delete mode 100644 pkg/common/cloudconfig/test/azure_config_nojson.txt delete mode 100644 pkg/common/cloudconfig/test/azure_config_valid.json diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go index eaf238df..ea2063bf 100644 --- a/cmd/hub-net-controller-manager/main.go +++ b/cmd/hub-net-controller-manager/main.go @@ -32,7 +32,6 @@ import ( "go.goms.io/fleet/pkg/utils" fleetnetv1alpha1 "go.goms.io/fleet-networking/api/v1alpha1" - "go.goms.io/fleet-networking/pkg/common/cloudconfig" "go.goms.io/fleet-networking/pkg/controllers/hub/endpointsliceexport" "go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceexport" "go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceimport" @@ -193,14 +192,14 @@ func main() { } // TODO: start the traffic manager controllers - cloudConfig, err := cloudconfig.NewCloudConfigFromFile(*cloudConfigFile) - if err != nil { - klog.ErrorS(err, "Unable to load cloud config", "file name", *cloudConfigFile) - exitWithErrorFunc() - } - cloudConfig.SetUserAgent(defaultUserAgent) - // TODO: replace this with a proper usage of the cloud config - klog.V(1).InfoS("Cloud config loaded", "config", cloudConfig) + // TODO: load the cloud config + // cloudConfig, err := cloudconfig.NewCloudConfigFromFile(*cloudConfigFile) + // if err != nil { + // klog.ErrorS(err, "Unable to load cloud config", "file name", *cloudConfigFile) + // exitWithErrorFunc() + // } + // cloudConfig.SetUserAgent(defaultUserAgent) + // klog.V(1).InfoS("Cloud config loaded", "config", cloudConfig) } klog.V(1).InfoS("Starting ServiceExportImport controller manager") diff --git a/go.mod b/go.mod index 43ed10d0..2622b318 100644 --- a/go.mod +++ b/go.mod @@ -22,25 +22,10 @@ require ( sigs.k8s.io/controller-runtime v0.19.0 ) -require ( - go.goms.io/fleet v0.10.10 - sigs.k8s.io/yaml v1.4.0 -) +require go.goms.io/fleet v0.10.10 require ( - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -55,7 +40,6 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect @@ -65,12 +49,10 @@ require ( github.com/imdario/mergo v0.3.16 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 // indirect @@ -81,7 +63,6 @@ require ( go.opentelemetry.io/otel/metric v1.30.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.28.0 // indirect golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect @@ -102,6 +83,7 @@ require ( sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/work-api v0.0.0-20220407021756-586d707fdb2c // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) // Fleet repo is using a custom version of work-api. diff --git a/go.sum b/go.sum index 8e98b553..b44acc25 100644 --- a/go.sum +++ b/go.sum @@ -4,36 +4,14 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 h1:Hp+EScFOu9HeCbeW8WU2yQPJd4gGwhMgKxWe+G6jNzw= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0/go.mod h1:/pz8dyNQe+Ey3yBp/XuYz7oqX8YDNWVpPB0hH3XWfbc= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 h1:DWlwvVV5r/Wy1561nZ3wrpI1/vDIBRY/Wd1HWaRBZWA= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0/go.mod h1:E7ltexgRDmeJ0fJWv0D/HLwY2xbDdN+uv+X2uZtOx3w= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0/go.mod h1:gYq8wyDgv6JLhGbAU6gg8amCPgQWRE+aCvrV2gyzdfs= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 h1:HlZMUZW8S4P9oob1nCHxCCKrytxyLc+24nUJGssoEto= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0/go.mod h1:StGsLbuJh06Bd8IBfnAlIFV3fLb+gkczONWf15hpX2E= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 h1:bXwSugBiSbgtz7rOtbfGf+woewp4f06orW9OP5BjHLA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0/go.mod h1:Y/HgrePTmGy9HjdSGTqZNa+apUpTVIEVKXJyARP2lrk= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0 h1:e3kTG23M5ps+DjvPolK4dcgohDY8sHsXU7zrdHj1WzY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0/go.mod h1:Os5dq8Cvvz97rJauZhZJAfKHN+OEvF/0nVmHzF4aVys= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= github.com/Azure/k8s-work-api v0.5.0 h1:DVOBt68NFTEVVV+vzz82WdTm4lroXuMd9ktfrfb/kU0= github.com/Azure/k8s-work-api v0.5.0/go.mod h1:CQiDOlNvMeKvGVer80PtvbW9X1cXq7EID9aMXyxkqPU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= @@ -158,8 +136,6 @@ go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8d go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= -go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= @@ -189,7 +165,6 @@ golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= diff --git a/pkg/common/cloudconfig/config.go b/pkg/common/cloudconfig/config.go deleted file mode 100644 index a66d8a2e..00000000 --- a/pkg/common/cloudconfig/config.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright (c) Microsoft Corporation. -Licensed under the MIT license. -*/ - -// Package cloudconfig defines azure cloud provider configuration. -package cloudconfig - -import ( - "fmt" - "io" - "os" - "strings" - - "sigs.k8s.io/cloud-provider-azure/pkg/azclient" - "sigs.k8s.io/yaml" -) - -// CloudConfig defines the necessary configurations to access Azure resources. -type CloudConfig struct { - azclient.ARMClientConfig `json:",inline" mapstructure:",squash"` - azclient.AzureAuthConfig `json:",inline" mapstructure:",squash"` - // subscription ID - SubscriptionID string `json:"subscriptionID,omitempty" mapstructure:"subscriptionID,omitempty"` - // azure resource location - Location string `json:"location,omitempty" mapstructure:"location,omitempty"` - // default resource group where the azure resources are deployed - ResourceGroup string `json:"resourceGroup,omitempty" mapstructure:"resourceGroup,omitempty"` -} - -// NewCloudConfigFromFile loads cloud config from a file given the file path. -func NewCloudConfigFromFile(filePath string) (*CloudConfig, error) { - if filePath == "" { - return nil, fmt.Errorf("failed to load cloud config: file path is empty") - } - - var config CloudConfig - configReader, err := os.Open(filePath) - if err != nil { - return nil, fmt.Errorf("failed to open cloud config file: %w, file path: %s", err, filePath) - } - defer configReader.Close() - - contents, err := io.ReadAll(configReader) - if err != nil { - return nil, fmt.Errorf("failed to read cloud config file: %w, file path: %s", err, filePath) - } - - if err := yaml.Unmarshal(contents, &config); err != nil { - return nil, fmt.Errorf("failed to unmarshal cloud config: %w, file path: %s", err, filePath) - } - - config.trimSpace() - if err := config.validate(); err != nil { - return nil, fmt.Errorf("failed to validate cloud config: %w, file contents: `%s`", err, string(contents)) - } - - return &config, nil -} - -// SetUserAgent sets the user agent string to access Azure resources. -func (cfg *CloudConfig) SetUserAgent(userAgent string) { - cfg.UserAgent = userAgent -} - -func (cfg *CloudConfig) validate() error { - if cfg.Cloud == "" { - return fmt.Errorf("cloud is empty") - } - - if cfg.Location == "" { - return fmt.Errorf("location is empty") - } - - if cfg.SubscriptionID == "" { - return fmt.Errorf("subscription ID is empty") - } - - if cfg.ResourceGroup == "" { - return fmt.Errorf("resource group is empty") - } - - if !cfg.UseManagedIdentityExtension { - if cfg.UserAssignedIdentityID != "" { - return fmt.Errorf("useManagedIdentityExtension needs to be true when userAssignedIdentityID is provided") - } - if cfg.AADClientID == "" || cfg.AADClientSecret == "" { - return fmt.Errorf("AAD client ID or AAD client secret is empty") - } - } - - return nil -} - -func (cfg *CloudConfig) trimSpace() { - cfg.Cloud = strings.TrimSpace(cfg.Cloud) - cfg.TenantID = strings.TrimSpace(cfg.TenantID) - cfg.UserAgent = strings.TrimSpace(cfg.UserAgent) - cfg.SubscriptionID = strings.TrimSpace(cfg.SubscriptionID) - cfg.Location = strings.TrimSpace(cfg.Location) - cfg.ResourceGroup = strings.TrimSpace(cfg.ResourceGroup) - cfg.UserAssignedIdentityID = strings.TrimSpace(cfg.UserAssignedIdentityID) - cfg.AADClientID = strings.TrimSpace(cfg.AADClientID) - cfg.AADClientSecret = strings.TrimSpace(cfg.AADClientSecret) -} diff --git a/pkg/common/cloudconfig/config_test.go b/pkg/common/cloudconfig/config_test.go deleted file mode 100644 index ed48ef26..00000000 --- a/pkg/common/cloudconfig/config_test.go +++ /dev/null @@ -1,277 +0,0 @@ -/* -Copyright (c) Microsoft Corporation. -Licensed under the MIT license. -*/ - -// Package cloudconfig defines azure cloud provider configuration. -package cloudconfig - -import ( - "testing" - - "github.com/google/go-cmp/cmp" - "sigs.k8s.io/cloud-provider-azure/pkg/azclient" -) - -func TestNewCloudConfigFromFile(t *testing.T) { - tests := map[string]struct { - filePath string - expectErr bool - expectedConfig *CloudConfig - }{ - "file path is empty": { - filePath: "", - expectErr: true, - }, - "failed to open file": { - filePath: "./test/not_exist.json", - expectErr: true, - }, - "failed to unmarshal file": { - filePath: "./test/azure_config_nojson.txt", - expectErr: true, - }, - "failed to validate config": { - filePath: "./test/azure_config_invalid.json", - expectErr: true, - }, - "succeeded to load config": { - filePath: "./test/azure_config_valid.json", - expectedConfig: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "AzurePublicCloud", - TenantID: "00000000-0000-0000-0000-000000000000", - UserAgent: "", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "11111111-1111-1111-1111-111111111111", - AADClientID: "", - AADClientSecret: "", - }, - Location: "eastus", - SubscriptionID: "00000000-0000-0000-0000-000000000000", - ResourceGroup: "test-rg", - }, - }, - } - for name, test := range tests { - t.Run(name, func(t *testing.T) { - config, err := NewCloudConfigFromFile(test.filePath) - if got := err != nil; got != test.expectErr { - t.Errorf("Failed to run NewCloudConfigFromFile(%s): got %v, want %v", test.filePath, got, test.expectErr) - } - if diff := cmp.Diff(config, test.expectedConfig); diff != "" { - t.Errorf("NewCloudConfigFromFile(%s) = %v, want %v, diff %s", test.filePath, config, test.expectedConfig, diff) - } - }) - } -} - -func TestSetUserAgent(t *testing.T) { - config := &CloudConfig{} - config.SetUserAgent("test") - if config.UserAgent != "test" { - t.Errorf("SetUserAgent(test) = %s, want test", config.UserAgent) - } -} - -func TestTrimSpace(t *testing.T) { - t.Run("test spaces are trimmed", func(t *testing.T) { - config := CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: " test \n", - UserAgent: " test \n", - TenantID: " test \t \n", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UserAssignedIdentityID: " test \n", - UseManagedIdentityExtension: true, - AADClientID: "\n test \n", - AADClientSecret: " test \n", - }, - Location: " test \n", - SubscriptionID: " test \n", - ResourceGroup: "\r\n test \n", - } - - expected := CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "test", - TenantID: "test", - UserAgent: "test", - }, - Location: "test", - SubscriptionID: "test", - ResourceGroup: "test", - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "test", - AADClientID: "test", - AADClientSecret: "test", - }, - } - config.trimSpace() - if diff := cmp.Diff(config, expected); diff != "" { - t.Errorf("failed to test TrimSpace: expect config fields are trimmed, got: %v, want: %v, diff: %s", config, expected, diff) - } - }) -} - -func TestDefaultAndValidate(t *testing.T) { - tests := map[string]struct { - config *CloudConfig - expectPass bool - }{ - "Cloud empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "a", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: false, - }, - "Location empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "a", - }, - Location: "", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: false, - }, - "SubscriptionID empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "a", - }, - Location: "l", - SubscriptionID: "", - ResourceGroup: "v", - }, - expectPass: false, - }, - "ResourceGroup empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "a", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "", - }, - expectPass: false, - }, - "UserAssignedIdentityID not empty when UseManagedIdentityExtension is false": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: false, - UserAssignedIdentityID: "aaaa", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: false, - }, - "AADClientID empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: false, - UserAssignedIdentityID: "", - AADClientID: "", - AADClientSecret: "2", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: false, - }, - "AADClientSecret empty": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: false, - UserAssignedIdentityID: "", - AADClientID: "1", - AADClientSecret: "", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: false, - }, - "has all required properties with secret and default values": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: false, - UserAssignedIdentityID: "", - AADClientID: "1", - AADClientSecret: "2", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: true, - }, - "has all required properties with msi and specified values": { - config: &CloudConfig{ - ARMClientConfig: azclient.ARMClientConfig{ - Cloud: "c", - }, - AzureAuthConfig: azclient.AzureAuthConfig{ - UseManagedIdentityExtension: true, - UserAssignedIdentityID: "u", - }, - Location: "l", - SubscriptionID: "s", - ResourceGroup: "v", - }, - expectPass: true, - }, - } - - for name, test := range tests { - t.Run(name, func(t *testing.T) { - err := test.config.validate() - if got := err == nil; got != test.expectPass { - t.Errorf("validate() = %v, want %v", got, test.expectPass) - } - }) - } -} diff --git a/pkg/common/cloudconfig/test/azure_config_invalid.json b/pkg/common/cloudconfig/test/azure_config_invalid.json deleted file mode 100644 index 09292542..00000000 --- a/pkg/common/cloudconfig/test/azure_config_invalid.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "cloud": "AzurePublicCloud", - "tenantId": "00000000-0000-0000-0000-000000000000", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "useManagedIdentityExtension": false, - "aadClientId": "00000000-0000-0000-0000-000000000000", - "resourceGroup": " test-rg ", - "location": " eastus " - } \ No newline at end of file diff --git a/pkg/common/cloudconfig/test/azure_config_nojson.txt b/pkg/common/cloudconfig/test/azure_config_nojson.txt deleted file mode 100644 index 6454f882..00000000 --- a/pkg/common/cloudconfig/test/azure_config_nojson.txt +++ /dev/null @@ -1 +0,0 @@ -This is an invalid json file for testing purposes. \ No newline at end of file diff --git a/pkg/common/cloudconfig/test/azure_config_valid.json b/pkg/common/cloudconfig/test/azure_config_valid.json deleted file mode 100644 index ef4b6973..00000000 --- a/pkg/common/cloudconfig/test/azure_config_valid.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "cloud": "AzurePublicCloud", - "tenantId": "00000000-0000-0000-0000-000000000000", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "useManagedIdentityExtension": true, - "userAssignedIdentityID": "11111111-1111-1111-1111-111111111111", - "resourceGroup": " test-rg ", - "location": " eastus " -} \ No newline at end of file From fd69fd351c401238604cd17b0020f3d92fd36a65 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Tue, 5 Nov 2024 04:04:04 +0000 Subject: [PATCH 6/7] fix comment --- .../templates/azurecloudconfig.yaml | 2 +- cmd/hub-net-controller-manager/main.go | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml index 29d55c1e..ddacae99 100644 --- a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml +++ b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml @@ -7,4 +7,4 @@ metadata: type: Opaque data: azure.json: {{ .Values.config.azureCloudConfig | toJson | indent 4 | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go index ea2063bf..680c16dc 100644 --- a/cmd/hub-net-controller-manager/main.go +++ b/cmd/hub-net-controller-manager/main.go @@ -69,11 +69,6 @@ var ( } ) -const ( - // defaultUserAgent is the default user agent string to access Azure resources. - defaultUserAgent = "fleet-hub-net-controller-manager" -) - func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(fleetnetv1alpha1.AddToScheme(scheme)) @@ -198,7 +193,7 @@ func main() { // klog.ErrorS(err, "Unable to load cloud config", "file name", *cloudConfigFile) // exitWithErrorFunc() // } - // cloudConfig.SetUserAgent(defaultUserAgent) + // cloudConfig.SetUserAgent("fleet-hub-net-controller-manager") // klog.V(1).InfoS("Cloud config loaded", "config", cloudConfig) } From 080e90f387a94c8512d8d740dc12c0c3b78a3be9 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Tue, 5 Nov 2024 04:14:34 +0000 Subject: [PATCH 7/7] comment out cloudconfig flag --- cmd/hub-net-controller-manager/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go index 680c16dc..60c8881e 100644 --- a/cmd/hub-net-controller-manager/main.go +++ b/cmd/hub-net-controller-manager/main.go @@ -59,7 +59,7 @@ var ( enableTrafficManagerFeature = flag.Bool("enable-traffic-manager-feature", false, "If set, the traffic manager feature will be enabled.") - cloudConfigFile = flag.String("cloud-config", "/etc/kubernetes/provider/azure.json", "The path to the cloud config file which will be used to access the Azure resource.") + // cloudConfigFile = flag.String("cloud-config", "/etc/kubernetes/provider/azure.json", "The path to the cloud config file which will be used to access the Azure resource.") ) var (