Merge pull request #1077 from jpflueger/cosmosdb-secret-connstr

Cosmosdb Secret connection string
Azure · May 19, 2020 · 0f37fe8 · 0f37fe8
2 parents 5af010a + f15fb52
commit 0f37fe8
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 10 deletions.
diff --git a/Makefile b/Makefile
@@ -19,6 +19,9 @@ TEST_RESOURCE_PREFIX ?= aso-$(BUILD_ID)
 # Go compiler builds tags: some parts of the test suite use these to selectively compile tests.
 BUILD_TAGS ?= all
 
+# Temp directory variable, set by environment on macOS and set to default for everything else
+TMPDIR ?= /tmp/
+
 all: manager
 
 # Generate test certs for development
@@ -29,9 +32,9 @@ generate-test-certs:
 	echo "[SAN]" >> config.txt
 	echo "subjectAltName=DNS:azureoperator-webhook-service.azureoperator-system.svc.cluster.local" >> config.txt
 	openssl req -x509 -days 730 -out tls.crt -keyout tls.key -newkey rsa:4096 -subj "/CN=azureoperator-webhook-service.azureoperator-system" -config config.txt -nodes
-	rm -rf /tmp/k8s-webhook-server
-	mkdir -p /tmp/k8s-webhook-server/serving-certs
-	mv tls.* /tmp/k8s-webhook-server/serving-certs/
+	rm -rf $(TMPDIR)/k8s-webhook-server
+	mkdir -p $(TMPDIR)/k8s-webhook-server/serving-certs
+	mv tls.* $(TMPDIR)/k8s-webhook-server/serving-certs/
 
 # Run Controller tests against the configured cluster
 test-integration-controllers: generate fmt vet manifests
@@ -237,10 +240,10 @@ install-kubebuilder:
 ifeq (,$(shell which kubebuilder))
 	@echo "installing kubebuilder"
 	# download kubebuilder and extract it to tmp
-	curl -sL https://go.kubebuilder.io/dl/2.0.0/$(shell go env GOOS)/$(shell go env GOARCH) | tar -xz -C /tmp/
+	curl -sL https://go.kubebuilder.io/dl/2.0.0/$(shell go env GOOS)/$(shell go env GOARCH) | tar -xz -C $(TMPDIR)
 	# move to a long-term location and put it on your path
 	# (you'll need to set the KUBEBUILDER_ASSETS env var if you put it somewhere else)
-	mv /tmp/kubebuilder_2.0.0_$(shell go env GOOS)_$(shell go env GOARCH) /usr/local/kubebuilder
+	mv $(TMPDIR)/kubebuilder_2.0.0_$(shell go env GOOS)_$(shell go env GOARCH) /usr/local/kubebuilder
 	export PATH=$$PATH:/usr/local/kubebuilder/bin
 else
 	@echo "kubebuilder has been installed"

diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb.go b/pkg/resourcemanager/cosmosdbs/cosmosdb.go
@@ -159,6 +159,24 @@ func (*AzureCosmosDBManager) ListKeys(
 	return &result, nil
 }
 
+// ListConnectionStrings lists the connection strings for a database account
+func (*AzureCosmosDBManager) ListConnectionStrings(
+	ctx context.Context,
+	groupName string,
+	accountName string) (*documentdb.DatabaseAccountListConnectionStringsResult, error) {
+	client, err := getCosmosDBClient()
+	if err != nil {
+		return nil, err
+	}
+
+	result, err := client.ListConnectionStrings(ctx, groupName, accountName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &result, nil
+}
+
 func getAccountOfferType(spec v1alpha1.CosmosDBSpec) *string {
 	kind := string(spec.Properties.DatabaseAccountOfferType)
 	if kind == "" {

diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go b/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go
@@ -35,5 +35,8 @@ type CosmosDBManager interface {
 	// ListKeys lists the read & write keys for a database account
 	ListKeys(ctx context.Context, groupName string, accountName string) (*documentdb.DatabaseAccountListKeysResult, error)
 
+	// ListConnectionStrings lists the connection strings for a database account
+	ListConnectionStrings(ctx context.Context, groupName string, accountName string) (*documentdb.DatabaseAccountListConnectionStringsResult, error)
+
 	resourcemanager.ARMClient
 }
diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go b/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go
@@ -248,7 +248,12 @@ func (m *AzureCosmosDBManager) convert(obj runtime.Object) (*v1alpha1.CosmosDB,
 }
 
 func (m *AzureCosmosDBManager) createOrUpdateSecret(ctx context.Context, instance *v1alpha1.CosmosDB, db *documentdb.DatabaseAccount) error {
-	result, err := m.ListKeys(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name)
+	connStrResult, err := m.ListConnectionStrings(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name)
+	if err != nil {
+		return err
+	}
+
+	keysResult, err := m.ListKeys(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name)
 	if err != nil {
 		return err
 	}
@@ -259,12 +264,20 @@ func (m *AzureCosmosDBManager) createOrUpdateSecret(ctx context.Context, instanc
 	}
 	secretData := map[string][]byte{
 		"primaryEndpoint":            []byte(*db.DocumentEndpoint),
-		"primaryMasterKey":           []byte(*result.PrimaryMasterKey),
-		"secondaryMasterKey":         []byte(*result.SecondaryMasterKey),
-		"primaryReadonlyMasterKey":   []byte(*result.PrimaryReadonlyMasterKey),
-		"secondaryReadonlyMasterKey": []byte(*result.SecondaryReadonlyMasterKey),
+		"primaryMasterKey":           []byte(*keysResult.PrimaryMasterKey),
+		"secondaryMasterKey":         []byte(*keysResult.SecondaryMasterKey),
+		"primaryReadonlyMasterKey":   []byte(*keysResult.PrimaryReadonlyMasterKey),
+		"secondaryReadonlyMasterKey": []byte(*keysResult.SecondaryReadonlyMasterKey),
+	}
+
+	// set all available connection strings in the secret
+	if connStrResult.ConnectionStrings != nil {
+		for _, cs := range *connStrResult.ConnectionStrings {
+			secretData[helpers.RemoveNonAlphaNumeric(*cs.Description)] = []byte(*cs.ConnectionString)
+		}
 	}
 
+	// set each location's endpoint in the secret
 	if db.DatabaseAccountProperties.ReadLocations != nil {
 		for _, l := range *db.DatabaseAccountProperties.ReadLocations {
 			safeLocationName := helpers.RemoveNonAlphaNumeric(strings.ToLower(*l.LocationName))