From bbd862bf7597e3e31c5195c83c16168bb4ea7c66 Mon Sep 17 00:00:00 2001 From: jpflueger Date: Mon, 18 May 2020 17:39:24 -0600 Subject: [PATCH 1/2] adding docs and including connection string in secret --- Makefile | 13 +++++---- pkg/resourcemanager/cosmosdbs/cosmosdb.go | 18 +++++++++++++ .../cosmosdbs/cosmosdb_manager.go | 3 +++ .../cosmosdbs/cosmosdb_reconcile.go | 27 +++++++++++++++---- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index b6de73fe74e..15bfac2aa17 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,9 @@ TEST_RESOURCE_PREFIX ?= aso-$(BUILD_ID) # Some parts of the test suite use Go Build Tags to ignore certain tests. Default to all tests but allow the user to pass custom tags. BUILD_TAGS ?= all +# Temp directory variable, set by environment on macOS and set to default for everything else +TMPDIR ?= /tmp/ + all: manager # Generate test certs for development @@ -30,9 +33,9 @@ generate-test-certs: echo "[SAN]" >> config.txt echo "subjectAltName=DNS:azureoperator-webhook-service.azureoperator-system.svc.cluster.local" >> config.txt openssl req -x509 -days 730 -out tls.crt -keyout tls.key -newkey rsa:4096 -subj "/CN=azureoperator-webhook-service.azureoperator-system" -config config.txt -nodes - rm -rf /tmp/k8s-webhook-server - mkdir -p /tmp/k8s-webhook-server/serving-certs - mv tls.* /tmp/k8s-webhook-server/serving-certs/ + rm -rf $(TMPDIR)/k8s-webhook-server + mkdir -p $(TMPDIR)/k8s-webhook-server/serving-certs + mv tls.* $(TMPDIR)/k8s-webhook-server/serving-certs/ # Run API unittests api-test: generate fmt vet manifests @@ -246,10 +249,10 @@ install-kubebuilder: ifeq (,$(shell which kubebuilder)) @echo "installing kubebuilder" # download kubebuilder and extract it to tmp - curl -sL https://go.kubebuilder.io/dl/2.0.0/$(shell go env GOOS)/$(shell go env GOARCH) | tar -xz -C /tmp/ + curl -sL https://go.kubebuilder.io/dl/2.0.0/$(shell go env GOOS)/$(shell go env GOARCH) | tar -xz -C $(TMPDIR) # move to a long-term location and put it on your path # (you'll need to set the KUBEBUILDER_ASSETS env var if you put it somewhere else) - mv /tmp/kubebuilder_2.0.0_$(shell go env GOOS)_$(shell go env GOARCH) /usr/local/kubebuilder + mv $(TMPDIR)/kubebuilder_2.0.0_$(shell go env GOOS)_$(shell go env GOARCH) /usr/local/kubebuilder export PATH=$$PATH:/usr/local/kubebuilder/bin else @echo "kubebuilder has been installed" diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb.go b/pkg/resourcemanager/cosmosdbs/cosmosdb.go index d55b6b756a7..7a8ffb5cace 100644 --- a/pkg/resourcemanager/cosmosdbs/cosmosdb.go +++ b/pkg/resourcemanager/cosmosdbs/cosmosdb.go @@ -159,6 +159,24 @@ func (*AzureCosmosDBManager) ListKeys( return &result, nil } +// ListConnectionStrings lists the connection strings for a database account +func (*AzureCosmosDBManager) ListConnectionStrings( + ctx context.Context, + groupName string, + accountName string) (*documentdb.DatabaseAccountListConnectionStringsResult, error) { + client, err := getCosmosDBClient() + if err != nil { + return nil, err + } + + result, err := client.ListConnectionStrings(ctx, groupName, accountName) + if err != nil { + return nil, err + } + + return &result, nil +} + func getAccountOfferType(spec v1alpha1.CosmosDBSpec) *string { kind := string(spec.Properties.DatabaseAccountOfferType) if kind == "" { diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go b/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go index abb75b5c1bc..82bd20163c9 100644 --- a/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go +++ b/pkg/resourcemanager/cosmosdbs/cosmosdb_manager.go @@ -35,5 +35,8 @@ type CosmosDBManager interface { // ListKeys lists the read & write keys for a database account ListKeys(ctx context.Context, groupName string, accountName string) (*documentdb.DatabaseAccountListKeysResult, error) + // ListConnectionStrings lists the connection strings for a database account + ListConnectionStrings(ctx context.Context, groupName string, accountName string) (*documentdb.DatabaseAccountListConnectionStringsResult, error) + resourcemanager.ARMClient } diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go b/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go index f886b61b723..a902ab9fbb5 100644 --- a/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go +++ b/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go @@ -7,6 +7,7 @@ import ( "context" "fmt" "strings" + "unicode" "github.com/Azure/azure-sdk-for-go/services/cosmos-db/mgmt/2015-04-08/documentdb" "github.com/Azure/azure-service-operator/api/v1alpha1" @@ -248,7 +249,12 @@ func (m *AzureCosmosDBManager) convert(obj runtime.Object) (*v1alpha1.CosmosDB, } func (m *AzureCosmosDBManager) createOrUpdateSecret(ctx context.Context, instance *v1alpha1.CosmosDB, db *documentdb.DatabaseAccount) error { - result, err := m.ListKeys(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name) + connStrResult, err := m.ListConnectionStrings(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name) + if err != nil { + return err + } + + keysResult, err := m.ListKeys(ctx, instance.Spec.ResourceGroup, instance.ObjectMeta.Name) if err != nil { return err } @@ -259,12 +265,23 @@ func (m *AzureCosmosDBManager) createOrUpdateSecret(ctx context.Context, instanc } secretData := map[string][]byte{ "primaryEndpoint": []byte(*db.DocumentEndpoint), - "primaryMasterKey": []byte(*result.PrimaryMasterKey), - "secondaryMasterKey": []byte(*result.SecondaryMasterKey), - "primaryReadonlyMasterKey": []byte(*result.PrimaryReadonlyMasterKey), - "secondaryReadonlyMasterKey": []byte(*result.SecondaryReadonlyMasterKey), + "primaryMasterKey": []byte(*keysResult.PrimaryMasterKey), + "secondaryMasterKey": []byte(*keysResult.SecondaryMasterKey), + "primaryReadonlyMasterKey": []byte(*keysResult.PrimaryReadonlyMasterKey), + "secondaryReadonlyMasterKey": []byte(*keysResult.SecondaryReadonlyMasterKey), + } + + // set all available connection strings in the secret + if connStrResult.ConnectionStrings != nil { + for _, cs := range *connStrResult.ConnectionStrings { + // force the first character to lowercase to enforce consistency + key := []rune(helpers.RemoveNonAlphaNumeric(*cs.Description)) + key[0] = unicode.ToLower(rune(key[0])) + secretData[string(key)] = []byte(*cs.ConnectionString) + } } + // set each location's endpoint in the secret if db.DatabaseAccountProperties.ReadLocations != nil { for _, l := range *db.DatabaseAccountProperties.ReadLocations { safeLocationName := helpers.RemoveNonAlphaNumeric(strings.ToLower(*l.LocationName)) From 471f2573029d6c1a5fe65a930d3da331737a1cfd Mon Sep 17 00:00:00 2001 From: jpflueger Date: Mon, 18 May 2020 20:22:50 -0600 Subject: [PATCH 2/2] undo lowercase change --- pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go b/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go index a902ab9fbb5..3cc5cc77e3b 100644 --- a/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go +++ b/pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go @@ -7,7 +7,6 @@ import ( "context" "fmt" "strings" - "unicode" "github.com/Azure/azure-sdk-for-go/services/cosmos-db/mgmt/2015-04-08/documentdb" "github.com/Azure/azure-service-operator/api/v1alpha1" @@ -274,10 +273,7 @@ func (m *AzureCosmosDBManager) createOrUpdateSecret(ctx context.Context, instanc // set all available connection strings in the secret if connStrResult.ConnectionStrings != nil { for _, cs := range *connStrResult.ConnectionStrings { - // force the first character to lowercase to enforce consistency - key := []rune(helpers.RemoveNonAlphaNumeric(*cs.Description)) - key[0] = unicode.ToLower(rune(key[0])) - secretData[string(key)] = []byte(*cs.ConnectionString) + secretData[helpers.RemoveNonAlphaNumeric(*cs.Description)] = []byte(*cs.ConnectionString) } }