From 12c04f3034777e5db199a7b325af9ab4834ed7ca Mon Sep 17 00:00:00 2001 From: hobu <37413937+buhongw7583c@users.noreply.github.com> Date: Thu, 9 Apr 2020 07:24:57 +0800 Subject: [PATCH] issue#858#fixYamlfile --- api/v1alpha1/storage_types.go | 2 + config/samples/azure_v1alpha1_storage.yaml | 24 ++++++------ .../storages/storageaccount/storage.go | 39 +++++++------------ 3 files changed, 26 insertions(+), 39 deletions(-) diff --git a/api/v1alpha1/storage_types.go b/api/v1alpha1/storage_types.go index a61c370f1d9..1c7b83ceaff 100644 --- a/api/v1alpha1/storage_types.go +++ b/api/v1alpha1/storage_types.go @@ -31,6 +31,8 @@ type StorageSpec struct { DataLakeEnabled *bool `json:"dataLakeEnabled,omitempty"` NetworkRule *StorageNetworkRuleSet `json:"networkRule,omitempty"` + + //Properties StorageAccountProperties `json:"properties,omitempty"` } // Sku the SKU of the storage account. diff --git a/config/samples/azure_v1alpha1_storage.yaml b/config/samples/azure_v1alpha1_storage.yaml index 02b25809087..30f34270af0 100644 --- a/config/samples/azure_v1alpha1_storage.yaml +++ b/config/samples/azure_v1alpha1_storage.yaml @@ -7,18 +7,16 @@ spec: resourceGroup: resourcegroup-azure-operators sku: name: Standard_RAGRS - kind: StorageV2 - properties: - accessTier: Hot - supportsHttpsTrafficOnly: true + kind: BlobStorage + accessTier: Hot + supportsHttpsTrafficOnly: true # Optional: networkRule - networkRule: - bypass: AzureServices # Possible values are AzureServices, Metrics, None, Logging - defaultAction: Allow # Possible values are Allow, Deny - virtualNetworkRules: - - subnetId: /subscriptions/08daa385-27fa-477a-b556-a9ead8b270d9/resourceGroups/resourcegroup-azure-operator/providers/Microsoft.Network/virtualNetworks/virtualnetwork-sample/subnets/test1 - ipRules: - - ipAddressOrRange: 2.2.0.0/24 - - ipAddressOrRange: 2.2.2.1 - + networkRule: + bypass: AzureServices # Possible values are AzureServices, Metrics, None, Logging + defaultAction: Deny # Possible values are Allow, Deny + virtualNetworkRules: + - subnetId: /subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Network/virtualNetworks/{vnet}/subnets/{subnet} + ipRules: #could be an ip range or a ip address + - ipAddressOrRange: 2.2.0.0/24 + - ipAddressOrRange: 2.2.2.1 diff --git a/pkg/resourcemanager/storages/storageaccount/storage.go b/pkg/resourcemanager/storages/storageaccount/storage.go index ec74ca48720..0b45d1d69bd 100644 --- a/pkg/resourcemanager/storages/storageaccount/storage.go +++ b/pkg/resourcemanager/storages/storageaccount/storage.go @@ -7,6 +7,7 @@ import ( "context" "errors" "log" + "strings" "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-04-01/storage" "github.com/Azure/azure-service-operator/api/v1alpha1" @@ -21,8 +22,8 @@ type azureStorageManager struct{} // ParseNetworkPolicy - helper function to parse network policies from Kubernetes spec func ParseNetworkPolicy(ruleSet *v1alpha1.StorageNetworkRuleSet) storage.NetworkRuleSet { - var bypass storage.Bypass + bypass := storage.AzureServices switch ruleSet.Bypass { case "AzureServices": bypass = storage.AzureServices @@ -32,26 +33,19 @@ func ParseNetworkPolicy(ruleSet *v1alpha1.StorageNetworkRuleSet) storage.Network bypass = storage.Logging case "Metrics": bypass = storage.Metrics - default: - bypass = storage.AzureServices } - var defaultAction storage.DefaultAction - switch ruleSet.DefaultAction { - case "Allow": + defaultAction := storage.DefaultActionDeny + if strings.ToLower(ruleSet.DefaultAction) == "allow" { defaultAction = storage.DefaultActionAllow - case "Deny": - defaultAction = storage.DefaultActionDeny - default: - defaultAction = storage.DefaultActionDeny } var ipInstances []storage.IPRule - if ruleSet.IPRule != nil { - for _, i := range *ruleSet.IPRule { - subnetID := i.IPAddressOrRange + if ruleSet.IPRules != nil { + for _, i := range *ruleSet.IPRules { + ipmask := i.IPAddressOrRange ipInstances = append(ipInstances, storage.IPRule{ - IPAddressOrRange: subnetID, + IPAddressOrRange: ipmask, Action: storage.Allow, }) } @@ -60,9 +54,9 @@ func ParseNetworkPolicy(ruleSet *v1alpha1.StorageNetworkRuleSet) storage.Network var vnetInstances []storage.VirtualNetworkRule if ruleSet.VirtualNetworkRules != nil { for _, i := range *ruleSet.VirtualNetworkRules { - ventID := i.VirtualNetworkResourceID + vnetID := i.SubnetId vnetInstances = append(vnetInstances, storage.VirtualNetworkRule{ - VirtualNetworkResourceID: ventID, + VirtualNetworkResourceID: vnetID, Action: storage.Allow, }) } @@ -88,7 +82,7 @@ func getStoragesClient() storage.AccountsClient { } // CreateStorage creates a new storage account -func (_ *azureStorageManager) CreateStorage(ctx context.Context, instance *v1alpha1.Storage, +func (_ *azureStorageManager) CreateStorage(ctx context.Context, groupName string, storageAccountName string, location string, @@ -96,7 +90,7 @@ func (_ *azureStorageManager) CreateStorage(ctx context.Context, instance *v1alp kind azurev1alpha1.StorageKind, tags map[string]*string, accessTier azurev1alpha1.StorageAccessTier, - enableHTTPsTrafficOnly *bool, dataLakeEnabled *bool) (result storage.Account, err error) { + enableHTTPsTrafficOnly *bool, dataLakeEnabled *bool, networkRule *storage.NetworkRuleSet) (result storage.Account, err error) { storagesClient := getStoragesClient() @@ -122,13 +116,6 @@ func (_ *azureStorageManager) CreateStorage(ctx context.Context, instance *v1alp sKind := storage.Kind(kind) sAccessTier := storage.AccessTier(accessTier) - var networkAcls storage.NetworkRuleSet - if instance.Spec.NetworkRule != nil { - networkAcls = ParseNetworkPolicy(instance.Spec.NetworkRule) - } else { - networkAcls = storage.NetworkRuleSet{} - } - params := storage.AccountCreateParameters{ Location: to.StringPtr(location), Sku: &sSku, @@ -139,7 +126,7 @@ func (_ *azureStorageManager) CreateStorage(ctx context.Context, instance *v1alp AccessTier: sAccessTier, EnableHTTPSTrafficOnly: enableHTTPsTrafficOnly, IsHnsEnabled: dataLakeEnabled, - NetworkRuleSet: &networkAcls, + NetworkRuleSet: networkRule, }, }