Merge pull request #1104 from jpflueger/rediscache-roll-actions

Rediscache roll actions

Makefile

@@ -19,22 +19,33 @@ TEST_RESOURCE_PREFIX ?= aso-$(BUILD_ID)
 # Go compiler builds tags: some parts of the test suite use these to selectively compile tests.
 BUILD_TAGS ?= all
 
-# Temp directory variable, set by environment on macOS and set to default for everything else
-TMPDIR ?= /tmp/
+ifdef TMPDIR
+TMPDIR := $(realpath ${TMPDIR})
+else
+TMPDIR := /tmp
+endif
 
 all: manager
 
 # Generate test certs for development
+generate-test-certs: CONFIGTXT := $(shell mktemp)
+generate-test-certs: WEBHOOK_DIR := $(TMPDIR)/k8s-webhook-server
+generate-test-certs: WEBHOOK_CERT_DIR := $(TMPDIR)/k8s-webhook-server/serving-certs
 generate-test-certs:
-	echo "[req]" > config.txt
-	echo "distinguished_name = req_distinguished_name" >> config.txt
-	echo "[req_distinguished_name]" >> config.txt
-	echo "[SAN]" >> config.txt
-	echo "subjectAltName=DNS:azureoperator-webhook-service.azureoperator-system.svc.cluster.local" >> config.txt
-	openssl req -x509 -days 730 -out tls.crt -keyout tls.key -newkey rsa:4096 -subj "/CN=azureoperator-webhook-service.azureoperator-system" -config config.txt -nodes
-	rm -rf $(TMPDIR)/k8s-webhook-server
-	mkdir -p $(TMPDIR)/k8s-webhook-server/serving-certs
-	mv tls.* $(TMPDIR)/k8s-webhook-server/serving-certs/
+	rm -rf $(WEBHOOK_DIR)
+	mkdir -p $(WEBHOOK_CERT_DIR)
+
+	@echo "[req]" > $(CONFIGTXT)
+	@echo "distinguished_name = req_distinguished_name" >> $(CONFIGTXT)
+	@echo "[req_distinguished_name]" >> $(CONFIGTXT)
+	@echo "[SAN]" >> $(CONFIGTXT)
+	@echo "subjectAltName=DNS:azureoperator-webhook-service.azureoperator-system.svc.cluster.local" >> $(CONFIGTXT)
+
+	@echo "OpenSSL Config:"
+	@cat $(CONFIGTXT)
+	@echo
+
+	openssl req -x509 -days 730 -out $(WEBHOOK_CERT_DIR)/tls.crt -keyout $(WEBHOOK_CERT_DIR)/tls.key -newkey rsa:4096 -subj "/CN=azureoperator-webhook-service.azureoperator-system" -config $(CONFIGTXT) -nodes
 
 # Run Controller tests against the configured cluster
 test-integration-controllers: generate fmt vet manifests

PROJECT

@@ -1,127 +1,133 @@
+version: "2"
 domain: microsoft.com
 repo: github.com/Azure/azure-service-operator
 resources:
 - group: azure
-  kind: StorageAccount
   version: v1alpha1
+  kind: StorageAccount
 - group: azure
-  kind: CosmosDB
   version: v1alpha1
+  kind: CosmosDB
 - group: azure
-  kind: RedisCache
   version: v1alpha1
+  kind: RedisCache
 - group: azure
-  kind: Eventhub
   version: v1alpha1
+  kind: Eventhub
 - group: azure
-  kind: ResourceGroup
   version: v1alpha1
+  kind: ResourceGroup
 - group: azure
-  kind: EventhubNamespace
   version: v1alpha1
+  kind: EventhubNamespace
 - group: azure
-  kind: AzureSqlServer
   version: v1alpha1
+  kind: AzureSqlServer
 - group: azure
-  kind: AzureSqlDatabase
   version: v1alpha1
+  kind: AzureSqlDatabase
 - group: azure
-  kind: AzureSqlFirewallRule
   version: v1alpha1
+  kind: AzureSqlFirewallRule
 - group: azure
-  kind: KeyVault
   version: v1alpha1
+  kind: KeyVault
 - group: azure
-  kind: ConsumerGroup
   version: v1alpha1
+  kind: ConsumerGroup
 - group: azure
-  kind: AzureSqlAction
   version: v1alpha1
+  kind: AzureSqlAction
 - group: azure
-  kind: BlobContainer
   version: v1alpha1
+  kind: BlobContainer
 - group: azure
-  kind: PostgreSQLServer
   version: v1alpha1
+  kind: PostgreSQLServer
 - group: azure
-  kind: PostgreSQLDatabase
   version: v1alpha1
+  kind: PostgreSQLDatabase
 - group: azure
-  kind: PostgreSQLVNetRule
   version: v1alpha1
+  kind: PostgreSQLVNetRule
 - group: azure
-  kind: PostgreSQLFirewallRule
   version: v1alpha1
+  kind: PostgreSQLFirewallRule
 - group: azure
-  kind: APIMgmtAPI
   version: v1alpha1
+  kind: APIMgmtAPI
 - group: azure
-  kind: ApimService
   version: v1alpha1
+  kind: ApimService
 - group: azure
-  kind: VirtualNetwork
   version: v1alpha1
+  kind: VirtualNetwork
 - group: azure
-  kind: AzurePublicIPAddress
   version: v1alpha1
+  kind: AzurePublicIPAddress
 - group: azure
-  kind: AzureNetworkInterface
   version: v1alpha1
+  kind: AzureNetworkInterface
 - group: azure
-  kind: AppInsights
   version: v1alpha1
+  kind: AppInsights
 - group: azure
-  kind: KeyVaultKey
   version: v1alpha1
+  kind: KeyVaultKey
 - group: azure
-  kind: AzureSQLVNetRule
   version: v1alpha1
+  kind: AzureSQLVNetRule
 - group: azure
-  kind: MySQLServer
   version: v1alpha1
+  kind: MySQLServer
 - group: azure
-  kind: MySQLDatabase
   version: v1alpha1
+  kind: MySQLDatabase
 - group: azure
-  kind: MySQLFirewallRule
   version: v1alpha1
+  kind: MySQLFirewallRule
 - group: azure
-  kind: MySQLVNetRule
   version: v1alpha1
+  kind: MySQLVNetRule
 - group: azure
-  kind: AzureVirtualMachine
   version: v1alpha1
+  kind: AzureVirtualMachine
 - group: azure
-  kind: AzureSQLManagedUser
   version: v1alpha1
+  kind: AzureSQLManagedUser
 - group: azure
-  kind: AzureLoadBalancer
   version: v1alpha1
+  kind: AzureLoadBalancer
 - group: azure
-  kind: AzureVMScaleSet
   version: v1alpha1
+  kind: AzureVMScaleSet
 - group: azure
-  kind: AzureSqlServer
   version: v1beta1
+  kind: AzureSqlServer
 - group: azure
-  kind: AzureSqlDatabase
   version: v1beta1
+  kind: AzureSqlDatabase
 - group: azure
-  kind: AzureSqlFirewallRule
   version: v1beta1
+  kind: AzureSqlFirewallRule
 - group: azure
-  kind: AzureSqlFailoverGroup
   version: v1beta1
+  kind: AzureSqlFailoverGroup
 - group: azure
-  kind: BlobContainer
   version: v1alpha2
+  kind: BlobContainer
 - group: azure
-  kind: MySQLServer
   version: v1alpha2
+  kind: MySQLServer
 - group: azure
   kind: RedisCacheFirewallRule
   version: v1alpha1
+- group: azure
+  kind: RedisCacheAction
+  version: v1alpha1
 - group: azure
   kind: AzureVirtualMachineExtension
   version: v1alpha1
-version: "2"
+- group: azure
+  kind: AzureVirtualMachineExtension
+  version: v1alpha1

api/v1alpha1/rediscacheaction_types.go

@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +kubebuilder:validation:Enum=rollallkeys;rollprimarykey;rollsecondarykey
+type RedisCacheActionName string
+
+const (
+	RedisCacheActionNameRollAllKeys      RedisCacheActionName = "rollallkeys"
+	RedisCacheActionNameRollPrimaryKey   RedisCacheActionName = "rollprimarykey"
+	RedisCacheActionNameRollSecondaryKey RedisCacheActionName = "rollsecondarykey"
+)
+
+// RedisCacheActionSpec defines the desired state of RedisCacheAction
+type RedisCacheActionSpec struct {
+	ResourceGroup          string               `json:"resourceGroup"`
+	CacheName              string               `json:"cacheName"`
+	ActionName             RedisCacheActionName `json:"actionName"`
+	SecretName             string               `json:"secretName,omitempty"`
+	KeyVaultToStoreSecrets string               `json:"keyVaultToStoreSecrets,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// RedisCacheAction is the Schema for the rediscacheactions API
+// +kubebuilder:printcolumn:name="Provisioned",type="string",JSONPath=".status.provisioned"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.message"
+type RedisCacheAction struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RedisCacheActionSpec `json:"spec,omitempty"`
+	Status ASOStatus            `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// RedisCacheActionList contains a list of RedisCacheAction
+type RedisCacheActionList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RedisCacheAction `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RedisCacheAction{}, &RedisCacheActionList{})
+}

config/crd/kustomization.yaml

@@ -38,6 +38,7 @@ resources:
 - bases/azure.microsoft.com_azuresqlmanagedusers.yaml
 - bases/azure.microsoft.com_azureloadbalancers.yaml
 - bases/azure.microsoft.com_azurevmscalesets.yaml
+- bases/azure.microsoft.com_rediscacheactions.yaml
 - bases/azure.microsoft.com_rediscachefirewallrules.yaml
 - bases/azure.microsoft.com_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
@@ -77,6 +78,7 @@ patches:
 #- patches/webhook_in_azuresqlmanagedusers.yaml
 #- patches/webhook_in_azureloadbalancers.yaml
 #- patches/webhook_in_azurevmscalesets.yaml
+#- patches/webhook_in_rediscacheactions.yaml
 #- patches/webhook_in_rediscachefirewallrules.yaml
 #- patches/webhook_in_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
@@ -115,6 +117,7 @@ patches:
 #- patches/cainjection_in_azuresqlmanagedusers.yaml
 #- patches/cainjection_in_azureloadbalancers.yaml
 #- patches/cainjection_in_azurevmscalesets.yaml
+#- patches/cainjection_in_rediscacheactions.yaml
 #- patches/cainjection_in_rediscachefirewallrules.yaml
 #- patches/cainjection_in_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch

config/crd/patches/cainjection_in_rediscacheactions.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: rediscacheactions.azure.microsoft.com