Merge remote-tracking branch 'upstream/master' into cosmosdb-secret-c…

…onnstr

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+*       @frodopwns @WilliamMortlMicrosoft @jananivMS

.gitignore

@@ -10,8 +10,8 @@ default.etcd
 # Test binary, build with `go test -c`
 *.test
 
-# Output of the go coverage tool, specifically when used with LiteIDE
-*.out
+# Output of the test and coverage results
+reports/
 
 bin/
 vendor/

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing Guidelines
+
+The Azure Service Operator project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.
+
+Please see also the [Azure Service Operator Developer Guide](docs/community/developer-guide.md).
+
+## Contributor License Agreements
+
+We'd love to accept your patches! Before we can take them, we have to jump a
+couple of legal hurdles.
+
+The [Microsoft CLA](https://cla.microsoft.com/) must be signed by all contributors. Please fill out either the individual or corporate Contributor License Agreement (CLA). Once you are CLA'ed, we'll be able to accept your pull requests.
+
+***NOTE***: Only original source code from you and other people that have
+signed the CLA can be accepted into the repository.
+
+## Support Channels
+
+This is an open source project and as such no formal support is available. However, like all good open source projects we do offer "best effort" support through github issues.
+
+GitHub issues can be filed here - https://github.com/Azure/azure-service-operator/issues
+
+Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of.
+
+## Issues
+
+Issues are used as the primary method for tracking anything to do with the Azure Service Operator project.
+
+### Issue Lifecycle
+
+The issue lifecycle is mainly driven by the core maintainers, but is good information for those contributing to the project. All issue types follow the same general lifecycle. Differences are noted below.
+1. Issue creation
+2. Triage
+    - The maintainer in charge of triaging will apply the proper labels for the issue. This includes labels for priority, type, and metadata. If additional
+    labels are needed in the future, we will add them.
+    - (If needed) Clean up the title to succinctly and clearly state the issue. Also ensure that proposals are prefaced with "Proposal".
+3. Discussion
+    - "Feature" and "Bug" issues should be connected to the PR that resolves it.
+    - Whoever is working on a "Feature" or "Bug" issue (whether a maintainer or someone from the community), should either assign the issue to themself or make a comment in the issue saying that they are taking it.
+    - "Proposal" and "Question" issues should stay open until resolved or if they have not been active for more than 30 days. This will help keep the issue queue to a manageable size and reduce noise. Should the issue need to stay open, the `keep open` label can be added.
+4. Issue closure
+
+## How to Contribute a Patch
+
+1. If you haven't already done so, sign a Contributor License Agreement (see details above).
+2. Fork the desired repo, develop and test your code changes.
+3. Submit a pull request.
+
+## Reporting Security Issues
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, including this one.
+
+If you believe you have found a security vulnerability in this repository that meets Microsoft's [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+We prefer all communications to be in English.
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.13.5 as builder
+FROM golang:1.13.7 as builder
 
 WORKDIR /workspace/
 # Copy the Go Modules manifests

Makefile

@@ -1,5 +1,5 @@
 # Image URL to use all building/pushing image targets
-
+IMG ?= controller:latest
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -8,7 +8,6 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-IMG ?= controller:latest
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd"
 
@@ -17,7 +16,7 @@ BUILD_ID ?= $(shell git rev-parse --short HEAD)
 # best to keep the prefix as short as possible to not exceed naming limits for things like keyvault (24 chars)
 TEST_RESOURCE_PREFIX ?= aso-$(BUILD_ID)
 
-# Some parts of the test suite use Go Build Tags to ignore certain tests. Default to all tests but allow the user to pass custom tags.
+# Go compiler builds tags: some parts of the test suite use these to selectively compile tests.
 BUILD_TAGS ?= all
 
 # Temp directory variable, set by environment on macOS and set to default for everything else
@@ -37,48 +36,47 @@ generate-test-certs:
 	mkdir -p $(TMPDIR)/k8s-webhook-server/serving-certs
 	mv tls.* $(TMPDIR)/k8s-webhook-server/serving-certs/
 
-# Run API unittests
-api-test: generate fmt vet manifests
-	TEST_USE_EXISTING_CLUSTER=false go test -v -coverprofile=coverage.txt -covermode count ./api/...  2>&1 | tee testlogs.txt
-	go-junit-report < testlogs.txt  > report.xml
-	go tool cover -html=coverage.txt -o cover.html
-
-# Run tests
-test: generate fmt vet manifests 
-	TEST_USE_EXISTING_CLUSTER=false REQUEUE_AFTER=20 \
-	go test -tags "$(BUILD_TAGS)" -parallel 3 -v -coverprofile=coverage.txt -covermode count \
-	./api/... \
-	./controllers/... \
-	-timeout 10m 2>&1 | tee testlogs.txt
-	go-junit-report < testlogs.txt > report.xml
-	go tool cover -html=coverage.txt -o cover.html
-
-# Run tests with existing cluster
-test-existing-controllers: generate fmt vet manifests
-	TEST_RESOURCE_PREFIX=$(TEST_RESOURCE_PREFIX) TEST_USE_EXISTING_CLUSTER=true REQUEUE_AFTER=20 go test -tags "$(BUILD_TAGS)" -parallel 4 -v ./controllers/... -timeout 45m
-
-unit-tests:
-	go test ./pkg/resourcemanager/keyvaults/unittest/
-
-
-# Run tests with existing cluster
-test-existing-managers: generate fmt vet manifests
-	TEST_USE_EXISTING_CLUSTER=true REQUEUE_AFTER=20 \
-	go test -v -coverprofile=coverage-existing.txt -covermode count \
-	./api/... \
+# Run Controller tests against the configured cluster
+test-integration-controllers: generate fmt vet manifests
+	TEST_RESOURCE_PREFIX=$(TEST_RESOURCE_PREFIX) TEST_USE_EXISTING_CLUSTER=true REQUEUE_AFTER=20 \
+	go test -v -tags "$(BUILD_TAGS)" -coverprofile=reports/integration-controllers-coverage-output.txt -coverpkg=./... -covermode count -parallel 4 -timeout 45m \
+	./controllers/... 
+	#2>&1 | tee reports/integration-controllers-output.txt
+	#go-junit-report < reports/integration-controllers-output.txt > reports/integration-controllers-report.xml
+
+# Run Resource Manager tests against the configured cluster
+test-integration-managers: generate fmt vet manifests
+	TEST_USE_EXISTING_CLUSTER=true TEST_CONTROLLER_WITH_MOCKS=false REQUEUE_AFTER=20 \
+	go test -v -coverprofile=reports/integration-managers-coverage-ouput.txt -coverpkg=./... -covermode count -parallel 4 -timeout 45m \
+  ./api/... \
 	./pkg/resourcemanager/eventhubs/...  \
 	./pkg/resourcemanager/resourcegroups/...  \
 	./pkg/resourcemanager/storages/... \
 	./pkg/resourcemanager/psql/server/... \
 	./pkg/resourcemanager/psql/database/... \
 	./pkg/resourcemanager/psql/firewallrule/... \
 	./pkg/resourcemanager/appinsights/... \
-	./pkg/resourcemanager/vnet/... \
-	./pkg/resourcemanager/pip/... \
-	./pkg/resourcemanager/nic/... \
-	./pkg/resourcemanager/apim/apimgmt... \
-	./pkg/secrets/...
+	./pkg/resourcemanager/vnet/...
+	#2>&1 | tee reports/integration-managers-output.txt
+	#go-junit-report < reports/integration-managers-output.txt > reports/integration-managers-report.xml
 
+# Run all available tests. Note that Controllers are not unit-testable.
+test-unit: generate fmt vet manifests 
+	TEST_USE_EXISTING_CLUSTER=false REQUEUE_AFTER=20 \
+	go test -v -tags "$(BUILD_TAGS)" -coverprofile=coverage-unit.txt -covermode count -parallel 4 -timeout 10m \
+	./api/... \
+	./pkg/secrets/...
+	./pkg/resourcemanager/keyvaults/unittest/ \
+	#2>&1 | tee testlogs.txt
+	#go-junit-report < testlogs.txt > report-unit.xml
+	go tool cover -html=coverage/coverage.txt -o cover-unit.html
+
+# Merge all the available test coverage results and publish a single report
+test-process-coverage:
+	find reports -name "*-coverage-output.txt" -type f -print | xargs gocovmerge > reports/merged-coverage-output.txt
+	gocov convert reports/merged-coverage-output.txt > reports/merged-coverage-output.json
+	gocov-xml < reports/merged-coverage-output.json > reports/merged-coverage.xml
+	go tool cover -html=reports/merged-coverage-output.txt -o reports/merged-coverage.html
 
 # Cleanup resource groups azure created by tests using pattern matching 't-rg-'
 test-cleanup-azure-resources: 	
@@ -88,6 +86,19 @@ test-cleanup-azure-resources:
 	    az group delete --name $$rgname --no-wait --yes; \
     done
 
+# Build the docker image
+docker-build:
+	docker build . -t ${IMG} ${ARGS}
+	@echo "updating kustomize image patch file for manager resource"
+	sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml
+
+# Push the docker image
+docker-push:
+	docker push ${IMG}
+
+# Build and Push the docker image
+build-and-push: docker-build docker-push
+
 # Build manager binary
 manager: generate fmt vet
 	go build -o bin/manager main.go
@@ -151,26 +162,6 @@ vet:
 generate: manifests
 	$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths=./api/...
 
-# Build the docker image
-docker-build:
-	docker build . -t ${IMG} ${ARGS}
-	@echo "updating kustomize image patch file for manager resource"
-	sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml
-
-# Push the docker image
-docker-push:
-	docker push ${IMG}
-
-# Build and Push the docker image
-build-and-push: docker-build docker-push
-
-# Deploy operator infrastructure
-terraform:
-	terraform init devops/terraform
-	terraform apply devops/terraform
-
-terraform-and-deploy: terraform generate install-cert-manager build-and-push deploy
-
 # find or download controller-gen
 # download controller-gen if necessary
 controller-gen:
@@ -276,12 +267,12 @@ install-cert-manager:
 	kubectl label namespace cert-manager cert-manager.io/disable-validation=true
 	kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
 
+
 install-aad-pod-identity:
 	kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/deployment-rbac.yaml
 
-install-test-dependency:
-	go get -u github.com/jstemmer/go-junit-report \
+install-test-dependencies:
+	go get github.com/jstemmer/go-junit-report \
 	&& go get github.com/axw/gocov/gocov \
 	&& go get github.com/AlekSi/gocov-xml \
-	&& go get github.com/onsi/ginkgo/ginkgo \
-	&& go get golang.org/x/tools/cmd/cover
+	&& go get github.com/wadey/gocovmerge

PROJECT

@@ -47,11 +47,10 @@ resources:
   kind: PostgreSQLDatabase
   version: v1alpha1
 - group: azure
-  kind: PostgreSQLFirewallRule
-  version: v1alpha1
   kind: PostgreSQLVNetRule
+  version: v1alpha1
 - group: azure
-  kind: PostgreSQLVNetRule
+  kind: PostgreSQLFirewallRule
   version: v1alpha1
 - group: azure
   kind: APIMgmtAPI
@@ -93,14 +92,14 @@ resources:
   kind: AzureVirtualMachine
   version: v1alpha1
 - group: azure
-  version: v1alpha1
   kind: AzureSQLManagedUser
-- group: azure
   version: v1alpha1
-  kind: AzureLoadBalancer
 - group: azure
+  kind: AzureLoadBalancer
   version: v1alpha1
+- group: azure
   kind: AzureVMScaleSet
+  version: v1alpha1
 - group: azure
   kind: AzureSqlServer
   version: v1beta1
@@ -116,4 +115,7 @@ resources:
 - group: azure
   kind: BlobContainer
   version: v1alpha2
+- group: azure
+  kind: MySQLServer
+  version: v1alpha2
 version: "2"

README.md

@@ -2,15 +2,11 @@
 
 [![Build Status](https://dev.azure.com/azure/azure-service-operator/_apis/build/status/Azure.azure-service-operator?branchName=master)](https://dev.azure.com/azure/azure-service-operator/_build/latest?definitionId=36&branchName=master)
 
-> This project is experimental. Expect the API to change. It is not recommended for production environments.
+> This project is experimental. The API is expected to change (while adhering to semantic versioning). It is not recommended for production environments.
 
-## Introduction
+The Azure Service Operator helps you provision Azure resources and connect your applications to them from within Kubernetes.
 
-An Operator is an application-specific controller that extends the Kubernetes API to create, configure, and manage instances of complex stateful applications on behalf of a Kubernetes user. It builds upon the basic Kubernetes resource and controller concepts but includes domain or application-specific knowledge to automate common tasks.
-
-(For more details about operators, we recommend [Introducing Operators: Putting Operational Knowledge into Software](https://coreos.com/blog/introducing-operators.html)).
-
-This repository contains the resources and code to provision and deprovision different Azure services using a Kubernetes operator.
+## Overview
 
 The Azure Operator comprises of:
 
@@ -21,46 +17,46 @@ The project was built using [Kubebuilder](https://book.kubebuilder.io/).
 
 For more details on the control flow of the Azure Service operator, refer to the link below
 
-[Azure Service Operator control flow](/docs/controlflow.md)
-
-## Install the operator
-
-This project maintains [releases of the Azure Service Operator](https://github.com/Azure/azure-service-operator/releases) that you can deploy via a [configurable Helm chart](./charts/azure-service-operator).
+[Azure Service Operator control flow](/docs/design/controlflow.md)
 
 ## Azure Services supported
 
-1. [Resource Group](/docs/resourcegroup/resourcegroup.md)
-2. [EventHub](/docs/eventhub/eventhub.md)
-3. [Azure SQL](/docs/azuresql/azuresql.md)
-4. [Azure Database for PostgreSQL](/docs/postgresql/postgresql.md)
-5. [Azure Database for MySQL](/docs/mysql/mysql.md)
-6. [Azure Keyvault](/docs/keyvault/keyvault.md)
-7. [Azure Rediscache](/docs/rediscache/rediscache.md)
-8. [Storage Account](/docs/storage/storageaccount.md)
-9. [Blob container](/docs/storage/blobcontainer.md)
-10. [Virtual Network](/docs/virtualnetwork/virtualnetwork.md)
-11. [Application Insights](/docs/appinsights/appinsights.md)
-12. [API Management](/docs/apimgmt/apimgmt.md)
-13. [Cosmos DB](/docs/cosmosdb/cosmosdb.md)
+- [Resource Group](/docs/services/resourcegroup/resourcegroup.md)
+- [EventHub](/docs/services/eventhub/eventhub.md)
+- [Azure SQL](/docs/services/azuresql/azuresql.md)
+- [Azure Database for PostgreSQL](/docs/services/postgresql/postgresql.md)
+- [Azure Database for MySQL](/docs/services/mysql/mysql.md)
+- [Azure Keyvault](/docs/services/keyvault/keyvault.md)
+- [Azure Rediscache](/docs/services/rediscache/rediscache.md)
+- [Storage Account](/docs/services/storage/storageaccount.md)
+- [Blob container](/docs/services/storage/blobcontainer.md)
+- [Virtual Network](/docs/services/virtualnetwork/virtualnetwork.md)
+- [Application Insights](/docs/services/appinsights/appinsights.md)
+- [API Management](/docs/services/apimgmt/apimgmt.md)
+- [Cosmos DB](/docs/services/cosmosdb/cosmosdb.md)
+- [Virtual Machine](/docs/services/virtualmachine/virtualmachine.md)
+- [Virtual Machine Scale Set](/docs/services/vmscaleset/vmscaleset.md)
 
-For more information on deploying, troubleshooting & deleting resources, refer to [this](/docs/customresource.md) link
+## Getting started
 
-## Building the operators
+This project maintains [releases of the Azure Service Operator](https://github.com/Azure/azure-service-operator/releases) that you can deploy via a [configurable Helm chart](/charts/azure-service-operator).
 
-You can also build, test, and run the operator from source by [following these instructions](/docs/contents.md).
+For detailed instructions on getting started, go [here](docs/howto/contents.md).
+
+Please see the [FAQ](docs/faq.md) for answers to commonly asked questions about the Azure Service Operator
 
 ## Contributing
 
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+The [contribution guide][contribution-guide] covers everything you need to know about how you can contribute to Azure Service Operators. The [developer guide][developer-guide] will help you onboard as a developer.
+
+## Support
+
+Azure Service Operator is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/azure-service-operator/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/azure-service-operator/issues/new/choose). The Azure Service Operator project maintainers will respond to the best of their abilities.
 
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
+## Code of conduct
 
-For more specific information on the GIT workflow and guidelines to follow, check [here](docs/contributionguidelines.md).
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+[contribution-guide]: CONTRIBUTING.md
+[developer-guide]: docs/howto/contents.md
+[FAQ]: docs/faq.md