Merge branch 'master' into issue#946#pgreSqlReplica

Azure · Apr 22, 2020 · 914ab87 · 914ab87
2 parents 9614f27 + 6df78cf
commit 914ab87
Show file tree

Hide file tree

Showing 16 changed files with 600 additions and 16 deletions.
diff --git a/PROJECT b/PROJECT
@@ -86,6 +86,9 @@ resources:
 - group: azure
   version: v1alpha1
   kind: MySQLFirewallRule
+- group: azure
+  version: v1alpha1
+  kind: MySQLVNetRule
 - group: azure
   version: v1alpha1
   kind: AzureVirtualMachine
diff --git a/api/v1alpha1/mysqlvnetrule_types.go b/api/v1alpha1/mysqlvnetrule_types.go
@@ -0,0 +1,47 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// MySQLVNetRuleSpec defines the desired state of MySQLVNetRule
+type MySQLVNetRuleSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	ResourceGroup                string `json:"resourceGroup"`
+	Server                       string `json:"server"`
+	VNetResourceGroup            string `json:"vNetResourceGroup"`
+	VNetName                     string `json:"vNetName"`
+	SubnetName                   string `json:"subnetName"`
+	IgnoreMissingServiceEndpoint bool   `json:"ignoreMissingServiceEndpoint,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// MySQLVNetRule is the Schema for the mysqlvnetrules API
+type MySQLVNetRule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   MySQLVNetRuleSpec `json:"spec,omitempty"`
+	Status ASOStatus         `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// MySQLVNetRuleList contains a list of MySQLVNetRule
+type MySQLVNetRuleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []MySQLVNetRule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&MySQLVNetRule{}, &MySQLVNetRuleList{})
+}
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -33,6 +33,7 @@ resources:
 - bases/azure.microsoft.com_mysqlfirewallrules.yaml
 - bases/azure.microsoft.com_azurepublicipaddresses.yaml
 - bases/azure.microsoft.com_azurenetworkinterfaces.yaml
+- bases/azure.microsoft.com_mysqlvnetrules.yaml
 - bases/azure.microsoft.com_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
@@ -66,6 +67,7 @@ resources:
 #- patches/webhook_in_storageaccounts.yaml
 #- patches/webhook_in_azurepublicipaddresses.yaml
 #- patches/webhook_in_azurenetworkinterfaces.yaml
+#- patches/webhook_in_mysqlvnetrules.yaml
 #- patches/webhook_in_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
@@ -98,6 +100,7 @@ resources:
 #- patches/cainjection_in_storageaccounts.yaml
 #- patches/cainjection_in_azurepublicipaddresses.yaml
 #- patches/cainjection_in_azurenetworkinterfaces.yaml
+#- patches/cainjection_in_mysqlvnetrules.yaml
 #- patches/cainjection_in_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 

diff --git a/config/crd/patches/cainjection_in_mysqlvnetrules.yaml b/config/crd/patches/cainjection_in_mysqlvnetrules.yaml
@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: mysqlvnetrules.azure.microsoft.com
diff --git a/config/crd/patches/webhook_in_mysqlvnetrules.yaml b/config/crd/patches/webhook_in_mysqlvnetrules.yaml
@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: mysqlvnetrules.azure.microsoft.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert
diff --git a/config/samples/azure_v1alpha1_mysqlvnetrule.yaml b/config/samples/azure_v1alpha1_mysqlvnetrule.yaml
@@ -0,0 +1,11 @@
+apiVersion: azure.microsoft.com/v1alpha1
+kind: MySQLVNetRule
+metadata:
+  name: mysqlvnetrule-sample
+spec:
+  resourceGroup: resourcegroup-azure-operators
+  server: mysqlserver-sample
+  vNetResourceGroup: resourcegroup-vnet
+  vNetName: virtualnetwork-sample
+  subnetName: test1
+  ignoreMissingServiceEndpoint: true
diff --git a/controllers/mysql_combined_test.go b/controllers/mysql_combined_test.go
@@ -68,6 +68,9 @@ func TestMySQLHappyPath(t *testing.T) {
 
 	EnsureInstance(ctx, t, tc, ruleInstance)
 
+	// Create VNet and VNetRules -----
+	RunMySqlVNetRuleHappyPath(t, mySQLServerName, rgLocation)
+
 	EnsureDelete(ctx, t, tc, ruleInstance)
 	EnsureDelete(ctx, t, tc, mySQLDBInstance)
 	EnsureDelete(ctx, t, tc, mySQLServerInstance)

diff --git a/controllers/mysqlvnetrule_controller.go b/controllers/mysqlvnetrule_controller.go
@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package controllers
+
+import (
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+)
+
+// MySQLVNetRuleReconciler reconciles a MySQLVNetRule object
+type MySQLVNetRuleReconciler struct {
+	Reconciler *AsyncReconciler
+}
+
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=mysqlvnetrules,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=mysqlvnetrules/status,verbs=get;update;patch
+
+func (r *MySQLVNetRuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return r.Reconciler.Reconcile(req, &azurev1alpha1.MySQLVNetRule{})
+}
+
+func (r *MySQLVNetRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&azurev1alpha1.MySQLVNetRule{}).
+		Complete(r)
+}
diff --git a/controllers/mysqlvnetrule_controller_test.go b/controllers/mysqlvnetrule_controller_test.go
@@ -0,0 +1,131 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// +build all mysql
+
+package controllers
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/Azure/azure-service-operator/pkg/errhelp"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+func TestMySqlVNetRuleControllerNoResourceGroup(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+	assert := assert.New(t)
+
+	// Add any setup steps that needs to be executed before each test
+	mySqlServerName := GenerateTestResourceNameWithRandom("mysqlvnetrule-test-srv", 10)
+	mySqlVNetRuleName := GenerateTestResourceNameWithRandom("vnetrule-dev", 10)
+
+	// Create the SqlVnetRule object and expect the Reconcile to be created
+	mySqlVNetRuleInstance := &azurev1alpha1.MySQLVNetRule{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      mySqlVNetRuleName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.MySQLVNetRuleSpec{
+			ResourceGroup:                GenerateTestResourceNameWithRandom("rg-fake-srv", 10),
+			Server:                       mySqlServerName,
+			VNetResourceGroup:            "vnet-rg",
+			VNetName:                     "test-vnet",
+			SubnetName:                   "subnet1",
+			IgnoreMissingServiceEndpoint: true,
+		},
+	}
+
+	err := tc.k8sClient.Create(ctx, mySqlVNetRuleInstance)
+	assert.Equal(nil, err, "create mysqlvnetrule in k8s")
+
+	mySqlVNETRuleNamespacedName := types.NamespacedName{Name: mySqlVNetRuleName, Namespace: "default"}
+
+	assert.Eventually(func() bool {
+		err = tc.k8sClient.Get(ctx, mySqlVNETRuleNamespacedName, mySqlVNetRuleInstance)
+		if err == nil {
+			return HasFinalizer(mySqlVNetRuleInstance, finalizerName)
+		} else {
+			return false
+		}
+	}, tc.timeout, tc.retry, "wait for mysqlvnetrule to have finalizer")
+
+	assert.Eventually(func() bool {
+		err = tc.k8sClient.Get(ctx, mySqlVNETRuleNamespacedName, mySqlVNetRuleInstance)
+		if err == nil {
+			return strings.Contains(mySqlVNetRuleInstance.Status.Message, errhelp.ResourceGroupNotFoundErrorCode)
+		} else {
+			return false
+		}
+	}, tc.timeout, tc.retry, "wait for mysqlvnetrule to have rg not found error")
+
+	err = tc.k8sClient.Delete(ctx, mySqlVNetRuleInstance)
+	assert.Equal(nil, err, "delete mysqlvnetrule in k8s")
+
+	assert.Eventually(func() bool {
+		err = tc.k8sClient.Get(ctx, mySqlVNETRuleNamespacedName, mySqlVNetRuleInstance)
+		return apierrors.IsNotFound(err)
+	}, tc.timeout, tc.retry, "wait for mysqlvnetrule to be gone from k8s")
+}
+
+func RunMySqlVNetRuleHappyPath(t *testing.T, mySqlServerName string, rgLocation string) {
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	mySqlVNetRuleName := GenerateTestResourceNameWithRandom("vnet-rule", 10)
+	VNetName := GenerateTestResourceNameWithRandom("vnet", 10)
+	subnetName := "subnet-test"
+	VNetSubNetInstance := azurev1alpha1.VNetSubnets{
+		SubnetName:          subnetName,
+		SubnetAddressPrefix: "110.1.0.0/16",
+	}
+
+	// Create a VNET
+	VNetInstance := &azurev1alpha1.VirtualNetwork{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      VNetName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.VirtualNetworkSpec{
+			Location:      rgLocation,
+			ResourceGroup: tc.resourceGroupName,
+			AddressSpace:  "110.0.0.0/8",
+			Subnets:       []azurev1alpha1.VNetSubnets{VNetSubNetInstance},
+		},
+	}
+
+	EnsureInstance(ctx, t, tc, VNetInstance)
+
+	// Create a VNet Rule
+
+	mySqlVNetRuleInstance := &azurev1alpha1.MySQLVNetRule{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      mySqlVNetRuleName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.MySQLVNetRuleSpec{
+			ResourceGroup:                tc.resourceGroupName,
+			Server:                       mySqlServerName,
+			VNetResourceGroup:            tc.resourceGroupName,
+			VNetName:                     VNetName,
+			SubnetName:                   subnetName,
+			IgnoreMissingServiceEndpoint: true,
+		},
+	}
+
+	// Create VNet Rule and ensure it was created
+	EnsureInstance(ctx, t, tc, mySqlVNetRuleInstance)
+
+	// Delete a VNet Rule and ensure it was deleted
+	EnsureDelete(ctx, t, tc, mySqlVNetRuleInstance)
+
+}
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -34,6 +34,7 @@ import (
 	mysqlDatabaseManager "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/database"
 	mysqlFirewallManager "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/firewallrule"
 	mysqlServerManager "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/server"
+	mysqlvnetrule "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/vnetrule"
 	resourcemanagernic "github.com/Azure/azure-service-operator/pkg/resourcemanager/nic"
 	resourcemanagerpip "github.com/Azure/azure-service-operator/pkg/resourcemanager/pip"
 	resourcemanagerpsqldatabase "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/database"
@@ -612,6 +613,22 @@ func setup() error {
 		return err
 	}
 
+	err = (&MySQLVNetRuleReconciler{
+		Reconciler: &AsyncReconciler{
+			Client:      k8sManager.GetClient(),
+			AzureClient: mysqlvnetrule.NewMySQLVNetRuleClient(),
+			Telemetry: telemetry.InitializeTelemetryDefault(
+				"MySQLVNetRule",
+				ctrl.Log.WithName("controllers").WithName("MySQLVNetRule"),
+			),
+			Recorder: k8sManager.GetEventRecorderFor("MySQLVNetRule-controller"),
+			Scheme:   k8sManager.GetScheme(),
+		},
+	}).SetupWithManager(k8sManager)
+	if err != nil {
+		return err
+	}
+
 	err = (&PostgreSQLServerReconciler{
 		Reconciler: &AsyncReconciler{
 			Client:      k8sManager.GetClient(),

diff --git a/devops/azure-pipelines.yaml b/devops/azure-pipelines.yaml
@@ -111,25 +111,25 @@ steps:
     kind create cluster
     export KUBECONFIG=$(kind get kubeconfig-path --name="kind")
     kubectl cluster-info
-    kubectl create namespace cert-manager
-    kubectl label namespace cert-manager cert-manager.io/disable-validation=true
-    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
-    kubectl create namespace azureoperator-system 
-    kubectl --namespace azureoperator-system \
-      create secret generic azureoperatorsettings \
-      --from-literal=AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
-      --from-literal=AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
-      --from-literal=AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \
-      --from-literal=AZURE_TENANT_ID=${AZURE_TENANT_ID}
+    # kubectl create namespace cert-manager
+    # kubectl label namespace cert-manager cert-manager.io/disable-validation=true
+    # kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
+    # kubectl create namespace azureoperator-system 
+    # kubectl --namespace azureoperator-system \
+    #   create secret generic azureoperatorsettings \
+    #   --from-literal=AZURE_CLIENT_ID=${AZURE_CLIENT_ID} \
+    #   --from-literal=AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
+    #   --from-literal=AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} \
+    #   --from-literal=AZURE_TENANT_ID=${AZURE_TENANT_ID}
     #create image and load it into cluster
-    IMG="docker.io/controllertest:1" make docker-build
-    kind load docker-image docker.io/controllertest:1 --loglevel "trace"
+    # IMG="docker.io/controllertest:1" make docker-build
+    # kind load docker-image docker.io/controllertest:1 --loglevel "trace"
     make install
     kubectl get namespaces
-    kubectl -n cert-manager rollout status deployment.v1.apps/cert-manager
-    kubectl get pods --namespace cert-manager
-    echo "all the pods should be running"
-    make deploy
+    # kubectl -n cert-manager rollout status deployment.v1.apps/cert-manager
+    # kubectl get pods --namespace cert-manager
+    # echo "all the pods should be running"
+    #make deploy
     make test-existing-controllers
   continueOnError: 'false'
   displayName: 'Set kind cluster and Run int tests'

diff --git a/docs/mysql/mysql.md b/docs/mysql/mysql.md
@@ -55,6 +55,14 @@ The `server` indicates the MySQL server on which you want to configure the new M
 
 *Note*: When the `startIpAddress` and `endIpAddress` are 0.0.0.0, it denotes a special case that adds a firewall rule to allow all Azure services to access the server.
 
+### MySQL virtual network rule
+
+The MySQL virtual network rule operator allows you to add virtual network rules to the MySQL server.
+
+The `server` indicates the MySQL server on which you want to configure the new MySQL virtual network rule on and `resourceGroup` is the resource group of the MySQL server. Provide the virtual network name and subnet name in the variables `vNetName` and `subnetName`, and `vNetResourceGroup` is the resource group the virtual network is located in. The `ignoreMissingServiceEndpoint` indicates whether or not to create virtual network rule before the virtual network has vnet service endpoint enabled.
+
+*Note*: When using MySQL Virtual Network Rules, the `Basic` SKU is not a valid op
+
 ## Deploy, view and delete resources
 
 You can follow the steps [here](/docs/customresource.md) to deploy, view and delete resources.