Merge branch 'master' into cloud-suffix

PROJECT

@@ -86,4 +86,6 @@ resources:
 - group: azure
   version: v1alpha1
   kind: MySQLFirewallRule
-
+- group: azure
+  version: v1alpha1
+  kind: AzureVirtualMachine

api/v1alpha1/azurevirtualmachine_types.go

@@ -0,0 +1,59 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// AzureVirtualMachineSpec defines the desired state of AzureVirtualMachine
+type AzureVirtualMachineSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	Location             string `json:"location"`
+	ResourceGroup        string `json:"resourceGroup"`
+	VMSize               string `json:"vmSize"`
+	OSType               OSType `json:"osType"`
+	AdminUserName        string `json:"adminUserName"`
+	SSHPublicKeyData     string `json:"sshPublicKeyData,omitempty"`
+	NetworkInterfaceName string `json:"networkInterfaceName"`
+	PlatformImageURN     string `json:"platformImageURN"`
+}
+
+type OSType string
+
+const (
+	// Windows ...
+	Windows OSType = "Windows"
+	// Linux ...
+	Linux OSType = "Linux"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// AzureVirtualMachine is the Schema for the azurevirtualmachines API
+type AzureVirtualMachine struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AzureVirtualMachineSpec `json:"spec,omitempty"`
+	Status ASOStatus               `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AzureVirtualMachineList contains a list of AzureVirtualMachine
+type AzureVirtualMachineList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AzureVirtualMachine `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&AzureVirtualMachine{}, &AzureVirtualMachineList{})
+}

api/v1alpha1/azurevirtualmachine_types_test.go

@@ -0,0 +1,74 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+
+	"golang.org/x/net/context"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+// These tests are written in BDD-style using Ginkgo framework. Refer to
+// http://onsi.github.io/ginkgo to learn more.
+
+var _ = Describe("AzureVirtualMachine", func() {
+	var (
+		key              types.NamespacedName
+		created, fetched *AzureVirtualMachine
+	)
+
+	BeforeEach(func() {
+		// Add any setup steps that needs to be executed before each test
+	})
+
+	AfterEach(func() {
+		// Add any teardown steps that needs to be executed after each test
+	})
+
+	// Add Tests for OpenAPI validation (or additonal CRD features) specified in
+	// your API definition.
+	// Avoid adding tests for vanilla CRUD operations because they would
+	// test Kubernetes API server, which isn't the goal here.
+	Context("Create API", func() {
+
+		It("should create an object successfully", func() {
+
+			key = types.NamespacedName{
+				Name:      "foo",
+				Namespace: "default",
+			}
+			created = &AzureVirtualMachine{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "foo",
+					Namespace: "default",
+				},
+				Spec: AzureVirtualMachineSpec{
+					Location:             "westus",
+					ResourceGroup:        "foo-vm",
+					VMSize:               "test",
+					OSType:               OSType("Linux"),
+					AdminUserName:        "test",
+					SSHPublicKeyData:     "test",
+					NetworkInterfaceName: "test",
+					PlatformImageURN:     "w:x:y:z",
+				}}
+
+			By("creating an API obj")
+			Expect(k8sClient.Create(context.TODO(), created)).To(Succeed())
+
+			fetched = &AzureVirtualMachine{}
+			Expect(k8sClient.Get(context.TODO(), key, fetched)).To(Succeed())
+			Expect(fetched).To(Equal(created))
+
+			By("deleting the created object")
+			Expect(k8sClient.Delete(context.TODO(), created)).To(Succeed())
+			Expect(k8sClient.Get(context.TODO(), key, created)).ToNot(Succeed())
+		})
+
+	})
+
+})

api/v1alpha1/storageaccount_types.go

@@ -29,6 +29,8 @@ type StorageAccountSpec struct {
 	EnableHTTPSTrafficOnly *bool `json:"supportsHttpsTrafficOnly,omitempty"`
 
 	DataLakeEnabled *bool `json:"dataLakeEnabled,omitempty"`
+
+	NetworkRule *StorageNetworkRuleSet `json:"networkRule,omitempty"`
 }
 
 // StorageAccountSku the SKU of the storage account.
@@ -97,6 +99,43 @@ type StorageAccountList struct {
 	Items           []StorageAccount `json:"items"`
 }
 
+type Bypass string
+
+type StorageNetworkRuleSet struct {
+	// Bypass - Specifies whether traffic is bypassed for Logging/Metrics/AzureServices.
+	//Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
+	//Possible values include: 'None', 'Logging', 'Metrics', 'AzureServices'
+	Bypass Bypass `json:"bypass,omitempty"`
+	// VirtualNetworkRules - Sets the virtual network rules
+	VirtualNetworkRules *[]VirtualNetworkRule `json:"virtualNetworkRules,omitempty"`
+	// IPRules - Sets the IP ACL rules
+	IPRules *[]IPRule `json:"ipRules,omitempty"`
+	// DefaultAction - Specifies the default action of allow or deny when no other rules match. Possible values include: 'DefaultActionAllow', 'DefaultActionDeny'
+	DefaultAction string `json:"defaultAction,omitempty"`
+}
+
+const (
+
+	// AzureServices ...
+	AzureServices Bypass = "AzureServices"
+	// Logging ...
+	Logging Bypass = "Logging"
+	// Metrics ...
+	Metrics Bypass = "Metrics"
+	// None ...
+	None Bypass = "None"
+)
+
+type VirtualNetworkRule struct {
+	// SubnetId - Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
+	SubnetId *string `json:"subnetId,omitempty"`
+}
+
+type IPRule struct {
+	// IPAddressOrRange - Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.
+	IPAddressOrRange *string `json:"ipAddressOrRange,omitempty"`
+}
+
 func init() {
 	SchemeBuilder.Register(&StorageAccount{}, &StorageAccountList{})
 }

config/crd/kustomization.yaml

@@ -33,6 +33,7 @@ resources:
 - bases/azure.microsoft.com_mysqlfirewallrules.yaml
 - bases/azure.microsoft.com_azurepublicipaddresses.yaml
 - bases/azure.microsoft.com_azurenetworkinterfaces.yaml
+- bases/azure.microsoft.com_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 #patches:
@@ -65,6 +66,7 @@ resources:
 #- patches/webhook_in_storageaccounts.yaml
 #- patches/webhook_in_azurepublicipaddresses.yaml
 #- patches/webhook_in_azurenetworkinterfaces.yaml
+#- patches/webhook_in_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CAINJECTION] patches here are for enabling the CA injection for each CRD
@@ -96,6 +98,7 @@ resources:
 #- patches/cainjection_in_storageaccounts.yaml
 #- patches/cainjection_in_azurepublicipaddresses.yaml
 #- patches/cainjection_in_azurenetworkinterfaces.yaml
+#- patches/cainjection_in_azurevirtualmachines.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_azurevirtualmachines.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: azurevirtualmachines.azure.microsoft.com

config/crd/patches/webhook_in_azurevirtualmachines.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: azurevirtualmachines.azure.microsoft.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/samples/azure_v1alpha1_azurevirtualmachine.yaml

@@ -0,0 +1,14 @@
+apiVersion: azure.microsoft.com/v1alpha1
+kind: AzureVirtualMachine
+metadata:
+  name: hpfvm20
+spec:
+  location: SouthCentralUS
+  resourceGroup: resourcegroup-azure-operators
+  vmSize: Standard_DS1_v2
+  osType: Linux
+  adminUserName: azureuser
+  # SSH public key to be used with VM (eg cat ~/.ssh/id_rsa.pub)
+  sshPublicKeyData: "{ssh public key}"
+  networkInterfaceName: hpfnic20
+  platformImageURN: Canonical:UbuntuServer:16.04-LTS:latest

config/samples/azure_v1alpha1_storageaccount.yaml

@@ -10,3 +10,12 @@ spec:
   kind: StorageV2
   accessTier: Hot
   supportsHttpsTrafficOnly: true
+# Optional: networkRule
+  networkRule:
+    bypass: AzureServices # Possible values are AzureServices, Metrics, None, Logging
+    defaultAction: Deny # Possible values are Allow, Deny
+    virtualNetworkRules: 
+      - subnetId: /subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Network/virtualNetworks/{vnet}/subnets/{subnet}
+    ipRules: #could be an ip range or a ip address
+      - ipAddressOrRange: 2.2.0.0/24
+      - ipAddressOrRange: 2.2.2.1

controllers/azurevirtualmachine_controller.go

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package controllers
+
+import (
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+)
+
+// AzureVirtualMachineReconciler reconciles a AzureVirtualMachine object
+type AzureVirtualMachineReconciler struct {
+	Reconciler *AsyncReconciler
+}
+
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=azurevirtualmachines,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=azurevirtualmachines/status,verbs=get;update;patch
+
+func (r *AzureVirtualMachineReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return r.Reconciler.Reconcile(req, &azurev1alpha1.AzureVirtualMachine{})
+}
+
+func (r *AzureVirtualMachineReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&azurev1alpha1.AzureVirtualMachine{}).
+		Complete(r)
+}