Merge branch 'master' into access-policy-postpone

docs/howto/contents.md

@@ -8,7 +8,7 @@
 2. [Developing](development.md)
     Find useful information for running the operator locally.
 
-3. [Testing](test.md)
+3. [Testing](testing.md)
    Find information about how to run and author tests.
 
 4. [Deploying](deploy.md)

main.go

@@ -9,8 +9,6 @@ import (
 
 	"k8s.io/apimachinery/pkg/runtime"
 
-	"github.com/Azure/go-autorest/autorest/azure/auth"
-
 	"github.com/Azure/azure-service-operator/controllers"
 
 	kscheme "k8s.io/client-go/kubernetes/scheme"
@@ -37,6 +35,7 @@ import (
 	resourcemanagerconfig "github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
 	resourcemanagercosmosdb "github.com/Azure/azure-service-operator/pkg/resourcemanager/cosmosdbs"
 	resourcemanagereventhub "github.com/Azure/azure-service-operator/pkg/resourcemanager/eventhubs"
+	"github.com/Azure/azure-service-operator/pkg/resourcemanager/iam"
 	resourcemanagerkeyvault "github.com/Azure/azure-service-operator/pkg/resourcemanager/keyvaults"
 	loadbalancer "github.com/Azure/azure-service-operator/pkg/resourcemanager/loadbalancer"
 	mysqldatabase "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/database"
@@ -201,13 +200,13 @@ func main() {
 	sqlActionManager := resourcemanagersqlaction.NewAzureSqlActionManager(secretClient, scheme)
 
 	var AzureHealthCheck healthz.Checker = func(_ *http.Request) error {
-		_, err := auth.NewAuthorizerFromEnvironment()
+		_, err := iam.GetResourceManagementAuthorizer()
 		if err != nil {
 			return err
 		}
-
 		return nil
 	}
+
 	if err := mgr.AddHealthzCheck("azurehealthz", AzureHealthCheck); err != nil {
 		setupLog.Error(err, "problem running health check to azure autorizer")
 	}

pkg/resourcemanager/mysql/mysqluser/mysqluser.go

@@ -18,7 +18,7 @@ import (
 	"github.com/Azure/azure-service-operator/api/v1alpha1"
 	"k8s.io/apimachinery/pkg/runtime"
 
-	_ "github.com/go-sql-driver/mysql" //sql drive link
+	_ "github.com/go-sql-driver/mysql" //mysql drive link
 	"k8s.io/apimachinery/pkg/types"
 )
 
@@ -62,7 +62,7 @@ func (s *MySqlUserManager) GetDB(ctx context.Context, resourceGroupName string,
 // ConnectToSqlDb connects to the SQL db using the given credentials
 func (s *MySqlUserManager) ConnectToSqlDb(ctx context.Context, drivername string, fullserver string, database string, port int, user string, password string) (*sql.DB, error) {
 
-	connString := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?tls=skip-verify", user, password, fullserver, port, database)
+	connString := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?tls=skip-verify&interpolateParams=true", user, password, fullserver, port, database)
 
 	db, err := sql.Open(drivername, connString)
 	if err != nil {
@@ -78,19 +78,19 @@ func (s *MySqlUserManager) ConnectToSqlDb(ctx context.Context, drivername string
 }
 
 // GrantUserRoles grants roles to a user for a given database
-func (s *MySqlUserManager) GrantUserRoles(ctx context.Context, user string, server string, database string, roles []string, db *sql.DB) error {
+func (s *MySqlUserManager) GrantUserRoles(ctx context.Context, user string, database string, roles []string, db *sql.DB) error {
 	var errorStrings []string
 	if err := helpers.FindBadChars(user); err != nil {
 		return fmt.Errorf("Problem found with username: %v", err)
 	}
 
 	for _, role := range roles {
-		tsql := fmt.Sprintf("GRANT %s ON `%s`.* TO '%s'@'%s'", role, database, user, server)
 
 		if err := helpers.FindBadChars(role); err != nil {
 			return fmt.Errorf("Problem found with role: %v", err)
 		}
-
+		//TODO: how to use SQL parameters for grant command, like CreateUser and DropUser
+		tsql := fmt.Sprintf("GRANT %s ON `%s`.* TO '%s'", role, database, user)
 		_, err := db.ExecContext(ctx, tsql)
 		if err != nil {
 			errorStrings = append(errorStrings, err.Error())
@@ -104,20 +104,19 @@ func (s *MySqlUserManager) GrantUserRoles(ctx context.Context, user string, serv
 }
 
 // CreateUser creates user with secret credentials
-func (s *MySqlUserManager) CreateUser(ctx context.Context, server string, secret map[string][]byte, db *sql.DB) (string, error) {
+func (s *MySqlUserManager) CreateUser(ctx context.Context, secret map[string][]byte, db *sql.DB) (string, error) {
 	newUser := string(secret[MSecretUsernameKey])
 	newPassword := string(secret[MSecretPasswordKey])
 
-	// make an effort to prevent sql injection
 	if err := helpers.FindBadChars(newUser); err != nil {
 		return "", fmt.Errorf("Problem found with username: %v", err)
 	}
 	if err := helpers.FindBadChars(newPassword); err != nil {
 		return "", fmt.Errorf("Problem found with password: %v", err)
 	}
 
-	tsql := fmt.Sprintf("CREATE USER IF NOT EXISTS '%s'@'%s' IDENTIFIED BY '%s'", newUser, server, newPassword)
-	_, err := db.ExecContext(ctx, tsql)
+	tsql := "CREATE USER IF NOT EXISTS ? IDENTIFIED BY ? "
+	_, err := db.ExecContext(ctx, tsql, newUser, newPassword)
 
 	if err != nil {
 		return newUser, err
@@ -126,30 +125,25 @@ func (s *MySqlUserManager) CreateUser(ctx context.Context, server string, secret
 }
 
 // UserExists checks if db contains user
-func (s *MySqlUserManager) UserExists(ctx context.Context, db *sql.DB, username string, server string) (bool, error) {
-
-	//tsql := fmt.Sprintf("SELECT * FROM mysql.user WHERE (Host = '%s') and (User = '%s')", server, username)
+func (s *MySqlUserManager) UserExists(ctx context.Context, db *sql.DB, username string) (bool, error) {
 
-	err := db.QueryRowContext(ctx, "SELECT * FROM mysql.user WHERE (Host = $1) and (User = $2)", server, username)
+	err := db.QueryRowContext(ctx, "SELECT * FROM mysql.user WHERE User = $1", username)
 	//err := db.ExecContext(ctx, tsql)
 
 	if err != nil {
 		return false, nil
 	}
 	return true, nil
 
-	//rows, err := res.RowsAffected()
-	//return rows > 0, err
-
 }
 
 // DropUser drops a user from db
-func (s *MySqlUserManager) DropUser(ctx context.Context, db *sql.DB, user string, server string) error {
-	tsql := fmt.Sprintf("DROP USER IF EXISTS '%s'@'%s'", user, server)
+func (s *MySqlUserManager) DropUser(ctx context.Context, db *sql.DB, user string) error {
+
 	if err := helpers.FindBadChars(user); err != nil {
 		return fmt.Errorf("Problem found with username: %v", err)
 	}
-	_, err := db.ExecContext(ctx, tsql)
+	_, err := db.ExecContext(ctx, "DROP USER IF EXISTS ?", user)
 	return err
 }
 
@@ -183,7 +177,6 @@ func (s *MySqlUserManager) GetOrPrepareSecret(ctx context.Context, instance *v1a
 
 	secret, err := secretClient.Get(ctx, key)
 	if err != nil {
-		// @todo: find out whether this is an error due to non existing key or failed conn
 		pw := helpers.NewPassword()
 		return map[string][]byte{
 			"username":                 []byte(""),

pkg/resourcemanager/mysql/mysqluser/mysqluser_manager.go

@@ -14,13 +14,14 @@ import (
 	"github.com/Azure/azure-service-operator/pkg/secrets"
 )
 
+//MySQLUser interface provides the functions of mySQLUser
 type MySQLUser interface {
 	GetDB(ctx context.Context, resourceGroupName string, serverName string, databaseName string) (mysql.Database, error)
 	ConnectToMySqlDb(ctx context.Context, drivername string, server string, dbname string, port int, username string, password string) (*sql.DB, error)
-	GrantUserRoles(ctx context.Context, user string, server string, database string, roles []string, db *sql.DB) error
+	GrantUserRoles(ctx context.Context, user string, database string, roles []string, db *sql.DB) error
 	CreateUser(ctx context.Context, server string, secret map[string][]byte, db *sql.DB) (string, error)
-	UserExists(ctx context.Context, db *sql.DB, username string, sevrer string) (bool, error)
-	DropUser(ctx context.Context, db *sql.DB, user string, server string) error
+	UserExists(ctx context.Context, db *sql.DB, username string) (bool, error)
+	DropUser(ctx context.Context, db *sql.DB, user string) error
 	DeleteSecrets(ctx context.Context, instance *v1alpha1.MySQLUser, secretClient secrets.SecretClient) (bool, error)
 	GetOrPrepareSecret(ctx context.Context, instance *v1alpha1.MySQLUser, secretClient secrets.SecretClient) map[string][]byte
 

pkg/resourcemanager/mysql/mysqluser/mysqluser_reconcile.go

@@ -150,7 +150,7 @@ func (s *MySqlUserManager) Ensure(ctx context.Context, obj runtime.Object, opts
 		return false, err
 	}
 
-	user, err = s.CreateUser(ctx, string(instance.Spec.Server), DBSecret, db)
+	user, err = s.CreateUser(ctx, DBSecret, db)
 	if err != nil {
 		instance.Status.Message = "failed creating user, err: " + err.Error()
 		return false, err
@@ -162,7 +162,7 @@ func (s *MySqlUserManager) Ensure(ctx context.Context, obj runtime.Object, opts
 		return false, fmt.Errorf("No roles specified for database user")
 	}
 
-	err = s.GrantUserRoles(ctx, user, string(instance.Spec.Server), string(instance.Spec.DbName), instance.Spec.Roles, db)
+	err = s.GrantUserRoles(ctx, user, string(instance.Spec.DbName), instance.Spec.Roles, db)
 	if err != nil {
 		instance.Status.Message = "GrantUserRoles failed"
 		return false, fmt.Errorf("GrantUserRoles failed")
@@ -271,7 +271,7 @@ func (s *MySqlUserManager) Delete(ctx context.Context, obj runtime.Object, opts
 
 	user := string(userSecret[MSecretUsernameKey])
 
-	err = s.DropUser(ctx, db, user, string(instance.Spec.Server))
+	err = s.DropUser(ctx, db, user)
 	if err != nil {
 		instance.Status.Message = fmt.Sprintf("Delete MySqlUser failed with %s", err.Error())
 		return false, err

pkg/resourcemanager/rediscaches/redis/rediscache_manager.go

@@ -9,6 +9,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/redis/mgmt/2018-03-01/redis"
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager"
+	"github.com/Azure/go-autorest/autorest"
 )
 
 // RedisCacheManager for RedisCache
@@ -17,7 +18,7 @@ type RedisCacheManager interface {
 	CreateRedisCache(ctx context.Context, instance azurev1alpha1.RedisCache) (*redis.ResourceType, error)
 
 	// DeleteRedisCache removes the resource group named by env var
-	DeleteRedisCache(ctx context.Context, groupName string, redisCacheName string) (result redis.DeleteFuture, err error)
+	DeleteRedisCache(ctx context.Context, groupName string, redisCacheName string) (result autorest.Response, err error)
 
 	// also embed async client methods
 	resourcemanager.ARMClient

pkg/resourcemanager/rediscaches/redis/rediscache_reconcile.go

@@ -146,17 +146,27 @@ func (rc *AzureRedisCacheManager) Delete(ctx context.Context, obj runtime.Object
 		return true, nil
 	}
 
-	req, err := rc.DeleteRedisCache(ctx, groupName, name)
+	_, err = rc.DeleteRedisCache(ctx, groupName, name)
 	if err != nil {
 		instance.Status.Message = err.Error()
+		azerr := errhelp.NewAzureErrorAzureError(err)
+
+		ignorableErr := []string{
+			errhelp.AsyncOpIncompleteError,
+		}
 
-		if req.Response().StatusCode == http.StatusNotFound {
+		finished := []string{
+			errhelp.ResourceNotFound,
+		}
+		if helpers.ContainsString(ignorableErr, azerr.Type) {
+			return true, nil
+		}
+		if helpers.ContainsString(finished, azerr.Type) {
 			// Best case deletion of secrets
 			rc.SecretClient.Delete(ctx, key)
 			return false, nil
 		}
-
-		return true, fmt.Errorf("AzureRedisCacheManager Delete failed with %s", err)
+		return true, err
 	}
 
 	return true, nil

pkg/resourcemanager/rediscaches/redis/rediscaches.go

@@ -14,6 +14,7 @@ import (
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/rediscaches"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/vnet"
 	"github.com/Azure/azure-service-operator/pkg/secrets"
+	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/to"
 	"k8s.io/apimachinery/pkg/runtime"
 )
@@ -131,10 +132,16 @@ func (r *AzureRedisCacheManager) GetRedisCache(ctx context.Context, groupName st
 }
 
 // DeleteRedisCache removes the resource group named by env var
-func (r *AzureRedisCacheManager) DeleteRedisCache(ctx context.Context, groupName string, redisCacheName string) (result redis.DeleteFuture, err error) {
+func (r *AzureRedisCacheManager) DeleteRedisCache(ctx context.Context, groupName string, redisCacheName string) (result autorest.Response, err error) {
 	redisClient, err := r.GetRedisCacheClient()
 	if err != nil {
 		return result, err
 	}
-	return redisClient.Delete(ctx, groupName, redisCacheName)
+	future, err := redisClient.Delete(ctx, groupName, redisCacheName)
+	if err != nil {
+		return result, err
+	}
+
+	return future.Result(redisClient)
+
 }