Merge branch 'master' into cosmosdb-geo-redundancy

Makefile

@@ -42,7 +42,7 @@ api-test: generate fmt vet manifests
 
 # Run tests
 test: generate fmt vet manifests 
-	TEST_USE_EXISTING_CLUSTER=false TEST_CONTROLLER_WITH_MOCKS=true REQUEUE_AFTER=20 \
+	TEST_USE_EXISTING_CLUSTER=false REQUEUE_AFTER=20 \
 	go test -tags "$(BUILD_TAGS)" -parallel 3 -v -coverprofile=coverage.txt -covermode count \
 	./api/... \
 	./controllers/... \
@@ -60,7 +60,7 @@ unit-tests:
 
 # Run tests with existing cluster
 test-existing-managers: generate fmt vet manifests
-	TEST_USE_EXISTING_CLUSTER=true TEST_CONTROLLER_WITH_MOCKS=false REQUEUE_AFTER=20 \
+	TEST_USE_EXISTING_CLUSTER=true REQUEUE_AFTER=20 \
 	go test -v -coverprofile=coverage-existing.txt -covermode count \
 	./api/... \
 	./pkg/resourcemanager/eventhubs/...  \
@@ -121,12 +121,17 @@ validate-copyright-headers:
 
 # Generate manifests for helm and package them up
 helm-chart-manifests: manifests
-	kustomize build ./config/default -o ./charts/azure-service-operator/templates
-	rm charts/azure-service-operator/templates/~g_v1_namespace_azureoperator-system.yaml
-	sed -i '' -e 's@controller:latest@{{ .Values.image.repository }}@' ./charts/azure-service-operator/templates/apps_v1_deployment_azureoperator-controller-manager.yaml
+	mkdir charts/azure-service-operator/templates/generated
+	kustomize build ./config/default -o ./charts/azure-service-operator/templates/generated
+	rm charts/azure-service-operator/templates/generated/~g_v1_namespace_azureoperator-system.yaml
+	sed -i '' -e 's@controller:latest@{{ .Values.image.repository }}@' ./charts/azure-service-operator/templates/generated/apps_v1_deployment_azureoperator-controller-manager.yaml
+	find ./charts/azure-service-operator/templates/generated/ -type f -exec sed -i '' -e 's@namespace: azureoperator-system@namespace: {{ .Values.namespace }}@' {} \;
 	helm package ./charts/azure-service-operator -d ./charts
 	helm repo index ./charts
 
+delete-helm-gen-manifests:
+	rm -rf charts/azure-service-operator/templates/generated/
+
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases

PROJECT

@@ -50,6 +50,9 @@ resources:
 - group: azure
   version: v1alpha1
   kind: PostgreSQLFirewallRule
+- group: azure
+  version: v1alpha1
+  kind: PostgreSQLVNetRule
 - group: azure
   version: v1alpha1
   kind: APIMgmtAPI

api/v1alpha1/postgresqlvnetrule_types.go

@@ -0,0 +1,47 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// PotgreSQLVNetRuleSpec defines the desired state of PostgreSQLVNetRule
+type PostgreSQLVNetRuleSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	ResourceGroup                string `json:"resourceGroup"`
+	Server                       string `json:"server"`
+	VNetResourceGroup            string `json:"vNetResourceGroup"`
+	VNetName                     string `json:"vNetName"`
+	SubnetName                   string `json:"subnetName"`
+	IgnoreMissingServiceEndpoint bool   `json:"ignoreMissingServiceEndpoint,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PostgreSQLVNetRule is the Schema for the PostgreSQLVNetRules API
+type PostgreSQLVNetRule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PostgreSQLVNetRuleSpec `json:"spec,omitempty"`
+	Status ASOStatus              `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PostgreSQLVNetRuleList contains a list of PostgreSQLVNetRule
+type PostgreSQLVNetRuleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PostgreSQLVNetRule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PostgreSQLVNetRule{}, &PostgreSQLVNetRuleList{})
+}

charts/azure-service-operator/Chart.yaml

@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: v2
 name: azure-service-operator
 version: 0.1.0
 appVersion: 0.1.0

charts/azure-service-operator/README.md

@@ -74,6 +74,11 @@ If you are deploying into an already created namespace, be sure to set the follo
 createNamespace: False
 ```
 
+and specify the namespace name:
+```
+namespace: your-namespace
+```
+
 Finally, install the chart with your added values. The chart can be installed by using a values file or environment variables.
 ```
 helm upgrade --install aso azureserviceoperator/azure-service-operator -f values.yaml
@@ -102,7 +107,9 @@ The following table lists the configurable parameters of the azure-service-opera
 | `azureClientSecret`  | Azure Service Principal Client Secret | `` |
 | `azureUseMI`  | Set to True if using Managed Identity for authentication | `False` |
 | `azureOperatorKeyvault`  | Set this value with the name of your Azure Key Vault resource if you prefer to store secrets in Key Vault rather than as Kubernetes secrets (default) | `` |
-| `image.repository`  | Image repository | `mcr.microsoft.com/k8s/azure-service-operator:0.0.9150` |
-| `createNamespace`  | Set to True if you would like the namespace autocreated, otherwise False if you have an existing namespace | `True` |
+| `image.repository`  | Image repository | `mcr.microsoft.com/k8s/azure-service-operator:0.0.20258` |
+| `cloudEnvironment`  | Set the cloud environment, possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud | `AzurePublicCloud` |
+| `createNamespace`  | Set to True if you would like the namespace autocreated, otherwise False if you have an existing namespace. If using an existing namespace, the `namespace` field must also be updated | `True` |
+| `namespace`  | Configure a custom namespace to deploy the operator into | `azureoperator-system` |
 | `aad-pod-identity.azureIdentity.resourceID`  | The resource ID for your managed identity | `` |
 | `aad-pod-identity.azureIdentity.clientID`  | The client ID for your managed identity | `` |

charts/azure-service-operator/requirements.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: aad-pod-identity
+  repository: https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
+  version: 1.5.5
+digest: sha256:db38bea05230aea212e9ab0f056a1defa73d540bbff2962e807b2fd860dddf3d
+generated: "2020-04-22T10:23:15.164357-07:00"

charts/azure-service-operator/templates/namespace.yaml

@@ -4,5 +4,5 @@ kind: Namespace
 metadata:
   labels:
     control-plane: controller-manager
-  name: azureoperator-system
+  name: {{ .Values.namespace }}
 {{- end }}

charts/azure-service-operator/templates/secret.yaml

@@ -2,11 +2,12 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: azureoperatorsettings
-  namespace: azureoperator-system
+  namespace: {{ .Values.namespace }}
 type: Opaque
 data:
   AZURE_SUBSCRIPTION_ID: {{ .Values.azureSubscriptionID | b64enc | quote }}
   AZURE_TENANT_ID: {{ .Values.azureTenantID | b64enc | quote }}
+  AZURE_CLOUD_ENV: {{ .Values.cloudEnvironment | b64enc | quote }}
 
   {{- if .Values.azureClientID }}
   AZURE_CLIENT_ID: {{ .Values.azureClientID | b64enc | quote }}

charts/azure-service-operator/values.yaml

@@ -7,6 +7,12 @@ azureOperatorKeyvault: ""
 # Set to False if you do not need the namespace autocreated
 createNamespace: True
 
+# Optional, Custom Namespace 
+namespace: azureoperator-system
+
+# Set the cloud environment, possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud
+cloudEnvironment: AzurePublicCloud
+
 # Authentication - Service Principal
 azureClientID: ""
 azureClientSecret: ""
@@ -15,17 +21,15 @@ azureClientSecret: ""
 azureUseMI: False
 
 image:
-  repository: mcr.microsoft.com/k8s/azure-service-operator:0.0.13046
+  repository: mcr.microsoft.com/k8s/azure-service-operator:0.0.20258
 
 aad-pod-identity:
   azureIdentityBinding:
     name: aso-identity-binding
     selector: aso_manager_binding
-    namespace: azureoperator-system
   azureIdentity:
     enabled: True
     name: aso-identity
-    namespace: azureoperator-system
     type: 0
 
     # Update values for Managed Identity 

charts/index.yaml

@@ -1,16 +1,21 @@
 apiVersion: v1
 entries:
   azure-service-operator:
-  - apiVersion: v1
+  - apiVersion: v2
     appVersion: 0.1.0
-    created: "2020-03-09T14:47:12.306231-05:00"
+    created: "2020-04-23T11:50:42.794582-07:00"
+    dependencies:
+    - condition: azureUseMI
+      name: aad-pod-identity
+      repository: https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
+      version: 1.5.5
     description: Deploy components and dependencies of azure-service-operator
-    digest: 4fbc8ed33b694e9a239b4b5c3e0903a23c731f1fd2d5e8a040488f780487bf87
+    digest: 6aaf972ecdc1aad3c0e9b4c414d8b39cc33c40f17ef8b8985b3c8acfac80bc72
     home: https://github.com/Azure/azure-service-operator
     name: azure-service-operator
     sources:
     - https://github.com/Azure/azure-service-operator
     urls:
     - azure-service-operator-0.1.0.tgz
     version: 0.1.0
-generated: "2020-03-09T14:47:12.302559-05:00"
+generated: "2020-04-23T11:50:42.791883-07:00"

config/crd/kustomization.yaml

@@ -21,6 +21,7 @@ resources:
 - bases/azure.microsoft.com_postgresqlservers.yaml
 - bases/azure.microsoft.com_postgresqldatabases.yaml
 - bases/azure.microsoft.com_postgresqlfirewallrules.yaml
+- bases/azure.microsoft.com_postgresqlvnetrules.yaml
 - bases/azure.microsoft.com_apimservices.yaml
 - bases/azure.microsoft.com_apimgmtapis.yaml
 - bases/azure.microsoft.com_virtualnetworks.yaml
@@ -54,6 +55,7 @@ resources:
 #- patches/webhook_in_postgresqlservers.yaml
 #- patches/webhook_in_postgresqldatabases.yaml
 #- patches/webhook_in_postgresqlfirewallrules.yaml
+#- patches/webhook_in_postgresqlvnetrules.yaml
 #- patches/webhook_in_apimservices.yaml
 #- patches/webhook_in_apimgmtapis.yaml
 #- patches/webhook_in_virtualnetworks.yaml
@@ -86,6 +88,7 @@ resources:
 #- patches/cainjection_in_postgresqlservers.yaml
 #- patches/cainjection_in_postgresqldatabases.yaml
 #- patches/cainjection_in_postgresqlfirewallrules.yaml
+#- patches/cainjection_in_postgresqlvnetrules.yaml
 #- patches/cainjection_in_apimservices.yaml
 #- patches/cainjection_in_apimgmtapis.yaml
 #- patches/cainjection_in_virtualnetworks.yaml

config/crd/patches/cainjection_in_postgresqlvnetrules.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: postgresqlvnetrules.azure.microsoft.com

config/crd/patches/webhook_in_postgresqlvnetrules.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: postgresqlvnetrules.azure.microsoft.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/samples/azure_v1alpha1_postgresqlserver.yaml

@@ -3,16 +3,16 @@ kind: PostgreSQLServer
 metadata:
   name: postgresqlserver-sample
 spec:
-  location: westus2
+  location: eastus
   resourceGroup: resourcegroup-azure-operators
   serverVersion: "10"
   sslEnforcement: Enabled
   sku:
-    name: B_Gen5_2
-    tier: Basic
+    name: GP_Gen5_4 # tier + family + cores eg. - B_Gen4_1, GP_Gen5_4
+    tier: GeneralPurpose # possible values - 'Basic', 'GeneralPurpose', 'MemoryOptimized'
     family: Gen5
     size: "51200"
-    capacity: 2
+    capacity: 4
   # Use the field below to optionally specify a different keyvault 
   # to store the server admin credential secrets in
   #keyVaultToStoreSecrets: asoSecretKeyVault

config/samples/azure_v1alpha1_postgresqlvnetrule.yaml

@@ -0,0 +1,11 @@
+apiVersion: azure.microsoft.com/v1alpha1
+kind: PostgreSQLVNetRule
+metadata:
+  name: postgresqlvnetrule-sample1
+spec:
+  resourceGroup: resourcegroup-azure-operators
+  server: postgresqlserver-sample
+  vNetResourceGroup: resourcegroup-azure-operators
+  vNetName: virtualnetwork-sample
+  subnetName: test1
+  ignoreMissingServiceEndpoint: true

controllers/eventhubnamespace_controller_test.go

@@ -23,8 +23,7 @@ func TestEventHubNamespaceControllerNoResourceGroup(t *testing.T) {
 
 	var rgLocation string
 	rgLocation = tc.resourceGroupLocation
-	// setting this rg name tells the mocks to set a proper error
-	resourceGroupName := "gone"
+	resourceGroupName := GenerateTestResourceNameWithRandom("rg", 10)
 	eventhubNamespaceName := GenerateTestResourceNameWithRandom("ns-dev-eh", 10)
 
 	// Create the EventHubNamespace object and expect the Reconcile to be created

controllers/postgresqlvnetrule_controller.go

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package controllers
+
+import (
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+)
+
+// PostgreSQLVNetRuleReconciler reconciles a PostgreSQLVNetRule object
+type PostgreSQLVNetRuleReconciler struct {
+	Reconciler *AsyncReconciler
+}
+
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=postgresqlvnetrules,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=postgresqlvnetrules/status,verbs=get;update;patch
+
+func (r *PostgreSQLVNetRuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return r.Reconciler.Reconcile(req, &azurev1alpha1.PostgreSQLVNetRule{})
+}
+
+func (r *PostgreSQLVNetRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&azurev1alpha1.PostgreSQLVNetRule{}).
+		Complete(r)
+}