From 790d5798ade00fe231a938feabceb91a6df6b532 Mon Sep 17 00:00:00 2001 From: Melanie Rush Date: Mon, 30 Mar 2020 16:57:37 -0600 Subject: [PATCH 1/6] adding tier for kv simple --- api/v1alpha1/keyvault_types.go | 12 ++++++++++++ .../azure_v1alpha1_keyvault_simple.yaml | 3 +++ pkg/resourcemanager/keyvaults/keyvault.go | 19 ++++++++++++------- .../keyvaults/keyvault_manager.go | 2 +- .../keyvaults/keyvault_test.go | 5 +++++ 5 files changed, 33 insertions(+), 8 deletions(-) diff --git a/api/v1alpha1/keyvault_types.go b/api/v1alpha1/keyvault_types.go index cc2185af49b..472e7cc619f 100644 --- a/api/v1alpha1/keyvault_types.go +++ b/api/v1alpha1/keyvault_types.go @@ -14,6 +14,7 @@ type KeyVaultSpec struct { EnableSoftDelete bool `json:"enableSoftDelete,omitempty"` NetworkPolicies *NetworkRuleSet `json:"networkPolicies,omitempty"` AccessPolicies *[]AccessPolicyEntry `json:"accessPolicies,omitempty"` + Sku *KeyVaultSku `json:"sku,omitempty"` } type NetworkRuleSet struct { @@ -38,6 +39,17 @@ type AccessPolicyEntry struct { Permissions *Permissions `json:"permissions,omitempty"` } +// Sku the SKU of the Key Vault +type KeyVaultSku struct { + // Name - The SKU name. Required for account creation; optional for update. + // Possible values include: 'Premium', `Standard` + Name KeyVaultSkuName `json:"name,omitempty"` +} + +// KeyVaultSkuName enumerates the values for sku name. +// Only one of the following sku names may be specified. +type KeyVaultSkuName string + type Permissions struct { Keys *[]string `json:"keys,omitempty"` Secrets *[]string `json:"secrets,omitempty"` diff --git a/config/samples/azure_v1alpha1_keyvault_simple.yaml b/config/samples/azure_v1alpha1_keyvault_simple.yaml index 6cc965923fd..211f933fc4b 100644 --- a/config/samples/azure_v1alpha1_keyvault_simple.yaml +++ b/config/samples/azure_v1alpha1_keyvault_simple.yaml @@ -9,3 +9,6 @@ spec: resourceGroup: resourcegroup-azure-operators location: westus enableSoftDelete: false + # possible values for sku.Name are "Standard" or "Premium" + sku: + name: standard diff --git a/pkg/resourcemanager/keyvaults/keyvault.go b/pkg/resourcemanager/keyvaults/keyvault.go index e2507930cb4..fef1b1fcc4b 100644 --- a/pkg/resourcemanager/keyvaults/keyvault.go +++ b/pkg/resourcemanager/keyvaults/keyvault.go @@ -250,7 +250,7 @@ func InstantiateVault(ctx context.Context, vaultName string, containsUpdate bool } // CreateVault creates a new key vault -func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alpha1.KeyVault, tags map[string]*string) (keyvault.Vault, error) { +func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alpha1.KeyVault, sku azurev1alpha1.KeyVaultSku, tags map[string]*string) (keyvault.Vault, error) { vaultName := instance.Name location := instance.Spec.Location groupName := instance.Spec.ResourceGroup @@ -281,14 +281,16 @@ func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alph networkAcls = keyvault.NetworkRuleSet{} } + keyVaultSku := keyvault.Sku{ + Family: to.StringPtr("A"), + Name: keyvault.SkuName(sku.Name), + } + params := keyvault.VaultCreateOrUpdateParameters{ Properties: &keyvault.VaultProperties{ - TenantID: &id, - AccessPolicies: &accessPolicies, - Sku: &keyvault.Sku{ - Family: to.StringPtr("A"), - Name: keyvault.Standard, - }, + TenantID: &id, + AccessPolicies: &accessPolicies, + Sku: &keyVaultSku, NetworkAcls: &networkAcls, EnableSoftDelete: &enableSoftDelete, }, @@ -376,6 +378,8 @@ func (k *azureKeyVaultManager) Ensure(ctx context.Context, obj runtime.Object, o return true, err } + sku := instance.Spec.Sku + // hash the spec and set if new hash := helpers.Hash256(instance.Spec) if instance.Status.SpecHash == "" { @@ -409,6 +413,7 @@ func (k *azureKeyVaultManager) Ensure(ctx context.Context, obj runtime.Object, o keyvault, err = k.CreateVault( ctx, instance, + *sku, labels, ) diff --git a/pkg/resourcemanager/keyvaults/keyvault_manager.go b/pkg/resourcemanager/keyvaults/keyvault_manager.go index c1f23f948b5..b5681d395cb 100644 --- a/pkg/resourcemanager/keyvaults/keyvault_manager.go +++ b/pkg/resourcemanager/keyvaults/keyvault_manager.go @@ -16,7 +16,7 @@ import ( var AzureKeyVaultManager KeyVaultManager = &azureKeyVaultManager{} type KeyVaultManager interface { - CreateVault(ctx context.Context, instance *azurev1alpha1.KeyVault, tags map[string]*string) (keyvault.Vault, error) + CreateVault(ctx context.Context, instance *azurev1alpha1.KeyVault, sku azurev1alpha1.KeyVaultSku, tags map[string]*string) (keyvault.Vault, error) // CreateVault and grant access to the specific user ID CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, userID string) (keyvault.Vault, error) diff --git a/pkg/resourcemanager/keyvaults/keyvault_test.go b/pkg/resourcemanager/keyvaults/keyvault_test.go index 32475d76ceb..56b7be06ac1 100644 --- a/pkg/resourcemanager/keyvaults/keyvault_test.go +++ b/pkg/resourcemanager/keyvaults/keyvault_test.go @@ -60,11 +60,16 @@ var _ = Describe("KeyVault Resource Manager test", func() { }, } + sku := v1alpha1.KeyVaultSku{ + Name: "Standard", + } + // Create Key Vault instance Eventually(func() bool { _, err := keyVaultManager.CreateVault( ctx, &kv, + sku, tags, ) if err != nil { From cb1cc62c3e53e4583e5b3e4a532905f508456d6f Mon Sep 17 00:00:00 2001 From: Melanie Rush Date: Tue, 31 Mar 2020 12:57:55 -0600 Subject: [PATCH 2/6] adding to accesspolicies --- api/v1alpha1/keyvault_types.go | 2 +- config/samples/azure_v1alpha1_keyvault.yaml | 3 +++ controllers/eventhub_controller_test.go | 5 ++++- pkg/resourcemanager/keyvaults/keyvault.go | 14 ++++++++------ pkg/resourcemanager/keyvaults/keyvault_manager.go | 2 +- pkg/resourcemanager/mock/keyvaults/keyvault.go | 4 +++- pkg/secrets/keyvault/client_test.go | 7 ++++++- 7 files changed, 26 insertions(+), 11 deletions(-) diff --git a/api/v1alpha1/keyvault_types.go b/api/v1alpha1/keyvault_types.go index 472e7cc619f..1fe5982d6b5 100644 --- a/api/v1alpha1/keyvault_types.go +++ b/api/v1alpha1/keyvault_types.go @@ -39,7 +39,7 @@ type AccessPolicyEntry struct { Permissions *Permissions `json:"permissions,omitempty"` } -// Sku the SKU of the Key Vault +// KeyVaultSku the SKU of the Key Vault type KeyVaultSku struct { // Name - The SKU name. Required for account creation; optional for update. // Possible values include: 'Premium', `Standard` diff --git a/config/samples/azure_v1alpha1_keyvault.yaml b/config/samples/azure_v1alpha1_keyvault.yaml index 0a45688bbe4..cedf35994cf 100644 --- a/config/samples/azure_v1alpha1_keyvault.yaml +++ b/config/samples/azure_v1alpha1_keyvault.yaml @@ -9,6 +9,9 @@ spec: resourceGroup: resourcegroup-azure-operators location: westus enableSoftDelete: false + # possible values for sku.Name are "Standard" or "Premium" + sku: + name: premium networkPolicies: bypass: AzureServices # AzureServices or None defaultAction: Allow # Allow or Deny diff --git a/controllers/eventhub_controller_test.go b/controllers/eventhub_controller_test.go index 6bab0ffee36..223bec9b7fe 100644 --- a/controllers/eventhub_controller_test.go +++ b/controllers/eventhub_controller_test.go @@ -194,9 +194,12 @@ func TestEventHubControllerCreateAndDeleteCustomKeyVault(t *testing.T) { eventhubName := GenerateTestResourceNameWithRandom("ev", 10) keyVaultNameForSecrets := helpers.FillWithRandom(GenerateTestResourceName("ev-kv"), 24) userID := config.ClientID() + sku := v1alpha1.KeyVaultSku{ + Name: "Standard", + } // Create KeyVault with access policies - _, err := kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, rgName, keyVaultNameForSecrets, rgLocation, userID) + _, err := kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, rgName, keyVaultNameForSecrets, rgLocation, userID, sku) _, err = kvhelper.AzureKeyVaultManager.GetVault(ctx, rgName, keyVaultNameForSecrets) assert.Equal(nil, err, "wait for keyvault to be available") diff --git a/pkg/resourcemanager/keyvaults/keyvault.go b/pkg/resourcemanager/keyvaults/keyvault.go index fef1b1fcc4b..23da5cd0775 100644 --- a/pkg/resourcemanager/keyvaults/keyvault.go +++ b/pkg/resourcemanager/keyvaults/keyvault.go @@ -303,8 +303,8 @@ func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alph return future.Result(vaultsClient) } -// CreateVaultWithAccessPolicies creates a new key vault and provides access policies to the specified user -func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string) (keyvault.Vault, error) { +//CreateVaultWithAccessPolicies CreateVaultWithAccessPolicies creates a new key vault and provides access policies to the specified user +func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) { vaultsClient, id, err := InstantiateVault(ctx, vaultName, false) if err != nil { return keyvault.Vault{}, err @@ -333,14 +333,16 @@ func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context } + keyVaultSku := keyvault.Sku{ + Family: to.StringPtr("A"), + Name: keyvault.SkuName(sku.Name), + } + params := keyvault.VaultCreateOrUpdateParameters{ Properties: &keyvault.VaultProperties{ TenantID: &id, AccessPolicies: &apList, - Sku: &keyvault.Sku{ - Family: to.StringPtr("A"), - Name: keyvault.Standard, - }, + Sku: &keyVaultSku, }, Location: to.StringPtr(location), } diff --git a/pkg/resourcemanager/keyvaults/keyvault_manager.go b/pkg/resourcemanager/keyvaults/keyvault_manager.go index b5681d395cb..4232d2ac078 100644 --- a/pkg/resourcemanager/keyvaults/keyvault_manager.go +++ b/pkg/resourcemanager/keyvaults/keyvault_manager.go @@ -19,7 +19,7 @@ type KeyVaultManager interface { CreateVault(ctx context.Context, instance *azurev1alpha1.KeyVault, sku azurev1alpha1.KeyVaultSku, tags map[string]*string) (keyvault.Vault, error) // CreateVault and grant access to the specific user ID - CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, userID string) (keyvault.Vault, error) + CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, userID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) // DeleteVault removes the resource group named by env var DeleteVault(ctx context.Context, groupName string, vaultName string) (result autorest.Response, err error) diff --git a/pkg/resourcemanager/mock/keyvaults/keyvault.go b/pkg/resourcemanager/mock/keyvaults/keyvault.go index 7158422549d..6de3a3071dc 100644 --- a/pkg/resourcemanager/mock/keyvaults/keyvault.go +++ b/pkg/resourcemanager/mock/keyvaults/keyvault.go @@ -9,6 +9,8 @@ import ( "fmt" "net/http" + azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1" + "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault" "github.com/Azure/azure-service-operator/api/v1alpha1" pkghelpers "github.com/Azure/azure-service-operator/pkg/helpers" @@ -65,7 +67,7 @@ func (manager *MockKeyVaultManager) CreateVault(ctx context.Context, instance *v } // CreateVaultWithAccessPolicies creates a new key vault -func (manager *MockKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string) (keyvault.Vault, error) { +func (manager *MockKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) { v := keyvault.Vault{ Response: helpers.GetRestResponse(http.StatusOK), Properties: &keyvault.VaultProperties{}, diff --git a/pkg/secrets/keyvault/client_test.go b/pkg/secrets/keyvault/client_test.go index aef31ef1d8b..effbd73748f 100644 --- a/pkg/secrets/keyvault/client_test.go +++ b/pkg/secrets/keyvault/client_test.go @@ -10,6 +10,7 @@ import ( "strconv" "time" + "github.com/Azure/azure-service-operator/api/v1alpha1" "github.com/Azure/azure-service-operator/pkg/errhelp" "github.com/Azure/azure-service-operator/pkg/helpers" "github.com/Azure/azure-service-operator/pkg/resourcemanager/config" @@ -56,6 +57,10 @@ var _ = Describe("Keyvault Secrets Client", func() { resourcegroupName = "t-kvtest-rg" + helpers.RandomString(10) resourcegroupLocation = config.DefaultLocation() + sku := v1alpha1.KeyVaultSku{ + Name: "Standard", + } + // Create a resource group log.Println("Creating resource group with name " + resourcegroupName + " in location " + resourcegroupLocation) _, err = resourceGroupManager.CreateGroup(ctx, resourcegroupName, resourcegroupLocation) @@ -68,7 +73,7 @@ var _ = Describe("Keyvault Secrets Client", func() { ).Should(BeTrue()) // Create a keyvault - _, err = kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, resourcegroupName, keyVaultName, resourcegroupLocation, userID) + _, err = kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, resourcegroupName, keyVaultName, resourcegroupLocation, userID, sku) //Expect(err).NotTo(HaveOccurred()) }) From 68105349ad615a28201b801052b3ddc4a8989dcb Mon Sep 17 00:00:00 2001 From: Melanie Rush Date: Tue, 31 Mar 2020 13:19:29 -0600 Subject: [PATCH 3/6] setting to standard instead of premium as default --- config/samples/azure_v1alpha1_keyvault.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/samples/azure_v1alpha1_keyvault.yaml b/config/samples/azure_v1alpha1_keyvault.yaml index cedf35994cf..cc482ebacf9 100644 --- a/config/samples/azure_v1alpha1_keyvault.yaml +++ b/config/samples/azure_v1alpha1_keyvault.yaml @@ -11,7 +11,7 @@ spec: enableSoftDelete: false # possible values for sku.Name are "Standard" or "Premium" sku: - name: premium + name: standard networkPolicies: bypass: AzureServices # AzureServices or None defaultAction: Allow # Allow or Deny From e2c74cac1362e55b34073d1c54ea852218ce5091 Mon Sep 17 00:00:00 2001 From: Melanie Rush Date: Tue, 31 Mar 2020 13:40:54 -0600 Subject: [PATCH 4/6] removing sku from createvaultwithaccesspolicy and reverting to og --- config/samples/azure_v1alpha1_keyvault_simple.yaml | 2 +- controllers/eventhub_controller_test.go | 5 +---- pkg/resourcemanager/keyvaults/keyvault.go | 2 +- pkg/resourcemanager/keyvaults/keyvault_manager.go | 2 +- pkg/resourcemanager/mock/keyvaults/keyvault.go | 4 +--- pkg/secrets/keyvault/client_test.go | 7 +------ 6 files changed, 6 insertions(+), 16 deletions(-) diff --git a/config/samples/azure_v1alpha1_keyvault_simple.yaml b/config/samples/azure_v1alpha1_keyvault_simple.yaml index 211f933fc4b..8ef07252914 100644 --- a/config/samples/azure_v1alpha1_keyvault_simple.yaml +++ b/config/samples/azure_v1alpha1_keyvault_simple.yaml @@ -9,6 +9,6 @@ spec: resourceGroup: resourcegroup-azure-operators location: westus enableSoftDelete: false - # possible values for sku.Name are "Standard" or "Premium" + # possible values for sku.Name are "Standard" or "Premium" sku: name: standard diff --git a/controllers/eventhub_controller_test.go b/controllers/eventhub_controller_test.go index 223bec9b7fe..6bab0ffee36 100644 --- a/controllers/eventhub_controller_test.go +++ b/controllers/eventhub_controller_test.go @@ -194,12 +194,9 @@ func TestEventHubControllerCreateAndDeleteCustomKeyVault(t *testing.T) { eventhubName := GenerateTestResourceNameWithRandom("ev", 10) keyVaultNameForSecrets := helpers.FillWithRandom(GenerateTestResourceName("ev-kv"), 24) userID := config.ClientID() - sku := v1alpha1.KeyVaultSku{ - Name: "Standard", - } // Create KeyVault with access policies - _, err := kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, rgName, keyVaultNameForSecrets, rgLocation, userID, sku) + _, err := kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, rgName, keyVaultNameForSecrets, rgLocation, userID) _, err = kvhelper.AzureKeyVaultManager.GetVault(ctx, rgName, keyVaultNameForSecrets) assert.Equal(nil, err, "wait for keyvault to be available") diff --git a/pkg/resourcemanager/keyvaults/keyvault.go b/pkg/resourcemanager/keyvaults/keyvault.go index 46836c08cd7..50636e1a411 100644 --- a/pkg/resourcemanager/keyvaults/keyvault.go +++ b/pkg/resourcemanager/keyvaults/keyvault.go @@ -301,7 +301,7 @@ func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alph } //CreateVaultWithAccessPolicies CreateVaultWithAccessPolicies creates a new key vault and provides access policies to the specified user -func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) { +func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string) (keyvault.Vault, error) { vaultsClient, id, err := InstantiateVault(ctx, vaultName, false) if err != nil { return keyvault.Vault{}, err diff --git a/pkg/resourcemanager/keyvaults/keyvault_manager.go b/pkg/resourcemanager/keyvaults/keyvault_manager.go index 4232d2ac078..b5681d395cb 100644 --- a/pkg/resourcemanager/keyvaults/keyvault_manager.go +++ b/pkg/resourcemanager/keyvaults/keyvault_manager.go @@ -19,7 +19,7 @@ type KeyVaultManager interface { CreateVault(ctx context.Context, instance *azurev1alpha1.KeyVault, sku azurev1alpha1.KeyVaultSku, tags map[string]*string) (keyvault.Vault, error) // CreateVault and grant access to the specific user ID - CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, userID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) + CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, userID string) (keyvault.Vault, error) // DeleteVault removes the resource group named by env var DeleteVault(ctx context.Context, groupName string, vaultName string) (result autorest.Response, err error) diff --git a/pkg/resourcemanager/mock/keyvaults/keyvault.go b/pkg/resourcemanager/mock/keyvaults/keyvault.go index 6de3a3071dc..7158422549d 100644 --- a/pkg/resourcemanager/mock/keyvaults/keyvault.go +++ b/pkg/resourcemanager/mock/keyvaults/keyvault.go @@ -9,8 +9,6 @@ import ( "fmt" "net/http" - azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1" - "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault" "github.com/Azure/azure-service-operator/api/v1alpha1" pkghelpers "github.com/Azure/azure-service-operator/pkg/helpers" @@ -67,7 +65,7 @@ func (manager *MockKeyVaultManager) CreateVault(ctx context.Context, instance *v } // CreateVaultWithAccessPolicies creates a new key vault -func (manager *MockKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string, sku azurev1alpha1.KeyVaultSku) (keyvault.Vault, error) { +func (manager *MockKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string) (keyvault.Vault, error) { v := keyvault.Vault{ Response: helpers.GetRestResponse(http.StatusOK), Properties: &keyvault.VaultProperties{}, diff --git a/pkg/secrets/keyvault/client_test.go b/pkg/secrets/keyvault/client_test.go index effbd73748f..aef31ef1d8b 100644 --- a/pkg/secrets/keyvault/client_test.go +++ b/pkg/secrets/keyvault/client_test.go @@ -10,7 +10,6 @@ import ( "strconv" "time" - "github.com/Azure/azure-service-operator/api/v1alpha1" "github.com/Azure/azure-service-operator/pkg/errhelp" "github.com/Azure/azure-service-operator/pkg/helpers" "github.com/Azure/azure-service-operator/pkg/resourcemanager/config" @@ -57,10 +56,6 @@ var _ = Describe("Keyvault Secrets Client", func() { resourcegroupName = "t-kvtest-rg" + helpers.RandomString(10) resourcegroupLocation = config.DefaultLocation() - sku := v1alpha1.KeyVaultSku{ - Name: "Standard", - } - // Create a resource group log.Println("Creating resource group with name " + resourcegroupName + " in location " + resourcegroupLocation) _, err = resourceGroupManager.CreateGroup(ctx, resourcegroupName, resourcegroupLocation) @@ -73,7 +68,7 @@ var _ = Describe("Keyvault Secrets Client", func() { ).Should(BeTrue()) // Create a keyvault - _, err = kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, resourcegroupName, keyVaultName, resourcegroupLocation, userID, sku) + _, err = kvhelper.AzureKeyVaultManager.CreateVaultWithAccessPolicies(ctx, resourcegroupName, keyVaultName, resourcegroupLocation, userID) //Expect(err).NotTo(HaveOccurred()) }) From 21a793ba7695bbb705544ac1cad2118e687aa79b Mon Sep 17 00:00:00 2001 From: Melanie Rush Date: Tue, 31 Mar 2020 13:43:17 -0600 Subject: [PATCH 5/6] revert --- pkg/resourcemanager/keyvaults/keyvault.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/pkg/resourcemanager/keyvaults/keyvault.go b/pkg/resourcemanager/keyvaults/keyvault.go index 50636e1a411..b6f66d43c4f 100644 --- a/pkg/resourcemanager/keyvaults/keyvault.go +++ b/pkg/resourcemanager/keyvaults/keyvault.go @@ -300,7 +300,7 @@ func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alph return future.Result(vaultsClient) } -//CreateVaultWithAccessPolicies CreateVaultWithAccessPolicies creates a new key vault and provides access policies to the specified user +//CreateVaultWithAccessPolicies creates a new key vault and provides access policies to the specified user func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context, groupName string, vaultName string, location string, clientID string) (keyvault.Vault, error) { vaultsClient, id, err := InstantiateVault(ctx, vaultName, false) if err != nil { @@ -330,16 +330,14 @@ func (k *azureKeyVaultManager) CreateVaultWithAccessPolicies(ctx context.Context } - keyVaultSku := keyvault.Sku{ - Family: to.StringPtr("A"), - Name: keyvault.SkuName(sku.Name), - } - params := keyvault.VaultCreateOrUpdateParameters{ Properties: &keyvault.VaultProperties{ TenantID: &id, AccessPolicies: &apList, - Sku: &keyVaultSku, + Sku: &keyvault.Sku{ + Family: to.StringPtr("A"), + Name: keyvault.Standard, + }, }, Location: to.StringPtr(location), } From 68761d0218da6575a69ac7b68a7996fafe7713c2 Mon Sep 17 00:00:00 2001 From: jananivMS Date: Tue, 31 Mar 2020 20:35:41 -0600 Subject: [PATCH 6/6] making sku type simpler --- api/v1alpha1/keyvault_types.go | 8 ++------ config/samples/azure_v1alpha1_keyvault_simple.yaml | 6 +++--- pkg/resourcemanager/keyvaults/keyvault.go | 11 +++++++---- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/api/v1alpha1/keyvault_types.go b/api/v1alpha1/keyvault_types.go index 1fe5982d6b5..3b21a2c1f67 100644 --- a/api/v1alpha1/keyvault_types.go +++ b/api/v1alpha1/keyvault_types.go @@ -14,7 +14,7 @@ type KeyVaultSpec struct { EnableSoftDelete bool `json:"enableSoftDelete,omitempty"` NetworkPolicies *NetworkRuleSet `json:"networkPolicies,omitempty"` AccessPolicies *[]AccessPolicyEntry `json:"accessPolicies,omitempty"` - Sku *KeyVaultSku `json:"sku,omitempty"` + Sku KeyVaultSku `json:"sku,omitempty"` } type NetworkRuleSet struct { @@ -43,13 +43,9 @@ type AccessPolicyEntry struct { type KeyVaultSku struct { // Name - The SKU name. Required for account creation; optional for update. // Possible values include: 'Premium', `Standard` - Name KeyVaultSkuName `json:"name,omitempty"` + Name string `json:"name,omitempty"` } -// KeyVaultSkuName enumerates the values for sku name. -// Only one of the following sku names may be specified. -type KeyVaultSkuName string - type Permissions struct { Keys *[]string `json:"keys,omitempty"` Secrets *[]string `json:"secrets,omitempty"` diff --git a/config/samples/azure_v1alpha1_keyvault_simple.yaml b/config/samples/azure_v1alpha1_keyvault_simple.yaml index 8ef07252914..23c256f9ae1 100644 --- a/config/samples/azure_v1alpha1_keyvault_simple.yaml +++ b/config/samples/azure_v1alpha1_keyvault_simple.yaml @@ -9,6 +9,6 @@ spec: resourceGroup: resourcegroup-azure-operators location: westus enableSoftDelete: false - # possible values for sku.Name are "Standard" or "Premium" - sku: - name: standard + # Optional: possible values for sku.Name are "Standard" or "Premium". Default is "Standard" + #sku: + # name: standard diff --git a/pkg/resourcemanager/keyvaults/keyvault.go b/pkg/resourcemanager/keyvaults/keyvault.go index b6f66d43c4f..200fd19e707 100644 --- a/pkg/resourcemanager/keyvaults/keyvault.go +++ b/pkg/resourcemanager/keyvaults/keyvault.go @@ -6,6 +6,7 @@ package keyvaults import ( "context" "fmt" + "strings" auth "github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac" "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault" @@ -280,7 +281,11 @@ func (k *azureKeyVaultManager) CreateVault(ctx context.Context, instance *v1alph keyVaultSku := keyvault.Sku{ Family: to.StringPtr("A"), - Name: keyvault.SkuName(sku.Name), + Name: keyvault.Standard, + } + + if strings.ToLower(sku.Name) == "premium" { + keyVaultSku.Name = keyvault.Premium } params := keyvault.VaultCreateOrUpdateParameters{ @@ -375,8 +380,6 @@ func (k *azureKeyVaultManager) Ensure(ctx context.Context, obj runtime.Object, o return true, err } - sku := instance.Spec.Sku - // hash the spec and set if new hash := helpers.Hash256(instance.Spec) if instance.Status.SpecHash == "" { @@ -410,7 +413,7 @@ func (k *azureKeyVaultManager) Ensure(ctx context.Context, obj runtime.Object, o keyvault, err = k.CreateVault( ctx, instance, - *sku, + instance.Spec.Sku, labels, )