Merge remote-tracking branch 'upstream/master' into rediscache-roll-a…

…ctions
Azure · May 29, 2020 · cf0135e · cf0135e
2 parents cede2d5 + e608f4b
commit cf0135e
Show file tree

Hide file tree

Showing 31 changed files with 1,008 additions and 335 deletions.
diff --git a/PROJECT b/PROJECT
@@ -120,8 +120,14 @@ resources:
   version: v1alpha2
   kind: MySQLServer
 - group: azure
+  kind: RedisCacheFirewallRule
   version: v1alpha1
+- group: azure
   kind: RedisCacheAction
+  version: v1alpha1
+- group: azure
+  kind: AzureVirtualMachineExtension
+  version: v1alpha1
 - group: azure
   kind: AzureVirtualMachineExtension
   version: v1alpha1
diff --git a/api/v1alpha1/rediscachefirewallrule_types.go b/api/v1alpha1/rediscachefirewallrule_types.go
@@ -0,0 +1,54 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// RedisCacheFirewallRuleSpec defines the desired state of RedisCacheFirewallRule
+type RedisCacheFirewallRuleSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	ResourceGroup string                           `json:"resourceGroup"`
+	CacheName     string                           `json:"redisCache"`
+	Properties    RedisCacheFirewallRuleProperties `json:"properties"`
+}
+
+// RedisCacheFirewallRuleProperties the parameters of the RedisCacheFirewallRule
+type RedisCacheFirewallRuleProperties struct {
+	StartIP string `json:"startIP"`
+	EndIP   string `json:"endIP"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// RedisCacheFirewallRule is the Schema for the rediscachefirewallrules API
+// +kubebuilder:printcolumn:name="Provisioned",type="string",JSONPath=".status.provisioned"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.message"
+type RedisCacheFirewallRule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RedisCacheFirewallRuleSpec `json:"spec,omitempty"`
+	Status ASOStatus                  `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// RedisCacheFirewallRuleList contains a list of RedisCacheFirewallRule
+type RedisCacheFirewallRuleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RedisCacheFirewallRule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RedisCacheFirewallRule{}, &RedisCacheFirewallRuleList{})
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/azure-service-operator-0.1.0.tgz b/charts/azure-service-operator-0.1.0.tgz
diff --git a/charts/index.yaml b/charts/index.yaml
@@ -3,19 +3,19 @@ entries:
   azure-service-operator:
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2020-05-18T22:30:28.349199-06:00"
+    created: "2020-05-20T10:20:46.240488-06:00"
     dependencies:
     - condition: azureUseMI
       name: aad-pod-identity
       repository: https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
       version: 1.5.5
     description: Deploy components and dependencies of azure-service-operator
-    digest: e5aaaa1c15802982f7a943e737b2ae39a2404d395fec299376fb19e15fc9e6f2
+    digest: f381ed2be22005190cffc85883f42a2f13512d7b789ba8a03d8ee4cf06235241
     home: https://github.com/Azure/azure-service-operator
     name: azure-service-operator
     sources:
     - https://github.com/Azure/azure-service-operator
     urls:
     - azure-service-operator-0.1.0.tgz
     version: 0.1.0
-generated: "2020-05-18T22:30:28.343398-06:00"
+generated: "2020-05-20T10:20:46.237192-06:00"
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -39,6 +39,7 @@ resources:
 - bases/azure.microsoft.com_azureloadbalancers.yaml
 - bases/azure.microsoft.com_azurevmscalesets.yaml
 - bases/azure.microsoft.com_rediscacheactions.yaml
+- bases/azure.microsoft.com_rediscachefirewallrules.yaml
 - bases/azure.microsoft.com_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
@@ -78,6 +79,7 @@ patches:
 #- patches/webhook_in_azureloadbalancers.yaml
 #- patches/webhook_in_azurevmscalesets.yaml
 #- patches/webhook_in_rediscacheactions.yaml
+#- patches/webhook_in_rediscachefirewallrules.yaml
 #- patches/webhook_in_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
@@ -116,6 +118,7 @@ patches:
 #- patches/cainjection_in_azureloadbalancers.yaml
 #- patches/cainjection_in_azurevmscalesets.yaml
 #- patches/cainjection_in_rediscacheactions.yaml
+#- patches/cainjection_in_rediscachefirewallrules.yaml
 #- patches/cainjection_in_azurevirtualmachineextensions.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 

diff --git a/config/crd/patches/cainjection_in_rediscachefirewallrules.yaml b/config/crd/patches/cainjection_in_rediscachefirewallrules.yaml
@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: rediscachefirewallrules.azure.microsoft.com
diff --git a/config/crd/patches/webhook_in_rediscachefirewallrules.yaml b/config/crd/patches/webhook_in_rediscachefirewallrules.yaml
@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: rediscachefirewallrules.azure.microsoft.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert
diff --git a/config/rbac/rediscachefirewallrule_editor_role.yaml b/config/rbac/rediscachefirewallrule_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit rediscachefirewallrules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rediscachefirewallrule-editor-role
+rules:
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - rediscachefirewallrules
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - rediscachefirewallrules/status
+  verbs:
+  - get
diff --git a/config/rbac/rediscachefirewallrule_viewer_role.yaml b/config/rbac/rediscachefirewallrule_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view rediscachefirewallrules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rediscachefirewallrule-viewer-role
+rules:
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - rediscachefirewallrules
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - rediscachefirewallrules/status
+  verbs:
+  - get
diff --git a/config/samples/azure_v1alpha1_rediscachefirewallrule.yaml b/config/samples/azure_v1alpha1_rediscachefirewallrule.yaml
@@ -0,0 +1,11 @@
+apiVersion: azure.microsoft.com/v1alpha1
+kind: RedisCacheFirewallRule
+metadata:
+  name: rediscachefirewallrule
+spec:
+  resourceGroup: resourcegroup-azure-operators
+  redisCache: rediscache-sample-1
+  properties:
+    # this IP range enables Azure Service access
+    startIP: 0.0.0.0
+    endIP: 0.0.0.0
diff --git a/config/samples/azure_v1alpha2_mysqlserver.yaml b/config/samples/azure_v1alpha2_mysqlserver.yaml
@@ -2,6 +2,9 @@ apiVersion: azure.microsoft.com/v1alpha2
 kind: MySQLServer
 metadata:
   name: mysqlserver-sample
+  labels: # Provide tags to add to the KeyVault as labels
+    tag1: value1
+    tag2: value2
 spec:  
   location: eastus2
   resourceGroup: resourcegroup-azure-operators

diff --git a/config/samples/azure_v1alpha2_postgresqlserver.yaml b/config/samples/azure_v1alpha2_postgresqlserver.yaml
@@ -2,6 +2,9 @@ apiVersion: azure.microsoft.com/v1alpha2
 kind: PostgreSQLServer
 metadata:
   name: postgresqlserver-sample
+  labels: # Provide tags to add to the KeyVault as labels
+    tag1: value1
+    tag2: value2
 spec:
   location: eastus
   resourceGroup: resourcegroup-azure-operators

diff --git a/controllers/helpers.go b/controllers/helpers.go
@@ -40,7 +40,7 @@ import (
 	resourcemanagerpsqldatabase "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/database"
 	resourcemanagerpsqlfirewallrule "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/firewallrule"
 	resourcemanagerpsqlserver "github.com/Azure/azure-service-operator/pkg/resourcemanager/psql/server"
-	resourcemanagerrediscaches "github.com/Azure/azure-service-operator/pkg/resourcemanager/rediscaches"
+	resourcemanagerrediscaches "github.com/Azure/azure-service-operator/pkg/resourcemanager/rediscaches/redis"
 	resourcegroupsresourcemanager "github.com/Azure/azure-service-operator/pkg/resourcemanager/resourcegroups"
 	resourcemanagerstorages "github.com/Azure/azure-service-operator/pkg/resourcemanager/storages"
 )

diff --git a/controllers/rediscache_controller_test.go b/controllers/rediscache_controller_test.go
@@ -7,20 +7,13 @@ package controllers
 
 import (
 	"context"
-	"fmt"
-	"log"
-	"strings"
 	"testing"
 	"time"
 
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
-	"github.com/Azure/azure-service-operator/pkg/helpers"
 	"github.com/stretchr/testify/assert"
 
-	v1 "k8s.io/api/core/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
 )
 
 const longRunningTimeout = 25 * time.Minute
@@ -36,7 +29,7 @@ func TestRedisCacheControllerHappyPath(t *testing.T) {
 	var redisCacheName string
 	var err error
 
-	rgName = tc.resourceGroupName
+	rgName = tc.resourceGroup
 	rgLocation = tc.resourceGroupLocation
 	redisCacheName = GenerateTestResourceNameWithRandom("rediscache", 10)
 
@@ -47,8 +40,8 @@ func TestRedisCacheControllerHappyPath(t *testing.T) {
 			Namespace: "default",
 		},
 		Spec: azurev1alpha1.RedisCacheSpec{
-			Location:          rgLocation,
-			ResourceGroupName: rgName,
+			Location:      rgLocation,
+			ResourceGroup: rgName,
 			Properties: azurev1alpha1.RedisCacheProperties{
 				Sku: azurev1alpha1.RedisCacheSku{
 					Name:     "Basic",

diff --git a/controllers/rediscachefirewallrule_controller.go b/controllers/rediscachefirewallrule_controller.go
@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package controllers
+
+import (
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+)
+
+// RedisCacheFirewallRuleReconciler reconciles a RedisCacheFirewallRule object
+type RedisCacheFirewallRuleReconciler struct {
+	Reconciler *AsyncReconciler
+}
+
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=rediscachefirewallrules,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=azure.microsoft.com,resources=rediscachefirewallrules/status,verbs=get;update;patch
+
+func (r *RedisCacheFirewallRuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return r.Reconciler.Reconcile(req, &azurev1alpha1.RedisCacheFirewallRule{})
+}
+
+func (r *RedisCacheFirewallRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&azurev1alpha1.RedisCacheFirewallRule{}).
+		Complete(r)
+}