Skip to content

Commit

Permalink
user azure identity instead of principal
Browse files Browse the repository at this point in the history
  • Loading branch information
nader-ziada committed Oct 15, 2020
1 parent b9e12b9 commit aa6ac11
Show file tree
Hide file tree
Showing 20 changed files with 228 additions and 613 deletions.
5 changes: 1 addition & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -426,7 +426,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST)
kubectl wait --for=condition=Available --timeout=5m -n capi-kubeadm-bootstrap-system deployment -l cluster.x-k8s.io/provider=bootstrap-kubeadm
kubectl wait --for=condition=Available --timeout=5m -n capi-kubeadm-control-plane-system deployment -l cluster.x-k8s.io/provider=control-plane-kubeadm

sleep 5
sleep 10
# apply CNI ClusterResourceSets
kubectl create configmap calico-addon --from-file=templates/addons/calico.yaml
kubectl create configmap calico-ipv6-addon --from-file=templates/addons/calico-ipv6.yaml
Expand All @@ -439,9 +439,6 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST)
sleep 10
@echo 'Set kubectl context to the kind management cluster by running "kubectl config set-context kind-capz"'

# aad-pod-identity deploylment for handling identities
$(ENVSUBST) < $(TEMPLATES_DIR)/addons/aad-pod-identity-deployment.yaml | kubectl apply -f -

.PHONY: create-workload-cluster
create-workload-cluster: $(ENVSUBST)
# Create workload Cluster.
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha2/azurecluster_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func (src *AzureCluster) ConvertTo(dstRaw conversion.Hub) error { // nolint

dst.Status.FailureDomains = restored.Status.FailureDomains
dst.Spec.NetworkSpec.Vnet.CIDRBlocks = restored.Spec.NetworkSpec.Vnet.CIDRBlocks
dst.Spec.PrincipalRef = restored.Spec.PrincipalRef
dst.Spec.IdentityName = restored.Spec.IdentityName

for _, restoredSubnet := range restored.Spec.NetworkSpec.Subnets {
if restoredSubnet != nil {
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha2/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 2 additions & 13 deletions api/v1alpha3/azurecluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,6 @@ const (
ClusterFinalizer = "azurecluster.infrastructure.cluster.x-k8s.io"
)

// AzurePrincipalKind defines allowed Azure cluster principal types
// +kubebuilder:validation:Enum=AzureSystemAssigned;AzureUserAssigned;AzureServicePrincipal
type AzurePrincipalKind string

// AzurePrincipalRef is a reference to a principal
type AzurePrincipalRef struct {
Kind AzurePrincipalKind `json:"kind"`
Name string `json:"name"`
Namespace string `json:"namespace"`
}

// AzureClusterSpec defines the desired state of AzureCluster
type AzureClusterSpec struct {
// NetworkSpec encapsulates all things related to Azure network.
Expand All @@ -60,9 +49,9 @@ type AzureClusterSpec struct {
// +optional
AdditionalTags Tags `json:"additionalTags,omitempty"`

// PrincipalRef is a reference to a principal to be used when reconciling this cluster
// IdentityName is a reference to a AzureIdentity to be used when reconciling this cluster
// +optional
PrincipalRef *AzurePrincipalRef `json:"principalRef,omitempty"`
IdentityName *string `json:"identityName,omitempty"`
}

// AzureClusterStatus defines the observed state of AzureCluster
Expand Down
72 changes: 0 additions & 72 deletions api/v1alpha3/azureserviceprincipal_types.go

This file was deleted.

96 changes: 3 additions & 93 deletions api/v1alpha3/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 1 addition & 4 deletions cloud/scope/clients.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,8 @@ func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscript
c.EnvironmentSettings = settings
c.ResourceManagerEndpoint = settings.Environment.ResourceManagerEndpoint
c.ResourceManagerVMDNSSuffix = settings.Environment.ResourceManagerVMDNSSuffix
c.Values[auth.ClientID] = strings.TrimSuffix(c.Values[auth.ClientID], "\n")
c.Values[auth.ClientSecret] = strings.TrimSuffix(c.Values[auth.ClientSecret], "\n")
c.Values[auth.SubscriptionID] = strings.TrimSuffix(subscriptionID, "\n")
c.Values[auth.TenantID] = strings.TrimSuffix(c.Values[auth.TenantID], "\n")

c.Authorizer, err = credentialsProvider.GetAuthorizer(ctx)
c.Authorizer, err = credentialsProvider.GetAuthorizer(ctx, c.ResourceManagerEndpoint)
return err
}
4 changes: 2 additions & 2 deletions cloud/scope/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,13 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc
params.Logger = klogr.New()
}

if params.AzureCluster.Spec.PrincipalRef == nil {
if params.AzureCluster.Spec.IdentityName == nil {
err := params.AzureClients.setCredentials(params.AzureCluster.Spec.SubscriptionID)
if err != nil {
return nil, errors.Wrap(err, "failed to configure azure settings and credentials from environment")
}
} else {
credentailsProvider, err := NewAzureCredentialsProvider(ctx, params.Client, params.ResourceManagerEndpoint, params.AzureCluster.Spec.PrincipalRef)
credentailsProvider, err := NewAzureCredentialsProvider(ctx, params.AzureCluster.Namespace, to.String(params.AzureCluster.Spec.IdentityName))
if err != nil {
return nil, errors.Wrap(err, "failed to init credentials provider")
}
Expand Down
Loading

0 comments on commit aa6ac11

Please sign in to comment.