Merge branch 'buhongw7583c-issue#858'

Azure · Apr 15, 2020 · 45af4d4 · 45af4d4
2 parents f3345df + 45c6989
commit 45af4d4
Show file tree

Hide file tree

Showing 21 changed files with 516 additions and 108 deletions.
diff --git a/api/v1alpha1/storageaccount_types.go b/api/v1alpha1/storageaccount_types.go
@@ -29,6 +29,8 @@ type StorageAccountSpec struct {
 	EnableHTTPSTrafficOnly *bool `json:"supportsHttpsTrafficOnly,omitempty"`
 
 	DataLakeEnabled *bool `json:"dataLakeEnabled,omitempty"`
+
+	NetworkRule *StorageNetworkRuleSet `json:"networkRule,omitempty"`
 }
 
 // StorageAccountSku the SKU of the storage account.
@@ -97,6 +99,43 @@ type StorageAccountList struct {
 	Items           []StorageAccount `json:"items"`
 }
 
+type Bypass string
+
+type StorageNetworkRuleSet struct {
+	// Bypass - Specifies whether traffic is bypassed for Logging/Metrics/AzureServices.
+	//Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
+	//Possible values include: 'None', 'Logging', 'Metrics', 'AzureServices'
+	Bypass Bypass `json:"bypass,omitempty"`
+	// VirtualNetworkRules - Sets the virtual network rules
+	VirtualNetworkRules *[]VirtualNetworkRule `json:"virtualNetworkRules,omitempty"`
+	// IPRules - Sets the IP ACL rules
+	IPRules *[]IPRule `json:"ipRules,omitempty"`
+	// DefaultAction - Specifies the default action of allow or deny when no other rules match. Possible values include: 'DefaultActionAllow', 'DefaultActionDeny'
+	DefaultAction string `json:"defaultAction,omitempty"`
+}
+
+const (
+
+	// AzureServices ...
+	AzureServices Bypass = "AzureServices"
+	// Logging ...
+	Logging Bypass = "Logging"
+	// Metrics ...
+	Metrics Bypass = "Metrics"
+	// None ...
+	None Bypass = "None"
+)
+
+type VirtualNetworkRule struct {
+	// SubnetId - Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
+	SubnetId *string `json:"subnetId,omitempty"`
+}
+
+type IPRule struct {
+	// IPAddressOrRange - Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.
+	IPAddressOrRange *string `json:"ipAddressOrRange,omitempty"`
+}
+
 func init() {
 	SchemeBuilder.Register(&StorageAccount{}, &StorageAccountList{})
 }

diff --git a/config/default/manager_image_patch.yaml-e b/config/default/manager_image_patch.yaml-e
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      # Change the value of image field below to your controller image URL
+      - image: controller:latest
+        name: manager
+        env:
+          - name: AZURE_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_CLIENT_ID
+                optional: true
+          - name: AZURE_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_CLIENT_SECRET
+                optional: true
+          - name: AZURE_TENANT_ID
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_TENANT_ID
+          - name: AZURE_SUBSCRIPTION_ID
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_SUBSCRIPTION_ID
+          - name: AZURE_USE_MI
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_USE_MI
+                optional: true
+          - name: AZURE_OPERATOR_KEYVAULT
+            valueFrom:
+              secretKeyRef:
+                name: azureoperatorsettings
+                key: AZURE_OPERATOR_KEYVAULT
+                optional: true
+          #requeue after time in seconds"
+          - name: REQUEUE_AFTER
+            value: "30"
diff --git a/config/samples/azure_v1alpha1_storageaccount.yaml b/config/samples/azure_v1alpha1_storageaccount.yaml
@@ -1,7 +1,7 @@
 apiVersion: azure.microsoft.com/v1alpha1
 kind: StorageAccount
 metadata:
-  name: storageaccountsample777
+  name: storagesample
 spec:
   location: westus
   resourceGroup: resourcegroup-azure-operators
@@ -10,3 +10,12 @@ spec:
   kind: StorageV2
   accessTier: Hot
   supportsHttpsTrafficOnly: true
+# Optional: networkRule
+  networkRule:
+    bypass: AzureServices # Possible values are AzureServices, Metrics, None, Logging
+    defaultAction: Deny # Possible values are Allow, Deny
+    virtualNetworkRules: 
+      - subnetId: /subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Network/virtualNetworks/{vnet}/subnets/{subnet}
+    ipRules: #could be an ip range or a ip address
+      - ipAddressOrRange: 2.2.0.0/24
+      - ipAddressOrRange: 2.2.2.1
diff --git a/controllers/postgresql_combined_controller_test.go b/controllers/postgresql_combined_controller_test.go
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-// +build all psql psqldatabase
+// +build all psql
 
 package controllers
 

diff --git a/controllers/postgresqldatabase_controller_test.go b/controllers/postgresqldatabase_controller_test.go
@@ -0,0 +1,73 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// +build all  psqldatabase
+
+package controllers
+
+import (
+	"context"
+	"testing"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+	"github.com/Azure/azure-service-operator/pkg/errhelp"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+//Postgresql database controller unhappy test cases
+
+func TestPSQLDatabaseControllerNoResourceGroup(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	// Add any setup steps that needs to be executed before each test
+	rgName := GenerateTestResourceNameWithRandom("psqlsrv-rg", 10)
+
+	postgreSQLServerName := GenerateTestResourceNameWithRandom("psql-srv", 10)
+	postgreSQLDatabaseName := GenerateTestResourceNameWithRandom("psql-db", 10)
+
+	// Create the PostgreSQLDatabase object and expect the Reconcile to be created
+	postgreSQLDatabaseInstance1 := &azurev1alpha1.PostgreSQLDatabase{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      postgreSQLDatabaseName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.PostgreSQLDatabaseSpec{
+			ResourceGroup: rgName,
+			Server:        postgreSQLServerName,
+		},
+	}
+
+	EnsureInstanceWithResult(ctx, t, tc, postgreSQLDatabaseInstance1, errhelp.ResourceGroupNotFoundErrorCode, false)
+	EnsureDelete(ctx, t, tc, postgreSQLDatabaseInstance1)
+
+}
+
+func TestPSQLDatabaseControllerNoSever(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	// Add any setup steps that needs to be executed before each test
+	rgName := tc.resourceGroupName
+
+	postgreSQLServerName := GenerateTestResourceNameWithRandom("psql-srv", 10)
+	postgreSQLDatabaseName := GenerateTestResourceNameWithRandom("psql-db", 10)
+
+	// Create the PostgreSQLDatabase object and expect the Reconcile to be created
+	postgreSQLDatabaseInstance2 := &azurev1alpha1.PostgreSQLDatabase{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      postgreSQLDatabaseName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.PostgreSQLDatabaseSpec{
+			ResourceGroup: rgName,
+			Server:        postgreSQLServerName,
+		},
+	}
+
+	EnsureInstanceWithResult(ctx, t, tc, postgreSQLDatabaseInstance2, errhelp.ResourceNotFound, false)
+	EnsureDelete(ctx, t, tc, postgreSQLDatabaseInstance2)
+
+}
diff --git a/controllers/postgresqlfirewallrule_controller_test.go b/controllers/postgresqlfirewallrule_controller_test.go
@@ -0,0 +1,75 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// +build all  psqlfirewallrule
+
+package controllers
+
+import (
+	"context"
+	"testing"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+	"github.com/Azure/azure-service-operator/pkg/errhelp"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestPSQLFirewallRuleControllerNoResourceGroup(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	// Add any setup steps that needs to be executed before each test
+	rgName := GenerateTestResourceNameWithRandom("psqlsrv-rg", 10)
+
+	postgreSQLServerName := GenerateTestResourceNameWithRandom("psql-srv", 10)
+	postgreSQLFirewallRuleName := GenerateTestResourceNameWithRandom("psql-fwrule", 10)
+
+	// Create the PostgreSQLFirewallRule object and expect the Reconcile to be created
+	postgreSQLFirewallRuleInstance := &azurev1alpha1.PostgreSQLFirewallRule{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      postgreSQLFirewallRuleName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.PostgreSQLFirewallRuleSpec{
+			ResourceGroup:  rgName,
+			Server:         postgreSQLServerName,
+			StartIPAddress: "0.0.0.0",
+			EndIPAddress:   "0.0.0.0",
+		},
+	}
+
+	EnsureInstanceWithResult(ctx, t, tc, postgreSQLFirewallRuleInstance, errhelp.ResourceGroupNotFoundErrorCode, false)
+	EnsureDelete(ctx, t, tc, postgreSQLFirewallRuleInstance)
+
+}
+
+func TestPSQLFirewallRuleControllerNoServer(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	// Add any setup steps that needs to be executed before each test
+	rgName := tc.resourceGroupName
+
+	postgreSQLServerName := GenerateTestResourceNameWithRandom("psql-srv", 10)
+	postgreSQLFirewallRuleName := GenerateTestResourceNameWithRandom("psql-fwrule", 10)
+
+	// Create the PostgreSQLFirewallRule object and expect the Reconcile to be created
+	postgreSQLFirewallRuleInstance := &azurev1alpha1.PostgreSQLFirewallRule{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      postgreSQLFirewallRuleName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.PostgreSQLFirewallRuleSpec{
+			ResourceGroup:  rgName,
+			Server:         postgreSQLServerName,
+			StartIPAddress: "0.0.0.0",
+			EndIPAddress:   "0.0.0.0",
+		},
+	}
+
+	EnsureInstanceWithResult(ctx, t, tc, postgreSQLFirewallRuleInstance, errhelp.ResourceNotFound, false)
+	EnsureDelete(ctx, t, tc, postgreSQLFirewallRuleInstance)
+
+}
diff --git a/controllers/postgresqlserver_controller_test.go b/controllers/postgresqlserver_controller_test.go
@@ -0,0 +1,52 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// +build all psqlserver
+
+package controllers
+
+import (
+	"context"
+	"testing"
+
+	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
+	"github.com/Azure/azure-service-operator/pkg/errhelp"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+//test Postgre SQL server unhappy path
+func TestPSQLServerControllerNoResourceGroup(t *testing.T) {
+	t.Parallel()
+	defer PanicRecover(t)
+	ctx := context.Background()
+
+	// Add any setup steps that needs to be executed before each test
+	rgName := GenerateTestResourceNameWithRandom("psqlsrv-rg", 10)
+	rgLocation := tc.resourceGroupLocation
+
+	postgreSQLServerName := GenerateTestResourceNameWithRandom("psql-srv", 10)
+
+	// Create the PostgreSQLServer object and expect the Reconcile to be created
+	postgreSQLServerInstance := &azurev1alpha1.PostgreSQLServer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      postgreSQLServerName,
+			Namespace: "default",
+		},
+		Spec: azurev1alpha1.PostgreSQLServerSpec{
+			Location:      rgLocation,
+			ResourceGroup: rgName,
+			Sku: azurev1alpha1.AzureDBsSQLSku{
+				Name:     "B_Gen5_2",
+				Tier:     azurev1alpha1.SkuTier("Basic"),
+				Family:   "Gen5",
+				Size:     "51200",
+				Capacity: 2,
+			},
+			ServerVersion:  azurev1alpha1.ServerVersion("10"),
+			SSLEnforcement: azurev1alpha1.SslEnforcementEnumEnabled,
+		},
+	}
+	EnsureInstanceWithResult(ctx, t, tc, postgreSQLServerInstance, errhelp.ResourceGroupNotFoundErrorCode, false)
+	EnsureDelete(ctx, t, tc, postgreSQLServerInstance)
+
+}
diff --git a/controllers/storageaccount_controller_test.go b/controllers/storageaccount_controller_test.go
@@ -10,18 +10,15 @@ import (
 	"testing"
 
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
-
 	"github.com/Azure/go-autorest/autorest/to"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func TestStorageControllerHappyPath(t *testing.T) {
+func TestStorageControllerHappyPathWithoutNetworkRule(t *testing.T) {
 	t.Parallel()
 	defer PanicRecover(t)
 	ctx := context.Background()
-
 	StorageAccountName := GenerateAlphaNumTestResourceName("sadev")
-
 	// Create the ResourceGroup object and expect the Reconcile to be created
 	saInstance := &azurev1alpha1.StorageAccount{
 		ObjectMeta: metav1.ObjectMeta{
@@ -39,10 +36,8 @@ func TestStorageControllerHappyPath(t *testing.T) {
 			EnableHTTPSTrafficOnly: to.BoolPtr(true),
 		},
 	}
-
 	// create rg
 	EnsureInstance(ctx, t, tc, saInstance)
-
 	// delete rg
 	EnsureDelete(ctx, t, tc, saInstance)
 }
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -745,9 +745,9 @@ func setup() error {
 
 	log.Println("Creating SA:", storageAccountName)
 	// Create the Storage Account and Container
-	_, _ = storageAccountManager.CreateStorage(context.Background(), resourceGroupName, storageAccountName, resourcegroupLocation, azurev1alpha1.StorageAccountSku{
+	_, _, _ = storageAccountManager.CreateStorage(context.Background(), resourceGroupName, storageAccountName, resourcegroupLocation, azurev1alpha1.StorageAccountSku{
 		Name: "Standard_LRS",
-	}, "Storage", map[string]*string{}, "", nil, nil)
+	}, "Storage", map[string]*string{}, "", nil, nil, nil)
 
 	// Storage account needs to be in "Suceeded" state
 	// for container create to succeed