-
Notifications
You must be signed in to change notification settings - Fork 0
/
privateendpoints.go
75 lines (64 loc) · 2.35 KB
/
privateendpoints.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package azure
import (
"context"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
"github.com/giantswarm/microerror"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
type PrivateEndpointsClientCreator func(context.Context, client.Client, *capz.AzureCluster) (PrivateEndpointsClient, error)
type PrivateEndpointsClient interface {
Get(ctx context.Context, resourceGroupName string, privateEndpointName string, options *armnetwork.PrivateEndpointsClientGetOptions) (armnetwork.PrivateEndpointsClientGetResponse, error)
}
const (
clientSecretKeyName = "clientSecret"
)
func NewPrivateEndpointClient(ctx context.Context, client client.Client, azureCluster *capz.AzureCluster) (PrivateEndpointsClient, error) {
var cred azcore.TokenCredential
var err error
azureClusterIdentity := &capz.AzureClusterIdentity{}
name := types.NamespacedName{
Namespace: azureCluster.Spec.IdentityRef.Namespace,
Name: azureCluster.Spec.IdentityRef.Name,
}
err = client.Get(ctx, name, azureClusterIdentity)
if err != nil {
return nil, microerror.Mask(err)
}
switch azureClusterIdentity.Spec.Type {
case capz.UserAssignedMSI:
cred, err = azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
ID: azidentity.ClientID(azureClusterIdentity.Spec.ClientID),
})
if err != nil {
return nil, microerror.Mask(err)
}
case capz.ManualServicePrincipal:
clientSecretName := types.NamespacedName{
Namespace: azureClusterIdentity.Spec.ClientSecret.Namespace,
Name: azureClusterIdentity.Spec.ClientSecret.Name,
}
secret := &corev1.Secret{}
err = client.Get(ctx, clientSecretName, secret)
if err != nil {
return nil, microerror.Mask(err)
}
cred, err = azidentity.NewClientSecretCredential(
azureClusterIdentity.Spec.TenantID,
azureClusterIdentity.Spec.ClientID,
string(secret.Data[clientSecretKeyName]),
nil)
if err != nil {
return nil, microerror.Mask(err)
}
}
privateEndpointsClient, err := armnetwork.NewPrivateEndpointsClient(azureCluster.Spec.SubscriptionID, cred, nil)
if err != nil {
return nil, microerror.Mask(err)
}
return privateEndpointsClient, nil
}