From 30dfad81aed30f61458ad12c4ab8942b1c7d6e1f Mon Sep 17 00:00:00 2001 From: Markus Blaschke Date: Sun, 27 Aug 2023 15:56:04 +0200 Subject: [PATCH] add env var AZURE_SERVICEDISCOVERY_CACHE_TTL and add SetSubscriptionID Signed-off-by: Markus Blaschke --- azuresdk/README.md | 16 +++++++----- azuresdk/armclient/client.go | 29 ++++++++++++++++++---- azuresdk/armclient/client.subscriptions.go | 4 +-- 3 files changed, 36 insertions(+), 13 deletions(-) diff --git a/azuresdk/README.md b/azuresdk/README.md index 1fb299d..b8f0db7 100644 --- a/azuresdk/README.md +++ b/azuresdk/README.md @@ -2,6 +2,12 @@ ## ArmClient +### Env vars + +| Variable name | Default | Description | +|------------------------------------|-----------------------|-------------------------------------------------------------------| +| `AZURE_SERVICEDISCOVERY_CACHE_TTL` | `60m` (time.Duration) | ServiceDiscovery cache (eg. subscription, resourceGroup list,...) | + ### Authentication Hint: please also check [microsoft azure-sdk documentation](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication) for advanced usage. @@ -24,12 +30,12 @@ Hint: please also check [microsoft azure-sdk documentation](https://docs.microso #### AzureCLI authentication -To enable authentication via AzureCLI set `AZURE_AUTH=az` and the token is fetched from Azure CLI. -For this method the `az` binary must be available inside the container/environment. +To force authentication via AzureCLI set `AZURE_AUTH=az` and the token is fetched from Azure CLI. +For this method the `az` binary must be executable in `$PATH` (inside the container/environment). -#### WorkloadIdentity/Federation authentication (beta) +#### WorkloadIdentity/Federation authentication -To enable authentication via WorkloadIdentity/Federation set `AZURE_AUTH=federation`. +To force authentication via WorkloadIdentity/Federation set `AZURE_AUTH=federation`. Following environment variables needs to be set (automatically set via workloadidentity in AKS clusters): | Variable name | Value | @@ -39,8 +45,6 @@ Following environment variables needs to be set (automatically set via workloadi | `AZURE_TENANT_ID` | The tenant ID of the registered AAD application or user-assigned managed identity. | | `AZURE_FEDERATED_TOKEN_FILE` | The path of the projected service account token file. | -Will be integrated in azidentiy from azure-sdk-for-go in 1.3.0 - ### Azure Cloud/Environment support | `AZURE_ENVIRONMENT` | Description | diff --git a/azuresdk/armclient/client.go b/azuresdk/armclient/client.go index fbc3b19..0364f0a 100644 --- a/azuresdk/armclient/client.go +++ b/azuresdk/armclient/client.go @@ -19,6 +19,10 @@ import ( "github.com/webdevops/go-common/utils/to" ) +const ( + EnvVarServiceDiscoveryTtl = "AZURE_SERVICEDISCOVERY_CACHE_TTL" +) + type ( ArmClient struct { TagManager *ArmClientTagManager @@ -30,7 +34,7 @@ type ( cache *cache.Cache cacheTtl time.Duration - subscriptionFilter []string + subscriptionList []string cred *azcore.TokenCredential @@ -54,9 +58,6 @@ func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *zap.SugaredL client := &ArmClient{} client.cloud = cloudConfig - client.cacheTtl = 30 * time.Minute - client.cache = cache.New(60*time.Minute, 60*time.Second) - client.logger = logger client.userAgent = "go-common/unknown" @@ -65,6 +66,16 @@ func NewArmClient(cloudConfig cloudconfig.CloudEnvironment, logger *zap.SugaredL logger: logger.With(zap.String("component", "armClientTagManager")), } + cacheTtl := 60 * time.Minute + if val := os.Getenv(EnvVarServiceDiscoveryTtl); val != "" { + if ttl, err := time.ParseDuration(val); err == nil { + cacheTtl = ttl + } else { + logger.Fatalf(`%s is not a valid value, got "%v", expected duration`, EnvVarServiceDiscoveryTtl, val) + } + } + client.SetCacheTtl(cacheTtl) + return client } @@ -193,11 +204,19 @@ func (azureClient *ArmClient) SetUserAgent(useragent string) { // SetCacheTtl set TTL for service discovery cache func (azureClient *ArmClient) SetCacheTtl(ttl time.Duration) { azureClient.cacheTtl = ttl + azureClient.cache = cache.New(ttl, 60*time.Second) } // SetSubscriptionFilter set subscription filter, other subscriptions will be ignored +// +// Deprecated: use SetSubscriptionID instead func (azureClient *ArmClient) SetSubscriptionFilter(subscriptionId ...string) { - azureClient.subscriptionFilter = subscriptionId + azureClient.SetSubscriptionID(subscriptionId...) +} + +// SetSubscriptionID set subscription filter, other subscriptions will be ignored +func (azureClient *ArmClient) SetSubscriptionID(subscriptionId ...string) { + azureClient.subscriptionList = subscriptionId } func (azureClient *ArmClient) cacheData(identifier string, callback func() (interface{}, error)) (interface{}, error) { diff --git a/azuresdk/armclient/client.subscriptions.go b/azuresdk/armclient/client.subscriptions.go index 9348889..46d7fcc 100644 --- a/azuresdk/armclient/client.subscriptions.go +++ b/azuresdk/armclient/client.subscriptions.go @@ -75,9 +75,9 @@ func (azureClient *ArmClient) ListSubscriptions(ctx context.Context) (map[string } for _, subscription := range result.Value { - if len(azureClient.subscriptionFilter) > 0 { + if len(azureClient.subscriptionList) > 0 { // use subscription filter - for _, subscriptionId := range azureClient.subscriptionFilter { + for _, subscriptionId := range azureClient.subscriptionList { if strings.EqualFold(*subscription.SubscriptionID, subscriptionId) { list[*subscription.SubscriptionID] = subscription break