move stuff around from review

Azure · Jul 17, 2024 · f408e3a · f408e3a
1 parent 1932b4a
commit f408e3a
Show file tree

Hide file tree

Showing 12 changed files with 144 additions and 140 deletions.
diff --git a/cmd/aro/gateway.go b/cmd/aro/gateway.go
@@ -17,7 +17,6 @@ import (
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd"
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd/golang"
 	utilnet "github.com/Azure/ARO-RP/pkg/util/net"
-	"github.com/Azure/ARO-RP/pkg/util/service"
 )
 
 func gateway(ctx context.Context, log *logrus.Entry) error {
@@ -35,12 +34,12 @@ func gateway(ctx context.Context, log *logrus.Entry) error {
 
 	go g.Run()
 
-	dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil)
+	dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, nil)
 	if err != nil {
 		return err
 	}
 
-	dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/aro/monitor.go b/cmd/aro/monitor.go
@@ -20,7 +20,7 @@ import (
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s"
 	pkgmonitor "github.com/Azure/ARO-RP/pkg/monitor"
 	"github.com/Azure/ARO-RP/pkg/proxy"
-	"github.com/Azure/ARO-RP/pkg/util/service"
+	"github.com/Azure/ARO-RP/pkg/util/encryption"
 )
 
 func monitor(ctx context.Context, log *logrus.Entry) error {
@@ -58,17 +58,17 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
 
 	clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
 
-	aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
+	aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
 	if err != nil {
 		return err
 	}
 
-	dbc, err := service.NewDatabaseClient(ctx, _env, log, &noop.Noop{}, aead)
+	dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, &noop.Noop{}, aead)
 	if err != nil {
 		return err
 	}
 
-	dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/aro/portal.go b/cmd/aro/portal.go
@@ -18,9 +18,9 @@ import (
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd/golang"
 	pkgportal "github.com/Azure/ARO-RP/pkg/portal"
 	"github.com/Azure/ARO-RP/pkg/proxy"
+	"github.com/Azure/ARO-RP/pkg/util/encryption"
 	"github.com/Azure/ARO-RP/pkg/util/keyvault"
 	"github.com/Azure/ARO-RP/pkg/util/oidc"
-	"github.com/Azure/ARO-RP/pkg/util/service"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
 )
 
@@ -69,17 +69,17 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error {
 
 	go g.Run()
 
-	aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
+	aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
 	if err != nil {
 		return err
 	}
 
-	dbc, err := service.NewDatabaseClient(ctx, _env, log, m, aead)
+	dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, aead)
 	if err != nil {
 		return err
 	}
 
-	dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return err
 	}
@@ -99,7 +99,7 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error {
 		return err
 	}
 
-	keyVaultPrefix := os.Getenv(service.KeyVaultPrefix)
+	keyVaultPrefix := os.Getenv(encryption.KeyVaultPrefix)
 	portalKeyvaultURI := keyvault.URI(_env, env.PortalKeyvaultSuffix, keyVaultPrefix)
 	portalKeyvault := keyvault.NewManager(msiKVAuthorizer, portalKeyvaultURI)
 

diff --git a/cmd/aro/rp.go b/cmd/aro/rp.go
@@ -38,7 +38,6 @@ import (
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s"
 	"github.com/Azure/ARO-RP/pkg/util/clusterdata"
 	"github.com/Azure/ARO-RP/pkg/util/encryption"
-	"github.com/Azure/ARO-RP/pkg/util/service"
 )
 
 func rp(ctx context.Context, log, audit *logrus.Entry) error {
@@ -101,17 +100,17 @@ func rp(ctx context.Context, log, audit *logrus.Entry) error {
 
 	clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
 
-	aead, err := encryption.NewMulti(ctx, _env.ServiceKeyvault(), env.EncryptionSecretV2Name, env.EncryptionSecretName)
+	aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
 	if err != nil {
 		return err
 	}
 
-	dbc, err := service.NewDatabaseClient(ctx, _env, log, metrics, aead)
+	dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, metrics, aead)
 	if err != nil {
 		return err
 	}
 
-	dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/aro/update_ocp_versions.go b/cmd/aro/update_ocp_versions.go
@@ -16,7 +16,6 @@ import (
 	"github.com/Azure/ARO-RP/pkg/database"
 	"github.com/Azure/ARO-RP/pkg/env"
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd"
-	"github.com/Azure/ARO-RP/pkg/util/service"
 	"github.com/Azure/ARO-RP/pkg/util/version"
 )
 
@@ -160,12 +159,12 @@ func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenS
 
 	m := statsd.New(ctx, log.WithField("component", "update-ocp-versions"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
 
-	dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil)
+	dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, nil)
 	if err != nil {
 		return nil, fmt.Errorf("failed creating database client: %w", err)
 	}
 
-	dbName, err := service.DBName(_env.IsLocalDevelopmentMode())
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return nil, err
 	}

diff --git a/cmd/aro/update_role_sets.go b/cmd/aro/update_role_sets.go
@@ -16,7 +16,6 @@ import (
 	"github.com/Azure/ARO-RP/pkg/env"
 	"github.com/Azure/ARO-RP/pkg/metrics/statsd"
 	"github.com/Azure/ARO-RP/pkg/util/encryption"
-	"github.com/Azure/ARO-RP/pkg/util/keyvault"
 )
 
 func getRoleSetsFromEnv() ([]api.PlatformWorkloadIdentityRoleSetProperties, error) {
@@ -38,26 +37,23 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus
 		return nil, fmt.Errorf("MSI Authorizer failed with: %s", err.Error())
 	}
 
-	msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope)
-	if err != nil {
-		return nil, fmt.Errorf("MSI KeyVault Authorizer failed with: %s", err.Error())
-	}
-
 	m := statsd.New(ctx, log.WithField("component", "update-role-sets"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
 
-	keyVaultPrefix := os.Getenv(envKeyVaultPrefix)
-	serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
-	serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
+	aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName)
+	if err != nil {
+		return nil, err
+	}
 
-	aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName)
+	dbName, err := env.DBName(_env)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
+	dbAccountName, err := env.DBAccountName()
+	if err != nil {
 		return nil, err
 	}
-	dbAccountName := os.Getenv(envDatabaseAccountName)
+
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
 	}
@@ -73,11 +69,6 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus
 		return nil, err
 	}
 
-	dbName, err := DBName(_env.IsLocalDevelopmentMode())
-	if err != nil {
-		return nil, err
-	}
-
 	return database.NewPlatformWorkloadIdentityRoleSets(ctx, dbc, dbName)
 }
 

diff --git a/pkg/database/fromenv.go b/pkg/database/fromenv.go
@@ -0,0 +1,51 @@
+package database
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/sirupsen/logrus"
+
+	"github.com/Azure/ARO-RP/pkg/database/cosmosdb"
+	"github.com/Azure/ARO-RP/pkg/env"
+	"github.com/Azure/ARO-RP/pkg/metrics"
+	"github.com/Azure/ARO-RP/pkg/util/encryption"
+)
+
+// NewDatabaseClient creates a CosmosDB database client from the environment configuration.
+func NewDatabaseClientFromEnv(ctx context.Context, _env env.Core, log *logrus.Entry, m metrics.Emitter, aead encryption.AEAD) (cosmosdb.DatabaseClient, error) {
+	dbAccountName, err := env.DBAccountName()
+	if err != nil {
+		return nil, err
+	}
+
+	msiToken, err := _env.NewMSITokenCredential()
+	if err != nil {
+		return nil, err
+	}
+
+	scope := []string{
+		fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope),
+	}
+
+	logrusEntry := log.WithField("component", "database")
+
+	dbAuthorizer, err := NewTokenAuthorizer(
+		ctx, logrusEntry, msiToken, dbAccountName, scope,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	dbc, err := NewDatabaseClient(
+		logrusEntry, _env, dbAuthorizer, m, aead, dbAccountName,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return dbc, nil
+}
diff --git a/pkg/env/helpers.go b/pkg/env/helpers.go
@@ -0,0 +1,35 @@
+package env
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"fmt"
+	"os"
+)
+
+const (
+	EnvDatabaseName        = "DATABASE_NAME"
+	EnvDatabaseAccountName = "DATABASE_ACCOUNT_NAME"
+)
+
+// Fetch the database account name from the environment.
+func DBAccountName() (string, error) {
+	if err := ValidateVars(EnvDatabaseAccountName); err != nil {
+		return "", err
+	}
+
+	return os.Getenv(EnvDatabaseAccountName), nil
+}
+
+func DBName(c Core) (string, error) {
+	if !c.IsLocalDevelopmentMode() {
+		return "ARO", nil
+	}
+
+	if err := ValidateVars(EnvDatabaseName); err != nil {
+		return "", fmt.Errorf("%v (development mode)", err.Error())
+	}
+
+	return os.Getenv(EnvDatabaseName), nil
+}
diff --git a/pkg/util/encryption/azure.go b/pkg/util/encryption/azure.go
@@ -0,0 +1,34 @@
+package encryption
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/Azure/ARO-RP/pkg/env"
+	"github.com/Azure/ARO-RP/pkg/util/keyvault"
+)
+
+const (
+	KeyVaultPrefix = "KEYVAULT_PREFIX"
+)
+
+// NewAEADWithCore creates an AEAD encryption manager with resources available
+// from the Core env object.
+func NewAEADWithCore(ctx context.Context, _env env.Core, encryptionSecretV2Name string, encryptionSecretName string) (AEAD, error) {
+	msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope)
+	if err != nil {
+		return nil, fmt.Errorf("MSI KeyVault Authorizer failed with: %s", err.Error())
+	}
+
+	keyVaultPrefix := os.Getenv(KeyVaultPrefix)
+	serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
+	serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
+
+	return NewMulti(
+		ctx, serviceKeyvault, encryptionSecretV2Name, encryptionSecretName,
+	)
+}
diff --git a/pkg/util/service/const.go b/pkg/util/service/const.go