From f2895cbb6ec147e09222b2c3d2a19a889d161b91 Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 26 Jun 2024 15:25:43 +1000 Subject: [PATCH 1/6] move some repeated code into pkg/util/service/ --- pkg/util/service/const.go | 10 +++++ pkg/util/service/database.go | 71 ++++++++++++++++++++++++++++++++++++ pkg/util/service/helpers.go | 23 ++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 pkg/util/service/const.go create mode 100644 pkg/util/service/database.go create mode 100644 pkg/util/service/helpers.go diff --git a/pkg/util/service/const.go b/pkg/util/service/const.go new file mode 100644 index 00000000000..0183d581ec1 --- /dev/null +++ b/pkg/util/service/const.go @@ -0,0 +1,10 @@ +package service + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +const ( + DatabaseName = "DATABASE_NAME" + DatabaseAccountName = "DATABASE_ACCOUNT_NAME" + KeyVaultPrefix = "KEYVAULT_PREFIX" +) diff --git a/pkg/util/service/database.go b/pkg/util/service/database.go new file mode 100644 index 00000000000..b4451ef42c2 --- /dev/null +++ b/pkg/util/service/database.go @@ -0,0 +1,71 @@ +package service + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "context" + "fmt" + "os" + + "github.com/sirupsen/logrus" + + "github.com/Azure/ARO-RP/pkg/database" + "github.com/Azure/ARO-RP/pkg/database/cosmosdb" + "github.com/Azure/ARO-RP/pkg/env" + "github.com/Azure/ARO-RP/pkg/metrics" + "github.com/Azure/ARO-RP/pkg/util/encryption" + "github.com/Azure/ARO-RP/pkg/util/keyvault" +) + +// NewAEADWithCore creates an AEAD encryption manager with resources available +// from the Core env object. +func NewAEADWithCore(ctx context.Context, _env env.Core, encryptionSecretV2Name string, encryptionSecretName string) (encryption.AEAD, error) { + msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) + if err != nil { + return nil, err + } + + keyVaultPrefix := os.Getenv(KeyVaultPrefix) + serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) + serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) + + return encryption.NewMulti( + ctx, serviceKeyvault, encryptionSecretV2Name, encryptionSecretName, + ) +} + +// NewDatabaseClient creates a CosmosDB database client from the environment configuration. +func NewDatabaseClient(ctx context.Context, _env env.Core, log *logrus.Entry, m metrics.Emitter, aead encryption.AEAD) (cosmosdb.DatabaseClient, error) { + if err := env.ValidateVars(DatabaseAccountName); err != nil { + return nil, err + } + + msiToken, err := _env.NewMSITokenCredential() + if err != nil { + return nil, err + } + + dbAccountName := os.Getenv(DatabaseAccountName) + scope := []string{ + fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope), + } + + logrusEntry := log.WithField("component", "database") + + dbAuthorizer, err := database.NewTokenAuthorizer( + ctx, logrusEntry, msiToken, dbAccountName, scope, + ) + if err != nil { + return nil, err + } + + dbc, err := database.NewDatabaseClient( + logrusEntry, _env, dbAuthorizer, m, aead, dbAccountName, + ) + if err != nil { + return nil, err + } + + return dbc, nil +} diff --git a/pkg/util/service/helpers.go b/pkg/util/service/helpers.go new file mode 100644 index 00000000000..5013849d835 --- /dev/null +++ b/pkg/util/service/helpers.go @@ -0,0 +1,23 @@ +package service + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "fmt" + "os" + + "github.com/Azure/ARO-RP/pkg/env" +) + +func DBName(isLocalDevelopmentMode bool) (string, error) { + if !isLocalDevelopmentMode { + return "ARO", nil + } + + if err := env.ValidateVars(DatabaseName); err != nil { + return "", fmt.Errorf("%v (development mode)", err.Error()) + } + + return os.Getenv(DatabaseName), nil +} From 1f335e85ba24817bd875831b89a845a43dba2a3a Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 26 Jun 2024 15:26:59 +1000 Subject: [PATCH 2/6] cleanups in cmd/aro --- cmd/aro/const.go | 3 --- cmd/aro/gateway.go | 22 +++------------------- cmd/aro/main.go | 13 ------------- cmd/aro/monitor.go | 41 ++++------------------------------------- cmd/aro/portal.go | 42 ++++++++---------------------------------- cmd/aro/rp.go | 22 +++------------------- 6 files changed, 18 insertions(+), 125 deletions(-) diff --git a/cmd/aro/const.go b/cmd/aro/const.go index 3cb68f670a4..4177b5f9fb5 100644 --- a/cmd/aro/const.go +++ b/cmd/aro/const.go @@ -4,9 +4,6 @@ package main // Licensed under the Apache License 2.0. const ( - envDatabaseName = "DATABASE_NAME" - envDatabaseAccountName = "DATABASE_ACCOUNT_NAME" - envKeyVaultPrefix = "KEYVAULT_PREFIX" envOpenShiftVersions = "OPENSHIFT_VERSIONS" envInstallerImageDigests = "INSTALLER_IMAGE_DIGESTS" envPlatformWorkloadIdentityRoleSets = "PLATFORM_WORKLOAD_IDENTITY_ROLE_SETS" diff --git a/cmd/aro/gateway.go b/cmd/aro/gateway.go index d64a31ced12..fac963aa522 100644 --- a/cmd/aro/gateway.go +++ b/cmd/aro/gateway.go @@ -5,7 +5,6 @@ package main import ( "context" - "fmt" "os" "os/signal" "syscall" @@ -18,6 +17,7 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd" "github.com/Azure/ARO-RP/pkg/metrics/statsd/golang" utilnet "github.com/Azure/ARO-RP/pkg/util/net" + "github.com/Azure/ARO-RP/pkg/util/service" ) func gateway(ctx context.Context, log *logrus.Entry) error { @@ -35,28 +35,12 @@ func gateway(ctx context.Context, log *logrus.Entry) error { go g.Run() - if err := env.ValidateVars(envDatabaseAccountName); err != nil { - return err - } - - msiToken, err := _env.NewMSITokenCredential() - if err != nil { - return err - } - logrusEntry := log.WithField("component", "database") - - dbAccountName := os.Getenv(envDatabaseAccountName) - scope := []string{fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope)} - dbAuthorizer, err := database.NewTokenAuthorizer(ctx, logrusEntry, msiToken, dbAccountName, scope) - if err != nil { - return err - } - dbc, err := database.NewDatabaseClient(logrusEntry, _env, dbAuthorizer, m, nil, dbAccountName) + dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil) if err != nil { return err } - dbName, err := DBName(_env.IsLocalDevelopmentMode()) + dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) if err != nil { return err } diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 24f95ca38cd..e629e8202ab 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -12,7 +12,6 @@ import ( "os" "strings" - "github.com/Azure/ARO-RP/pkg/env" utillog "github.com/Azure/ARO-RP/pkg/util/log" _ "github.com/Azure/ARO-RP/pkg/util/scheme" "github.com/Azure/ARO-RP/pkg/util/version" @@ -98,15 +97,3 @@ func checkMinArgs(required int) { os.Exit(2) } } - -func DBName(isLocalDevelopmentMode bool) (string, error) { - if !isLocalDevelopmentMode { - return "ARO", nil - } - - if err := env.ValidateVars(envDatabaseName); err != nil { - return "", fmt.Errorf("%v (development mode)", err.Error()) - } - - return os.Getenv(envDatabaseName), nil -} diff --git a/cmd/aro/monitor.go b/cmd/aro/monitor.go index 58695cde095..35426cc3b51 100644 --- a/cmd/aro/monitor.go +++ b/cmd/aro/monitor.go @@ -5,7 +5,6 @@ package main import ( "context" - "fmt" "os" "github.com/Azure/go-autorest/tracing" @@ -21,8 +20,7 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s" pkgmonitor "github.com/Azure/ARO-RP/pkg/monitor" "github.com/Azure/ARO-RP/pkg/proxy" - "github.com/Azure/ARO-RP/pkg/util/encryption" - "github.com/Azure/ARO-RP/pkg/util/keyvault" + "github.com/Azure/ARO-RP/pkg/util/service" ) func monitor(ctx context.Context, log *logrus.Entry) error { @@ -60,48 +58,17 @@ func monitor(ctx context.Context, log *logrus.Entry) error { clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - msiToken, err := _env.NewMSITokenCredential() + aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) + dbc, err := service.NewDatabaseClient(ctx, _env, log, &noop.Noop{}, aead) if err != nil { return err } - if err := env.ValidateVars(envKeyVaultPrefix); err != nil { - return err - } - keyVaultPrefix := os.Getenv(envKeyVaultPrefix) - // TODO: should not be using the service keyvault here - serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) - serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) - - aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName) - if err != nil { - return err - } - - if err := env.ValidateVars(envDatabaseAccountName); err != nil { - return err - } - - dbAccountName := os.Getenv(envDatabaseAccountName) - - logrusEntry := log.WithField("component", "database") - scope := []string{fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope)} - dbAuthorizer, err := database.NewTokenAuthorizer(ctx, logrusEntry, msiToken, dbAccountName, scope) - if err != nil { - return err - } - - dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, &noop.Noop{}, aead, dbAccountName) - if err != nil { - return err - } - - dbName, err := DBName(_env.IsLocalDevelopmentMode()) + dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) if err != nil { return err } diff --git a/cmd/aro/portal.go b/cmd/aro/portal.go index eb71913af6f..b511db27f7a 100644 --- a/cmd/aro/portal.go +++ b/cmd/aro/portal.go @@ -6,7 +6,6 @@ package main import ( "context" "crypto/x509" - "fmt" "net" "os" "strings" @@ -19,9 +18,9 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/golang" pkgportal "github.com/Azure/ARO-RP/pkg/portal" "github.com/Azure/ARO-RP/pkg/proxy" - "github.com/Azure/ARO-RP/pkg/util/encryption" "github.com/Azure/ARO-RP/pkg/util/keyvault" "github.com/Azure/ARO-RP/pkg/util/oidc" + "github.com/Azure/ARO-RP/pkg/util/service" "github.com/Azure/ARO-RP/pkg/util/uuid" ) @@ -61,16 +60,6 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error { return err } - msiToken, err := _env.NewMSITokenCredential() - if err != nil { - return err - } - - msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) - if err != nil { - return err - } - m := statsd.New(ctx, log.WithField("component", "portal"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) g, err := golang.NewMetrics(log.WithField("component", "portal"), m) @@ -80,52 +69,37 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error { go g.Run() - if err := env.ValidateVars(envKeyVaultPrefix); err != nil { - return err - } - keyVaultPrefix := os.Getenv(envKeyVaultPrefix) - // TODO: should not be using the service keyvault here - serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) - serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) - - aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName) + aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - if err := env.ValidateVars(envDatabaseAccountName); err != nil { - return err - } - - dbAccountName := os.Getenv(envDatabaseAccountName) - - logrusEntry := log.WithField("component", "database") - scope := []string{fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope)} - dbAuthorizer, err := database.NewTokenAuthorizer(ctx, logrusEntry, msiToken, dbAccountName, scope) + dbc, err := service.NewDatabaseClient(ctx, _env, log, m, aead) if err != nil { return err } - dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, m, aead, dbAccountName) + dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) if err != nil { return err } - dbName, err := DBName(_env.IsLocalDevelopmentMode()) + dbOpenShiftClusters, err := database.NewOpenShiftClusters(ctx, dbc, dbName) if err != nil { return err } - dbOpenShiftClusters, err := database.NewOpenShiftClusters(ctx, dbc, dbName) + dbPortal, err := database.NewPortal(ctx, dbc, dbName) if err != nil { return err } - dbPortal, err := database.NewPortal(ctx, dbc, dbName) + msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) if err != nil { return err } + keyVaultPrefix := os.Getenv(service.KeyVaultPrefix) portalKeyvaultURI := keyvault.URI(_env, env.PortalKeyvaultSuffix, keyVaultPrefix) portalKeyvault := keyvault.NewManager(msiKVAuthorizer, portalKeyvaultURI) diff --git a/cmd/aro/rp.go b/cmd/aro/rp.go index 3eb9a14c3c1..d9c5d9abd4c 100644 --- a/cmd/aro/rp.go +++ b/cmd/aro/rp.go @@ -38,6 +38,7 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s" "github.com/Azure/ARO-RP/pkg/util/clusterdata" "github.com/Azure/ARO-RP/pkg/util/encryption" + "github.com/Azure/ARO-RP/pkg/util/service" ) func rp(ctx context.Context, log, audit *logrus.Entry) error { @@ -100,34 +101,17 @@ func rp(ctx context.Context, log, audit *logrus.Entry) error { clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - msiToken, err := _env.NewMSITokenCredential() - if err != nil { - return err - } - aead, err := encryption.NewMulti(ctx, _env.ServiceKeyvault(), env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - if err := env.ValidateVars(envDatabaseAccountName); err != nil { - return err - } - dbAccountName := os.Getenv(envDatabaseAccountName) - - logrusEntry := log.WithField("component", "database") - scope := []string{fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope)} - dbAuthorizer, err := database.NewTokenAuthorizer(ctx, logrusEntry, msiToken, dbAccountName, scope) - if err != nil { - return err - } - - dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, metrics, aead, dbAccountName) + dbc, err := service.NewDatabaseClient(ctx, _env, log, metrics, aead) if err != nil { return err } - dbName, err := DBName(env.IsLocalDevelopmentMode()) + dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) if err != nil { return err } From a21871e807ae00a063b3b399c970f0d0c570e515 Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 26 Jun 2024 15:27:14 +1000 Subject: [PATCH 3/6] update_ocp_versions does not need AEAD --- cmd/aro/update_ocp_versions.go | 45 +++------------------------------- 1 file changed, 4 insertions(+), 41 deletions(-) diff --git a/cmd/aro/update_ocp_versions.go b/cmd/aro/update_ocp_versions.go index 9754ca6eae7..2ce7e588648 100644 --- a/cmd/aro/update_ocp_versions.go +++ b/cmd/aro/update_ocp_versions.go @@ -10,15 +10,13 @@ import ( "fmt" "os" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/policy" "github.com/sirupsen/logrus" "github.com/Azure/ARO-RP/pkg/api" "github.com/Azure/ARO-RP/pkg/database" "github.com/Azure/ARO-RP/pkg/env" "github.com/Azure/ARO-RP/pkg/metrics/statsd" - "github.com/Azure/ARO-RP/pkg/util/encryption" - "github.com/Azure/ARO-RP/pkg/util/keyvault" + "github.com/Azure/ARO-RP/pkg/util/service" "github.com/Azure/ARO-RP/pkg/util/version" ) @@ -160,53 +158,18 @@ func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenS } } - msiToken, err := _env.NewMSITokenCredential() - if err != nil { - return nil, fmt.Errorf("MSI Authorizer failed with: %s", err.Error()) - } - - msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) - if err != nil { - return nil, fmt.Errorf("MSI KeyVault Authorizer failed with: %s", err.Error()) - } - m := statsd.New(ctx, log.WithField("component", "update-ocp-versions"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - if err := env.ValidateVars(envKeyVaultPrefix); err != nil { - return nil, err - } - keyVaultPrefix := os.Getenv(envKeyVaultPrefix) - serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) - serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) - - aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName) + dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil) if err != nil { - return nil, err + return nil, fmt.Errorf("failed creating database client: %w", err) } - if err := env.ValidateVars(envDatabaseAccountName); err != nil { - return nil, err - } - - dbAccountName := os.Getenv(envDatabaseAccountName) - clientOptions := &policy.ClientOptions{ - ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions, - } - logrusEntry := log.WithField("component", "database") - dbAuthorizer, err := database.NewMasterKeyAuthorizer(ctx, logrusEntry, msiToken, clientOptions, _env.SubscriptionID(), _env.ResourceGroup(), dbAccountName) - if err != nil { - return nil, err - } - - dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, dbAuthorizer, m, aead, dbAccountName) + dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) if err != nil { return nil, err } - dbName, err := DBName(_env.IsLocalDevelopmentMode()) - if err != nil { - return nil, err - } dbOpenShiftVersions, err := database.NewOpenShiftVersions(ctx, dbc, dbName) if err != nil { return nil, err From 4f6318d521e520c5e313c4498af76cc709abe50f Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 26 Jun 2024 15:28:42 +1000 Subject: [PATCH 4/6] cache the authorisers rather than recreating them --- pkg/env/core.go | 6 +++++- pkg/env/msiauthorizer.go | 13 +++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/pkg/env/core.go b/pkg/env/core.go index 440e2e4608b..8ef466616fc 100644 --- a/pkg/env/core.go +++ b/pkg/env/core.go @@ -38,7 +38,7 @@ type Core interface { IsLocalDevelopmentMode() bool IsCI() bool NewMSITokenCredential() (azcore.TokenCredential, error) - NewMSIAuthorizer(...string) (autorest.Authorizer, error) + NewMSIAuthorizer(scope string) (autorest.Authorizer, error) NewLiveConfigManager(context.Context) (liveconfig.Manager, error) instancemetadata.InstanceMetadata @@ -54,6 +54,8 @@ type core struct { component ServiceComponent componentLog *logrus.Entry + + msiAuthorizers map[string]autorest.Authorizer } func (c *core) IsLocalDevelopmentMode() bool { @@ -110,6 +112,7 @@ func NewCore(ctx context.Context, log *logrus.Entry, component ServiceComponent) isCI: isCI, component: component, componentLog: componentLog, + msiAuthorizers: map[string]autorest.Authorizer{}, }, nil } @@ -132,5 +135,6 @@ func NewCoreForCI(ctx context.Context, log *logrus.Entry) (Core, error) { return &core{ InstanceMetadata: im, isLocalDevelopmentMode: isLocalDevelopmentMode, + msiAuthorizers: map[string]autorest.Authorizer{}, }, nil } diff --git a/pkg/env/msiauthorizer.go b/pkg/env/msiauthorizer.go index c090f5e285a..9cb64bc8935 100644 --- a/pkg/env/msiauthorizer.go +++ b/pkg/env/msiauthorizer.go @@ -50,10 +50,19 @@ func (c *core) NewMSITokenCredential() (azcore.TokenCredential, error) { return azidentity.NewClientSecretCredential(tenantId, azureClientId, azureClientSecret, options) } -func (c *core) NewMSIAuthorizer(scopes ...string) (autorest.Authorizer, error) { +func (c *core) NewMSIAuthorizer(scope string) (autorest.Authorizer, error) { + // To prevent creating multiple authorisers with independent token + // refreshes, store them in a cache per-scope when created + auth, ok := c.msiAuthorizers[scope] + if ok { + return auth, nil + } + token, err := c.NewMSITokenCredential() if err != nil { return nil, err } - return azidext.NewTokenCredentialAdapter(token, scopes), nil + auth = azidext.NewTokenCredentialAdapter(token, []string{scope}) + c.msiAuthorizers[scope] = auth + return auth, nil } From 1932b4aa6c92fb9b63890f81ab8c4bfdfd0ccdec Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 26 Jun 2024 15:28:54 +1000 Subject: [PATCH 5/6] env mock updates --- pkg/util/mocks/env/core.go | 12 ++++-------- pkg/util/mocks/env/env.go | 12 ++++-------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/pkg/util/mocks/env/core.go b/pkg/util/mocks/env/core.go index 8129b642cad..c32f4cdbc6c 100644 --- a/pkg/util/mocks/env/core.go +++ b/pkg/util/mocks/env/core.go @@ -153,22 +153,18 @@ func (mr *MockCoreMockRecorder) NewLiveConfigManager(arg0 interface{}) *gomock.C } // NewMSIAuthorizer mocks base method. -func (m *MockCore) NewMSIAuthorizer(arg0 ...string) (autorest.Authorizer, error) { +func (m *MockCore) NewMSIAuthorizer(scope string) (autorest.Authorizer, error) { m.ctrl.T.Helper() - varargs := []interface{}{} - for _, a := range arg0 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "NewMSIAuthorizer", varargs...) + ret := m.ctrl.Call(m, "NewMSIAuthorizer", scope) ret0, _ := ret[0].(autorest.Authorizer) ret1, _ := ret[1].(error) return ret0, ret1 } // NewMSIAuthorizer indicates an expected call of NewMSIAuthorizer. -func (mr *MockCoreMockRecorder) NewMSIAuthorizer(arg0 ...interface{}) *gomock.Call { +func (mr *MockCoreMockRecorder) NewMSIAuthorizer(scope interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewMSIAuthorizer", reflect.TypeOf((*MockCore)(nil).NewMSIAuthorizer), arg0...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewMSIAuthorizer", reflect.TypeOf((*MockCore)(nil).NewMSIAuthorizer), scope) } // NewMSITokenCredential mocks base method. diff --git a/pkg/util/mocks/env/env.go b/pkg/util/mocks/env/env.go index 0d6c1cc3155..8c6c917ff7f 100644 --- a/pkg/util/mocks/env/env.go +++ b/pkg/util/mocks/env/env.go @@ -494,22 +494,18 @@ func (mr *MockInterfaceMockRecorder) NewLiveConfigManager(arg0 interface{}) *gom } // NewMSIAuthorizer mocks base method. -func (m *MockInterface) NewMSIAuthorizer(arg0 ...string) (autorest.Authorizer, error) { +func (m *MockInterface) NewMSIAuthorizer(scope string) (autorest.Authorizer, error) { m.ctrl.T.Helper() - varargs := []interface{}{} - for _, a := range arg0 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "NewMSIAuthorizer", varargs...) + ret := m.ctrl.Call(m, "NewMSIAuthorizer", scope) ret0, _ := ret[0].(autorest.Authorizer) ret1, _ := ret[1].(error) return ret0, ret1 } // NewMSIAuthorizer indicates an expected call of NewMSIAuthorizer. -func (mr *MockInterfaceMockRecorder) NewMSIAuthorizer(arg0 ...interface{}) *gomock.Call { +func (mr *MockInterfaceMockRecorder) NewMSIAuthorizer(scope interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewMSIAuthorizer", reflect.TypeOf((*MockInterface)(nil).NewMSIAuthorizer), arg0...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewMSIAuthorizer", reflect.TypeOf((*MockInterface)(nil).NewMSIAuthorizer), scope) } // NewMSITokenCredential mocks base method. From f408e3a7ca7d8d5484b3bfdc2cc7b7a927b527d9 Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Wed, 17 Jul 2024 12:01:31 +1000 Subject: [PATCH 6/6] move stuff around from review --- cmd/aro/gateway.go | 5 +-- cmd/aro/monitor.go | 8 ++-- cmd/aro/portal.go | 10 ++--- cmd/aro/rp.go | 7 ++-- cmd/aro/update_ocp_versions.go | 5 +-- cmd/aro/update_role_sets.go | 25 ++++-------- pkg/database/fromenv.go | 51 ++++++++++++++++++++++++ pkg/env/helpers.go | 35 +++++++++++++++++ pkg/util/encryption/azure.go | 34 ++++++++++++++++ pkg/util/service/const.go | 10 ----- pkg/util/service/database.go | 71 ---------------------------------- pkg/util/service/helpers.go | 23 ----------- 12 files changed, 144 insertions(+), 140 deletions(-) create mode 100644 pkg/database/fromenv.go create mode 100644 pkg/env/helpers.go create mode 100644 pkg/util/encryption/azure.go delete mode 100644 pkg/util/service/const.go delete mode 100644 pkg/util/service/database.go delete mode 100644 pkg/util/service/helpers.go diff --git a/cmd/aro/gateway.go b/cmd/aro/gateway.go index fac963aa522..82e9b388f40 100644 --- a/cmd/aro/gateway.go +++ b/cmd/aro/gateway.go @@ -17,7 +17,6 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd" "github.com/Azure/ARO-RP/pkg/metrics/statsd/golang" utilnet "github.com/Azure/ARO-RP/pkg/util/net" - "github.com/Azure/ARO-RP/pkg/util/service" ) func gateway(ctx context.Context, log *logrus.Entry) error { @@ -35,12 +34,12 @@ func gateway(ctx context.Context, log *logrus.Entry) error { go g.Run() - dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil) + dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, nil) if err != nil { return err } - dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) + dbName, err := env.DBName(_env) if err != nil { return err } diff --git a/cmd/aro/monitor.go b/cmd/aro/monitor.go index 35426cc3b51..44d0c36b8f8 100644 --- a/cmd/aro/monitor.go +++ b/cmd/aro/monitor.go @@ -20,7 +20,7 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s" pkgmonitor "github.com/Azure/ARO-RP/pkg/monitor" "github.com/Azure/ARO-RP/pkg/proxy" - "github.com/Azure/ARO-RP/pkg/util/service" + "github.com/Azure/ARO-RP/pkg/util/encryption" ) func monitor(ctx context.Context, log *logrus.Entry) error { @@ -58,17 +58,17 @@ func monitor(ctx context.Context, log *logrus.Entry) error { clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) + aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - dbc, err := service.NewDatabaseClient(ctx, _env, log, &noop.Noop{}, aead) + dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, &noop.Noop{}, aead) if err != nil { return err } - dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) + dbName, err := env.DBName(_env) if err != nil { return err } diff --git a/cmd/aro/portal.go b/cmd/aro/portal.go index b511db27f7a..d4aa00360fb 100644 --- a/cmd/aro/portal.go +++ b/cmd/aro/portal.go @@ -18,9 +18,9 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/golang" pkgportal "github.com/Azure/ARO-RP/pkg/portal" "github.com/Azure/ARO-RP/pkg/proxy" + "github.com/Azure/ARO-RP/pkg/util/encryption" "github.com/Azure/ARO-RP/pkg/util/keyvault" "github.com/Azure/ARO-RP/pkg/util/oidc" - "github.com/Azure/ARO-RP/pkg/util/service" "github.com/Azure/ARO-RP/pkg/util/uuid" ) @@ -69,17 +69,17 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error { go g.Run() - aead, err := service.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) + aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - dbc, err := service.NewDatabaseClient(ctx, _env, log, m, aead) + dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, aead) if err != nil { return err } - dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) + dbName, err := env.DBName(_env) if err != nil { return err } @@ -99,7 +99,7 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error { return err } - keyVaultPrefix := os.Getenv(service.KeyVaultPrefix) + keyVaultPrefix := os.Getenv(encryption.KeyVaultPrefix) portalKeyvaultURI := keyvault.URI(_env, env.PortalKeyvaultSuffix, keyVaultPrefix) portalKeyvault := keyvault.NewManager(msiKVAuthorizer, portalKeyvaultURI) diff --git a/cmd/aro/rp.go b/cmd/aro/rp.go index d9c5d9abd4c..8f0cbde9ace 100644 --- a/cmd/aro/rp.go +++ b/cmd/aro/rp.go @@ -38,7 +38,6 @@ import ( "github.com/Azure/ARO-RP/pkg/metrics/statsd/k8s" "github.com/Azure/ARO-RP/pkg/util/clusterdata" "github.com/Azure/ARO-RP/pkg/util/encryption" - "github.com/Azure/ARO-RP/pkg/util/service" ) func rp(ctx context.Context, log, audit *logrus.Entry) error { @@ -101,17 +100,17 @@ func rp(ctx context.Context, log, audit *logrus.Entry) error { clusterm := statsd.New(ctx, log.WithField("component", "metrics"), _env, os.Getenv("CLUSTER_MDM_ACCOUNT"), os.Getenv("CLUSTER_MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - aead, err := encryption.NewMulti(ctx, _env.ServiceKeyvault(), env.EncryptionSecretV2Name, env.EncryptionSecretName) + aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) if err != nil { return err } - dbc, err := service.NewDatabaseClient(ctx, _env, log, metrics, aead) + dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, metrics, aead) if err != nil { return err } - dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) + dbName, err := env.DBName(_env) if err != nil { return err } diff --git a/cmd/aro/update_ocp_versions.go b/cmd/aro/update_ocp_versions.go index 2ce7e588648..b5d7eff1924 100644 --- a/cmd/aro/update_ocp_versions.go +++ b/cmd/aro/update_ocp_versions.go @@ -16,7 +16,6 @@ import ( "github.com/Azure/ARO-RP/pkg/database" "github.com/Azure/ARO-RP/pkg/env" "github.com/Azure/ARO-RP/pkg/metrics/statsd" - "github.com/Azure/ARO-RP/pkg/util/service" "github.com/Azure/ARO-RP/pkg/util/version" ) @@ -160,12 +159,12 @@ func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenS m := statsd.New(ctx, log.WithField("component", "update-ocp-versions"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - dbc, err := service.NewDatabaseClient(ctx, _env, log, m, nil) + dbc, err := database.NewDatabaseClientFromEnv(ctx, _env, log, m, nil) if err != nil { return nil, fmt.Errorf("failed creating database client: %w", err) } - dbName, err := service.DBName(_env.IsLocalDevelopmentMode()) + dbName, err := env.DBName(_env) if err != nil { return nil, err } diff --git a/cmd/aro/update_role_sets.go b/cmd/aro/update_role_sets.go index 148045441eb..8d0fb094dfb 100644 --- a/cmd/aro/update_role_sets.go +++ b/cmd/aro/update_role_sets.go @@ -16,7 +16,6 @@ import ( "github.com/Azure/ARO-RP/pkg/env" "github.com/Azure/ARO-RP/pkg/metrics/statsd" "github.com/Azure/ARO-RP/pkg/util/encryption" - "github.com/Azure/ARO-RP/pkg/util/keyvault" ) func getRoleSetsFromEnv() ([]api.PlatformWorkloadIdentityRoleSetProperties, error) { @@ -38,26 +37,23 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus return nil, fmt.Errorf("MSI Authorizer failed with: %s", err.Error()) } - msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) - if err != nil { - return nil, fmt.Errorf("MSI KeyVault Authorizer failed with: %s", err.Error()) - } - m := statsd.New(ctx, log.WithField("component", "update-role-sets"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET")) - keyVaultPrefix := os.Getenv(envKeyVaultPrefix) - serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) - serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) + aead, err := encryption.NewAEADWithCore(ctx, _env, env.EncryptionSecretV2Name, env.EncryptionSecretName) + if err != nil { + return nil, err + } - aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName) + dbName, err := env.DBName(_env) if err != nil { return nil, err } - if err := env.ValidateVars(envDatabaseAccountName); err != nil { + dbAccountName, err := env.DBAccountName() + if err != nil { return nil, err } - dbAccountName := os.Getenv(envDatabaseAccountName) + clientOptions := &policy.ClientOptions{ ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions, } @@ -73,11 +69,6 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus return nil, err } - dbName, err := DBName(_env.IsLocalDevelopmentMode()) - if err != nil { - return nil, err - } - return database.NewPlatformWorkloadIdentityRoleSets(ctx, dbc, dbName) } diff --git a/pkg/database/fromenv.go b/pkg/database/fromenv.go new file mode 100644 index 00000000000..5c6ac20a673 --- /dev/null +++ b/pkg/database/fromenv.go @@ -0,0 +1,51 @@ +package database + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" + + "github.com/Azure/ARO-RP/pkg/database/cosmosdb" + "github.com/Azure/ARO-RP/pkg/env" + "github.com/Azure/ARO-RP/pkg/metrics" + "github.com/Azure/ARO-RP/pkg/util/encryption" +) + +// NewDatabaseClient creates a CosmosDB database client from the environment configuration. +func NewDatabaseClientFromEnv(ctx context.Context, _env env.Core, log *logrus.Entry, m metrics.Emitter, aead encryption.AEAD) (cosmosdb.DatabaseClient, error) { + dbAccountName, err := env.DBAccountName() + if err != nil { + return nil, err + } + + msiToken, err := _env.NewMSITokenCredential() + if err != nil { + return nil, err + } + + scope := []string{ + fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope), + } + + logrusEntry := log.WithField("component", "database") + + dbAuthorizer, err := NewTokenAuthorizer( + ctx, logrusEntry, msiToken, dbAccountName, scope, + ) + if err != nil { + return nil, err + } + + dbc, err := NewDatabaseClient( + logrusEntry, _env, dbAuthorizer, m, aead, dbAccountName, + ) + if err != nil { + return nil, err + } + + return dbc, nil +} diff --git a/pkg/env/helpers.go b/pkg/env/helpers.go new file mode 100644 index 00000000000..58c95cac31b --- /dev/null +++ b/pkg/env/helpers.go @@ -0,0 +1,35 @@ +package env + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "fmt" + "os" +) + +const ( + EnvDatabaseName = "DATABASE_NAME" + EnvDatabaseAccountName = "DATABASE_ACCOUNT_NAME" +) + +// Fetch the database account name from the environment. +func DBAccountName() (string, error) { + if err := ValidateVars(EnvDatabaseAccountName); err != nil { + return "", err + } + + return os.Getenv(EnvDatabaseAccountName), nil +} + +func DBName(c Core) (string, error) { + if !c.IsLocalDevelopmentMode() { + return "ARO", nil + } + + if err := ValidateVars(EnvDatabaseName); err != nil { + return "", fmt.Errorf("%v (development mode)", err.Error()) + } + + return os.Getenv(EnvDatabaseName), nil +} diff --git a/pkg/util/encryption/azure.go b/pkg/util/encryption/azure.go new file mode 100644 index 00000000000..79cfde3cf7c --- /dev/null +++ b/pkg/util/encryption/azure.go @@ -0,0 +1,34 @@ +package encryption + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "context" + "fmt" + "os" + + "github.com/Azure/ARO-RP/pkg/env" + "github.com/Azure/ARO-RP/pkg/util/keyvault" +) + +const ( + KeyVaultPrefix = "KEYVAULT_PREFIX" +) + +// NewAEADWithCore creates an AEAD encryption manager with resources available +// from the Core env object. +func NewAEADWithCore(ctx context.Context, _env env.Core, encryptionSecretV2Name string, encryptionSecretName string) (AEAD, error) { + msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) + if err != nil { + return nil, fmt.Errorf("MSI KeyVault Authorizer failed with: %s", err.Error()) + } + + keyVaultPrefix := os.Getenv(KeyVaultPrefix) + serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) + serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) + + return NewMulti( + ctx, serviceKeyvault, encryptionSecretV2Name, encryptionSecretName, + ) +} diff --git a/pkg/util/service/const.go b/pkg/util/service/const.go deleted file mode 100644 index 0183d581ec1..00000000000 --- a/pkg/util/service/const.go +++ /dev/null @@ -1,10 +0,0 @@ -package service - -// Copyright (c) Microsoft Corporation. -// Licensed under the Apache License 2.0. - -const ( - DatabaseName = "DATABASE_NAME" - DatabaseAccountName = "DATABASE_ACCOUNT_NAME" - KeyVaultPrefix = "KEYVAULT_PREFIX" -) diff --git a/pkg/util/service/database.go b/pkg/util/service/database.go deleted file mode 100644 index b4451ef42c2..00000000000 --- a/pkg/util/service/database.go +++ /dev/null @@ -1,71 +0,0 @@ -package service - -// Copyright (c) Microsoft Corporation. -// Licensed under the Apache License 2.0. - -import ( - "context" - "fmt" - "os" - - "github.com/sirupsen/logrus" - - "github.com/Azure/ARO-RP/pkg/database" - "github.com/Azure/ARO-RP/pkg/database/cosmosdb" - "github.com/Azure/ARO-RP/pkg/env" - "github.com/Azure/ARO-RP/pkg/metrics" - "github.com/Azure/ARO-RP/pkg/util/encryption" - "github.com/Azure/ARO-RP/pkg/util/keyvault" -) - -// NewAEADWithCore creates an AEAD encryption manager with resources available -// from the Core env object. -func NewAEADWithCore(ctx context.Context, _env env.Core, encryptionSecretV2Name string, encryptionSecretName string) (encryption.AEAD, error) { - msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope) - if err != nil { - return nil, err - } - - keyVaultPrefix := os.Getenv(KeyVaultPrefix) - serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix) - serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI) - - return encryption.NewMulti( - ctx, serviceKeyvault, encryptionSecretV2Name, encryptionSecretName, - ) -} - -// NewDatabaseClient creates a CosmosDB database client from the environment configuration. -func NewDatabaseClient(ctx context.Context, _env env.Core, log *logrus.Entry, m metrics.Emitter, aead encryption.AEAD) (cosmosdb.DatabaseClient, error) { - if err := env.ValidateVars(DatabaseAccountName); err != nil { - return nil, err - } - - msiToken, err := _env.NewMSITokenCredential() - if err != nil { - return nil, err - } - - dbAccountName := os.Getenv(DatabaseAccountName) - scope := []string{ - fmt.Sprintf("https://%s.%s", dbAccountName, _env.Environment().CosmosDBDNSSuffixScope), - } - - logrusEntry := log.WithField("component", "database") - - dbAuthorizer, err := database.NewTokenAuthorizer( - ctx, logrusEntry, msiToken, dbAccountName, scope, - ) - if err != nil { - return nil, err - } - - dbc, err := database.NewDatabaseClient( - logrusEntry, _env, dbAuthorizer, m, aead, dbAccountName, - ) - if err != nil { - return nil, err - } - - return dbc, nil -} diff --git a/pkg/util/service/helpers.go b/pkg/util/service/helpers.go deleted file mode 100644 index 5013849d835..00000000000 --- a/pkg/util/service/helpers.go +++ /dev/null @@ -1,23 +0,0 @@ -package service - -// Copyright (c) Microsoft Corporation. -// Licensed under the Apache License 2.0. - -import ( - "fmt" - "os" - - "github.com/Azure/ARO-RP/pkg/env" -) - -func DBName(isLocalDevelopmentMode bool) (string, error) { - if !isLocalDevelopmentMode { - return "ARO", nil - } - - if err := env.ValidateVars(DatabaseName); err != nil { - return "", fmt.Errorf("%v (development mode)", err.Error()) - } - - return os.Getenv(DatabaseName), nil -}