From cf0f10d321461bfe25b8d09450ca67428b972eca Mon Sep 17 00:00:00 2001
From: Jingtao Ren <rjtsdl@gmail.com>
Date: Tue, 10 Apr 2018 15:18:25 -0700
Subject: [PATCH] add EnableRBAC to v20180331 api model (#2647)

* add EnableRBAC to v20180331 api model

* behavior change to set default EnableRBAC to be true for v20180331 api

* set KubernetesConfig to be false for those two flags, so RP don't need to hack

* set older version's kubernetesConfig's two flags to be false ptr, and add unittest

* only use EnableRBAC to convert to versioned api model

* re-use PointerToBool
---
 pkg/api/agentPoolOnlyApi/v20180331/types.go   |   1 +
 pkg/api/converterfromagentpoolonlyapi.go      |  21 +++-
 pkg/api/converterfromagentpoolonlyapi_test.go |  86 +++++++++++++++
 pkg/api/convertertoagentpoolonlyapi.go        |  20 ++++
 pkg/api/convertertoagentpoolonlyapi_test.go   | 100 ++++++++++++++++++
 5 files changed, 226 insertions(+), 2 deletions(-)

diff --git a/pkg/api/agentPoolOnlyApi/v20180331/types.go b/pkg/api/agentPoolOnlyApi/v20180331/types.go
index b7a8d47117..849ce10b38 100644
--- a/pkg/api/agentPoolOnlyApi/v20180331/types.go
+++ b/pkg/api/agentPoolOnlyApi/v20180331/types.go
@@ -40,6 +40,7 @@ type Properties struct {
 	AccessProfiles          map[string]AccessProfile `json:"accessProfiles,omitempty"`
 	AddonProfiles           map[string]AddonProfile  `json:"addonProfiles,omitempty"`
 	NodeResourceGroup       string                   `json:"nodeResourceGroup,omitempty"`
+	EnableRBAC              *bool                    `json:"enableRBAC,omitempty"`
 }
 
 // AddonProfile represents an addon for managed cluster
diff --git a/pkg/api/converterfromagentpoolonlyapi.go b/pkg/api/converterfromagentpoolonlyapi.go
index 00548552b1..f5b64d09e5 100644
--- a/pkg/api/converterfromagentpoolonlyapi.go
+++ b/pkg/api/converterfromagentpoolonlyapi.go
@@ -1,7 +1,10 @@
 package api
 
-import "github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20170831"
-import "github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20180331"
+import (
+	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20170831"
+	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20180331"
+	"github.com/Azure/acs-engine/pkg/helpers"
+)
 
 ///////////////////////////////////////////////////////////
 // The converter exposes functions to convert the top level
@@ -130,12 +133,26 @@ func convertResourcePurchasePlanToV20180331AgentPoolOnly(api *ResourcePurchasePl
 	v20180331.Publisher = api.Publisher
 }
 
+func convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc *KubernetesConfig) *bool {
+	if kc == nil {
+		return helpers.PointerToBool(false)
+	}
+	// We use KubernetesConfig.EnableRbac to convert to versioned api model
+	// The assumption here is KubernetesConfig.EnableSecureKubelet is set to be same
+	if kc != nil && kc.EnableRbac != nil && *kc.EnableRbac {
+		return helpers.PointerToBool(true)
+	}
+	return helpers.PointerToBool(false)
+}
+
 func convertPropertiesToV20180331AgentPoolOnly(api *Properties, p *v20180331.Properties) {
 	p.ProvisioningState = v20180331.ProvisioningState(api.ProvisioningState)
+
 	if api.OrchestratorProfile != nil {
 		if api.OrchestratorProfile.OrchestratorVersion != "" {
 			p.KubernetesVersion = api.OrchestratorProfile.OrchestratorVersion
 		}
+		p.EnableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(api.OrchestratorProfile.KubernetesConfig)
 	}
 	if api.HostedMasterProfile != nil {
 		p.DNSPrefix = api.HostedMasterProfile.DNSPrefix
diff --git a/pkg/api/converterfromagentpoolonlyapi_test.go b/pkg/api/converterfromagentpoolonlyapi_test.go
index 724f7fe006..c15f455cb6 100644
--- a/pkg/api/converterfromagentpoolonlyapi_test.go
+++ b/pkg/api/converterfromagentpoolonlyapi_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20180331"
+	"github.com/Azure/acs-engine/pkg/helpers"
 )
 
 func TestConvertToV20180331AddonProfile(t *testing.T) {
@@ -37,3 +38,88 @@ func TestConvertToV20180331AddonProfile(t *testing.T) {
 		t.Error("addon config value does not match")
 	}
 }
+
+func TestConvertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(t *testing.T) {
+	var kc *KubernetesConfig
+	kc = nil
+	enableRBAC := convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if *enableRBAC {
+		t.Error("EnableRBAC expected to be false")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          nil,
+		EnableSecureKubelet: helpers.PointerToBool(true),
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if *enableRBAC {
+		t.Error("EnableRBAC expected to be false")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(false),
+		EnableSecureKubelet: helpers.PointerToBool(true),
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if *enableRBAC {
+		t.Error("EnableRBAC expected to be false")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(false),
+		EnableSecureKubelet: helpers.PointerToBool(false),
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if *enableRBAC {
+		t.Error("EnableRBAC expected to be false")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(true),
+		EnableSecureKubelet: helpers.PointerToBool(true),
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if !*enableRBAC {
+		t.Error("EnableRBAC expected to be true")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(true),
+		EnableSecureKubelet: helpers.PointerToBool(false),
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if !*enableRBAC {
+		t.Error("EnableRBAC expected to be true")
+	}
+
+	kc = &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(true),
+		EnableSecureKubelet: nil,
+	}
+	enableRBAC = convertKubernetesConfigToEnableRBACV20180331AgentPoolOnly(kc)
+	if enableRBAC == nil {
+		t.Error("EnableRBAC expected not to be nil")
+	}
+	if !*enableRBAC {
+		t.Error("EnableRBAC expected to be true")
+	}
+
+}
diff --git a/pkg/api/convertertoagentpoolonlyapi.go b/pkg/api/convertertoagentpoolonlyapi.go
index 65935f1b74..f51c3f98e3 100644
--- a/pkg/api/convertertoagentpoolonlyapi.go
+++ b/pkg/api/convertertoagentpoolonlyapi.go
@@ -7,6 +7,7 @@ import (
 	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20180331"
 	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/vlabs"
 	"github.com/Azure/acs-engine/pkg/api/common"
+	"github.com/Azure/acs-engine/pkg/helpers"
 )
 
 ///////////////////////////////////////////////////////////
@@ -209,6 +210,10 @@ func convertV20170831AgentPoolOnlyOrchestratorProfile(kubernetesVersion string)
 	return &OrchestratorProfile{
 		OrchestratorType:    Kubernetes,
 		OrchestratorVersion: common.GetSupportedKubernetesVersion(kubernetesVersion),
+		KubernetesConfig: &KubernetesConfig{
+			EnableRbac:          helpers.PointerToBool(false),
+			EnableSecureKubelet: helpers.PointerToBool(false),
+		},
 	}
 }
 
@@ -309,6 +314,7 @@ func convertV20180331AgentPoolOnlyProperties(obj *v20180331.Properties) *Propert
 	properties.HostedMasterProfile.FQDN = obj.FQDN
 
 	properties.OrchestratorProfile = convertV20180331AgentPoolOnlyOrchestratorProfile(obj.KubernetesVersion)
+	properties.OrchestratorProfile.KubernetesConfig = convertV20180331AgentPoolOnlyKubernetesConfig(obj.EnableRBAC)
 
 	properties.AgentPoolProfiles = make([]*AgentPoolProfile, len(obj.AgentPoolProfiles))
 	for i := range obj.AgentPoolProfiles {
@@ -350,6 +356,20 @@ func convertV20180331AgentPoolOnlyWindowsProfile(obj *v20180331.WindowsProfile)
 	}
 }
 
+func convertV20180331AgentPoolOnlyKubernetesConfig(enableRBAC *bool) *KubernetesConfig {
+	if enableRBAC == nil || *enableRBAC == true {
+		// We want default behavior to be true
+		return &KubernetesConfig{
+			EnableRbac:          helpers.PointerToBool(true),
+			EnableSecureKubelet: helpers.PointerToBool(true),
+		}
+	}
+	return &KubernetesConfig{
+		EnableRbac:          helpers.PointerToBool(false),
+		EnableSecureKubelet: helpers.PointerToBool(false),
+	}
+}
+
 func convertV20180331AgentPoolOnlyOrchestratorProfile(kubernetesVersion string) *OrchestratorProfile {
 	return &OrchestratorProfile{
 		OrchestratorType:    Kubernetes,
diff --git a/pkg/api/convertertoagentpoolonlyapi_test.go b/pkg/api/convertertoagentpoolonlyapi_test.go
index e3d8b86013..d63d8372b1 100644
--- a/pkg/api/convertertoagentpoolonlyapi_test.go
+++ b/pkg/api/convertertoagentpoolonlyapi_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/Azure/acs-engine/pkg/api/agentPoolOnlyApi/v20180331"
+	"github.com/Azure/acs-engine/pkg/helpers"
 )
 
 func TestConvertFromV20180331AddonProfile(t *testing.T) {
@@ -36,6 +37,105 @@ func TestConvertFromV20180331AddonProfile(t *testing.T) {
 	}
 }
 
+func TestConvertV20170831AgentPoolOnlyOrchestratorProfile_KubernetesConfig(t *testing.T) {
+	op := convertV20170831AgentPoolOnlyOrchestratorProfile("1.8.9")
+	if op == nil {
+		t.Error("OrchestratorProfile expected not to be nil")
+	}
+
+	if op.KubernetesConfig == nil {
+		t.Error("OrchestratorProfile.KubernetesConfig expected not to be nil")
+	}
+
+	if op.KubernetesConfig.EnableRbac == nil || *op.KubernetesConfig.EnableRbac == true {
+		t.Error("OrchestratorProfile.KubernetesConfig.EnableRbac expected to be *false")
+	}
+
+	if op.KubernetesConfig.EnableSecureKubelet == nil || *op.KubernetesConfig.EnableSecureKubelet == true {
+		t.Error("OrchestratorProfile.KubernetesConfig.EnableSecureKubelet expected to be *false")
+	}
+
+}
+
+func TestConvertV20180331AgentPoolOnlyKubernetesConfig(t *testing.T) {
+	var kc *KubernetesConfig
+	kc = convertV20180331AgentPoolOnlyKubernetesConfig(helpers.PointerToBool(true))
+	if kc == nil {
+		t.Error("kubernetesConfig expected not to be nil")
+	}
+
+	if kc.EnableRbac == nil {
+		t.Error("EnableRbac expected not to be nil")
+	}
+
+	if *kc.EnableRbac != true {
+		t.Error("EnableRbac expected to be true")
+	}
+
+	if kc.EnableSecureKubelet == nil {
+		t.Error("EnableSecureKubelet expected not to be nil")
+	}
+
+	if *kc.EnableSecureKubelet != true {
+		t.Error("EnableSecureKubelet expected to be true")
+	}
+
+	if *kc.EnableSecureKubelet != *kc.EnableRbac {
+		t.Error("EnableSecureKubelet and EnableRbac expected to be same")
+	}
+
+	kc = convertV20180331AgentPoolOnlyKubernetesConfig(helpers.PointerToBool(false))
+	if kc == nil {
+		t.Error("kubernetesConfig expected not to be nil")
+	}
+
+	if kc.EnableRbac == nil {
+		t.Error("EnableRbac expected not to be nil")
+	}
+
+	if *kc.EnableRbac != false {
+		t.Error("EnableRbac expected to be false")
+	}
+
+	if kc.EnableSecureKubelet == nil {
+		t.Error("EnableSecureKubelet expected not to be nil")
+	}
+
+	if *kc.EnableSecureKubelet != false {
+		t.Error("EnableSecureKubelet expected to be false")
+	}
+
+	if *kc.EnableSecureKubelet != *kc.EnableRbac {
+		t.Error("EnableSecureKubelet and EnableRbac expected to be same")
+	}
+
+	kc = convertV20180331AgentPoolOnlyKubernetesConfig(nil)
+	if kc == nil {
+		t.Error("kubernetesConfig expected not to be nil")
+	}
+
+	if kc.EnableRbac == nil {
+		t.Error("EnableRbac expected not to be nil")
+	}
+
+	if *kc.EnableRbac != true {
+		t.Error("EnableRbac expected to be true")
+	}
+
+	if kc.EnableSecureKubelet == nil {
+		t.Error("EnableSecureKubelet expected not to be nil")
+	}
+
+	if *kc.EnableSecureKubelet != true {
+		t.Error("EnableSecureKubelet expected to be true")
+	}
+
+	if *kc.EnableSecureKubelet != *kc.EnableRbac {
+		t.Error("EnableSecureKubelet and EnableRbac expected to be same")
+	}
+
+}
+
 func TestIfMasterProfileIsMissingThenApiModelIsAgentPoolOnly(t *testing.T) {
 	json := `
 	{