Support azure sovereign cloud (#897)

* Update ci.yml * Adding action to set up Terraform 14.9 * Update CI to pin to terraform 15.1 * Update azure modules to support sovereign cloud Co-authored-by: Engin Polat <[email protected]> Co-authored-by: Richard Guthrie <[email protected]> Co-authored-by: Hattan Shobokshi <[email protected]>
gruntwork-io · May 12, 2021 · 08c71fb · 08c71fb
1 parent 8ef5dc3
commit 08c71fb
Show file tree

Hide file tree

Showing 8 changed files with 258 additions and 51 deletions.
diff --git a/modules/azure/client_factory.go b/modules/azure/client_factory.go
@@ -22,6 +22,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-07-01/compute"
 	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-11-01/containerservice"
 	kvmng "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
+	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-09-01/network"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-06-01/subscriptions"
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage"
 	autorestAzure "github.com/Azure/go-autorest/autorest/azure"
@@ -63,21 +64,23 @@ func CreateSubscriptionsClientE() (subscriptions.Client, error) {
 
 // CreateVirtualMachinesClientE returns a virtual machines client instance configured with the correct BaseURI depending on
 // the Azure environment that is currently setup (or "Public", if none is setup).
-func CreateVirtualMachinesClientE(subscriptionID string) (compute.VirtualMachinesClient, error) {
+func CreateVirtualMachinesClientE(subscriptionID string) (*compute.VirtualMachinesClient, error) {
 	// Validate Azure subscription ID
 	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
 	if err != nil {
-		return compute.VirtualMachinesClient{}, err
+		return nil, err
 	}
 
 	// Lookup environment URI
 	baseURI, err := getBaseURI()
 	if err != nil {
-		return compute.VirtualMachinesClient{}, err
+		return nil, err
 	}
 
 	// Create correct client based on type passed
-	return compute.NewVirtualMachinesClientWithBaseURI(baseURI, subscriptionID), nil
+	vmClient := compute.NewVirtualMachinesClientWithBaseURI(baseURI, subscriptionID)
+
+	return &vmClient, nil
 }
 
 // snippet-tag-end::client_factory_example.CreateClient
@@ -479,6 +482,166 @@ func CreateDiagnosticsSettingsClientE(subscriptionID string) (*insights.Diagnost
 	return &client, nil
 }
 
+// CreateNsgDefaultRulesClientE returns an NSG default (platform) rules client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNsgDefaultRulesClientE(subscriptionID string) (*network.DefaultSecurityRulesClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create new client
+	nsgClient := network.NewDefaultSecurityRulesClientWithBaseURI(baseURI, subscriptionID)
+	return &nsgClient, nil
+}
+
+// CreateNsgCustomRulesClientE returns an NSG custom (user) rules client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNsgCustomRulesClientE(subscriptionID string) (*network.SecurityRulesClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create new client
+	nsgClient := network.NewSecurityRulesClientWithBaseURI(baseURI, subscriptionID)
+	return &nsgClient, nil
+}
+
+// CreateNewNetworkInterfacesClientE returns an NIC client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNewNetworkInterfacesClientE(subscriptionID string) (*network.InterfacesClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// create client
+	nicClient := network.NewInterfacesClientWithBaseURI(baseURI, subscriptionID)
+	return &nicClient, nil
+}
+
+// CreateNewNetworkInterfaceIPConfigurationClientE returns an NIC IP configuration client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNewNetworkInterfaceIPConfigurationClientE(subscriptionID string) (*network.InterfaceIPConfigurationsClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// create client
+	ipConfigClient := network.NewInterfaceIPConfigurationsClientWithBaseURI(baseURI, subscriptionID)
+	return &ipConfigClient, nil
+}
+
+// CreatePublicIPAddressesClientE returns a public IP address client instance configured with the correct BaseURI depending on
+// the Azure environment that is currently setup (or "Public", if none is setup).
+func CreatePublicIPAddressesClientE(subscriptionID string) (*network.PublicIPAddressesClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create client
+	client := network.NewPublicIPAddressesClientWithBaseURI(baseURI, subscriptionID)
+	return &client, nil
+}
+
+// CreateLoadBalancerClientE returns a load balancer client instance configured with the correct BaseURI depending on
+// the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateLoadBalancerClientE(subscriptionID string) (*network.LoadBalancersClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	//create LB client
+	client := network.NewLoadBalancersClientWithBaseURI(baseURI, subscriptionID)
+	return &client, nil
+}
+
+// CreateNewSubnetClientE returns a Subnet client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNewSubnetClientE(subscriptionID string) (*network.SubnetsClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// create client
+	subnetClient := network.NewSubnetsClientWithBaseURI(baseURI, subscriptionID)
+	return &subnetClient, nil
+}
+
+// CreateNewVirtualNetworkClientE returns a Virtual Network client instance configured with the
+// correct BaseURI depending on the Azure environment that is currently setup (or "Public", if none is setup).
+func CreateNewVirtualNetworkClientE(subscriptionID string) (*network.VirtualNetworksClient, error) {
+	// Validate Azure subscription ID
+	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Lookup environment URI
+	baseURI, err := getEnvironmentEndpointE(ResourceManagerEndpointName)
+	if err != nil {
+		return nil, err
+	}
+
+	// create client
+	vnetClient := network.NewVirtualNetworksClientWithBaseURI(baseURI, subscriptionID)
+	return &vnetClient, nil
+}
+
 // GetKeyVaultURISuffixE returns the proper KeyVault URI suffix for the configured Azure environment.
 // This function would fail the test if there is an error.
 func GetKeyVaultURISuffixE() (string, error) {

diff --git a/modules/azure/client_factory_test.go b/modules/azure/client_factory_test.go
@@ -222,3 +222,69 @@ func TestCosmosDBSQLClientBaseURISetCorrectly(t *testing.T) {
 		})
 	}
 }
+func TestPublicIPAddressesClientBaseURISetCorrectly(t *testing.T) {
+	var cases = []struct {
+		CaseName        string
+		EnvironmentName string
+		ExpectedBaseURI string
+	}{
+		{"GovCloud/CosmosDBAccountClient", govCloudEnvName, autorest.USGovernmentCloud.ResourceManagerEndpoint},
+		{"PublicCloud/CosmosDBAccountClient", publicCloudEnvName, autorest.PublicCloud.ResourceManagerEndpoint},
+		{"ChinaCloud/CosmosDBAccountClient", chinaCloudEnvName, autorest.ChinaCloud.ResourceManagerEndpoint},
+		{"GermanCloud/CosmosDBAccountClient", germanyCloudEnvName, autorest.GermanCloud.ResourceManagerEndpoint},
+	}
+
+	// save any current env value and restore on exit
+	currentEnv := os.Getenv(AzureEnvironmentEnvName)
+	defer os.Setenv(AzureEnvironmentEnvName, currentEnv)
+
+	for _, tt := range cases {
+		// The following is necessary to make sure testCase's values don't
+		// get updated due to concurrency within the scope of t.Run(..) below
+		tt := tt
+		t.Run(tt.CaseName, func(t *testing.T) {
+			// Override env setting
+			os.Setenv(AzureEnvironmentEnvName, tt.EnvironmentName)
+
+			// Get a VM client
+			client, err := CreatePublicIPAddressesClientE("")
+			require.NoError(t, err)
+
+			// Check for correct ARM URI
+			assert.Equal(t, tt.ExpectedBaseURI, client.BaseURI)
+		})
+	}
+}
+func TestLoadBalancerClientBaseURISetCorrectly(t *testing.T) {
+	var cases = []struct {
+		CaseName        string
+		EnvironmentName string
+		ExpectedBaseURI string
+	}{
+		{"GovCloud/CosmosDBAccountClient", govCloudEnvName, autorest.USGovernmentCloud.ResourceManagerEndpoint},
+		{"PublicCloud/CosmosDBAccountClient", publicCloudEnvName, autorest.PublicCloud.ResourceManagerEndpoint},
+		{"ChinaCloud/CosmosDBAccountClient", chinaCloudEnvName, autorest.ChinaCloud.ResourceManagerEndpoint},
+		{"GermanCloud/CosmosDBAccountClient", germanyCloudEnvName, autorest.GermanCloud.ResourceManagerEndpoint},
+	}
+
+	// save any current env value and restore on exit
+	currentEnv := os.Getenv(AzureEnvironmentEnvName)
+	defer os.Setenv(AzureEnvironmentEnvName, currentEnv)
+
+	for _, tt := range cases {
+		// The following is necessary to make sure testCase's values don't
+		// get updated due to concurrency within the scope of t.Run(..) below
+		tt := tt
+		t.Run(tt.CaseName, func(t *testing.T) {
+			// Override env setting
+			os.Setenv(AzureEnvironmentEnvName, tt.EnvironmentName)
+
+			// Get a VM client
+			client, err := CreateLoadBalancerClientE("")
+			require.NoError(t, err)
+
+			// Check for correct ARM URI
+			assert.Equal(t, tt.ExpectedBaseURI, client.BaseURI)
+		})
+	}
+}
diff --git a/modules/azure/compute.go b/modules/azure/compute.go
@@ -34,7 +34,7 @@ func GetVirtualMachineClientE(subscriptionID string) (*compute.VirtualMachinesCl
 
 	// Attach authorizer to the client
 	vmClient.Authorizer = *authorizer
-	return &vmClient, nil
+	return vmClient, nil
 }
 
 // VirtualMachineExists indicates whether the specifcied Azure Virtual Machine exists.

diff --git a/modules/azure/loadbalancer.go b/modules/azure/loadbalancer.go
@@ -183,21 +183,18 @@ func GetLoadBalancerE(loadBalancerName string, resourceGroupName string, subscri
 
 // GetLoadBalancerClientE gets a new Load Balancer client in the specified Azure Subscription.
 func GetLoadBalancerClientE(subscriptionID string) (*network.LoadBalancersClient, error) {
-	// Validate Azure subscription ID
-	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	// Get the Load Balancer client
+	client, err := CreateLoadBalancerClientE(subscriptionID)
 	if err != nil {
 		return nil, err
 	}
 
-	// Get the Load Balancer client
-	client := network.NewLoadBalancersClient(subscriptionID)
-
 	// Create an authorizer
 	authorizer, err := NewAuthorizer()
 	if err != nil {
 		return nil, err
 	}
 	client.Authorizer = *authorizer
 
-	return &client, nil
+	return client, nil
 }
diff --git a/modules/azure/networkinterface.go b/modules/azure/networkinterface.go
@@ -118,23 +118,20 @@ func GetNetworkInterfaceConfigurationE(nicName string, nicConfigName string, res
 
 // GetNetworkInterfaceConfigurationClientE creates a new Network Interface Configuration client in the specified Azure Subscription.
 func GetNetworkInterfaceConfigurationClientE(subscriptionID string) (*network.InterfaceIPConfigurationsClient, error) {
-	// Validate Azure Subscription ID
-	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	// Create a new client from client factory
+	client, err := CreateNewNetworkInterfaceIPConfigurationClientE(subscriptionID)
 	if err != nil {
 		return nil, err
 	}
 
-	// Get the NIC client
-	client := network.NewInterfaceIPConfigurationsClient(subscriptionID)
-
 	// Create an authorizer
 	authorizer, err := NewAuthorizer()
 	if err != nil {
 		return nil, err
 	}
 	client.Authorizer = *authorizer
 
-	return &client, nil
+	return client, nil
 }
 
 // GetNetworkInterfaceE gets a Network Interface in the specified Azure Resource Group.
@@ -162,21 +159,18 @@ func GetNetworkInterfaceE(nicName string, resGroupName string, subscriptionID st
 
 // GetNetworkInterfaceClientE creates a new Network Interface client in the specified Azure Subscription.
 func GetNetworkInterfaceClientE(subscriptionID string) (*network.InterfacesClient, error) {
-	// Validate Azure Subscription ID
-	subscriptionID, err := getTargetAzureSubscription(subscriptionID)
+	// Create new NIC client from client factory
+	client, err := CreateNewNetworkInterfacesClientE(subscriptionID)
 	if err != nil {
 		return nil, err
 	}
 
-	// Get the NIC client
-	client := network.NewInterfacesClient(subscriptionID)
-
 	// Create an authorizer
 	authorizer, err := NewAuthorizer()
 	if err != nil {
 		return nil, err
 	}
 	client.Authorizer = *authorizer
 
-	return &client, nil
+	return client, nil
 }