Skip to content

Commit

Permalink
Add AzureWorkloadIdentity featureGate
Browse files Browse the repository at this point in the history
  • Loading branch information
jstuever committed May 22, 2023
1 parent 62304c3 commit c66b372
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 16 deletions.
2 changes: 1 addition & 1 deletion pkg/dns/azure/client/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func getAuthorizerForResource(config Config) (autorest.Authorizer, error) {
}

var cred azcore.TokenCredential
if strings.TrimSpace(config.ClientSecret) == "" {
if config.AzureWorkloadIdentityEnabled && strings.TrimSpace(config.ClientSecret) == "" {
options := azidentity.WorkloadIdentityCredentialOptions{
ClientOptions: azcore.ClientOptions{
Cloud: cloudConfig,
Expand Down
3 changes: 3 additions & 0 deletions pkg/dns/azure/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ type Config struct {
FederatedTokenFile string
// TenantID is the Azure tenant ID.
TenantID string
// AzureWorkloadIdentityEnabled indicates whether the
// "AzureWorkloadIdentity" feature gate is enabled.
AzureWorkloadIdentityEnabled bool
}

// ARecord is a DNS A record.
Expand Down
15 changes: 8 additions & 7 deletions pkg/dns/azure/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ type provider struct {

// NewProvider creates a new dns.Provider for Azure. It only supports DNSRecords with
// type A.
func NewProvider(config Config, operatorReleaseVersion string) (dns.Provider, error) {
func NewProvider(config Config, operatorReleaseVersion string, AzureWorkloadIdentityEnabled bool) (dns.Provider, error) {
var env azure.Environment
var err error
switch config.Environment {
Expand All @@ -75,12 +75,13 @@ func NewProvider(config Config, operatorReleaseVersion string) (dns.Provider, er
return nil, fmt.Errorf("could not determine cloud environment: %w", err)
}
c, err := client.New(client.Config{
Environment: env,
SubscriptionID: config.SubscriptionID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
FederatedTokenFile: config.FederatedTokenFile,
TenantID: config.TenantID,
Environment: env,
SubscriptionID: config.SubscriptionID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
FederatedTokenFile: config.FederatedTokenFile,
TenantID: config.TenantID,
AzureWorkloadIdentityEnabled: AzureWorkloadIdentityEnabled,
}, userAgent(operatorReleaseVersion))
if err != nil {
return nil, err
Expand Down
13 changes: 7 additions & 6 deletions pkg/operator/controller/dns/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,10 @@ func New(mgr manager.Manager, config Config) (runtimecontroller.Controller, erro

// Config holds all the things necessary for the controller to run.
type Config struct {
CredentialsRequestNamespace string
DNSRecordNamespaces []string
OperatorReleaseVersion string
CredentialsRequestNamespace string
DNSRecordNamespaces []string
OperatorReleaseVersion string
AzureWorkloadIdentityEnabled bool
}

type reconciler struct {
Expand Down Expand Up @@ -251,7 +252,7 @@ func (r *reconciler) createDNSProviderIfNeeded(dnsConfig *configv1.DNS, record *
}

if needUpdate {
dnsProvider, err := r.createDNSProvider(dnsConfig, platformStatus, &infraConfig.Status, creds)
dnsProvider, err := r.createDNSProvider(dnsConfig, platformStatus, &infraConfig.Status, creds, r.config.AzureWorkloadIdentityEnabled)
if err != nil {
return fmt.Errorf("failed to create DNS provider: %v", err)
}
Expand Down Expand Up @@ -578,7 +579,7 @@ func (r *reconciler) ToDNSRecords(o client.Object) []reconcile.Request {

// createDNSProvider creates a DNS manager compatible with the given cluster
// configuration.
func (r *reconciler) createDNSProvider(dnsConfig *configv1.DNS, platformStatus *configv1.PlatformStatus, infraStatus *configv1.InfrastructureStatus, creds *corev1.Secret) (dns.Provider, error) {
func (r *reconciler) createDNSProvider(dnsConfig *configv1.DNS, platformStatus *configv1.PlatformStatus, infraStatus *configv1.InfrastructureStatus, creds *corev1.Secret, AzureWorkloadIdentityEnabled bool) (dns.Provider, error) {
// If no DNS configuration is provided, don't try to set up provider clients.
// TODO: the provider configuration can be refactored into the provider
// implementations themselves, so this part of the code won't need to
Expand Down Expand Up @@ -677,7 +678,7 @@ func (r *reconciler) createDNSProvider(dnsConfig *configv1.DNS, platformStatus *
ARMEndpoint: platformStatus.Azure.ARMEndpoint,
InfraID: infraStatus.InfrastructureName,
Tags: azuredns.GetTagList(infraStatus),
}, r.config.OperatorReleaseVersion)
}, r.config.OperatorReleaseVersion, AzureWorkloadIdentityEnabled)
if err != nil {
return nil, fmt.Errorf("failed to create Azure DNS manager: %v", err)
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/operator/operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
if err != nil {
return nil, err
}
// example of future featuregate read and usage to set a variable to pass to a controller
azureWorkloadIdentityEnabled := featureGates.Enabled(configv1.FeatureGateAzureWorkloadIdentity)
gatewayAPIEnabled := featureGates.Enabled(configv1.FeatureGateGatewayAPI)

// Set up an operator manager for the operator namespace.
Expand Down Expand Up @@ -239,7 +239,8 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
config.Namespace,
operatorcontroller.DefaultOperandNamespace,
},
OperatorReleaseVersion: config.OperatorReleaseVersion,
OperatorReleaseVersion: config.OperatorReleaseVersion,
AzureWorkloadIdentityEnabled: azureWorkloadIdentityEnabled,
}); err != nil {
return nil, fmt.Errorf("failed to create dns controller: %v", err)
}
Expand Down

0 comments on commit c66b372

Please sign in to comment.