add-private-dns-zone

giantswarm · Dec 4, 2024 · f15003e · f15003e
1 parent 41b1ec6
commit f15003e
Show file tree

Hide file tree

Showing 9 changed files with 450 additions and 288 deletions.
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0
 	github.com/aquilax/truncate v1.0.0
 	github.com/aws/aws-sdk-go-v2 v1.32.5

diff --git a/go.sum b/go.sum
@@ -10,6 +10,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsI
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0 h1:Fd+iaEa+JBwzYo6OTWYSNqyvlPSLciMGsmsnYCKcXM0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 h1:yzrctSl9GMIQ5lHu7jc8olOsGjWDCsBpJhWqfGa/YIM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0/go.mod h1:GE4m0rnnfwLGX0Y9A9A25Zx5N/90jneT5ABevqzhuFQ=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c=

diff --git a/internal/pkg/service/objectstorage/cloud/azure/container.go b/internal/pkg/service/objectstorage/cloud/azure/container.go
@@ -0,0 +1,85 @@
+package azure
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
+
+	"github.com/giantswarm/object-storage-operator/api/v1alpha1"
+)
+
+func (s AzureObjectStorageAdapter) existsContainer(ctx context.Context, bucket *v1alpha1.Bucket, storageAccountName string) (bool, error) {
+	// Check BlobContainer name exists in StorageAccount
+	_, err := s.blobContainerClient.Get(
+		ctx,
+		s.cluster.GetResourceGroup(),
+		storageAccountName,
+		bucket.Spec.Name,
+		nil,
+	)
+
+	if err != nil {
+		var respErr *azcore.ResponseError
+		if errors.As(err, &respErr) {
+			// If NOT FOUND error, that means the BlobContainer doesn't exist, so we return false
+			if respErr.StatusCode == http.StatusNotFound {
+				return false, nil
+			}
+		}
+		return false, err
+	}
+	return true, nil
+}
+
+func (s AzureObjectStorageAdapter) upsertContainer(ctx context.Context, bucket *v1alpha1.Bucket, storageAccountName string) error {
+	existsContainer, err := s.existsContainer(ctx, bucket, storageAccountName)
+	if err != nil {
+		return err
+	}
+	if !existsContainer {
+		// Create Storage Container
+		_, err := s.blobContainerClient.Create(
+			ctx,
+			s.cluster.GetResourceGroup(),
+			storageAccountName,
+			bucket.Spec.Name,
+			armstorage.BlobContainer{
+				ContainerProperties: &armstorage.ContainerProperties{
+					PublicAccess: to.Ptr(armstorage.PublicAccessNone),
+					Metadata:     s.getBucketTags(bucket),
+				},
+			},
+			nil,
+		)
+		if err != nil {
+			s.logger.Error(err, fmt.Sprintf("failed to create storage container %s", bucket.Spec.Name))
+			return err
+		}
+		s.logger.Info(fmt.Sprintf("storage container %s created", bucket.Spec.Name))
+	} else {
+		_, err := s.blobContainerClient.Update(
+			ctx,
+			s.cluster.GetResourceGroup(),
+			storageAccountName,
+			bucket.Spec.Name,
+			armstorage.BlobContainer{
+				ContainerProperties: &armstorage.ContainerProperties{
+					Metadata: s.getBucketTags(bucket),
+				},
+			},
+			nil,
+		)
+		if err != nil {
+			s.logger.Error(err, fmt.Sprintf("failed to update storage container %s", bucket.Spec.Name))
+			return err
+		}
+		s.logger.Info(fmt.Sprintf("storage container %s updated", bucket.Spec.Name))
+	}
+
+	return nil
+}
diff --git a/internal/pkg/service/objectstorage/cloud/azure/privateendpoint.go b/internal/pkg/service/objectstorage/cloud/azure/privateendpoint.go
@@ -0,0 +1,106 @@
+package azure
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns"
+
+	"github.com/giantswarm/object-storage-operator/api/v1alpha1"
+)
+
+var subnetID = "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s/subnets/%s"
+
+func (s AzureObjectStorageAdapter) upsertPrivateEndpoint(ctx context.Context, bucket *v1alpha1.Bucket, storageAccountName string) (*armnetwork.PrivateEndpoint, error) {
+	// Create or Update Private endpoint
+	pollersResp, err := s.privateEndpointsClient.BeginCreateOrUpdate(
+		ctx,
+		s.cluster.GetResourceGroup(),
+		bucket.Spec.Name,
+		armnetwork.PrivateEndpoint{
+			Location: to.Ptr(s.cluster.GetRegion()),
+			Properties: &armnetwork.PrivateEndpointProperties{
+				CustomNetworkInterfaceName: to.Ptr(fmt.Sprintf("%s-nodes-nic", bucket.Spec.Name)),
+				PrivateLinkServiceConnections: []*armnetwork.PrivateLinkServiceConnection{
+					{
+						Name: to.Ptr(bucket.Spec.Name),
+						Properties: &armnetwork.PrivateLinkServiceConnectionProperties{
+							PrivateLinkServiceID: to.Ptr(fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Storage/storageAccounts/%s", s.cluster.GetSubscriptionID(), s.cluster.GetResourceGroup(), storageAccountName)),
+							GroupIDs:             []*string{to.Ptr("blob")},
+						},
+					},
+				},
+				Subnet: &armnetwork.Subnet{
+					ID: to.Ptr(s.subnetID()),
+				},
+			},
+			Tags: s.getBucketTags(bucket),
+		},
+		nil,
+	)
+
+	if err != nil {
+		return nil, err
+	}
+	resp, err := pollersResp.PollUntilDone(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return &resp.PrivateEndpoint, nil
+}
+
+func (s AzureObjectStorageAdapter) upsertPrivateZone(ctx context.Context, bucket *v1alpha1.Bucket) (*armprivatedns.PrivateZone, error) {
+	pollersResp, err := s.privateZonesClient.BeginCreateOrUpdate(
+		ctx,
+		s.cluster.GetResourceGroup(),
+		bucket.Spec.Name,
+		armprivatedns.PrivateZone{
+			Location: to.Ptr(s.cluster.GetRegion()),
+			Tags:     s.getBucketTags(bucket),
+		},
+		nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := pollersResp.PollUntilDone(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &resp.PrivateZone, nil
+}
+
+func (s AzureObjectStorageAdapter) upsertVirtualNetworkLink(ctx context.Context, bucket *v1alpha1.Bucket) (*armprivatedns.VirtualNetworkLink, error) {
+	pollersResp, err := s.virtualNetworkLinksClient.BeginCreateOrUpdate(
+		ctx,
+		s.cluster.GetResourceGroup(),
+		bucket.Spec.Name,
+		bucket.Spec.Name,
+		armprivatedns.VirtualNetworkLink{
+			Location: to.Ptr(s.cluster.GetRegion()),
+			Properties: &armprivatedns.VirtualNetworkLinkProperties{
+				RegistrationEnabled: to.Ptr(true),
+				VirtualNetwork: &armprivatedns.SubResource{
+					ID: to.Ptr(s.subnetID()),
+				},
+			},
+			Tags: s.getBucketTags(bucket),
+		},
+		nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := pollersResp.PollUntilDone(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &resp.VirtualNetworkLink, nil
+}
+
+func (s AzureObjectStorageAdapter) subnetID() string {
+	return fmt.Sprintf(subnetID, s.cluster.GetSubscriptionID(), s.cluster.GetResourceGroup(), s.cluster.GetVNetName(), "node-subnet")
+}
diff --git a/internal/pkg/service/objectstorage/cloud/azure/service.go b/internal/pkg/service/objectstorage/cloud/azure/service.go
@@ -7,6 +7,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
@@ -64,6 +65,12 @@ func (s AzureObjectStorageService) NewObjectStorageService(ctx context.Context,
 		return nil, errors.WithStack(err)
 	}
 
+	var privateZonesClientFactory *armprivatedns.ClientFactory
+	privateZonesClientFactory, err = armprivatedns.NewClientFactory(azureCredentials.SubscriptionID, cred, nil)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
 	azurecluster, ok := cluster.(AzureCluster)
 	if !ok {
 		return nil, errors.New("Impossible to cast cluster into Azure cluster")
@@ -73,6 +80,8 @@ func (s AzureObjectStorageService) NewObjectStorageService(ctx context.Context,
 		storageClientFactory.NewBlobContainersClient(),
 		storageClientFactory.NewManagementPoliciesClient(),
 		networkClientFactory.NewPrivateEndpointsClient(),
+		privateZonesClientFactory.NewPrivateZonesClient(),
+		privateZonesClientFactory.NewVirtualNetworkLinksClient(),
 		logger,
 		azurecluster,
 		client,