[Azure] Optimize VK Setup in ACS/AKS (#85)

* Read ACS Credentials for Azure Authentication Supprt a new environment variable: ACS_CREDENTIAL_LOCATION Expect the value to be the ACS credential filepath, which is the /etc/kubernetes/azure.json file generated on the ACS nodes. If the ACS_CREDENTIAL_LOCATION is specified and loaded, create the Azure Authentication class from its values. If the AZURE_AUTHENTICATION_LOCATION is specified and loaded, its values will overwrite the value above. Refactor the ACI provider and ACI client to be able to override the SPN by environment variable
2018-02-13 19:07:27 -08:00
parent d23ac6679c
commit f4ebbfc7a3
15 changed files with 399 additions and 86 deletions
--- a/providers/azure/client/aci/client.go
+++ b/providers/azure/client/aci/client.go
@@ -29,16 +29,14 @@ type Client struct {
 }

 // NewClient creates a new Azure Container Instances client.
-func NewClient() (*Client, error) {
-	// Get authentication credentials from file.
-	auth, err := azure.NewAuthenticationFromFile()
-	if err != nil {
-		return nil, fmt.Errorf("Creating azure authentication from file failed: %v", err)
+func NewClient(auth *azure.Authentication) (*Client, error) {
+	if auth == nil {
+		return nil, fmt.Errorf("Authentication is not supplied for the Azure client")
 	}

 	client, err := azure.NewClient(auth, BaseURI, userAgent)
 	if err != nil {
-		return nil, fmt.Errorf("Creating azure client failed: %v", err)
+		return nil, fmt.Errorf("Creating Azure client failed: %v", err)
 	}

 	return &Client{hc: client.HTTPClient, auth: auth}, nil
--- a/providers/azure/client/aci/client_test.go
+++ b/providers/azure/client/aci/client_test.go
@@ -3,11 +3,10 @@ package aci
 import (
 	"log"
 	"os"
-	"path/filepath"
-	"runtime"
 	"strings"
 	"testing"

+	azure "github.com/virtual-kubelet/virtual-kubelet/providers/azure/client"
 	"github.com/virtual-kubelet/virtual-kubelet/providers/azure/client/resourcegroups"
 	"github.com/google/uuid"
 )
@@ -20,23 +19,6 @@ var (
 )

 func init() {
-	// Check if the AZURE_AUTH_LOCATION variable is already set.
-	// If it is not set, set it to the root of this project in a credentials.json file.
-	if os.Getenv("AZURE_AUTH_LOCATION") == "" {
-		// Check if the credentials.json file exists in the root of this project.
-		_, filename, _, _ := runtime.Caller(0)
-		dir := filepath.Dir(filename)
-		file := filepath.Join(dir, "../../../../credentials.json")
-
-		// Check if the file exists.
-		if _, err := os.Stat(file); os.IsNotExist(err) {
-			log.Fatalf("Either set AZURE_AUTH_LOCATION or add a credentials.json file to the root of this project.")
-		}
-
-		// Set the environment variable for the authentication file.
-		os.Setenv("AZURE_AUTH_LOCATION", file)
-	}
-
 	// Create a resource group name with uuid.
 	uid := uuid.New()
 	resourceGroup += "-" + uid.String()[0:6]
@@ -45,8 +27,13 @@ func init() {
 // The TestMain function creates a resource group for testing
 // and deletes in when it's done.
 func TestMain(m *testing.M) {
+	auth, err := azure.NewAuthenticationFromFile("../../../../credentials.json")
+	if err != nil {
+		log.Fatalf("Failed to load Azure authentication file: %v", err)
+	}
+
 	// Check if the resource group exists and create it if not.
-	rgCli, err := resourcegroups.NewClient()
+	rgCli, err := resourcegroups.NewClient(auth)
 	if err != nil {
 		log.Fatalf("creating new resourcegroups client failed: %v", err)
 	}
@@ -84,11 +71,17 @@ func TestMain(m *testing.M) {
 }

 func TestNewClient(t *testing.T) {
-	var err error
-	client, err = NewClient()
+	auth, err := azure.NewAuthenticationFromFile("../../../../credentials.json")
+        if err != nil {
+                log.Fatalf("Failed to load Azure authentication file: %v", err)
+        }
+
+	c, err := NewClient(auth)
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	client = c
 }

 func TestCreateContainerGroupFails(t *testing.T) {
--- a/providers/azure/client/auth.go
+++ b/providers/azure/client/auth.go
@@ -6,19 +6,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
-	"os"
 	"unicode/utf16"

 	"github.com/dimchansky/utfbom"
 )

-const (
-	// AuthenticationFilepathName defines the name of the environment variable
-	// containing the path to the file to be used to populate Authentication
-	// for Azure.
-	AuthenticationFilepathName = "AZURE_AUTH_LOCATION"
-)
-
 // Authentication represents the authentication file for Azure.
 type Authentication struct {
 	ClientID                string `json:"clientId,omitempty"`
@@ -35,32 +27,49 @@ type Authentication struct {

 // NewAuthentication returns an authentication struct from user provided
 // credentials.
-func NewAuthentication(clientID, clientSecret, subscriptionID, tenantID string) *Authentication {
+func NewAuthentication(azureCloud, clientID, clientSecret, subscriptionID, tenantID string) *Authentication {
+	environment := PublicCloud
+		
+	switch azureCloud {
+	case PublicCloud.Name:
+		environment = PublicCloud
+		break;
+	case USGovernmentCloud.Name:
+		environment = USGovernmentCloud
+		break;
+	case ChinaCloud.Name:
+		environment = ChinaCloud
+		break;
+	case GermanCloud.Name:
+		environment = GermanCloud
+		break;
+	}
+
 	return &Authentication{
-		ClientID:       clientID,
-		ClientSecret:   clientSecret,
-		SubscriptionID: subscriptionID,
-		TenantID:       tenantID,
+		ClientID:      	            clientID,
+		ClientSecret:               clientSecret,
+		SubscriptionID:             subscriptionID,
+		TenantID:                   tenantID,
+		ActiveDirectoryEndpoint:    environment.ActiveDirectoryEndpoint,
+		ResourceManagerEndpoint:    environment.ResourceManagerEndpoint,
+		GraphResourceID:            environment.GraphEndpoint,
+		SQLManagementEndpoint:      environment.SQLDatabaseDNSSuffix,
+		GalleryEndpoint:            environment.GalleryEndpoint,
+		ManagementEndpoint:         environment.ServiceManagementEndpoint,
 	}
 }

-// NewAuthenticationFromFile returns an authentication struct from file located
-// at AZURE_AUTH_LOCATION.
-func NewAuthenticationFromFile() (*Authentication, error) {
-	file := os.Getenv(AuthenticationFilepathName)
-	if file == "" {
-		return nil, fmt.Errorf("Authentication file not found, environment variable %s is not set", AuthenticationFilepathName)
-	}
-
-	b, err := ioutil.ReadFile(file)
+// NewAuthenticationFromFile returns an authentication struct from file path
+func NewAuthenticationFromFile(filepath string) (*Authentication, error) {
+	b, err := ioutil.ReadFile(filepath)
 	if err != nil {
-		return nil, fmt.Errorf("Reading authentication file %q failed: %v", file, err)
+		return nil, fmt.Errorf("Reading authentication file %q failed: %v", filepath, err)
 	}

 	// Authentication file might be encoded.
 	decoded, err := decode(b)
 	if err != nil {
-		return nil, fmt.Errorf("Decoding authentication file %q failed: %v", file, err)
+		return nil, fmt.Errorf("Decoding authentication file %q failed: %v", filepath, err)
 	}

 	// Unmarshal the authentication file.
--- a/providers/azure/client/resourcegroups/client.go
+++ b/providers/azure/client/resourcegroups/client.go
@@ -26,16 +26,14 @@ type Client struct {
 }

 // NewClient creates a new Azure resource groups client.
-func NewClient() (*Client, error) {
-	// Get authentication credentials from file.
-	auth, err := azure.NewAuthenticationFromFile()
-	if err != nil {
-		return nil, fmt.Errorf("Creating azure authentication from file failed: %v", err)
+func NewClient(auth *azure.Authentication) (*Client, error) {
+	if auth == nil {
+		return nil, fmt.Errorf("Authentication is not supplied for the Azure client")
 	}

 	client, err := azure.NewClient(auth, BaseURI, userAgent)
 	if err != nil {
-		return nil, fmt.Errorf("Creating azure client failed: %v", err)
+		return nil, fmt.Errorf("Creating Azure client failed: %v", err)
 	}

 	return &Client{hc: client.HTTPClient, auth: auth}, nil
--- a/providers/azure/client/resourcegroups/client_test.go
+++ b/providers/azure/client/resourcegroups/client_test.go
@@ -1,13 +1,10 @@
 package resourcegroups

 import (
-	"log"
-	"os"
-	"path/filepath"
-	"runtime"
 	"testing"

 	"github.com/google/uuid"
+	azure "github.com/virtual-kubelet/virtual-kubelet/providers/azure/client"
 )

 var (
@@ -17,34 +14,23 @@ var (
 )

 func init() {
-	// Check if the AZURE_AUTH_LOCATION variable is already set.
-	// If it is not set, set it to the root of this project in a credentials.json file.
-	if os.Getenv("AZURE_AUTH_LOCATION") == "" {
-		// Check if the credentials.json file exists in the root of this project.
-		_, filename, _, _ := runtime.Caller(0)
-		dir := filepath.Dir(filename)
-		file := filepath.Join(dir, "../../../../credentials.json")
-
-		// Check if the file exists.
-		if _, err := os.Stat(file); os.IsNotExist(err) {
-			log.Fatalf("Either set AZURE_AUTH_LOCATION or add a credentials.json file to the root of this project.")
-		}
-
-		// Set the environment variable for the authentication file.
-		os.Setenv("AZURE_AUTH_LOCATION", file)
-	}
-
 	// Create a resource group name with uuid.
 	uid := uuid.New()
 	resourceGroup += "-" + uid.String()[0:6]
 }

 func TestNewClient(t *testing.T) {
-	var err error
-	client, err = NewClient()
+	auth, err := azure.NewAuthenticationFromFile("../../../../credentials.json")
+	if err != nil {
+		t.Fatalf("Failed to load Azure authentication file: %v", err)
+	}
+
+	c, err := NewClient(auth)
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	client = c
 }

 func TestResourceGroupDoesNotExist(t *testing.T) {