Skip to content

Commit

Permalink
Support Azure blob as source (#156)
Browse files Browse the repository at this point in the history
  • Loading branch information
@summerhasama
summerhasama authored Sep 29, 2022
1 parent f12d195 commit 6599cb9
Show file tree
Hide file tree
Showing 42 changed files with 9,669 additions and 18 deletions.
15 changes: 14 additions & 1 deletion src/k8s-configuration/azext_k8s_configuration/_help.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,14 @@
--kind bucket --url https://bucket-provider.minio.io \\
--bucket-name my-bucket --kustomization name=my-kustomization \\
--bucket-access-key my-access-key --bucket-secret-key my-secret-key
- name: Create a Kubernetes v2 Flux Configuration with Azure Blob Source Kind
text: |-
az k8s-configuration flux create --resource-group my-resource-group \\
--cluster-name mycluster --cluster-type connectedClusters \\
--name myconfig --scope cluster --namespace my-namespace \\
--kind azblob --url https://mystorageaccount.blob.core.windows.net \\
--container-name my-container --kustomization name=my-kustomization \\
--account-key my-account-key
"""

helps[
Expand All @@ -108,11 +116,16 @@
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
--url https://github.com/Azure/arc-k8s-demo --branch main \\
--kustomization name=my-kustomization path=./my/new-path
- name: Update a Flux v2 Kubernetse configuration with Bucket Source Kind to connect insecurely
- name: Update a Flux v2 Kubernetes configuration with Bucket Source Kind to connect insecurely
text: |-
az k8s-configuration flux update --resource-group my-resource-group \\
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
--bucket-insecure
- name: Update a Flux v2 Kubernetes configuration with Azure Blob Source Kind with another container name
text: |-
az k8s-configuration flux update --resource-group my-resource-group \\
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \\
--container-name other-container
"""

helps[
Expand Down
58 changes: 57 additions & 1 deletion src/k8s-configuration/azext_k8s_configuration/_params.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ def load_arguments(self, _):
)
c.argument(
"kind",
arg_type=get_enum_type([consts.GIT, consts.BUCKET]),
arg_type=get_enum_type([consts.GIT, consts.BUCKET, consts.AZBLOB]),
help="Source kind to reconcile",
)
c.argument(
Expand Down Expand Up @@ -178,6 +178,62 @@ def load_arguments(self, _):
help="Define kustomizations to sync sources with parameters ['name', 'path', 'depends_on', 'timeout', 'sync_interval', 'retry_interval', 'prune', 'force']",
nargs="+",
)
c.argument(
"container_name",
help="Name of the Azure Blob Storage container to sync",
)
c.argument(
"sp_client_id",
arg_group="Azure Blob Auth",
options_list=["--sp-client-id", "--service-principal-client-id"],
help="The client ID for authenticating a service principal with Azure Blob, required for this authentication method",
)
c.argument(
"sp_tenant_id",
arg_group="Azure Blob Auth",
options_list=["--sp-tenant-id", "--service-principal-tenant-id"],
help="The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method",
)
c.argument(
"sp_client_secret",
arg_group="Azure Blob Auth",
options_list=["--sp-client-secret", "--service-principal-client-secret"],
help="The client secret for authenticating a service principal with Azure Blob",
)
c.argument(
"sp_client_cert",
arg_group="Azure Blob Auth",
options_list=["--sp-client-cert", "--service-principal-client-certificate"],
help="The Base64 encoded client certificate for authenticating a service principal with Azure Blob",
)
c.argument(
"sp_client_cert_password",
arg_group="Azure Blob Auth",
options_list=["--sp-cert-password", "--service-principal-client-certificate-password"],
help="The password for the client certificate used to authenticate a service principal with Azure Blob",
)
c.argument(
"sp_client_cert_send_chain",
arg_group="Azure Blob Auth",
options_list=["--sp-cert-send-chain", "--service-principal-client-certificate-send-chain"],
help="Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate",
)
c.argument(
"account_key",
arg_group="Azure Blob Auth",
help="The Azure Blob Shared Key for authentication ",
)
c.argument(
"sas_token",
arg_group="Azure Blob Auth",
help="The Azure Blob SAS Token for authentication ",
)
c.argument(
"mi_client_id",
arg_group="Azure Blob Auth",
options_list=["--mi-client-id", "--managed-identity-client-id"],
help="The client ID of the managed identity for authentication with Azure Blob",
)

with self.argument_context("k8s-configuration flux update") as c:
c.argument(
Expand Down
51 changes: 48 additions & 3 deletions src/k8s-configuration/azext_k8s_configuration/consts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
# API VERSIONS -----------------------------------------

SOURCE_CONTROL_API_VERSION = "2022-03-01"
FLUXCONFIG_API_VERSION = "2022-03-01"
EXTENSION_API_VERSION = "2022-03-01"
FLUXCONFIG_API_VERSION = "2022-07-01"
EXTENSION_API_VERSION = "2022-07-01"

# ERROR/HELP TEXT DEFINITIONS -----------------------------------------

Expand Down Expand Up @@ -41,7 +41,30 @@
REQUIRED_BUCKET_VALUES_MISSING_HELP = (
"Provide either both of '--secret-key' and '--access-key' or '--local-auth-ref'"
)

REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_VALUES_MISSING_ERROR = (
"Error! Service principal is invalid because it is missing value(s)"
)
REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_VALUES_MISSING_HELP = (
"Provide '--sp-client-id', '--sp-tenant-id', and either '--sp-client-secret' or '--sp-client-cert'"
)
REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_AUTH_ERROR = (
"Error! Too many authentication methods provided for service principal"
)
REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_AUTH_HELP = (
"Provide either '--sp-client-secret' or '--sp-client-cert'"
)
REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_CERT_VALUES_MISSING_ERROR = (
"Error! Service principal certificate password is invalid"
)
REQUIRED_AZURE_BLOB_SERVICE_PRINCIPAL_CERT_VALUES_MISSING_HELP = (
"Provide '--sp-client-id', '--sp-tenant-id', and '--sp-client-cert' with your '--sp-cert-password"
)
REQUIRED_AZURE_BLOB_AUTH_ERROR = (
"Error! Too many authentication methods provided for Azure Blob"
)
REQUIRED_AZURE_BLOB_AUTH_HELP = (
"Specify one of the available authentication methods from the list: '--local-auth-ref', '--account-key', '--sas-token', '--mi-client-id', or service principal with '--sp-client-id', '--sp-tenant-id', and either '--sp-client-secret' or '--sp-client-cert'"
)
EXTRA_VALUES_PROVIDED_ERROR = (
"Error! Invalid properties [{}] were specified for kind '{}'"
)
Expand Down Expand Up @@ -213,6 +236,24 @@
"local_auth_ref",
}

AZUREBLOB_REQUIRED_PARAMS = {"url", "container_name"}
AZUREBLOB_VALID_PARAMS = {
"url",
"container_name",
"sync_interval",
"timeout",
"account_key",
"local_auth_ref",
"sp_tenant_id",
"sp_client_id",
"sp_client_cert",
"sp_client_cert_password",
"sp_client_secret",
"sp_client_cert_send_chain",
"sas_token",
"mi_client_id",
}

DEPENDENCY_KEYS = ["dependencies", "depends_on", "dependsOn", "depends"]
SYNC_INTERVAL_KEYS = ["interval", "sync_interval", "syncInterval"]
RETRY_INTERVAL_KEYS = ["retryInterval", "retry_interval"]
Expand All @@ -222,12 +263,16 @@
VALID_DURATION_REGEX = r"((?P<hours>\d+?)h)?((?P<minutes>\d+?)m)?((?P<seconds>\d+?)s)?"
VALID_GIT_URL_REGEX = r"^(((http|https|ssh)://)|(git@))"
VALID_BUCKET_URL_REGEX = r"^(((http|https)://))"
VALID_AZUREBLOB_URL_REGEX = r"^(((http|https)://))"

VALID_KUBERNETES_DNS_SUBDOMAIN_NAME_REGEX = r"^[a-z0-9]([\.\-a-z0-9]*[a-z0-9])?$"
VALID_KUBERNETES_DNS_NAME_REGEX = r"^[a-z0-9]([\-a-z0-9]*[a-z0-9])?$"

GIT = "git"
BUCKET = "bucket"
BUCKET_CAPS = "Bucket"
AZBLOB = "azblob"
AZURE_BLOB = "AzureBlob"
GIT_REPOSITORY = "GitRepository"

CONNECTED_CLUSTER_TYPE = "connectedclusters"
Expand Down
Loading

0 comments on commit 6599cb9

Please sign in to comment.