From 166b2e6caa16302fb724b0253753b300cd0affde Mon Sep 17 00:00:00 2001 From: willie-yao Date: Thu, 30 Nov 2023 21:32:32 +0000 Subject: [PATCH] Refactor --- azure/scope/clients.go | 31 -- azure/scope/clients_test.go | 81 ---- azure/scope/cluster.go | 21 +- azure/scope/cluster_test.go | 401 +++++++++++++++++- azure/scope/managedcontrolplane.go | 18 +- azure/scope/managedcontrolplane_test.go | 306 ++++++++++++- controllers/asosecret_controller_test.go | 21 +- controllers/azurecluster_controller_test.go | 35 ++ .../azurejson_machine_controller_test.go | 23 + .../azurejson_machinepool_controller_test.go | 46 +- controllers/azuremachine_controller_test.go | 74 +++- ...azuremanagedmachinepool_controller_test.go | 28 +- controllers/helpers_test.go | 55 ++- 13 files changed, 955 insertions(+), 185 deletions(-) delete mode 100644 azure/scope/clients_test.go diff --git a/azure/scope/clients.go b/azure/scope/clients.go index 6e4dc000765..6b1ff7e6256 100644 --- a/azure/scope/clients.go +++ b/azure/scope/clients.go @@ -28,7 +28,6 @@ import ( "github.com/Azure/go-autorest/autorest" azureautorest "github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure/auth" - azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" ) // AzureClients contains all the Azure clients used by the scopes. @@ -80,36 +79,6 @@ func (c *AzureClients) HashKey() string { return base64.URLEncoding.EncodeToString(hasher.Sum(nil)) } -func (c *AzureClients) setCredentials(subscriptionID, environmentName string) error { - settings, err := c.getSettingsFromEnvironment(environmentName) - if err != nil { - return err - } - - if subscriptionID == "" { - subscriptionID = settings.GetSubscriptionID() - if subscriptionID == "" { - return fmt.Errorf("error creating azure services. subscriptionID is not set in cluster or AZURE_SUBSCRIPTION_ID env var") - } - } - - c.EnvironmentSettings = settings - c.ResourceManagerEndpoint = settings.Environment.ResourceManagerEndpoint - c.ResourceManagerVMDNSSuffix = settings.Environment.ResourceManagerVMDNSSuffix - c.Values[auth.ClientID] = strings.TrimSuffix(c.Values[auth.ClientID], "\n") - c.Values[auth.ClientSecret] = strings.TrimSuffix(c.Values[auth.ClientSecret], "\n") - c.Values[auth.SubscriptionID] = strings.TrimSuffix(subscriptionID, "\n") - c.Values[auth.TenantID] = strings.TrimSuffix(c.Values[auth.TenantID], "\n") - - if c.Authorizer == nil { - c.Authorizer, err = azureutil.GetAuthorizer(settings) - if err != nil { - return err - } - } - return nil -} - func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscriptionID, environmentName string, credentialsProvider CredentialsProvider) error { if credentialsProvider == nil { return fmt.Errorf("credentials provider cannot have an empty value") diff --git a/azure/scope/clients_test.go b/azure/scope/clients_test.go deleted file mode 100644 index 29a6e0e242c..00000000000 --- a/azure/scope/clients_test.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scope - -import ( - "testing" - - . "github.com/onsi/gomega" -) - -func TestGettingEnvironment(t *testing.T) { - g := NewWithT(t) - - var tests = map[string]struct { - azureEnv string - expectedEndpoint string - expectedDNSSuffix string - expectedError bool - expectedErrorMessage string - }{ - "AZURE_ENVIRONMENT is empty": { - azureEnv: "", - expectedEndpoint: "https://management.azure.com/", - expectedDNSSuffix: "cloudapp.azure.com", - expectedError: false, - }, "AZURE_ENVIRONMENT is AzurePublicCloud": { - azureEnv: "AzurePublicCloud", - expectedEndpoint: "https://management.azure.com/", - expectedDNSSuffix: "cloudapp.azure.com", - expectedError: false, - }, "AZURE_ENVIRONMENT is AzureUSGovernmentCloud": { - azureEnv: "AzureUSGovernmentCloud", - expectedEndpoint: "https://management.usgovcloudapi.net/", - expectedDNSSuffix: "cloudapp.usgovcloudapi.net", - expectedError: false, - }, "AZURE_ENVIRONMENT is AzureChina": { - azureEnv: "AzureChinaCloud", - expectedEndpoint: "https://management.chinacloudapi.cn/", - expectedDNSSuffix: "cloudapp.chinacloudapi.cn", - expectedError: false, - }, "AZURE_ENVIRONMENT is AzureGermany": { - azureEnv: "AzureGermanCloud", - expectedEndpoint: "https://management.microsoftazure.de/", - expectedDNSSuffix: "cloudapp.microsoftazure.de", - expectedError: false, - }, "AZURE_ENVIRONMENT has an invalid value": { - azureEnv: "AzureInSpace", - expectedEndpoint: "", - expectedDNSSuffix: "", - expectedError: true, - expectedErrorMessage: "There is no cloud environment matching the name \"AZUREINSPACE\"", - }} - for name, test := range tests { - t.Run(name, func(t *testing.T) { - c := AzureClients{} - err := c.setCredentials("1234", test.azureEnv) - if test.expectedError { - g.Expect(err).To(HaveOccurred()) - g.Expect(err.Error()).To(ContainSubstring(test.expectedErrorMessage)) - } else { - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(c.ResourceManagerEndpoint).To(Equal(test.expectedEndpoint)) - g.Expect(c.ResourceManagerVMDNSSuffix).To(Equal(test.expectedDNSSuffix)) - } - }) - } -} diff --git a/azure/scope/cluster.go b/azure/scope/cluster.go index 8ea909ee438..201632ad989 100644 --- a/azure/scope/cluster.go +++ b/azure/scope/cluster.go @@ -75,20 +75,13 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc return nil, errors.New("failed to generate new scope from nil AzureCluster") } - if params.AzureCluster.Spec.IdentityRef == nil { - err := params.AzureClients.setCredentials(params.AzureCluster.Spec.SubscriptionID, params.AzureCluster.Spec.AzureEnvironment) - if err != nil { - return nil, errors.Wrap(err, "failed to configure azure settings and credentials from environment") - } - } else { - credentialsProvider, err := NewAzureClusterCredentialsProvider(ctx, params.Client, params.AzureCluster) - if err != nil { - return nil, errors.Wrap(err, "failed to init credentials provider") - } - err = params.AzureClients.setCredentialsWithProvider(ctx, params.AzureCluster.Spec.SubscriptionID, params.AzureCluster.Spec.AzureEnvironment, credentialsProvider) - if err != nil { - return nil, errors.Wrap(err, "failed to configure azure settings and credentials for Identity") - } + credentialsProvider, err := NewAzureClusterCredentialsProvider(ctx, params.Client, params.AzureCluster) + if err != nil { + return nil, errors.Wrap(err, "failed to init credentials provider") + } + err = params.AzureClients.setCredentialsWithProvider(ctx, params.AzureCluster.Spec.SubscriptionID, params.AzureCluster.Spec.AzureEnvironment, credentialsProvider) + if err != nil { + return nil, errors.Wrap(err, "failed to configure azure settings and credentials for Identity") } if params.Cache == nil { diff --git a/azure/scope/cluster_test.go b/azure/scope/cluster_test.go index 4abe02bbd05..3816445f908 100644 --- a/azure/scope/cluster_test.go +++ b/azure/scope/cluster_test.go @@ -23,10 +23,12 @@ import ( "strings" "testing" + aadpodv1 "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity/v1" asonetworkv1 "github.com/Azure/azure-service-operator/v2/api/network/v1api20220701" "github.com/Azure/go-autorest/autorest/azure/auth" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" @@ -41,9 +43,13 @@ import ( "sigs.k8s.io/cluster-api-provider-azure/azure/services/subnets" "sigs.k8s.io/cluster-api-provider-azure/azure/services/vnetpeerings" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) +const fakeClientID = "fake-client-id" +const fakeTenantID = "fake-tenant-id" + func specToString(spec any) string { var sb strings.Builder sb.WriteString("{ ") @@ -77,6 +83,9 @@ func TestAPIServerHost(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: fakeSubscriptionID, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ APIServerLB: infrav1.LoadBalancerSpec{ @@ -102,6 +111,9 @@ func TestAPIServerHost(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: fakeSubscriptionID, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ APIServerLB: infrav1.LoadBalancerSpec{ @@ -127,6 +139,9 @@ func TestAPIServerHost(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: fakeSubscriptionID, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ NetworkClassSpec: infrav1.NetworkClassSpec{ @@ -149,6 +164,8 @@ func TestAPIServerHost(t *testing.T) { scheme := runtime.NewScheme() _ = clusterv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -169,8 +186,20 @@ func TestAPIServerHost(t *testing.T) { } tc.azureCluster.Default() - initObjects := []runtime.Object{cluster, &tc.azureCluster} + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + + initObjects := []runtime.Object{cluster, &tc.azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -188,6 +217,8 @@ func TestGettingSecurityRules(t *testing.T) { scheme := runtime.NewScheme() _ = clusterv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -210,6 +241,9 @@ func TestGettingSecurityRules(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -225,8 +259,20 @@ func TestGettingSecurityRules(t *testing.T) { } azureCluster.Default() - initObjects := []runtime.Object{cluster, azureCluster} + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -277,6 +323,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ APIServerLB: infrav1.LoadBalancerSpec{ @@ -318,6 +367,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ ControlPlaneOutboundLB: &infrav1.LoadBalancerSpec{ @@ -362,6 +414,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ ControlPlaneOutboundLB: &infrav1.LoadBalancerSpec{ @@ -429,6 +484,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ ControlPlaneOutboundLB: &infrav1.LoadBalancerSpec{ @@ -534,6 +592,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ ControlPlaneOutboundLB: &infrav1.LoadBalancerSpec{ @@ -598,6 +659,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ ControlPlaneOutboundLB: &infrav1.LoadBalancerSpec{ @@ -673,6 +737,9 @@ func TestPublicIPSpecs(t *testing.T) { "Name": "my-publicip-ipv6", "sigs.k8s.io_cluster-api-provider-azure_cluster_my-cluster": "owned", }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -745,6 +812,8 @@ func TestPublicIPSpecs(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -752,10 +821,20 @@ func TestPublicIPSpecs(t *testing.T) { Namespace: "default", }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, tc.azureCluster} + initObjects := []runtime.Object{cluster, tc.azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() - + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, AzureCluster: tc.azureCluster, @@ -802,6 +881,9 @@ func TestRouteTableSpecs(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{ @@ -896,6 +978,9 @@ func TestNatGatewaySpecs(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -957,6 +1042,9 @@ func TestNatGatewaySpecs(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -1036,6 +1124,9 @@ func TestNatGatewaySpecs(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -1210,6 +1301,9 @@ func TestNSGSpecs(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{ @@ -1303,6 +1397,9 @@ func TestSubnetSpecs(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{ @@ -1406,6 +1503,9 @@ func TestSubnetSpecs(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{ @@ -1671,6 +1771,9 @@ func TestAzureBastionSpec(t *testing.T) { ResourceGroup: "my-rg", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: "centralIndia", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{ @@ -1787,6 +1890,9 @@ func TestSubnet(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -1808,12 +1914,26 @@ func TestSubnet(t *testing.T) { NetworkSpec: tc.azureClusterNetworkSpec, AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -1883,6 +2003,9 @@ func TestControlPlaneRouteTable(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -1904,12 +2027,26 @@ func TestControlPlaneRouteTable(t *testing.T) { NetworkSpec: tc.azureClusterNetworkSpec, AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -1949,6 +2086,9 @@ func TestGetPrivateDNSZoneName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -1970,12 +2110,26 @@ func TestGetPrivateDNSZoneName(t *testing.T) { NetworkSpec: tc.azureClusterNetworkSpec, AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2012,6 +2166,9 @@ func TestAPIServerLBPoolName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2037,12 +2194,26 @@ func TestAPIServerLBPoolName(t *testing.T) { }, AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2129,6 +2300,8 @@ func TestOutboundLBName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -2151,6 +2324,9 @@ func TestOutboundLBName(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -2179,8 +2355,20 @@ func TestOutboundLBName(t *testing.T) { azureCluster.Default() - initObjects := []runtime.Object{cluster, azureCluster} + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2246,6 +2434,8 @@ func TestBackendPoolName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -2268,6 +2458,9 @@ func TestBackendPoolName(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -2293,6 +2486,15 @@ func TestBackendPoolName(t *testing.T) { azureCluster.Default() + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + if tc.customAPIServerBackendPoolName != "" { azureCluster.Spec.NetworkSpec.APIServerLB.BackendPool.Name = tc.customAPIServerBackendPoolName } @@ -2305,8 +2507,11 @@ func TestBackendPoolName(t *testing.T) { azureCluster.Spec.NetworkSpec.ControlPlaneOutboundLB.BackendPool.Name = tc.customControlPlaneBackendPoolName } - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2362,6 +2567,9 @@ func TestOutboundPoolName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2382,9 +2590,20 @@ func TestOutboundPoolName(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} if tc.loadBalancerName != "" { azureCluster.Spec.NetworkSpec.NodeOutboundLB = &infrav1.LoadBalancerSpec{ @@ -2392,10 +2611,13 @@ func TestOutboundPoolName(t *testing.T) { } } - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} azureCluster.Default() fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2447,6 +2669,9 @@ func TestGenerateFQDN(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2468,13 +2693,27 @@ func TestGenerateFQDN(t *testing.T) { AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", Location: tc.location, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, ResourceGroup: tc.resourceGroup, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2533,6 +2772,9 @@ func TestAdditionalTags(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2554,12 +2796,26 @@ func TestAdditionalTags(t *testing.T) { AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", AdditionalTags: tc.azureClusterAdditionalTags, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2607,6 +2863,9 @@ func TestAPIServerPort(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2630,12 +2889,26 @@ func TestAPIServerPort(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2691,6 +2964,9 @@ func TestFailureDomains(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) + cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ Name: tc.clusterName, @@ -2711,13 +2987,27 @@ func TestFailureDomains(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, Status: tc.azureClusterStatus, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -2750,6 +3040,9 @@ func TestClusterScope_LBSpecs(t *testing.T) { }, SubscriptionID: "123", Location: "westus2", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, ResourceGroup: "my-rg", NetworkSpec: infrav1.NetworkSpec{ @@ -2921,6 +3214,9 @@ func TestClusterScope_LBSpecs(t *testing.T) { AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", Location: "westus2", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, ResourceGroup: "my-rg", NetworkSpec: infrav1.NetworkSpec{ @@ -2985,6 +3281,8 @@ func TestClusterScope_LBSpecs(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -2992,9 +3290,20 @@ func TestClusterScope_LBSpecs(t *testing.T) { Namespace: "default", }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, tc.azureCluster} + initObjects := []runtime.Object{cluster, tc.azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -3038,6 +3347,8 @@ func TestExtendedLocationName(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -3064,12 +3375,26 @@ func TestExtendedLocationName(t *testing.T) { Name: tc.extendedLocation.Name, Type: tc.extendedLocation.Type, }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -3113,6 +3438,8 @@ func TestExtendedLocationType(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := &clusterv1.Cluster{ ObjectMeta: metav1.ObjectMeta{ @@ -3139,12 +3466,26 @@ func TestExtendedLocationType(t *testing.T) { Name: tc.extendedLocation.Name, Type: tc.extendedLocation.Type, }, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -3341,6 +3682,8 @@ func TestVNetPeerings(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) clusterName := "my-cluster" clusterNamespace := "default" @@ -3366,15 +3709,32 @@ func TestVNetPeerings(t *testing.T) { ResourceGroup: "rg1", AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: tc.subscriptionID, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: tc.azureClusterVNetSpec, }, }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: clusterNamespace, + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} - initObjects := []runtime.Object{cluster, azureCluster} + initObjects := []runtime.Object{cluster, azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) clusterScope, err := NewClusterScope(context.TODO(), ClusterScopeParams{ Cluster: cluster, @@ -3437,6 +3797,9 @@ func TestSetFailureDomain(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ FailureDomains: tc.specifiedFDs, + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + }, }, }, }, diff --git a/azure/scope/managedcontrolplane.go b/azure/scope/managedcontrolplane.go index 3e2a4a5f5fb..f2d1ea30c1e 100644 --- a/azure/scope/managedcontrolplane.go +++ b/azure/scope/managedcontrolplane.go @@ -89,19 +89,13 @@ func NewManagedControlPlaneScope(ctx context.Context, params ManagedControlPlane return nil, errors.New("failed to generate new scope from nil ControlPlane") } - if params.ControlPlane.Spec.IdentityRef == nil { - if err := params.AzureClients.setCredentials(params.ControlPlane.Spec.SubscriptionID, params.ControlPlane.Spec.AzureEnvironment); err != nil { - return nil, errors.Wrap(err, "failed to create Azure session") - } - } else { - credentialsProvider, err := NewManagedControlPlaneCredentialsProvider(ctx, params.Client, params.ControlPlane) - if err != nil { - return nil, errors.Wrap(err, "failed to init credentials provider") - } + credentialsProvider, err := NewManagedControlPlaneCredentialsProvider(ctx, params.Client, params.ControlPlane) + if err != nil { + return nil, errors.Wrap(err, "failed to init credentials provider") + } - if err := params.AzureClients.setCredentialsWithProvider(ctx, params.ControlPlane.Spec.SubscriptionID, params.ControlPlane.Spec.AzureEnvironment, credentialsProvider); err != nil { - return nil, errors.Wrap(err, "failed to configure azure settings and credentials for Identity") - } + if err := params.AzureClients.setCredentialsWithProvider(ctx, params.ControlPlane.Spec.SubscriptionID, params.ControlPlane.Spec.AzureEnvironment, credentialsProvider); err != nil { + return nil, errors.Wrap(err, "failed to configure azure settings and credentials for Identity") } if params.Cache == nil { diff --git a/azure/scope/managedcontrolplane_test.go b/azure/scope/managedcontrolplane_test.go index 014f0f06e5a..0af978f8155 100644 --- a/azure/scope/managedcontrolplane_test.go +++ b/azure/scope/managedcontrolplane_test.go @@ -20,8 +20,10 @@ import ( "context" "testing" + aadpodv1 "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity/v1" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230201" . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" @@ -31,6 +33,7 @@ import ( "sigs.k8s.io/cluster-api-provider-azure/azure/services/managedclusters" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" expv1 "sigs.k8s.io/cluster-api/exp/api/v1beta1" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) @@ -38,6 +41,8 @@ func TestManagedControlPlaneScope_OutboundType(t *testing.T) { scheme := runtime.NewScheme() _ = expv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) explicitOutboundType := infrav1.ManagedControlPlaneOutboundTypeUserDefinedRouting cases := []struct { Name string @@ -57,7 +62,12 @@ func TestManagedControlPlaneScope_OutboundType(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", - OutboundType: &explicitOutboundType, + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, + OutboundType: &explicitOutboundType, }, }, }, @@ -77,6 +87,11 @@ func TestManagedControlPlaneScope_OutboundType(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -88,7 +103,24 @@ func TestManagedControlPlaneScope_OutboundType(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -103,6 +135,8 @@ func TestManagedControlPlaneScope_PoolVersion(t *testing.T) { scheme := runtime.NewScheme() _ = expv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -127,6 +161,11 @@ func TestManagedControlPlaneScope_PoolVersion(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -168,6 +207,11 @@ func TestManagedControlPlaneScope_PoolVersion(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.22.0", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -210,6 +254,11 @@ func TestManagedControlPlaneScope_PoolVersion(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -228,7 +277,24 @@ func TestManagedControlPlaneScope_PoolVersion(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -246,6 +312,8 @@ func TestManagedControlPlaneScope_AddonProfiles(t *testing.T) { scheme := runtime.NewScheme() _ = expv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -269,6 +337,11 @@ func TestManagedControlPlaneScope_AddonProfiles(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -298,6 +371,11 @@ func TestManagedControlPlaneScope_AddonProfiles(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AddonProfiles: []infrav1.AddonProfile{ {Name: "addon1", Config: nil, Enabled: false}, {Name: "addon2", Config: map[string]string{"k1": "v1", "k2": "v2"}, Enabled: true}, @@ -323,7 +401,24 @@ func TestManagedControlPlaneScope_AddonProfiles(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -337,6 +432,8 @@ func TestManagedControlPlaneScope_OSType(t *testing.T) { scheme := runtime.NewScheme() _ = expv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -362,6 +459,11 @@ func TestManagedControlPlaneScope_OSType(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -433,6 +535,11 @@ func TestManagedControlPlaneScope_OSType(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -455,7 +562,24 @@ func TestManagedControlPlaneScope_OSType(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -479,6 +603,8 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { scheme := runtime.NewScheme() _ = expv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -503,6 +629,11 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -538,6 +669,11 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -575,6 +711,11 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ Version: "v1.20.1", SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -600,7 +741,24 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -613,6 +771,8 @@ func TestManagedControlPlaneScope_IsVnetManagedCache(t *testing.T) { func TestManagedControlPlaneScope_AADProfile(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -636,6 +796,11 @@ func TestManagedControlPlaneScope_AADProfile(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -665,6 +830,11 @@ func TestManagedControlPlaneScope_AADProfile(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AADProfile: &infrav1.AADProfile{ Managed: true, AdminGroupObjectIDs: []string{"00000000-0000-0000-0000-000000000000"}, @@ -690,7 +860,24 @@ func TestManagedControlPlaneScope_AADProfile(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -705,6 +892,8 @@ func TestManagedControlPlaneScope_AADProfile(t *testing.T) { func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -728,6 +917,11 @@ func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -756,7 +950,12 @@ func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { }, Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ - SubscriptionID: "00000000-0000-0000-0000-000000000000", + SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, DisableLocalAccounts: ptr.To[bool](true), }, }, @@ -787,6 +986,11 @@ func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AADProfile: &infrav1.AADProfile{ Managed: true, AdminGroupObjectIDs: []string{"00000000-0000-0000-0000-000000000000"}, @@ -809,7 +1013,24 @@ func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -824,6 +1045,8 @@ func TestManagedControlPlaneScope_DisableLocalAccounts(t *testing.T) { func TestIsAADEnabled(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -847,6 +1070,11 @@ func TestIsAADEnabled(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -876,6 +1104,11 @@ func TestIsAADEnabled(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AADProfile: &infrav1.AADProfile{ Managed: true, AdminGroupObjectIDs: []string{"00000000-0000-0000-0000-000000000000"}, @@ -898,7 +1131,24 @@ func TestIsAADEnabled(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) @@ -911,6 +1161,8 @@ func TestIsAADEnabled(t *testing.T) { func TestAreLocalAccountsDisabled(t *testing.T) { scheme := runtime.NewScheme() _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cases := []struct { Name string @@ -934,6 +1186,11 @@ func TestAreLocalAccountsDisabled(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, }, @@ -963,6 +1220,11 @@ func TestAreLocalAccountsDisabled(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AADProfile: &infrav1.AADProfile{ Managed: true, AdminGroupObjectIDs: []string{"00000000-0000-0000-0000-000000000000"}, @@ -996,6 +1258,11 @@ func TestAreLocalAccountsDisabled(t *testing.T) { Spec: infrav1.AzureManagedControlPlaneSpec{ AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ SubscriptionID: "00000000-0000-0000-0000-000000000000", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, AADProfile: &infrav1.AADProfile{ Managed: true, AdminGroupObjectIDs: []string{"00000000-0000-0000-0000-000000000000"}, @@ -1018,7 +1285,24 @@ func TestAreLocalAccountsDisabled(t *testing.T) { c := c t.Run(c.Name, func(t *testing.T) { g := NewWithT(t) - fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(c.Input.ControlPlane).Build() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: fakeClientID, + TenantID: fakeTenantID, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{c.Input.ControlPlane, fakeIdentity, fakeSecret} + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: fakeIdentity.Name, Namespace: fakeIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)).To(Succeed()) + c.Input.Client = fakeClient s, err := NewManagedControlPlaneScope(context.TODO(), c.Input) g.Expect(err).To(Succeed()) diff --git a/controllers/asosecret_controller_test.go b/controllers/asosecret_controller_test.go index e6181521728..81ff32abbf8 100644 --- a/controllers/asosecret_controller_test.go +++ b/controllers/asosecret_controller_test.go @@ -262,7 +262,20 @@ func TestASOSecretReconcile(t *testing.T) { getASOCluster(func(c *clusterv1.Cluster) { c.Spec.Paused = true }), - defaultAzureCluster, + getASOAzureCluster(func(c *infrav1.AzureCluster) { + c.Spec.IdentityRef = &corev1.ObjectReference{ + Name: "my-azure-cluster-identity", + Namespace: "default", + } + }), + getASOAzureClusterIdentity(func(identity *infrav1.AzureClusterIdentity) { + identity.Spec.Type = defaultClusterIdentityType + identity.Spec.ClientSecret = corev1.SecretReference{ + Name: "fooSecret", + Namespace: "default", + } + }), + getASOAzureClusterIdentitySecret(), }, event: "AzureCluster or linked Cluster is marked as paused. Won't reconcile", }, @@ -305,14 +318,14 @@ func TestASOSecretReconcile(t *testing.T) { g.Expect(asoSecretErr).To(HaveOccurred()) } - if tc.event != "" { - g.Expect(reconciler.Recorder.(*record.FakeRecorder).Events).To(Receive(ContainSubstring(tc.event))) - } if tc.err != "" { g.Expect(err).To(MatchError(ContainSubstring(tc.err))) } else { g.Expect(err).NotTo(HaveOccurred()) } + if tc.event != "" { + g.Expect(reconciler.Recorder.(*record.FakeRecorder).Events).To(Receive(ContainSubstring(tc.event))) + } }) } } diff --git a/controllers/azurecluster_controller_test.go b/controllers/azurecluster_controller_test.go index 070f90bfc93..5deb7303a45 100644 --- a/controllers/azurecluster_controller_test.go +++ b/controllers/azurecluster_controller_test.go @@ -21,11 +21,13 @@ import ( "testing" "time" + aadpodv1 "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity/v1" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -246,11 +248,26 @@ func TestAzureClusterReconcilePaused(t *testing.T) { clusterv1.AddToScheme, infrav1.AddToScheme, asoresourcesv1.AddToScheme, + corev1.AddToScheme, + aadpodv1.AddToScheme, ) s := runtime.NewScheme() g.Expect(sb.AddToScheme(s)).To(Succeed()) + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + fakeSecret := &corev1.Secret{} + + initObjects := []runtime.Object{fakeIdentity, fakeSecret} c := fake.NewClientBuilder(). WithScheme(s). + WithRuntimeObjects(initObjects...). Build() recorder := record.NewFakeRecorder(1) @@ -286,6 +303,11 @@ func TestAzureClusterReconcilePaused(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "something", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, ResourceGroup: name, }, @@ -426,9 +448,22 @@ func getClusterReconcileInputs(tc TestClusterReconcileInput) (*AzureClusterRecon }) } + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + fakeSecret := &corev1.Secret{} + objects := []runtime.Object{ cluster, azureCluster, + fakeIdentity, + fakeSecret, } client := fake.NewClientBuilder(). diff --git a/controllers/azurejson_machine_controller_test.go b/controllers/azurejson_machine_controller_test.go index 35081e5765f..600640e9edd 100644 --- a/controllers/azurejson_machine_controller_test.go +++ b/controllers/azurejson_machine_controller_test.go @@ -120,6 +120,10 @@ func TestAzureJSONMachineReconciler(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -150,6 +154,17 @@ func TestAzureJSONMachineReconciler(t *testing.T) { }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + fakeSecret := &corev1.Secret{} + cases := map[string]struct { objects []runtime.Object fail bool @@ -160,6 +175,8 @@ func TestAzureJSONMachineReconciler(t *testing.T) { cluster, azureCluster, azureMachine, + fakeIdentity, + fakeSecret, }, }, "missing azure cluster should return error": { @@ -182,6 +199,8 @@ func TestAzureJSONMachineReconciler(t *testing.T) { }, azureCluster, azureMachine, + fakeIdentity, + fakeSecret, }, fail: false, }, @@ -201,6 +220,8 @@ func TestAzureJSONMachineReconciler(t *testing.T) { }, azureCluster, azureMachine, + fakeIdentity, + fakeSecret, }, fail: false, }, @@ -247,6 +268,8 @@ func newScheme() (*runtime.Scheme, error) { infrav1exp.AddToScheme, aadpodv1.AddToScheme, expv1.AddToScheme, + corev1.AddToScheme, + aadpodv1.AddToScheme, } for _, fn := range schemeFn { fn := fn diff --git a/controllers/azurejson_machinepool_controller_test.go b/controllers/azurejson_machinepool_controller_test.go index 4340ef13933..4ffbea3b016 100644 --- a/controllers/azurejson_machinepool_controller_test.go +++ b/controllers/azurejson_machinepool_controller_test.go @@ -77,6 +77,11 @@ func TestAzureJSONPoolReconciler(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -125,6 +130,18 @@ func TestAzureJSONPoolReconciler(t *testing.T) { }, } + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + + fakeSecret := &corev1.Secret{} + cases := map[string]struct { objects []runtime.Object fail bool @@ -136,6 +153,8 @@ func TestAzureJSONPoolReconciler(t *testing.T) { azureCluster, machinePool, azureMachinePool, + fakeIdentity, + fakeSecret, }, }, "missing azure cluster should return error": { @@ -143,6 +162,8 @@ func TestAzureJSONPoolReconciler(t *testing.T) { cluster, machinePool, azureMachinePool, + fakeIdentity, + fakeSecret, }, fail: true, err: "failed to create cluster scope for cluster /my-cluster: azureclusters.infrastructure.cluster.x-k8s.io \"my-azure-cluster\" not found", @@ -160,6 +181,8 @@ func TestAzureJSONPoolReconciler(t *testing.T) { azureCluster, machinePool, azureMachinePool, + fakeIdentity, + fakeSecret, }, fail: false, }, @@ -180,6 +203,8 @@ func TestAzureJSONPoolReconciler(t *testing.T) { azureCluster, machinePool, azureMachinePool, + fakeIdentity, + fakeSecret, }, fail: true, err: "failed to create cluster scope for cluster /my-cluster: unsupported infrastructure type \"FooCluster\", should be AzureCluster or AzureManagedCluster", @@ -292,6 +317,11 @@ func TestAzureJSONPoolReconcilerUserAssignedIdentities(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -307,6 +337,20 @@ func TestAzureJSONPoolReconcilerUserAssignedIdentities(t *testing.T) { } apiVersion, kind := infrav1.GroupVersion.WithKind("AzureMachinePool").ToAPIVersionAndKind() + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientSecret: corev1.SecretReference{ + Name: azureMP.Name, + Namespace: "fake-ns", + }, + }, + } + sec := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: azureMP.Name, @@ -325,7 +369,7 @@ func TestAzureJSONPoolReconcilerUserAssignedIdentities(t *testing.T) { }, } - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(azureMP, ownerMP, cluster, azureCluster, sec).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(azureMP, ownerMP, cluster, azureCluster, sec, fakeIdentity).Build() rec := AzureJSONMachinePoolReconciler{ Client: client, Recorder: record.NewFakeRecorder(42), diff --git a/controllers/azuremachine_controller_test.go b/controllers/azuremachine_controller_test.go index 7a8b1a409f7..911590e4719 100644 --- a/controllers/azuremachine_controller_test.go +++ b/controllers/azuremachine_controller_test.go @@ -21,6 +21,7 @@ import ( "testing" "time" + "github.com/Azure/go-autorest/autorest" . "github.com/onsi/gomega" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" @@ -37,6 +38,7 @@ import ( clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" capierrors "sigs.k8s.io/cluster-api/errors" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) @@ -61,6 +63,8 @@ func TestAzureMachineReconcile(t *testing.T) { defaultAzureCluster := getFakeAzureCluster() defaultAzureMachine := getFakeAzureMachine() defaultMachine := getFakeMachine(defaultAzureMachine) + defaultAzureClusterIdentity := getFakeAzureClusterIdentity() + defaultSecret := &corev1.Secret{} cases := map[string]struct { objects []runtime.Object @@ -74,6 +78,8 @@ func TestAzureMachineReconcile(t *testing.T) { defaultAzureCluster, defaultAzureMachine, defaultMachine, + defaultAzureClusterIdentity, + defaultSecret, }, }, "should not fail if the azure machine is not found": { @@ -81,6 +87,7 @@ func TestAzureMachineReconcile(t *testing.T) { defaultCluster, defaultAzureCluster, defaultMachine, + defaultAzureClusterIdentity, }, }, "should fail if machine is not found": { @@ -88,6 +95,7 @@ func TestAzureMachineReconcile(t *testing.T) { defaultCluster, defaultAzureCluster, defaultAzureMachine, + defaultAzureClusterIdentity, }, fail: true, err: "machines.cluster.x-k8s.io \"my-machine\" not found", @@ -100,6 +108,7 @@ func TestAzureMachineReconcile(t *testing.T) { am.OwnerReferences = nil }), defaultMachine, + defaultAzureClusterIdentity, }, event: "Machine controller dependency not yet met", }, @@ -123,7 +132,7 @@ func TestAzureMachineReconcile(t *testing.T) { for name, tc := range cases { t.Run(name, func(t *testing.T) { - client := fake.NewClientBuilder(). + fakeClient := fake.NewClientBuilder(). WithScheme(scheme). WithRuntimeObjects(tc.objects...). WithStatusSubresource( @@ -131,8 +140,12 @@ func TestAzureMachineReconcile(t *testing.T) { ). Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: defaultAzureClusterIdentity.Name, Namespace: defaultAzureClusterIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)) + reconciler := &AzureMachineReconciler{ - Client: client, + Client: fakeClient, Recorder: record.NewFakeRecorder(128), } @@ -357,12 +370,17 @@ func getMachineReconcileInputs(tc TestMachineReconcileInput) (*AzureMachineRecon DataSecretName: ptr.To("fooSecret"), } }) + azureClusterIdentity := getFakeAzureClusterIdentity(func(identity *infrav1.AzureClusterIdentity) { + identity.Spec.ClientSecret.Name = "fooSecret" + identity.Spec.ClientSecret.Namespace = "default" + }) objects := []runtime.Object{ cluster, azureCluster, machine, azureMachine, + azureClusterIdentity, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "fooSecret", @@ -535,6 +553,11 @@ func getFakeAzureCluster(changes ...func(*infrav1.AzureCluster)) *infrav1.AzureC Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, NetworkSpec: infrav1.NetworkSpec{ Subnets: infrav1.Subnets{ @@ -596,6 +619,26 @@ func getFakeAzureMachine(changes ...func(*infrav1.AzureMachine)) *infrav1.AzureM return input } +func getFakeAzureClusterIdentity(changes ...func(*infrav1.AzureClusterIdentity)) *infrav1.AzureClusterIdentity { + input := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: "fake-client-id", + TenantID: "fake-tenant-id", + }, + } + + for _, change := range changes { + change(input) + } + + return input +} + func getFakeMachine(azureMachine *infrav1.AzureMachine, changes ...func(*clusterv1.Machine)) *clusterv1.Machine { input := &clusterv1.Machine{ ObjectMeta: metav1.ObjectMeta{ @@ -628,7 +671,8 @@ func getFakeMachine(azureMachine *infrav1.AzureMachine, changes ...func(*cluster func TestConditions(t *testing.T) { g := NewWithT(t) - scheme := setupScheme(g) + scheme, err := newScheme() + g.Expect(err).NotTo(HaveOccurred()) testcases := []struct { name string @@ -714,29 +758,45 @@ func TestConditions(t *testing.T) { Spec: infrav1.AzureClusterSpec{ AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ SubscriptionID: "123", + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, }, }, } + azureClusterIdentity := getFakeAzureClusterIdentity() + defaultSecret := &corev1.Secret{} + initObjects := []runtime.Object{ cluster, tc.machine, azureCluster, tc.azureMachine, + azureClusterIdentity, + defaultSecret, } - client := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultIdentity := &infrav1.AzureClusterIdentity{} + key := client.ObjectKey{Name: azureClusterIdentity.Name, Namespace: azureClusterIdentity.Namespace} + g.Expect(fakeClient.Get(context.TODO(), key, resultIdentity)) recorder := record.NewFakeRecorder(10) - reconciler := NewAzureMachineReconciler(client, recorder, reconciler.DefaultLoopTimeout, "") + reconciler := NewAzureMachineReconciler(fakeClient, recorder, reconciler.DefaultLoopTimeout, "") clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ - Client: client, + AzureClients: scope.AzureClients{ + Authorizer: autorest.NullAuthorizer{}, + }, + Client: fakeClient, Cluster: cluster, AzureCluster: azureCluster, }) g.Expect(err).NotTo(HaveOccurred()) machineScope, err := scope.NewMachineScope(scope.MachineScopeParams{ - Client: client, + Client: fakeClient, ClusterScope: clusterScope, Machine: tc.machine, AzureMachine: tc.azureMachine, diff --git a/controllers/azuremanagedmachinepool_controller_test.go b/controllers/azuremanagedmachinepool_controller_test.go index f8e53e828cd..05c3c934831 100644 --- a/controllers/azuremanagedmachinepool_controller_test.go +++ b/controllers/azuremanagedmachinepool_controller_test.go @@ -22,6 +22,7 @@ import ( "testing" "time" + aadpodv1 "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity/v1" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" "github.com/Azure/go-autorest/autorest/azure/auth" . "github.com/onsi/gomega" @@ -144,15 +145,28 @@ func TestAzureManagedMachinePoolReconcile(t *testing.T) { MockReconciler: mock_azure.NewMockReconciler(mockCtrl), MockPauser: mock_azure.NewMockPauser(mockCtrl), } - agentpools = mock_agentpools.NewMockAgentPoolScope(mockCtrl) - nodelister = NewMockNodeLister(mockCtrl) - scheme = func() *runtime.Scheme { + agentpools = mock_agentpools.NewMockAgentPoolScope(mockCtrl) + nodelister = NewMockNodeLister(mockCtrl) + fakeIdentity = &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + fakeSecret = &corev1.Secret{} + initObjects = []runtime.Object{fakeIdentity, fakeSecret} + scheme = func() *runtime.Scheme { s := runtime.NewScheme() for _, addTo := range []func(s *runtime.Scheme) error{ scheme.AddToScheme, clusterv1.AddToScheme, expv1.AddToScheme, infrav1.AddToScheme, + corev1.AddToScheme, + aadpodv1.AddToScheme, } { g.Expect(addTo(s)).To(Succeed()) } @@ -163,6 +177,7 @@ func TestAzureManagedMachinePoolReconcile(t *testing.T) { WithStatusSubresource( &infrav1.AzureManagedMachinePool{}, ). + WithRuntimeObjects(initObjects...). WithScheme(scheme) ) defer mockCtrl.Finish() @@ -226,6 +241,13 @@ func newReadyAzureManagedMachinePoolCluster() (*clusterv1.Cluster, *infrav1.Azur Host: "foo.bar", Port: 123, }, + AzureManagedControlPlaneClassSpec: infrav1.AzureManagedControlPlaneClassSpec{ + IdentityRef: &corev1.ObjectReference{ + Name: "fake-identity", + Namespace: "default", + Kind: "AzureClusterIdentity", + }, + }, }, Status: infrav1.AzureManagedControlPlaneStatus{ Ready: true, diff --git a/controllers/helpers_test.go b/controllers/helpers_test.go index bb63b5a508e..de8cd3cf0af 100644 --- a/controllers/helpers_test.go +++ b/controllers/helpers_test.go @@ -23,6 +23,7 @@ import ( "strings" "testing" + aadpodv1 "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity/v1" "github.com/Azure/go-autorest/autorest/azure/auth" "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" @@ -96,6 +97,8 @@ func TestGetCloudProviderConfig(t *testing.T) { scheme := runtime.NewScheme() _ = clusterv1.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) + _ = corev1.AddToScheme(scheme) + _ = aadpodv1.AddToScheme(scheme) cluster := newCluster("foo") azureCluster := newAzureCluster("bar") @@ -174,8 +177,33 @@ func TestGetCloudProviderConfig(t *testing.T) { if tc.machinePoolFeature { defer utilfeature.SetFeatureGateDuringTest(t, capifeature.Gates, capifeature.MachinePool, true)() } - initObjects := []runtime.Object{tc.cluster, tc.azureCluster} + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + ClientID: "fooClient", + TenantID: "fooTenant", + ClientSecret: corev1.SecretReference{Name: "fooSecret", Namespace: "default"}, + }, + } + fakeSecret := getASOSecret(tc.cluster, func(s *corev1.Secret) { + s.ObjectMeta.Name = "fooSecret" + s.Data = map[string][]byte{ + "AZURE_SUBSCRIPTION_ID": []byte("fooSubscription"), + "AZURE_TENANT_ID": []byte("fooTenant"), + "AZURE_CLIENT_ID": []byte("fooClient"), + "AZURE_CLIENT_SECRET": []byte("fooSecret"), + } + }) + + initObjects := []runtime.Object{tc.cluster, tc.azureCluster, fakeIdentity, fakeSecret} fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() + resultSecret := &corev1.Secret{} + key := client.ObjectKey{Name: fakeSecret.Name, Namespace: fakeSecret.Namespace} + g.Expect(fakeClient.Get(context.Background(), key, resultSecret)).To(Succeed()) clusterScope, err := scope.NewClusterScope(context.Background(), scope.ClusterScopeParams{ Cluster: tc.cluster, @@ -280,8 +308,20 @@ func TestReconcileAzureSecret(t *testing.T) { azureCluster.Default() cluster.Name = "testCluster" + fakeIdentity := &infrav1.AzureClusterIdentity{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake-identity", + Namespace: "default", + }, + Spec: infrav1.AzureClusterIdentitySpec{ + Type: infrav1.ServicePrincipal, + }, + } + fakeSecret := &corev1.Secret{} + initObjects := []runtime.Object{fakeIdentity, fakeSecret} + scheme := setupScheme(g) - kubeclient := fake.NewClientBuilder().WithScheme(scheme).Build() + kubeclient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(initObjects...).Build() clusterScope, err := scope.NewClusterScope(context.Background(), scope.ClusterScopeParams{ Cluster: cluster, @@ -337,6 +377,7 @@ func setupScheme(g *WithT) *runtime.Scheme { g.Expect(clientgoscheme.AddToScheme(scheme)).To(Succeed()) g.Expect(infrav1.AddToScheme(scheme)).To(Succeed()) g.Expect(clusterv1.AddToScheme(scheme)).To(Succeed()) + g.Expect(aadpodv1.AddToScheme(scheme)).To(Succeed()) return scheme } @@ -382,6 +423,11 @@ func newAzureCluster(location string) *infrav1.AzureCluster { AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: location, SubscriptionID: "baz", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + Name: "fake-identity", + Namespace: "default", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{}, @@ -435,6 +481,11 @@ func newAzureClusterWithCustomVnet(location string) *infrav1.AzureCluster { AzureClusterClassSpec: infrav1.AzureClusterClassSpec{ Location: location, SubscriptionID: "baz", + IdentityRef: &corev1.ObjectReference{ + Kind: "AzureClusterIdentity", + Name: "fake-identity", + Namespace: "default", + }, }, NetworkSpec: infrav1.NetworkSpec{ Vnet: infrav1.VnetSpec{