-
Notifications
You must be signed in to change notification settings - Fork 431
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add support for azure system assigned identities
- add new field for IdentityType in AzureMachineSpec - add new flavor for VMs with system assigned identity - add a role assognment to the system generated identity
- Loading branch information
1 parent
6a820e0
commit 45cafc9
Showing
20 changed files
with
665 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
/* | ||
Copyright 2020 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package roleassignments | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/Azure/azure-sdk-for-go/profiles/2019-03-01/authorization/mgmt/authorization" | ||
"github.com/Azure/go-autorest/autorest" | ||
azure "sigs.k8s.io/cluster-api-provider-azure/cloud" | ||
) | ||
|
||
// Client wraps go-sdk | ||
type Client interface { | ||
Create(context.Context, string, string, authorization.RoleAssignmentCreateParameters) (authorization.RoleAssignment, error) | ||
} | ||
|
||
// AzureClient contains the Azure go-sdk Client | ||
type AzureClient struct { | ||
roleassignments authorization.RoleAssignmentsClient | ||
} | ||
|
||
var _ Client = &AzureClient{} | ||
|
||
// NewClient creates a new role assignment client from subscription ID. | ||
func NewClient(subscriptionID string, authorizer autorest.Authorizer) *AzureClient { | ||
c := newRoleAssignmentClient(subscriptionID, authorizer) | ||
return &AzureClient{c} | ||
} | ||
|
||
// newRoleAssignmentClient creates a role assignments client from subscription ID. | ||
func newRoleAssignmentClient(subscriptionID string, authorizer autorest.Authorizer) authorization.RoleAssignmentsClient { | ||
roleClient := authorization.NewRoleAssignmentsClient(subscriptionID) | ||
roleClient.Authorizer = authorizer | ||
roleClient.AddToUserAgent(azure.UserAgent) | ||
return roleClient | ||
} | ||
|
||
// Create creates a role assignment. | ||
// Parameters: | ||
// scope - the scope of the role assignment to create. The scope can be any REST resource instance. For | ||
// example, use '/subscriptions/{subscription-id}/' for a subscription, | ||
// '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and | ||
// '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' | ||
// for a resource. | ||
// roleAssignmentName - the name of the role assignment to create. It can be any valid GUID. | ||
// parameters - parameters for the role assignment. | ||
func (ac *AzureClient) Create(ctx context.Context, scope string, roleAssignmentName string, parameters authorization.RoleAssignmentCreateParameters) (authorization.RoleAssignment, error) { | ||
return ac.roleassignments.Create(ctx, scope, roleAssignmentName, parameters) | ||
} |
20 changes: 20 additions & 0 deletions
20
cloud/services/roleassignments/mock_roleassignments/doc.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/* | ||
Copyright 2020 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Run go generate to regenerate this mock. | ||
//go:generate ../../../../hack/tools/bin/mockgen -destination roleassignments_mock.go -package mock_roleassignments -source ../client.go Client | ||
//go:generate /usr/bin/env bash -c "cat ../../../../hack/boilerplate/boilerplate.generatego.txt roleassignments_mock.go > _roleassignments_mock.go && mv _roleassignments_mock.go roleassignments_mock.go" | ||
package mock_roleassignments //nolint |
66 changes: 66 additions & 0 deletions
66
cloud/services/roleassignments/mock_roleassignments/roleassignments_mock.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.