From 994010927c7f8189cb49c72e9279d24024730ac5 Mon Sep 17 00:00:00 2001 From: willie-yao Date: Tue, 17 Oct 2023 21:57:14 +0000 Subject: [PATCH] Add types --- Makefile | 2 +- azure/services/bastionhosts/bastionhosts.go | 16 +- .../bastionhosts/bastionhosts_test.go | 12 +- .../mocks_bastionhosts/bastionhosts_mock.go | 2 +- azure/services/bastionhosts/spec.go | 15 +- config/aso/crds.yaml | 535 ++++++++++++++++++ config/rbac/role.yaml | 20 + controllers/azurecluster_controller.go | 2 + controllers/azurecluster_reconciler.go | 6 +- 9 files changed, 573 insertions(+), 37 deletions(-) diff --git a/Makefile b/Makefile index cf051c57864..f7f7c1ad958 100644 --- a/Makefile +++ b/Makefile @@ -158,7 +158,7 @@ WEBHOOK_ROOT ?= $(MANIFEST_ROOT)/webhook RBAC_ROOT ?= $(MANIFEST_ROOT)/rbac ASO_CRDS_PATH := $(MANIFEST_ROOT)/aso/crds.yaml ASO_VERSION := v2.3.0 -ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com +ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com bastionhosts.network.azure.com # Allow overriding the imagePullPolicy PULL_POLICY ?= Always diff --git a/azure/services/bastionhosts/bastionhosts.go b/azure/services/bastionhosts/bastionhosts.go index ca0bc89d801..33599386982 100644 --- a/azure/services/bastionhosts/bastionhosts.go +++ b/azure/services/bastionhosts/bastionhosts.go @@ -17,8 +17,6 @@ limitations under the License. package bastionhosts import ( - "context" - asonetworkv1 "github.com/Azure/azure-service-operator/v2/api/network/v1api20220701" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/azure" @@ -41,7 +39,7 @@ type Service struct { } // New creates a new service. -func New(scope BastionScope) (*Service, error) { +func New(scope BastionScope) *Service { svc := aso.NewService[*asonetworkv1.BastionHost, BastionScope](serviceName, scope) spec := scope.AzureBastionSpec() if spec != nil { @@ -51,15 +49,5 @@ func New(scope BastionScope) (*Service, error) { return &Service{ Scope: scope, Service: svc, - }, nil -} - -// Name returns the service name. -func (s *Service) Name() string { - return serviceName -} - -// IsManaged returns always returns true as CAPZ does not support BYO bastion. -func (s *Service) IsManaged(ctx context.Context) (bool, error) { - return true, nil + } } diff --git a/azure/services/bastionhosts/bastionhosts_test.go b/azure/services/bastionhosts/bastionhosts_test.go index a1cedbb929b..44e7f306cf1 100644 --- a/azure/services/bastionhosts/bastionhosts_test.go +++ b/azure/services/bastionhosts/bastionhosts_test.go @@ -46,7 +46,7 @@ var ( SubnetID: fakeSubnetID, PublicIPID: fakePublicIPID, } - conditionType = clusterv1.ConditionType(infrav1.BastionHostReadyCondition) + conditionType = infrav1.BastionHostReadyCondition internalError = autorest.NewErrorWithResponse("", "", &http.Response{StatusCode: http.StatusInternalServerError}, "Internal Server Error") ) @@ -112,11 +112,10 @@ func TestReconcileBastionHosts(t *testing.T) { tc.expect(scopeMock.EXPECT(), reconcilerMock.EXPECT()) - s, err := New(scopeMock) - g.Expect(err).NotTo(HaveOccurred()) + s := New(scopeMock) s.Reconciler = reconcilerMock - err = s.Reconcile(context.TODO()) + err := s.Reconcile(context.TODO()) if tc.expectedError != "" { g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(tc.expectedError)) @@ -184,11 +183,10 @@ func TestDeleteBastionHost(t *testing.T) { tc.expect(scopeMock.EXPECT(), reconcilerMock.EXPECT()) - s, err := New(scopeMock) - g.Expect(err).NotTo(HaveOccurred()) + s := New(scopeMock) s.Reconciler = reconcilerMock - err = s.Delete(context.TODO()) + err := s.Delete(context.TODO()) if tc.expectedError != "" { g.Expect(err).To(HaveOccurred()) g.Expect(err).To(MatchError(tc.expectedError)) diff --git a/azure/services/bastionhosts/mocks_bastionhosts/bastionhosts_mock.go b/azure/services/bastionhosts/mocks_bastionhosts/bastionhosts_mock.go index d1c92c2d01b..08a59f841e2 100644 --- a/azure/services/bastionhosts/mocks_bastionhosts/bastionhosts_mock.go +++ b/azure/services/bastionhosts/mocks_bastionhosts/bastionhosts_mock.go @@ -19,7 +19,7 @@ limitations under the License. // // Generated by this command: // -// mockgen -destination bastionhosts_mock.go -package mock_bastionhosts -source ../bastionhosts.go +// mockgen -destination bastionhosts_mock.go -package mock_bastionhosts -source ../bastionhosts.go BastionScope // // Package mock_bastionhosts is a generated GoMock package. package mock_bastionhosts diff --git a/azure/services/bastionhosts/spec.go b/azure/services/bastionhosts/spec.go index b02c289af60..ffe9c88676d 100644 --- a/azure/services/bastionhosts/spec.go +++ b/azure/services/bastionhosts/spec.go @@ -32,6 +32,7 @@ import ( type AzureBastionSpec struct { Name string Namespace string + AzureName string ResourceGroup string Location string ClusterName string @@ -41,13 +42,6 @@ type AzureBastionSpec struct { EnableTunneling bool } -// AzureBastionSpecInput defines the required inputs to construct an azure bastion spec. -type AzureBastionSpecInput struct { - SubnetName string - PublicIPName string - VNetName string -} - // ResourceRef implements azure.ASOResourceSpecGetter. func (s *AzureBastionSpec) ResourceRef() *asonetworkv1.BastionHost { return &asonetworkv1.BastionHost{ @@ -58,7 +52,7 @@ func (s *AzureBastionSpec) ResourceRef() *asonetworkv1.BastionHost { } } -// Parameters returns the parameters for the bastion host. +// Parameters implements azure.ASOResourceSpecGetter. func (s *AzureBastionSpec) Parameters(ctx context.Context, existingBastionHost *asonetworkv1.BastionHost) (parameters *asonetworkv1.BastionHost, err error) { if existingBastionHost != nil { // bastion host already exists @@ -69,8 +63,11 @@ func (s *AzureBastionSpec) Parameters(ctx context.Context, existingBastionHost * return &asonetworkv1.BastionHost{ Spec: asonetworkv1.BastionHost_Spec{ - AzureName: s.Name, + AzureName: s.AzureName, Location: ptr.To(s.Location), + Owner: &genruntime.KnownResourceReference{ + Name: s.ClusterName, + }, Tags: infrav1.Build(infrav1.BuildParams{ ClusterName: s.ClusterName, Lifecycle: infrav1.ResourceLifecycleOwned, diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index de1cc5ba697..00451960f24 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -1,5 +1,540 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.3.0 + name: bastionhosts.network.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: network.azure.com + names: + kind: BastionHost + listKind: BastionHostList + plural: bastionhosts + singular: bastionhost + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701 + schema: + openAPIV3Schema: + description: 'Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + azureName: + description: 'AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn''t have to be.' + type: string + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' + type: boolean + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host resource.' + items: + description: IP configuration of an Bastion Host. + properties: + name: + description: 'Name: Name of the resource that is unique within a resource group. This name can be used to access the resource.' + type: string + privateIPAllocationMethod: + description: 'PrivateIPAllocationMethod: Private IP allocation method.' + enum: + - Dynamic + - Static + type: string + publicIPAddress: + description: 'PublicIPAddress: Reference of the PublicIP resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: 'Subnet: Reference of the subnet resource.' + properties: + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + required: + - publicIPAddress + - subnet + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + maximum: 50 + minimum: 2 + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + enum: + - Basic + - Standard + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + required: + - owner + type: object + status: + description: Bastion Host resource. + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type of condition. For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' + type: boolean + dnsName: + description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' + type: string + enableFileCopy: + description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' + type: boolean + enableIpConnect: + description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' + type: boolean + enableShareableLink: + description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' + type: boolean + enableTunneling: + description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' + type: boolean + etag: + description: 'Etag: A unique read-only string that changes whenever the resource is updated.' + type: string + id: + description: 'Id: Resource ID.' + type: string + ipConfigurations: + description: 'IpConfigurations: IP configuration of the Bastion Host resource.' + items: + description: IP configuration of an Bastion Host. + properties: + id: + description: 'Id: Resource ID.' + type: string + type: object + type: array + location: + description: 'Location: Resource location.' + type: string + name: + description: 'Name: Resource name.' + type: string + provisioningState: + description: 'ProvisioningState: The provisioning state of the bastion host resource.' + type: string + scaleUnits: + description: 'ScaleUnits: The scale units for the Bastion Host resource.' + type: integer + sku: + description: 'Sku: The sku of this Bastion Host.' + properties: + name: + description: 'Name: The name of this Bastion Host.' + type: string + type: object + tags: + additionalProperties: + type: string + description: 'Tags: Resource tags.' + type: object + type: + description: 'Type: Resource type.' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20220701storage + schema: + openAPIV3Schema: + description: 'Storage version of v1api20220701.BastionHost Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Storage version of v1api20220701.BastionHost_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: 'AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn''t have to be.' + type: string + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + privateIPAllocationMethod: + type: string + publicIPAddress: + description: Storage version of v1api20220701.BastionHostSubResource Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + subnet: + description: Storage version of v1api20220701.BastionHostSubResource Reference to another subresource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: Resource ID.' + properties: + armId: + description: ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: object + type: array + location: + type: string + originalVersion: + type: string + owner: + description: 'Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource' + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + required: + - owner + type: object + status: + description: Storage version of v1api20220701.BastionHost_STATUS Bastion Host resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: Severity with which to treat failures of this type of condition. For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + disableCopyPaste: + type: boolean + dnsName: + type: string + enableFileCopy: + type: boolean + enableIpConnect: + type: boolean + enableShareableLink: + type: boolean + enableTunneling: + type: boolean + etag: + type: string + id: + type: string + ipConfigurations: + items: + description: Storage version of v1api20220701.BastionHostIPConfiguration_STATUS IP configuration of an Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + id: + type: string + type: object + type: array + location: + type: string + name: + type: string + provisioningState: + type: string + scaleUnits: + type: integer + sku: + description: Storage version of v1api20220701.Sku_STATUS The sku of this Bastion Host. + properties: + $propertyBag: + additionalProperties: + type: string + description: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: object + tags: + additionalProperties: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 3cf9633c4c2..e1cffbd9ad7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -261,6 +261,26 @@ rules: - get - patch - update +- apiGroups: + - network.azure.com + resources: + - bastionhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.azure.com + resources: + - bastionhosts/status + verbs: + - get + - list + - watch - apiGroups: - network.azure.com resources: diff --git a/controllers/azurecluster_controller.go b/controllers/azurecluster_controller.go index a4c894a6127..69ad77ccd68 100644 --- a/controllers/azurecluster_controller.go +++ b/controllers/azurecluster_controller.go @@ -115,6 +115,8 @@ func (acr *AzureClusterReconciler) SetupWithManager(ctx context.Context, mgr ctr // +kubebuilder:rbac:groups=resources.azure.com,resources=resourcegroups/status,verbs=get;list;watch // +kubebuilder:rbac:groups=network.azure.com,resources=natgateways,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=network.azure.com,resources=natgateways/status,verbs=get;list;watch +// +kubebuilder:rbac:groups=network.azure.com,resources=bastionhosts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=network.azure.com,resources=bastionhosts/status,verbs=get;list;watch // Reconcile idempotently gets, creates, and updates a cluster. func (acr *AzureClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, reterr error) { diff --git a/controllers/azurecluster_reconciler.go b/controllers/azurecluster_reconciler.go index 8d45b62765f..5d9fb33204d 100644 --- a/controllers/azurecluster_reconciler.go +++ b/controllers/azurecluster_reconciler.go @@ -62,10 +62,6 @@ func newAzureClusterService(scope *scope.ClusterScope) (*azureClusterService, er if err != nil { return nil, err } - bastionHostsSvc, err := bastionhosts.New(scope) - if err != nil { - return nil, err - } privateEndpointsSvc, err := privateendpoints.New(scope) if err != nil { return nil, err @@ -107,7 +103,7 @@ func newAzureClusterService(scope *scope.ClusterScope) (*azureClusterService, er vnetPeeringsSvc, loadbalancersSvc, privateDNSSvc, - bastionHostsSvc, + bastionhosts.New(scope), privateEndpointsSvc, }, skuCache: skuCache,