remove unnecessary consts and functions, add pwirs get

Azure · Jun 11, 2024 · 7c94637 · 7c94637
1 parent ac891db
commit 7c94637
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 112 deletions.
diff --git a/cmd/aro/const.go b/cmd/aro/const.go
@@ -4,16 +4,11 @@ package main
 // Licensed under the Apache License 2.0.
 
 const (
-	envDatabaseName                  = "DATABASE_NAME"
-	envDatabaseAccountName           = "DATABASE_ACCOUNT_NAME"
-	envKeyVaultPrefix                = "KEYVAULT_PREFIX"
-	envDBTokenUrl                    = "DBTOKEN_URL"
-	envOpenShiftVersions             = "OPENSHIFT_VERSIONS"
-	envInstallerImageDigests         = "INSTALLER_IMAGE_DIGESTS"
-	envPlatformWorkloadIdentityRoles = "PLATFORM_WORKLOAD_IDENTITY_ROLES"
-	envOpenShiftVersion              = "OPENSHIFT_VERSION"
-	envOperatorName                  = "OPERATOR_NAME"
-	envRoleDefinitionName            = "ROLE_DEFINITION_NAME"
-	envRoleDefinitionId              = "ROLE_DEFINITION_ID"
-	envServiceAccounts               = "SERVICE_ACCOUNTS"
+	envDatabaseName                     = "DATABASE_NAME"
+	envDatabaseAccountName              = "DATABASE_ACCOUNT_NAME"
+	envKeyVaultPrefix                   = "KEYVAULT_PREFIX"
+	envDBTokenUrl                       = "DBTOKEN_URL"
+	envOpenShiftVersions                = "OPENSHIFT_VERSIONS"
+	envInstallerImageDigests            = "INSTALLER_IMAGE_DIGESTS"
+	envPlatformWorkloadIdentityRoleSets = "PLATFORM_WORKLOAD_IDENTITY_ROLE_SETS"
 )
diff --git a/cmd/aro/update_role_sets.go b/cmd/aro/update_role_sets.go
@@ -20,10 +20,9 @@ import (
 
 // Script parts:
 
-// 1) Define types according to what's in RP-Config for PlatformWorkloadIdentityRoleSets
-// 2) Get env vars from the agent VM where this pipeline/script will be running, convert them into an incoming role set
-// 3) Get the existing role set documents, if existing
-// 4) Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new
+// 1) Get env vars from the agent VM where this pipeline/script will be running, convert them into an incoming role set
+// 2) Get the existing role set documents, if existing
+// 3) Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new
 
 // RP-Config example:
 
@@ -36,116 +35,71 @@ import (
 // 	  serviceAccounts:
 // 		- 'openshift-cloud-controller-manager:cloud-controller-manager'
 // 	- operatorName: 'ClusterIngressOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Cluster Ingress Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0336e1d3-7a87-462b-b6db-342b63f7802c'
+// 	  serviceAccounts:
+// 		- 'openshift-ingress-operator:ingress-operator'
+// 	- operatorName: 'MachineApiOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Machine API Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0358943c-7e01-48ba-8889-02cc51d78637'
+// 	  serviceAccounts:
+// 		- 'openshift-machine-api:machine-api-operator'
+// 	- operatorName: 'StorageOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Storage Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/5b7237c5-45e1-49d6-bc18-a1f62f400748'
+// 	  serviceAccounts:
+// 		- 'openshift-cluster-csi-drivers:azure-disk-csi-driver-operator'
+// 		- 'openshift-cluster-csi-drivers:azure-disk-csi-driver-controller-sa'
+// 	- operatorName: 'NetworkOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Network Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/be7a6435-15ae-4171-8f30-4a343eff9e8f'
+// 	  serviceAccounts:
+// 		- 'openshift-cloud-network-config-controller:cloud-network-config-controller'
+// 	- operatorName: 'ImageRegistryOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Image Registry Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/8b32b316-c2f5-4ddf-b05b-83dacd2d08b5'
+// 	  serviceAccounts:
+// 		- 'openshift-image-registry:cluster-image-registry-operator'
+// 		- 'openshift-image-registry:registry'
+// 	- operatorName: 'AzureFilesStorageOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Azure Files Storage Operator Role'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0d7aedc0-15fd-4a67-a412-efad370c947e'
+// 	  serviceAccounts:
+// 		- 'openshift-cluster-csi-drivers:azure-file-csi-driver-operator'
+// 		- 'openshift-cluster-csi-drivers:azure-file-csi-driver-controller-sa'
+// 		- 'openshift-cluster-csi-drivers:azure-file-csi-driver-node-sa'
+// 	- operatorName: 'ServiceOperator'
+// 	  roleDefinitionName: 'Azure RedHat OpenShift Service Operator'
+// 	  roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4436bae4-7702-4c84-919b-c4069ff25ee2'
+// 	  serviceAccounts:
+// 		- 'openshift-azure-operator:aro-operator-master'
 
-// 1 - Define types according to what's in RP-Config
-type OpenShiftVersion string
-type OperatorName string
-type RoleDefinitionName string
-type RoleDefinitionID string
-type ServiceAccounts []string
-
-// 2- Get env data from agent VMs (with getEnvironemntData) and write to types created in step 1
-func getOpenShiftVersion() (OpenShiftVersion, error) {
-	const envKey = envOpenShiftVersion
-	var OpenShiftVersion OpenShiftVersion
-
-	if err := getEnvironmentData(envKey, OpenShiftVersion); err != nil {
-		return "", err
-	}
-
-	return OpenShiftVersion, nil
-}
-
-func getOperatorName() (OperatorName, error) {
-	const envKey = envOperatorName
-	var OperatorName OperatorName
-
-	if err := getEnvironmentData(envKey, OperatorName); err != nil {
-		return "", err
-	}
-
-	return OperatorName, nil
-}
-
-func getRoleDefinitionName() (RoleDefinitionName, error) {
-	const envKey = envRoleDefinitionName
-	var RoleDefinitionName RoleDefinitionName
-
-	if err := getEnvironmentData(envKey, RoleDefinitionName); err != nil {
-		return "", err
-	}
-
-	return RoleDefinitionName, nil
-}
-
-func getRoleDefinitionID() (RoleDefinitionID, error) {
-	const envKey = envRoleDefinitionId
-	var RoleDefinitionID RoleDefinitionID
-
-	if err := getEnvironmentData(envKey, RoleDefinitionID); err != nil {
-		return "", err
-	}
-
-	return RoleDefinitionID, nil
-}
-
-func getServiceAccounts() (ServiceAccounts, error) {
-	const envKey = envServiceAccounts
-	var ServiceAccounts ServiceAccounts
+// 1 - Get env data from agent VMs (with getEnvironemntData) and write to types created in step 1
+func getPlatformWorkloadIdentityRoleSets() ([]api.PlatformWorkloadIdentityRoleSet, error) {
+	const envKey = envPlatformWorkloadIdentityRoleSets
+	var PlatformWorkloadIdentityRoleSet []api.PlatformWorkloadIdentityRoleSet
 
-	if err := getEnvironmentData(envKey, ServiceAccounts); err != nil {
+	// marshall env data into type []api.PlatformWorkloadIdentityRoleSet
+	if err := getEnvironmentData(envKey, PlatformWorkloadIdentityRoleSet); err != nil {
 		return nil, err
 	}
 
-	return ServiceAccounts, nil
+	return PlatformWorkloadIdentityRoleSet, nil
 }
 
 func getRoleSetFromEnv() ([]api.PlatformWorkloadIdentityRoleSet, error) {
-	openShiftVersion, err := getOpenShiftVersion()
-	if err != nil {
-		return []api.PlatformWorkloadIdentityRoleSet{}, err
-	}
-
-	operatorName, err := getOperatorName()
-	if err != nil {
-		return []api.PlatformWorkloadIdentityRoleSet{}, err
-	}
-
-	serviceAccounts, err := getServiceAccounts()
-	if err != nil {
-		return []api.PlatformWorkloadIdentityRoleSet{}, err
-	}
-
-	roleDefinitionName, err := getRoleDefinitionName()
+	roleSet, err := getPlatformWorkloadIdentityRoleSets()
 	if err != nil {
 		return []api.PlatformWorkloadIdentityRoleSet{}, err
 	}
 
-	roleDefinitionId, err := getRoleDefinitionID()
-	if err != nil {
-		return []api.PlatformWorkloadIdentityRoleSet{}, err
-	}
-
-	platformWorkloadIdentityRoleSet := []api.PlatformWorkloadIdentityRoleSet{
-		{
-			Properties: api.PlatformWorkloadIdentityRoleSetProperties{
-				OpenShiftVersion: string(openShiftVersion),
-				PlatformWorkloadIdentityRoles: []api.PlatformWorkloadIdentityRole{
-					{
-						OperatorName:       string(operatorName),
-						ServiceAccounts:    serviceAccounts,
-						RoleDefinitionName: string(roleDefinitionName),
-						RoleDefinitionID:   string(roleDefinitionId),
-					},
-				},
-			},
-		},
-	}
+	finalRoleSet := []api.PlatformWorkloadIdentityRoleSet{}
+	finalRoleSet = append(finalRoleSet, roleSet...)
 
-	return platformWorkloadIdentityRoleSet, nil
+	return finalRoleSet, nil
 }
 
-// 3 - Get the existing role set documents, if existing
+// 2 - Get the existing role set documents, if existing
 // Mostly copied from update_ocp_versions.go
 func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus.Entry) (database.PlatformWorkloadIdentityRoleSets, error) {
 	_env, err := env.NewCore(ctx, log, env.COMPONENT_UPDATE_OCP_VERSIONS)
@@ -206,7 +160,7 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus
 	return dbPlatformWorkloadIdentityRoleSetsDocument, nil
 }
 
-// 4 - Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new
+// 3 - Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new
 // Mostly copied from update_ocp_versions.go
 func updatePlatformWorkloadIdentityRoleSetsInCosmosDB(ctx context.Context, dbPlatformWorkloadIdentityRoleSets database.PlatformWorkloadIdentityRoleSets, log *logrus.Entry) error {
 	dbPlatformWorkloadIdentityRoleSet, err := dbPlatformWorkloadIdentityRoleSets.ListAll(ctx)