From 7c946378d4cddfd8b786d65c2f1e7ba665bb2c46 Mon Sep 17 00:00:00 2001 From: cadenmarchese Date: Tue, 11 Jun 2024 08:38:01 -0400 Subject: [PATCH] remove unnecessary consts and functions, add pwirs get --- cmd/aro/const.go | 19 ++--- cmd/aro/update_role_sets.go | 154 +++++++++++++----------------------- 2 files changed, 61 insertions(+), 112 deletions(-) diff --git a/cmd/aro/const.go b/cmd/aro/const.go index 9c61279219f..499d14e677e 100644 --- a/cmd/aro/const.go +++ b/cmd/aro/const.go @@ -4,16 +4,11 @@ package main // Licensed under the Apache License 2.0. const ( - envDatabaseName = "DATABASE_NAME" - envDatabaseAccountName = "DATABASE_ACCOUNT_NAME" - envKeyVaultPrefix = "KEYVAULT_PREFIX" - envDBTokenUrl = "DBTOKEN_URL" - envOpenShiftVersions = "OPENSHIFT_VERSIONS" - envInstallerImageDigests = "INSTALLER_IMAGE_DIGESTS" - envPlatformWorkloadIdentityRoles = "PLATFORM_WORKLOAD_IDENTITY_ROLES" - envOpenShiftVersion = "OPENSHIFT_VERSION" - envOperatorName = "OPERATOR_NAME" - envRoleDefinitionName = "ROLE_DEFINITION_NAME" - envRoleDefinitionId = "ROLE_DEFINITION_ID" - envServiceAccounts = "SERVICE_ACCOUNTS" + envDatabaseName = "DATABASE_NAME" + envDatabaseAccountName = "DATABASE_ACCOUNT_NAME" + envKeyVaultPrefix = "KEYVAULT_PREFIX" + envDBTokenUrl = "DBTOKEN_URL" + envOpenShiftVersions = "OPENSHIFT_VERSIONS" + envInstallerImageDigests = "INSTALLER_IMAGE_DIGESTS" + envPlatformWorkloadIdentityRoleSets = "PLATFORM_WORKLOAD_IDENTITY_ROLE_SETS" ) diff --git a/cmd/aro/update_role_sets.go b/cmd/aro/update_role_sets.go index 3cc0b15acd3..a31899bf26a 100644 --- a/cmd/aro/update_role_sets.go +++ b/cmd/aro/update_role_sets.go @@ -20,10 +20,9 @@ import ( // Script parts: -// 1) Define types according to what's in RP-Config for PlatformWorkloadIdentityRoleSets -// 2) Get env vars from the agent VM where this pipeline/script will be running, convert them into an incoming role set -// 3) Get the existing role set documents, if existing -// 4) Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new +// 1) Get env vars from the agent VM where this pipeline/script will be running, convert them into an incoming role set +// 2) Get the existing role set documents, if existing +// 3) Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new // RP-Config example: @@ -36,116 +35,71 @@ import ( // serviceAccounts: // - 'openshift-cloud-controller-manager:cloud-controller-manager' // - operatorName: 'ClusterIngressOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Cluster Ingress Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0336e1d3-7a87-462b-b6db-342b63f7802c' +// serviceAccounts: +// - 'openshift-ingress-operator:ingress-operator' +// - operatorName: 'MachineApiOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Machine API Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0358943c-7e01-48ba-8889-02cc51d78637' +// serviceAccounts: +// - 'openshift-machine-api:machine-api-operator' +// - operatorName: 'StorageOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Storage Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/5b7237c5-45e1-49d6-bc18-a1f62f400748' +// serviceAccounts: +// - 'openshift-cluster-csi-drivers:azure-disk-csi-driver-operator' +// - 'openshift-cluster-csi-drivers:azure-disk-csi-driver-controller-sa' +// - operatorName: 'NetworkOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Network Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/be7a6435-15ae-4171-8f30-4a343eff9e8f' +// serviceAccounts: +// - 'openshift-cloud-network-config-controller:cloud-network-config-controller' +// - operatorName: 'ImageRegistryOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Image Registry Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/8b32b316-c2f5-4ddf-b05b-83dacd2d08b5' +// serviceAccounts: +// - 'openshift-image-registry:cluster-image-registry-operator' +// - 'openshift-image-registry:registry' +// - operatorName: 'AzureFilesStorageOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Azure Files Storage Operator Role' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/0d7aedc0-15fd-4a67-a412-efad370c947e' +// serviceAccounts: +// - 'openshift-cluster-csi-drivers:azure-file-csi-driver-operator' +// - 'openshift-cluster-csi-drivers:azure-file-csi-driver-controller-sa' +// - 'openshift-cluster-csi-drivers:azure-file-csi-driver-node-sa' +// - operatorName: 'ServiceOperator' +// roleDefinitionName: 'Azure RedHat OpenShift Service Operator' +// roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4436bae4-7702-4c84-919b-c4069ff25ee2' +// serviceAccounts: +// - 'openshift-azure-operator:aro-operator-master' -// 1 - Define types according to what's in RP-Config -type OpenShiftVersion string -type OperatorName string -type RoleDefinitionName string -type RoleDefinitionID string -type ServiceAccounts []string - -// 2- Get env data from agent VMs (with getEnvironemntData) and write to types created in step 1 -func getOpenShiftVersion() (OpenShiftVersion, error) { - const envKey = envOpenShiftVersion - var OpenShiftVersion OpenShiftVersion - - if err := getEnvironmentData(envKey, OpenShiftVersion); err != nil { - return "", err - } - - return OpenShiftVersion, nil -} - -func getOperatorName() (OperatorName, error) { - const envKey = envOperatorName - var OperatorName OperatorName - - if err := getEnvironmentData(envKey, OperatorName); err != nil { - return "", err - } - - return OperatorName, nil -} - -func getRoleDefinitionName() (RoleDefinitionName, error) { - const envKey = envRoleDefinitionName - var RoleDefinitionName RoleDefinitionName - - if err := getEnvironmentData(envKey, RoleDefinitionName); err != nil { - return "", err - } - - return RoleDefinitionName, nil -} - -func getRoleDefinitionID() (RoleDefinitionID, error) { - const envKey = envRoleDefinitionId - var RoleDefinitionID RoleDefinitionID - - if err := getEnvironmentData(envKey, RoleDefinitionID); err != nil { - return "", err - } - - return RoleDefinitionID, nil -} - -func getServiceAccounts() (ServiceAccounts, error) { - const envKey = envServiceAccounts - var ServiceAccounts ServiceAccounts +// 1 - Get env data from agent VMs (with getEnvironemntData) and write to types created in step 1 +func getPlatformWorkloadIdentityRoleSets() ([]api.PlatformWorkloadIdentityRoleSet, error) { + const envKey = envPlatformWorkloadIdentityRoleSets + var PlatformWorkloadIdentityRoleSet []api.PlatformWorkloadIdentityRoleSet - if err := getEnvironmentData(envKey, ServiceAccounts); err != nil { + // marshall env data into type []api.PlatformWorkloadIdentityRoleSet + if err := getEnvironmentData(envKey, PlatformWorkloadIdentityRoleSet); err != nil { return nil, err } - return ServiceAccounts, nil + return PlatformWorkloadIdentityRoleSet, nil } func getRoleSetFromEnv() ([]api.PlatformWorkloadIdentityRoleSet, error) { - openShiftVersion, err := getOpenShiftVersion() - if err != nil { - return []api.PlatformWorkloadIdentityRoleSet{}, err - } - - operatorName, err := getOperatorName() - if err != nil { - return []api.PlatformWorkloadIdentityRoleSet{}, err - } - - serviceAccounts, err := getServiceAccounts() - if err != nil { - return []api.PlatformWorkloadIdentityRoleSet{}, err - } - - roleDefinitionName, err := getRoleDefinitionName() + roleSet, err := getPlatformWorkloadIdentityRoleSets() if err != nil { return []api.PlatformWorkloadIdentityRoleSet{}, err } - roleDefinitionId, err := getRoleDefinitionID() - if err != nil { - return []api.PlatformWorkloadIdentityRoleSet{}, err - } - - platformWorkloadIdentityRoleSet := []api.PlatformWorkloadIdentityRoleSet{ - { - Properties: api.PlatformWorkloadIdentityRoleSetProperties{ - OpenShiftVersion: string(openShiftVersion), - PlatformWorkloadIdentityRoles: []api.PlatformWorkloadIdentityRole{ - { - OperatorName: string(operatorName), - ServiceAccounts: serviceAccounts, - RoleDefinitionName: string(roleDefinitionName), - RoleDefinitionID: string(roleDefinitionId), - }, - }, - }, - }, - } + finalRoleSet := []api.PlatformWorkloadIdentityRoleSet{} + finalRoleSet = append(finalRoleSet, roleSet...) - return platformWorkloadIdentityRoleSet, nil + return finalRoleSet, nil } -// 3 - Get the existing role set documents, if existing +// 2 - Get the existing role set documents, if existing // Mostly copied from update_ocp_versions.go func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus.Entry) (database.PlatformWorkloadIdentityRoleSets, error) { _env, err := env.NewCore(ctx, log, env.COMPONENT_UPDATE_OCP_VERSIONS) @@ -206,7 +160,7 @@ func getPlatformWorkloadIdentityRoleSetDatabase(ctx context.Context, log *logrus return dbPlatformWorkloadIdentityRoleSetsDocument, nil } -// 4 - Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new +// 3 - Put/patch the new role sets to the doc, overwriting whatever is there for that version, or adding if new // Mostly copied from update_ocp_versions.go func updatePlatformWorkloadIdentityRoleSetsInCosmosDB(ctx context.Context, dbPlatformWorkloadIdentityRoleSets database.PlatformWorkloadIdentityRoleSets, log *logrus.Entry) error { dbPlatformWorkloadIdentityRoleSet, err := dbPlatformWorkloadIdentityRoleSets.ListAll(ctx)