Update network SDK to track2

pkg/cluster/cluster.go

@@ -71,27 +71,31 @@ type manager struct {
 	localFpAuthorizer autorest.Authorizer
 	metricsEmitter    metrics.Emitter
 
-	spGraphClient         *utilgraph.GraphServiceClient
-	disks                 compute.DisksClient
-	virtualMachines       compute.VirtualMachinesClient
-	interfaces            network.InterfacesClient // TODO: use armInterfaces instead.
-	armInterfaces         armnetwork.InterfacesClient
-	publicIPAddresses     network.PublicIPAddressesClient // TODO: use armPublicIPAddresses instead.
-	armPublicIPAddresses  armnetwork.PublicIPAddressesClient
-	loadBalancers         network.LoadBalancersClient // TODO: use armLoadBalancers instead.
-	armLoadBalancers      armnetwork.LoadBalancersClient
-	privateEndpoints      network.PrivateEndpointsClient
-	securityGroups        network.SecurityGroupsClient
-	deployments           features.DeploymentsClient
-	resourceGroups        features.ResourceGroupsClient
-	resources             features.ResourcesClient
-	privateZones          privatedns.PrivateZonesClient
-	virtualNetworkLinks   privatedns.VirtualNetworkLinksClient
-	roleAssignments       authorization.RoleAssignmentsClient
-	roleDefinitions       authorization.RoleDefinitionsClient
-	denyAssignments       authorization.DenyAssignmentClient
-	fpPrivateEndpoints    network.PrivateEndpointsClient
-	rpPrivateLinkServices network.PrivateLinkServicesClient
+	spGraphClient            *utilgraph.GraphServiceClient
+	disks                    compute.DisksClient
+	virtualMachines          compute.VirtualMachinesClient
+	interfaces               network.InterfacesClient // TODO: use armInterfaces instead.
+	armInterfaces            armnetwork.InterfacesClient
+	publicIPAddresses        network.PublicIPAddressesClient // TODO: use armPublicIPAddresses instead.
+	armPublicIPAddresses     armnetwork.PublicIPAddressesClient
+	loadBalancers            network.LoadBalancersClient // TODO: use armLoadBalancers instead.
+	armLoadBalancers         armnetwork.LoadBalancersClient
+	privateEndpoints         network.PrivateEndpointsClient // TODO: use armPrivateEndpoints instead.
+	armPrivateEndpoints      armnetwork.PrivateEndpointsClient
+	securityGroups           network.SecurityGroupsClient // TODO: use armSecurityGroups instead.
+	armSecurityGroups        armnetwork.SecurityGroupsClient
+	deployments              features.DeploymentsClient
+	resourceGroups           features.ResourceGroupsClient
+	resources                features.ResourcesClient
+	privateZones             privatedns.PrivateZonesClient
+	virtualNetworkLinks      privatedns.VirtualNetworkLinksClient
+	roleAssignments          authorization.RoleAssignmentsClient
+	roleDefinitions          authorization.RoleDefinitionsClient
+	denyAssignments          authorization.DenyAssignmentClient
+	fpPrivateEndpoints       network.PrivateEndpointsClient // TODO: use armFPPrivateEndpoints instead.
+	armFPPrivateEndpoints    armnetwork.PrivateEndpointsClient
+	rpPrivateLinkServices    network.PrivateLinkServicesClient // TODO: use armRPPrivateLinkServices instead.
+	armRPPrivateLinkServices armnetwork.PrivateLinkServicesClient
 
 	dns     dns.Manager
 	storage storage.Manager
@@ -137,7 +141,7 @@ func New(ctx context.Context, log *logrus.Entry, _env env.Interface, db database
 		return nil, err
 	}
 
-	// TODO: Delete once the replace to track2 is done
+	// TODO: Delete once the replacement to track2 is done
 	fpAuthorizer, err := refreshable.NewAuthorizer(_env, subscriptionDoc.Subscription.Properties.TenantID)
 	if err != nil {
 		return nil, err
@@ -148,11 +152,17 @@ func New(ctx context.Context, log *logrus.Entry, _env env.Interface, db database
 		return nil, err
 	}
 
+	fpCredRPTenant, err := _env.FPNewClientCertificateCredential(_env.TenantID())
+	if err != nil {
+		return nil, err
+	}
+
 	msiCredential, err := _env.NewMSITokenCredential()
 	if err != nil {
 		return nil, err
 	}
 
+	// TODO: Delete once the replacement to track2 is done.
 	msiAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().ResourceManagerScope)
 	if err != nil {
 		return nil, err
@@ -177,17 +187,37 @@ func New(ctx context.Context, log *logrus.Entry, _env env.Interface, db database
 		},
 	}
 
+	armInterfacesClient, err := armnetwork.NewInterfacesClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	armPublicIPAddressesClient, err := armnetwork.NewPublicIPAddressesClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
+	if err != nil {
+		return nil, err
+	}
+
 	armLoadBalancersClient, err := armnetwork.NewLoadBalancersClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
 	if err != nil {
 		return nil, err
 	}
 
-	armInterfacesClient, err := armnetwork.NewInterfacesClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
+	armPrivateEndpoints, err := armnetwork.NewPrivateEndpointsClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
 	if err != nil {
 		return nil, err
 	}
 
-	armPublicIPAddressesClient, err := armnetwork.NewPublicIPAddressesClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
+	armFPPrivateEndpoints, err := armnetwork.NewPrivateEndpointsClient(r.SubscriptionID, fpCredRPTenant, &clientOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	armSecurityGroupsClient, err := armnetwork.NewSecurityGroupsClient(r.SubscriptionID, fpCredClusterTenant, &clientOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	armRPPrivateLinkServices, err := armnetwork.NewPrivateLinkServicesClient(r.SubscriptionID, msiCredential, &clientOptions)
 	if err != nil {
 		return nil, err
 	}
@@ -198,37 +228,41 @@ func New(ctx context.Context, log *logrus.Entry, _env env.Interface, db database
 	}
 
 	return &manager{
-		log:                   log,
-		env:                   _env,
-		db:                    db,
-		dbGateway:             dbGateway,
-		dbOpenShiftVersions:   dbOpenShiftVersions,
-		billing:               billing,
-		doc:                   doc,
-		subscriptionDoc:       subscriptionDoc,
-		fpAuthorizer:          fpAuthorizer,
-		localFpAuthorizer:     localFPAuthorizer,
-		metricsEmitter:        metricsEmitter,
-		disks:                 compute.NewDisksClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		virtualMachines:       compute.NewVirtualMachinesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		interfaces:            network.NewInterfacesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		armInterfaces:         armInterfacesClient,
-		publicIPAddresses:     network.NewPublicIPAddressesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		armPublicIPAddresses:  armPublicIPAddressesClient,
-		loadBalancers:         network.NewLoadBalancersClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		armLoadBalancers:      armLoadBalancersClient,
-		privateEndpoints:      network.NewPrivateEndpointsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		securityGroups:        network.NewSecurityGroupsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		deployments:           features.NewDeploymentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		resourceGroups:        features.NewResourceGroupsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		resources:             features.NewResourcesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		privateZones:          privatedns.NewPrivateZonesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		virtualNetworkLinks:   privatedns.NewVirtualNetworkLinksClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		roleAssignments:       authorization.NewRoleAssignmentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		roleDefinitions:       authorization.NewRoleDefinitionsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		denyAssignments:       authorization.NewDenyAssignmentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
-		fpPrivateEndpoints:    network.NewPrivateEndpointsClient(_env.Environment(), _env.SubscriptionID(), localFPAuthorizer),
-		rpPrivateLinkServices: network.NewPrivateLinkServicesClient(_env.Environment(), _env.SubscriptionID(), msiAuthorizer),
+		log:                      log,
+		env:                      _env,
+		db:                       db,
+		dbGateway:                dbGateway,
+		dbOpenShiftVersions:      dbOpenShiftVersions,
+		billing:                  billing,
+		doc:                      doc,
+		subscriptionDoc:          subscriptionDoc,
+		fpAuthorizer:             fpAuthorizer,
+		localFpAuthorizer:        localFPAuthorizer,
+		metricsEmitter:           metricsEmitter,
+		disks:                    compute.NewDisksClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		virtualMachines:          compute.NewVirtualMachinesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		interfaces:               network.NewInterfacesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		armInterfaces:            armInterfacesClient,
+		publicIPAddresses:        network.NewPublicIPAddressesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		armPublicIPAddresses:     armPublicIPAddressesClient,
+		loadBalancers:            network.NewLoadBalancersClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		armLoadBalancers:         armLoadBalancersClient,
+		privateEndpoints:         network.NewPrivateEndpointsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		armPrivateEndpoints:      armPrivateEndpoints,
+		securityGroups:           network.NewSecurityGroupsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		armSecurityGroups:        armSecurityGroupsClient,
+		deployments:              features.NewDeploymentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		resourceGroups:           features.NewResourceGroupsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		resources:                features.NewResourcesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		privateZones:             privatedns.NewPrivateZonesClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		virtualNetworkLinks:      privatedns.NewVirtualNetworkLinksClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		roleAssignments:          authorization.NewRoleAssignmentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		roleDefinitions:          authorization.NewRoleDefinitionsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		denyAssignments:          authorization.NewDenyAssignmentsClient(_env.Environment(), r.SubscriptionID, fpAuthorizer),
+		fpPrivateEndpoints:       network.NewPrivateEndpointsClient(_env.Environment(), _env.SubscriptionID(), localFPAuthorizer),
+		armFPPrivateEndpoints:    armFPPrivateEndpoints,
+		rpPrivateLinkServices:    network.NewPrivateLinkServicesClient(_env.Environment(), _env.SubscriptionID(), msiAuthorizer),
+		armRPPrivateLinkServices: armRPPrivateLinkServices,
 
 		dns:     dns.NewManager(_env, localFPAuthorizer),
 		storage: storage,

pkg/util/azureclient/azuresdk/armnetwork/generate.go

@@ -4,5 +4,5 @@ package armnetwork
 // Licensed under the Apache License 2.0.
 
 //go:generate rm -rf ../../../../util/mocks/$GOPACKAGE
-//go:generate go run ../../../../../vendor/github.com/golang/mock/mockgen -destination=../../../../util/mocks/azureclient/azuresdk/$GOPACKAGE/$GOPACKAGE.go github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/$GOPACKAGE InterfacesClient,LoadBalancersClient,LoadBalancerBackendAddressPoolsClient,PublicIPAddressesClient
+//go:generate go run ../../../../../vendor/github.com/golang/mock/mockgen -destination=../../../../util/mocks/azureclient/azuresdk/$GOPACKAGE/$GOPACKAGE.go github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/$GOPACKAGE InterfacesClient,LoadBalancersClient,LoadBalancerBackendAddressPoolsClient,PrivateEndpointsClient,PrivateLinkServicesClient,PublicIPAddressesClient,SecurityGroupsClient
 //go:generate go run ../../../../../vendor/golang.org/x/tools/cmd/goimports -local=github.com/Azure/ARO-RP -e -w ../../../../util/mocks/azureclient/azuresdk/$GOPACKAGE/$GOPACKAGE.go

pkg/util/azureclient/azuresdk/armnetwork/privateendpoints.go

@@ -0,0 +1,32 @@
+package armnetwork
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2"
+
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/azcore"
+)
+
+// PrivateEndpointsClient is a minimal interface for azure PrivateEndpointsClient
+type PrivateEndpointsClient interface {
+	Get(ctx context.Context, resourceGroupName string, privateEndpointName string, options *armnetwork.PrivateEndpointsClientGetOptions) (armnetwork.PrivateEndpointsClientGetResponse, error)
+	PrivateEndpointsClientAddons
+}
+
+type privateEndpointsClient struct {
+	*armnetwork.PrivateEndpointsClient
+}
+
+// NewPrivateEndpointsClient creates a new PrivateEndpointsClient
+func NewPrivateEndpointsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (PrivateEndpointsClient, error) {
+	clientFactory, err := armnetwork.NewClientFactory(subscriptionID, credential, options)
+	if err != nil {
+		return nil, err
+	}
+	return &privateEndpointsClient{PrivateEndpointsClient: clientFactory.NewPrivateEndpointsClient()}, nil
+}

pkg/util/azureclient/azuresdk/armnetwork/privateendpoints_addons.go

@@ -0,0 +1,34 @@
+package armnetwork
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2"
+)
+
+// PrivateEndpointsClientAddons contains addons for PrivateEndpointsClient
+type PrivateEndpointsClientAddons interface {
+	CreateOrUpdateAndWait(ctx context.Context, resourceGroupName string, privateEndpointName string, parameters armnetwork.PrivateEndpoint, options *armnetwork.PrivateEndpointsClientBeginCreateOrUpdateOptions) error
+	DeleteAndWait(ctx context.Context, resourceGroupName string, publicIPAddressName string, options *armnetwork.PrivateEndpointsClientBeginDeleteOptions) error
+}
+
+func (c *privateEndpointsClient) CreateOrUpdateAndWait(ctx context.Context, resourceGroupName string, privateEndpointName string, parameters armnetwork.PrivateEndpoint, options *armnetwork.PrivateEndpointsClientBeginCreateOrUpdateOptions) error {
+	poller, err := c.PrivateEndpointsClient.BeginCreateOrUpdate(ctx, resourceGroupName, privateEndpointName, parameters, options)
+	if err != nil {
+		return err
+	}
+	_, err = poller.PollUntilDone(ctx, nil)
+	return err
+}
+
+func (c *privateEndpointsClient) DeleteAndWait(ctx context.Context, resourceGroupName string, publicIPAddressName string, options *armnetwork.PrivateEndpointsClientBeginDeleteOptions) error {
+	poller, err := c.PrivateEndpointsClient.BeginDelete(ctx, resourceGroupName, publicIPAddressName, options)
+	if err != nil {
+		return err
+	}
+	_, err = poller.PollUntilDone(ctx, nil)
+	return err
+}

pkg/util/azureclient/azuresdk/armnetwork/privatelinkservices.go

@@ -0,0 +1,33 @@
+package armnetwork
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2"
+
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/azcore"
+)
+
+// PrivateLinkServicesClient is a minimal interface for azure PrivateLinkServicesClient
+type PrivateLinkServicesClient interface {
+	Get(ctx context.Context, resourceGroupName string, serviceName string, options *armnetwork.PrivateLinkServicesClientGetOptions) (armnetwork.PrivateLinkServicesClientGetResponse, error)
+	UpdatePrivateEndpointConnection(ctx context.Context, resourceGroupName string, serviceName string, peConnectionName string, parameters armnetwork.PrivateEndpointConnection, options *armnetwork.PrivateLinkServicesClientUpdatePrivateEndpointConnectionOptions) (armnetwork.PrivateLinkServicesClientUpdatePrivateEndpointConnectionResponse, error)
+	PrivateLinkServicesClientAddons
+}
+
+type privateLinkServicesClient struct {
+	*armnetwork.PrivateLinkServicesClient
+}
+
+// NewPrivateLinkServicesClient creates a new PrivateLinkServicesClient
+func NewPrivateLinkServicesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (PrivateLinkServicesClient, error) {
+	clientFactory, err := armnetwork.NewClientFactory(subscriptionID, credential, options)
+	if err != nil {
+		return nil, err
+	}
+	return &privateLinkServicesClient{PrivateLinkServicesClient: clientFactory.NewPrivateLinkServicesClient()}, nil
+}

pkg/util/azureclient/azuresdk/armnetwork/privatelinkservices_addons.go

@@ -0,0 +1,38 @@
+package armnetwork
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2"
+)
+
+// PrivateLinkServicesClientAddons contains addons for PrivateLinkServicesClient
+type PrivateLinkServicesClientAddons interface {
+	List(ctx context.Context, resourceGroupName string, options *armnetwork.PrivateLinkServicesClientListOptions) ([]*armnetwork.PrivateLinkService, error)
+	DeletePrivateEndpointConnectionAndWait(ctx context.Context, resourceGroupName string, serviceName string, peConnectionName string, options *armnetwork.PrivateLinkServicesClientBeginDeletePrivateEndpointConnectionOptions) error
+}
+
+func (c *privateLinkServicesClient) List(ctx context.Context, resourceGroupName string, options *armnetwork.PrivateLinkServicesClientListOptions) (result []*armnetwork.PrivateLinkService, err error) {
+	pager := c.PrivateLinkServicesClient.NewListPager(resourceGroupName, options)
+
+	for pager.More() {
+		page, err := pager.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+		result = append(result, page.Value...)
+	}
+	return result, nil
+}
+
+func (c *privateLinkServicesClient) DeletePrivateEndpointConnectionAndWait(ctx context.Context, resourceGroupName string, serviceName string, peConnectionName string, options *armnetwork.PrivateLinkServicesClientBeginDeletePrivateEndpointConnectionOptions) error {
+	poller, err := c.PrivateLinkServicesClient.BeginDeletePrivateEndpointConnection(ctx, resourceGroupName, serviceName, peConnectionName, options)
+	if err != nil {
+		return err
+	}
+	_, err = poller.PollUntilDone(ctx, nil)
+	return err
+}

pkg/util/azureclient/azuresdk/armnetwork/securitygroups.go

@@ -0,0 +1,32 @@
+package armnetwork
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2"
+
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/azuresdk/azcore"
+)
+
+// SecurityGroupsClient is a minimal interface for azure SecurityGroupsClient
+type SecurityGroupsClient interface {
+	Get(ctx context.Context, resourceGroupName string, networkSecurityGroupName string, options *armnetwork.SecurityGroupsClientGetOptions) (armnetwork.SecurityGroupsClientGetResponse, error)
+	SecurityGroupsClientAddons
+}
+
+type securityGroupsClient struct {
+	*armnetwork.SecurityGroupsClient
+}
+
+// NewSecurityGroupsClient creates a new SecurityGroupsClient
+func NewSecurityGroupsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (SecurityGroupsClient, error) {
+	clientFactory, err := armnetwork.NewClientFactory(subscriptionID, credential, options)
+	if err != nil {
+		return nil, err
+	}
+	return &securityGroupsClient{SecurityGroupsClient: clientFactory.NewSecurityGroupsClient()}, nil
+}