🔪 Dynamically assign AD endpoints for Azure

TL;DR ===== - See vmware-tanzu#3162 - Leverage go-autorest for AD endpoints; open up possibility of using AzureStack / custom Azure clouds in doing so - Needs appropriate test/fake for AzureStack Detail ====== ddbbbea introduced several constants in `client.go` that are already defined in `Azure/go-autorest`. This commit simply relies on the cloud definitions in `Azure/go-autorest` so we can do the following: 1. Remain DRY 2. Maintain up-to-date values for all cloud endpoints, since Microsoft helps maintain that project 3. Open the possibility of additional Azure clouds that are defined entirely by configuration file (e.g. `AzureStack`, TS/S regions) Current shortcomings of this commit: * Missing appropriate fake for AzureStack * Doesn't remove all of the constants that are defined (e.g. the `PublicCloud` definition is required by `validate.go`, and I wasn't certain if we should import something outside of the project for input validation of the CLI)
conzetti · Aug 22, 2022 · 841d297 · 841d297 · conzetti · Aug 23, 2022
1 parent e9025ea
commit 841d297
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 26 deletions.
diff --git a/pkg/v1/providers/config_default.yaml b/pkg/v1/providers/config_default.yaml
@@ -308,7 +308,7 @@ NODE_POOL_0_TAINTS:
 #! Azure account configurations
 
 #! The Azure cloud to deploy to, supported clouds are :
-#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud
+#! AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud, AzureStackCloud
 AZURE_ENVIRONMENT: "AzurePublicCloud"
 #! The tenant ID is the ID of the AAD directory in which the app for Tanzu Kubernetes Grid is created
 #! A Tenant is representative of an organization within Azure Active Directory.

diff --git a/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml b/pkg/v1/providers/infrastructure-azure/v1.4.0/infrastructure-components.yaml
@@ -776,7 +776,7 @@ spec:
                 description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
                 type: object
               azureEnvironment:
-                description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
+                description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"'
                 type: string
               bastionSpec:
                 description: BastionSpec encapsulates all things related to the Bastions in the cluster.
@@ -1439,7 +1439,7 @@ spec:
                 description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
                 type: object
               azureEnvironment:
-                description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
+                description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud"'
                 type: string
               bastionSpec:
                 description: BastionSpec encapsulates all things related to the Bastions in the cluster.
@@ -2165,7 +2165,7 @@ spec:
                         description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
                         type: object
                       azureEnvironment:
-                        description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud"'
+                        description: 'AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is "AzurePublicCloud", other values are: - ChinaCloud: "AzureChinaCloud" - GermanCloud: "AzureGermanCloud" - PublicCloud: "AzurePublicCloud" - USGovernmentCloud: "AzureUSGovernmentCloud" - StackCloud: "AzureStackCloud" - - StackCloud: "AzureStackCloud"'
                         type: string
                       bastionSpec:
                         description: BastionSpec encapsulates all things related to the Bastions in the cluster.

diff --git a/pkg/v1/tkg/azure/client.go b/pkg/v1/tkg/azure/client.go
@@ -17,7 +17,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-11-01/subscriptions/subscriptionsapi"
 
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/azure"
+	azureAutorest "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/pkg/errors"
 
@@ -30,14 +30,8 @@ const (
 )
 
 const (
-	// ChinaCloud defines China cloud
-	ChinaCloud = "AzureChinaCloud"
-	// GermanCloud defines German cloud
-	GermanCloud = "AzureGermanCloud"
 	// PublicCloud defines Public cloud
 	PublicCloud = "AzurePublicCloud"
-	// USGovernmentCloud defines US Government cloud
-	USGovernmentCloud = "AzureUSGovernmentCloud"
 )
 
 // Supported Azure VM family types
@@ -107,22 +101,12 @@ func New(creds *Credentials) (Client, error) {
 }
 
 func setActiveDirectoryEndpoint(config *auth.ClientCredentialsConfig, azureCloud string) error {
-	switch azureCloud {
-	case USGovernmentCloud:
-		config.Resource = azure.USGovernmentCloud.ResourceManagerEndpoint
-		config.AADEndpoint = azure.USGovernmentCloud.ActiveDirectoryEndpoint
-	case ChinaCloud:
-		config.Resource = azure.ChinaCloud.ResourceManagerEndpoint
-		config.AADEndpoint = azure.ChinaCloud.ActiveDirectoryEndpoint
-	case GermanCloud:
-		config.Resource = azure.GermanCloud.ResourceManagerEndpoint
-		config.AADEndpoint = azure.GermanCloud.ActiveDirectoryEndpoint
-	case PublicCloud:
-		config.Resource = azure.PublicCloud.ResourceManagerEndpoint
-		config.AADEndpoint = azure.PublicCloud.ActiveDirectoryEndpoint
-	default:
-		return errors.Errorf("%q is not a supported cloud in Azure. Supported clouds are AzurePublicCloud, AzureUSGovernmentCloud, AzureGermanCloud, AzureChinaCloud", azureCloud)
+	environment, err := azureAutorest.EnvironmentFromName(azureCloud)
+	if err != nil {
+		return err
 	}
+	config.Resource = environment.ResourceManagerEndpoint
+	config.AADEndpoint = environment.ActiveDirectoryEndpoint
 	return nil
 }