add dns manager

2019-12-01 09:45:15 -06:00 · 2019-12-01 09:45:15 -06:00 · dce3894975
--- a/deploy/development-rp.json
+++ b/deploy/development-rp.json
@ -183,6 +183,19 @@
                "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
                "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts/', parameters('databaseAccountName'))]"
            }
+        },
+        {
+            "name": "[concat(parameters('domainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones/', parameters('domainName')), 'RP / DNS Zone Contributor'))]",
+            "apiVersion": "2017-09-01",
+            "type": "Microsoft.Network/dnsZones/providers/roleAssignments",
+            "dependsOn": [
+                "[resourceId('Microsoft.Network/dnsZones/', parameters('domainName'))]"
+            ],
+            "properties": {
+                "principalId": "[parameters('rpServicePrincipalId')]",
+                "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
+                "scope": "[resourceId('Microsoft.Network/dnsZones/', parameters('domainName'))]"
+            }
        }
    ]
 }
--- a/pkg/backend/backend.go
+++ b/pkg/backend/backend.go
@ -20,6 +20,7 @@ const (

 type backend struct {
 	baseLog      *logrus.Entry
+	env          env.Interface
 	db           *database.Database
 	fpAuthorizer autorest.Authorizer

@ -30,8 +31,6 @@ type backend struct {

 	ocb *openShiftClusterBackend
 	sb  *subscriptionBackend
-
-	domain string
 }

 // Runnable represents a runnable object
@ -45,14 +44,10 @@ func NewBackend(ctx context.Context, log *logrus.Entry, env env.Interface, db *d

 	b := &backend{
 		baseLog: log,
+		env:     env,
 		db:      db,
 	}

-	b.domain, err = env.DNS(ctx)
-	if err != nil {
-		return nil, err
-	}
-
 	b.fpAuthorizer, err = env.FPAuthorizer(ctx)
 	if err != nil {
 		return nil, err
--- a/pkg/backend/openshiftcluster.go
+++ b/pkg/backend/openshiftcluster.go
@ -65,7 +65,7 @@ func (ocb *openShiftClusterBackend) handle(ctx context.Context, log *logrus.Entr
 		return ocb.endLease(stop, doc, api.ProvisioningStateFailed)
 	}

-	m, err := openshiftcluster.NewManager(log, ocb.db.OpenShiftClusters, ocb.fpAuthorizer, spAuthorizer, doc, ocb.domain)
+	m, err := openshiftcluster.NewManager(log, ocb.env, ocb.db.OpenShiftClusters, ocb.fpAuthorizer, spAuthorizer, doc)
 	if err != nil {
 		log.Error(err)
 		return ocb.endLease(stop, doc, api.ProvisioningStateFailed)
--- a/pkg/backend/openshiftcluster/create.go
+++ b/pkg/backend/openshiftcluster/create.go
@ -65,7 +65,7 @@ func (m *Manager) Create(ctx context.Context) error {
 				Name: m.doc.OpenShiftCluster.Properties.DomainName,
 			},
 			SSHKey:     sshkey.Type() + " " + base64.StdEncoding.EncodeToString(sshkey.Marshal()),
-			BaseDomain: m.domain,
+			BaseDomain: m.env.DNS().Domain(),
 			Networking: &types.Networking{
 				MachineCIDR: ipnet.MustParseCIDR("127.0.0.0/8"), // dummy
 				NetworkType: "OpenShiftSDN",
@ -108,7 +108,7 @@ func (m *Manager) Create(ctx context.Context) error {
 				Azure: &azuretypes.Platform{
 					Region:                      m.doc.OpenShiftCluster.Location,
 					ResourceGroupName:           m.doc.OpenShiftCluster.Properties.ResourceGroup,
-					BaseDomainResourceGroupName: os.Getenv("RESOURCEGROUP"),
+					BaseDomainResourceGroupName: m.env.ResourceGroup(),
 					NetworkResourceGroupName:    vnetr.ResourceGroup,
 					VirtualNetwork:              vnetr.ResourceName,
 					ControlPlaneSubnet:          masterSubnetName,
@ -125,5 +125,5 @@ func (m *Manager) Create(ctx context.Context) error {
 		return err
 	}

-	return install.NewInstaller(m.log, m.db, m.domain, m.fpAuthorizer, m.spAuthorizer, r.SubscriptionID).Install(ctx, m.doc, installConfig, platformCreds)
+	return install.NewInstaller(m.log, m.env, m.db, m.fpAuthorizer, m.spAuthorizer, r.SubscriptionID).Install(ctx, m.doc, installConfig, platformCreds)
 }
--- a/pkg/backend/openshiftcluster/delete.go
+++ b/pkg/backend/openshiftcluster/delete.go
@ -3,17 +3,15 @@ package openshiftcluster
 import (
 	"context"
 	"net/http"
-	"os"
 	"strings"

-	"github.com/Azure/azure-sdk-for-go/services/dns/mgmt/2018-05-01/dns"
-
 	"github.com/jim-minter/rp/pkg/util/subnet"
 )

 func (m *Manager) Delete(ctx context.Context) error {
 	m.log.Printf("deleting dns")
-	_, err := m.recordsets.Delete(ctx, os.Getenv("RESOURCEGROUP"), m.domain, "api."+m.doc.OpenShiftCluster.Properties.DomainName, dns.CNAME, "")
+
+	err := m.env.DNS().Delete(ctx, m.doc.OpenShiftCluster)
 	if err != nil {
 		return err
 	}
--- a/pkg/backend/openshiftcluster/openshiftcluster.go
+++ b/pkg/backend/openshiftcluster/openshiftcluster.go
@ -3,7 +3,6 @@ package openshiftcluster
 import (
 	"time"

-	"github.com/Azure/azure-sdk-for-go/services/dns/mgmt/2018-05-01/dns"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-05-01/resources"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/azure"
@ -11,25 +10,25 @@ import (

 	"github.com/jim-minter/rp/pkg/api"
 	"github.com/jim-minter/rp/pkg/database"
+	"github.com/jim-minter/rp/pkg/env"
 	"github.com/jim-minter/rp/pkg/util/subnet"
 )

 type Manager struct {
 	log          *logrus.Entry
+	env          env.Interface
 	db           database.OpenShiftClusters
 	fpAuthorizer autorest.Authorizer
 	spAuthorizer autorest.Authorizer

-	recordsets dns.RecordSetsClient
 	groups resources.GroupsClient

 	subnets subnet.Manager

 	doc *api.OpenShiftClusterDocument
-	domain string
 }

-func NewManager(log *logrus.Entry, db database.OpenShiftClusters, fpAuthorizer, spAuthorizer autorest.Authorizer, doc *api.OpenShiftClusterDocument, domain string) (*Manager, error) {
+func NewManager(log *logrus.Entry, env env.Interface, db database.OpenShiftClusters, fpAuthorizer, spAuthorizer autorest.Authorizer, doc *api.OpenShiftClusterDocument) (*Manager, error) {
 	r, err := azure.ParseResourceID(doc.OpenShiftCluster.ID)
 	if err != nil {
 		return nil, err
@ -37,6 +36,7 @@ func NewManager(log *logrus.Entry, db database.OpenShiftClusters, fpAuthorizer,

 	m := &Manager{
 		log:          log,
+		env:          env,
 		db:           db,
 		fpAuthorizer: fpAuthorizer,
 		spAuthorizer: spAuthorizer,
@ -44,12 +44,8 @@ func NewManager(log *logrus.Entry, db database.OpenShiftClusters, fpAuthorizer,
 		subnets: subnet.NewManager(r.SubscriptionID, spAuthorizer),

 		doc: doc,
-		domain: domain,
 	}

-	m.recordsets = dns.NewRecordSetsClient(r.SubscriptionID)
-	m.recordsets.Authorizer = fpAuthorizer
-
 	m.groups = resources.NewGroupsClient(r.SubscriptionID)
 	m.groups.Authorizer = fpAuthorizer
 	m.groups.Client.PollingDuration = time.Hour
--- a/pkg/env/dev/dev.go
+++ b/pkg/env/dev/dev.go
@ -61,3 +61,7 @@ func (d *dev) IsReady() bool {
 func (d *dev) Location() string {
 	return os.Getenv("LOCATION")
 }
+
+func (d *dev) ResourceGroup() string {
+	return os.Getenv("RESOURCEGROUP")
+}
--- a/pkg/env/env.go
+++ b/pkg/env/env.go
@ -12,16 +12,18 @@ import (

 	"github.com/jim-minter/rp/pkg/env/dev"
 	"github.com/jim-minter/rp/pkg/env/prod"
+	"github.com/jim-minter/rp/pkg/env/shared/dns"
 )

 type Interface interface {
 	CosmosDB(ctx context.Context) (string, string, error)
-	DNS(ctx context.Context) (string, error)
+	DNS() dns.Manager
 	FPAuthorizer(ctx context.Context) (autorest.Authorizer, error)
 	IsReady() bool
 	ListenTLS(ctx context.Context) (net.Listener, error)
 	Authenticated(h http.Handler) http.Handler
 	Location() string
+	ResourceGroup() string
 }

 func NewEnv(ctx context.Context, log *logrus.Entry) (Interface, error) {
--- a/pkg/env/prod/prod.go
+++ b/pkg/env/prod/prod.go
@ -19,6 +19,7 @@ type prod struct {
 	*shared.Shared
 	ms            *metadataService
 	location      string
+	resourceGroup string
 }

 func New(ctx context.Context, log *logrus.Entry) (*prod, error) {
@ -30,6 +31,7 @@ func New(ctx context.Context, log *logrus.Entry) (*prod, error) {
 	p := &prod{
 		ms:            NewMetadataService(log),
 		location:      location,
+		resourceGroup: resourceGroup,
 	}

 	p.Shared, err = shared.NewShared(ctx, log, subscriptionID, resourceGroup)
@ -81,6 +83,10 @@ func (p *prod) Location() string {
 	return p.location
 }

+func (p *prod) ResourceGroup() string {
+	return p.resourceGroup
+}
+
 func getMetadata() (string, string, string, error) {
 	req, err := http.NewRequest(http.MethodGet, "http://169.254.169.254/metadata/instance/compute?api-version=2019-03-11", nil)
 	if err != nil {
--- a/pkg/env/shared/dns/dns.go
+++ b/pkg/env/shared/dns/dns.go
@ -0,0 +1,63 @@
+package dns
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Azure/azure-sdk-for-go/services/dns/mgmt/2018-05-01/dns"
+	"github.com/Azure/go-autorest/autorest"
+
+	"github.com/jim-minter/rp/pkg/api"
+)
+
+type Manager interface {
+	Domain() string
+	Delete(context.Context, *api.OpenShiftCluster) error
+}
+
+type manager struct {
+	recordsets dns.RecordSetsClient
+	zones      dns.ZonesClient
+
+	resourceGroup string
+	domain        string
+}
+
+func NewManager(ctx context.Context, subscriptionID string, rpAuthorizer autorest.Authorizer, resourceGroup string) (Manager, error) {
+	m := &manager{
+		recordsets: dns.NewRecordSetsClient(subscriptionID),
+		zones:      dns.NewZonesClient(subscriptionID),
+
+		resourceGroup: resourceGroup,
+	}
+
+	m.recordsets.Authorizer = rpAuthorizer
+	m.zones.Authorizer = rpAuthorizer
+
+	page, err := m.zones.ListByResourceGroup(ctx, m.resourceGroup, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	zones := page.Values()
+	if len(zones) != 1 {
+		return nil, fmt.Errorf("found at least %d zones, expected 1", len(zones))
+	}
+
+	m.domain = *zones[0].Name
+
+	return m, nil
+}
+
+func (m *manager) Domain() string {
+	return m.domain
+}
+
+func (m *manager) Delete(ctx context.Context, oc *api.OpenShiftCluster) error {
+	_, err := m.recordsets.Delete(ctx, m.resourceGroup, m.domain, "api."+oc.Properties.DomainName, dns.CNAME, "")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/pkg/env/shared/shared.go
+++ b/pkg/env/shared/shared.go
@ -10,7 +10,6 @@ import (
 	"os"

 	"github.com/Azure/azure-sdk-for-go/services/cosmos-db/mgmt/2015-04-08/documentdb"
-	"github.com/Azure/azure-sdk-for-go/services/dns/mgmt/2018-05-01/dns"
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
 	keyvaultmgmt "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
 	"github.com/Azure/go-autorest/autorest"
@ -18,19 +17,22 @@ import (
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/sirupsen/logrus"
+
+	"github.com/jim-minter/rp/pkg/env/shared/dns"
 )

 type Shared struct {
 	databaseaccounts documentdb.DatabaseAccountsClient
 	keyvault         keyvault.BaseClient
 	vaults           keyvaultmgmt.VaultsClient
-	zones            dns.ZonesClient
+
+	dns dns.Manager

 	resourceGroup string
 	vaultURI      string
 }

-func NewShared(ctx context.Context, log *logrus.Entry, subscriptionId, resourceGroup string) (*Shared, error) {
+func NewShared(ctx context.Context, log *logrus.Entry, subscriptionID, resourceGroup string) (*Shared, error) {
 	rpAuthorizer, err := auth.NewAuthorizerFromEnvironment()
 	if err != nil {
 		return nil, err
@ -45,15 +47,13 @@ func NewShared(ctx context.Context, log *logrus.Entry, subscriptionId, resourceG
 		resourceGroup: resourceGroup,
 	}

-	s.databaseaccounts = documentdb.NewDatabaseAccountsClient(subscriptionId)
+	s.databaseaccounts = documentdb.NewDatabaseAccountsClient(subscriptionID)
 	s.keyvault = keyvault.New()
-	s.vaults = keyvaultmgmt.NewVaultsClient(subscriptionId)
-	s.zones = dns.NewZonesClient(subscriptionId)
+	s.vaults = keyvaultmgmt.NewVaultsClient(subscriptionID)

 	s.databaseaccounts.Authorizer = rpAuthorizer
 	s.keyvault.Authorizer = rpVaultAuthorizer
 	s.vaults.Authorizer = rpAuthorizer
-	s.zones.Authorizer = rpAuthorizer

 	page, err := s.vaults.ListByResourceGroup(ctx, s.resourceGroup, nil)
 	if err != nil {
@ -66,6 +66,11 @@ func NewShared(ctx context.Context, log *logrus.Entry, subscriptionId, resourceG
 	}
 	s.vaultURI = *vaults[0].Properties.VaultURI

+	s.dns, err = dns.NewManager(ctx, subscriptionID, rpAuthorizer, s.resourceGroup)
+	if err != nil {
+		return nil, err
+	}
+
 	return s, nil
 }

@ -87,18 +92,8 @@ func (s *Shared) CosmosDB(ctx context.Context) (string, string, error) {
 	return *(*accts.Value)[0].Name, *keys.PrimaryMasterKey, nil
 }

-func (s *Shared) DNS(ctx context.Context) (string, error) {
-	page, err := s.zones.ListByResourceGroup(ctx, s.resourceGroup, nil)
-	if err != nil {
-		return "", err
-	}
-
-	zones := page.Values()
-	if len(zones) != 1 {
-		return "", fmt.Errorf("found at least %d zones, expected 1", len(zones))
-	}
-
-	return *zones[0].Name, nil
+func (s *Shared) DNS() dns.Manager {
+	return s.dns
 }

 func (s *Shared) GetSecret(ctx context.Context, secretName string) (*rsa.PrivateKey, *x509.Certificate, error) {
--- a/pkg/install/2-removebootstrap.go
+++ b/pkg/install/2-removebootstrap.go
@ -100,8 +100,8 @@ func (i *Installer) removeBootstrap(ctx context.Context, doc *api.OpenShiftClust
 	}

 	_, err = i.db.Patch(doc.Key, func(doc *api.OpenShiftClusterDocument) error {
-		doc.OpenShiftCluster.Properties.APIServerURL = "https://api." + doc.OpenShiftCluster.Properties.DomainName + "." + i.domain + ":6443/"
-		doc.OpenShiftCluster.Properties.ConsoleURL = "https://console-openshift-console.apps." + doc.OpenShiftCluster.Properties.DomainName + "." + i.domain + "/"
+		doc.OpenShiftCluster.Properties.APIServerURL = "https://api." + doc.OpenShiftCluster.Properties.DomainName + "." + i.env.DNS().Domain() + ":6443/"
+		doc.OpenShiftCluster.Properties.ConsoleURL = "https://console-openshift-console.apps." + doc.OpenShiftCluster.Properties.DomainName + "." + i.env.DNS().Domain() + "/"
 		doc.OpenShiftCluster.Properties.KubeadminPassword = kubeadminPassword.Password
 		return nil
 	})
--- a/pkg/install/install.go
+++ b/pkg/install/install.go
@ -14,6 +14,7 @@ import (

 	"github.com/jim-minter/rp/pkg/api"
 	"github.com/jim-minter/rp/pkg/database"
+	"github.com/jim-minter/rp/pkg/env"
 	"github.com/jim-minter/rp/pkg/util/azureclient/authorization"
 	"github.com/jim-minter/rp/pkg/util/azureclient/dns"
 	"github.com/jim-minter/rp/pkg/util/azureclient/network"
@ -24,10 +25,9 @@ import (

 type Installer struct {
 	log *logrus.Entry
+	env env.Interface
 	db  database.OpenShiftClusters

-	domain string
-
 	roleassignments        authorization.RoleAssignmentsClient
 	disks                  compute.DisksClient
 	virtualmachines        compute.VirtualMachinesClient
@ -42,13 +42,12 @@ type Installer struct {
 	subnets subnet.Manager
 }

-func NewInstaller(log *logrus.Entry, db database.OpenShiftClusters, domain string, fpAuthorizer, spAuthorizer autorest.Authorizer, subscriptionID string) *Installer {
+func NewInstaller(log *logrus.Entry, env env.Interface, db database.OpenShiftClusters, fpAuthorizer, spAuthorizer autorest.Authorizer, subscriptionID string) *Installer {
 	d := &Installer{
 		log: log,
+		env: env,
 		db:  db,

-		domain: domain,
-
 		roleassignments:        authorization.NewRoleAssignmentsClient(subscriptionID, fpAuthorizer),
 		disks:                  compute.NewDisksClient(subscriptionID),
 		virtualmachines:        compute.NewVirtualMachinesClient(subscriptionID),
--- a/pkg/util/subnet/subnet.go
+++ b/pkg/util/subnet/subnet.go
@ -31,7 +31,7 @@ func NewManager(subscriptionID string, spAuthorizer autorest.Authorizer) Manager
 	return m
 }

-// Get retrieves the linked subnet using the passed service principal
+// Get retrieves the linked subnet
 func (m *manager) Get(ctx context.Context, subnetID string) (*network.Subnet, error) {
 	vnetID, subnetName, err := Split(subnetID)
 	if err != nil {
@ -51,7 +51,7 @@ func (m *manager) Get(ctx context.Context, subnetID string) (*network.Subnet, er
 	return &subnet, nil
 }

-// CreateOrUpdate updates the linked subnet using the passed service principal
+// CreateOrUpdate updates the linked subnet
 func (m *manager) CreateOrUpdate(ctx context.Context, subnetID string, subnet *network.Subnet) error {
 	vnetID, subnetName, err := Split(subnetID)
 	if err != nil {