Add shared keys secret exports for Microsoft.OperationalInsights/workspaces (#5011)

* Initial plan

* Add shared keys secret exports for operationalinsights/workspaces

- Added $azureGeneratedSecrets configuration to azure-arm.yaml
- Created workspace_extension.go with secret handler
- Added Azure SDK dependency for operationalinsights
- Updated test to verify secret export functionality

Co-authored-by: matthchr <[email protected]>

* Update generated files and dependencies

- Generated DeepCopy methods for WorkspaceOperatorSecrets
- Updated asoctl dependencies

Co-authored-by: matthchr <[email protected]>

* Fix go.mod: Move dependency to main require block

- Moved operationalinsights SDK to main require block in alphabetical order
- Removed separate require statement for better organization

Co-authored-by: matthchr <[email protected]>

* Record test

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: matthchr <[email protected]>
Co-authored-by: Matthew Christopher <[email protected]>

Author: Copilot

v2/api/operationalinsights/customizations/workspace_extension.go

@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT license.
+ */
+
+package customizations
+
+import (
+	"context"
+
+	. "github.com/Azure/azure-service-operator/v2/internal/logging"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights"
+	"github.com/go-logr/logr"
+	"github.com/rotisserie/eris"
+	v1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/conversion"
+
+	"github.com/Azure/azure-service-operator/v2/api/operationalinsights/v1api20210601/storage"
+	"github.com/Azure/azure-service-operator/v2/internal/genericarmclient"
+	"github.com/Azure/azure-service-operator/v2/internal/set"
+	"github.com/Azure/azure-service-operator/v2/internal/util/to"
+	"github.com/Azure/azure-service-operator/v2/pkg/genruntime"
+	"github.com/Azure/azure-service-operator/v2/pkg/genruntime/secrets"
+)
+
+const (
+	primarySharedKey   = "primarySharedKey"
+	secondarySharedKey = "secondarySharedKey"
+)
+
+var _ genruntime.KubernetesSecretExporter = &WorkspaceExtension{}
+
+func (ext *WorkspaceExtension) ExportKubernetesSecrets(
+	ctx context.Context,
+	obj genruntime.MetaObject,
+	additionalSecrets set.Set[string],
+	armClient *genericarmclient.GenericClient,
+	log logr.Logger,
+) (*genruntime.KubernetesSecretExportResult, error) {
+	// This has to be the current hub storage version. It will need to be updated
+	// if the hub storage version changes.
+	typedObj, ok := obj.(*storage.Workspace)
+	if !ok {
+		return nil, eris.Errorf("cannot run on unknown resource type %T, expected *storage.Workspace", obj)
+	}
+
+	// Type assert that we are the hub type. This will fail to compile if
+	// the hub type has been changed but this extension has not
+	var _ conversion.Hub = typedObj
+
+	primarySecrets := secretsSpecified(typedObj)
+	requestedSecrets := set.Union(primarySecrets, additionalSecrets)
+
+	if len(requestedSecrets) == 0 {
+		log.V(Debug).Info("No secrets retrieval to perform as operatorSpec is empty")
+		return nil, nil
+	}
+
+	id, err := genruntime.GetAndParseResourceID(typedObj)
+	if err != nil {
+		return nil, err
+	}
+
+	subscription := id.SubscriptionID
+	// Using armClient.ClientOptions() here ensures we share the same HTTP connection, so this is not opening a new
+	// connection each time through
+	var sharedKeysClient *armoperationalinsights.SharedKeysClient
+	sharedKeysClient, err = armoperationalinsights.NewSharedKeysClient(subscription, armClient.Creds(), armClient.ClientOptions())
+	if err != nil {
+		return nil, eris.Wrapf(err, "failed to create new SharedKeysClient")
+	}
+
+	var resp armoperationalinsights.SharedKeysClientGetSharedKeysResponse
+	resp, err = sharedKeysClient.GetSharedKeys(ctx, id.ResourceGroupName, typedObj.AzureName(), nil)
+	if err != nil {
+		return nil, eris.Wrapf(err, "failed getting shared keys")
+	}
+
+	secretSlice, err := secretsToWrite(typedObj, resp)
+	if err != nil {
+		return nil, err
+	}
+
+	resolvedSecrets := map[string]string{}
+	if to.Value(resp.PrimarySharedKey) != "" {
+		resolvedSecrets[primarySharedKey] = to.Value(resp.PrimarySharedKey)
+	}
+	if to.Value(resp.SecondarySharedKey) != "" {
+		resolvedSecrets[secondarySharedKey] = to.Value(resp.SecondarySharedKey)
+	}
+
+	return &genruntime.KubernetesSecretExportResult{
+		Objs:       secrets.SliceToClientObjectSlice(secretSlice),
+		RawSecrets: secrets.SelectSecrets(additionalSecrets, resolvedSecrets),
+	}, nil
+}
+
+func secretsSpecified(obj *storage.Workspace) set.Set[string] {
+	if obj.Spec.OperatorSpec == nil || obj.Spec.OperatorSpec.Secrets == nil {
+		return nil
+	}
+
+	secrets := obj.Spec.OperatorSpec.Secrets
+	result := make(set.Set[string])
+	if secrets.PrimarySharedKey != nil {
+		result.Add(primarySharedKey)
+	}
+	if secrets.SecondarySharedKey != nil {
+		result.Add(secondarySharedKey)
+	}
+
+	return result
+}
+
+func secretsToWrite(obj *storage.Workspace, keys armoperationalinsights.SharedKeysClientGetSharedKeysResponse) ([]*v1.Secret, error) {
+	operatorSpecSecrets := obj.Spec.OperatorSpec.Secrets
+	if operatorSpecSecrets == nil {
+		return nil, nil
+	}
+
+	collector := secrets.NewCollector(obj.Namespace)
+	collector.AddValue(operatorSpecSecrets.PrimarySharedKey, to.Value(keys.PrimarySharedKey))
+	collector.AddValue(operatorSpecSecrets.SecondarySharedKey, to.Value(keys.SecondarySharedKey))
+
+	return collector.Values()
+}

v2/api/operationalinsights/v1api20210601/storage/structure.txt

@@ -18,10 +18,14 @@ Workspace: Resource
 │   │   └── PropertyBag: genruntime.PropertyBag
 │   ├── ForceCmkForQuery: *bool
 │   ├── Location: *string
-│   ├── OperatorSpec: *Object (3 properties)
+│   ├── OperatorSpec: *Object (4 properties)
 │   │   ├── ConfigMapExpressions: *core.DestinationExpression[]
 │   │   ├── PropertyBag: genruntime.PropertyBag
-│   │   └── SecretExpressions: *core.DestinationExpression[]
+│   │   ├── SecretExpressions: *core.DestinationExpression[]
+│   │   └── Secrets: *Object (3 properties)
+│   │       ├── PrimarySharedKey: *genruntime.SecretDestination
+│   │       ├── PropertyBag: genruntime.PropertyBag
+│   │       └── SecondarySharedKey: *genruntime.SecretDestination
 │   ├── OriginalVersion: string
 │   ├── Owner: *genruntime.KnownResourceReference
 │   ├── PropertyBag: genruntime.PropertyBag

v2/api/operationalinsights/v1api20210601/storage/workspace_types_gen.go

@@ -20,9 +20,12 @@ Workspace: Resource
 │   │   └── ImmediatePurgeDataOn30Days: *bool
 │   ├── ForceCmkForQuery: *bool
 │   ├── Location: *string
-│   ├── OperatorSpec: *Object (2 properties)
+│   ├── OperatorSpec: *Object (3 properties)
 │   │   ├── ConfigMapExpressions: *core.DestinationExpression[]
-│   │   └── SecretExpressions: *core.DestinationExpression[]
+│   │   ├── SecretExpressions: *core.DestinationExpression[]
+│   │   └── Secrets: *Object (2 properties)
+│   │       ├── PrimarySharedKey: *genruntime.SecretDestination
+│   │       └── SecondarySharedKey: *genruntime.SecretDestination
 │   ├── Owner: *genruntime.KnownResourceReference
 │   ├── ProvisioningState: *Enum (7 values)
 │   │   ├── "Canceled"