Add Azure PrivateLink support for Flink & SR (#3136)

Author: sgagniere

internal/flink/command_endpoint_list.go

@@ -2,13 +2,16 @@ package flink
 
 import (
 	"fmt"
+	"slices"
 	"sort"
 	"strings"
 
 	"github.com/spf13/cobra"
 
 	networkingprivatelinkv1 "github.com/confluentinc/ccloud-sdk-go-v2/networking-privatelink/v1"
+	networkingv1 "github.com/confluentinc/ccloud-sdk-go-v2/networking/v1"
 
+	pcloud "github.com/confluentinc/cli/v4/pkg/cloud"
 	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
 	"github.com/confluentinc/cli/v4/pkg/errors"
 	"github.com/confluentinc/cli/v4/pkg/examples"
@@ -102,9 +105,18 @@ func (c *command) endpointList(cmd *cobra.Command, _ []string) error {
 
 	// 3 - List all the CCN endpoint with the list of "READY" network domains
 	// Note the cloud and region have to be empty slice instead of `nil` in case of no filter
-	networks, err := c.V2Client.ListNetworks(environmentId, nil, []string{cloud}, []string{region}, nil, []string{"READY"}, nil)
-	if err != nil {
-		return fmt.Errorf("unable to list Flink endpoint, failed to list networks: %w", err)
+	// These endpoints are currently only available for AWS and Azure (with PrivateLink connection type), so we filter accordingly
+	// TODO: Remove these restrictions once we support more connection types
+	var networks []networkingv1.NetworkingV1Network
+	if cloud != pcloud.Gcp {
+		networks, err = c.V2Client.ListNetworks(environmentId, nil, []string{cloud}, []string{region}, nil, []string{"READY"}, nil)
+		if err != nil {
+			return fmt.Errorf("unable to list Flink endpoint, failed to list networks: %w", err)
+		}
+
+		if cloud == pcloud.Azure {
+			networks = filterPrivateLinkNetworks(networks)
+		}
 	}
 
 	for _, network := range networks {
@@ -171,3 +183,14 @@ func buildCloudRegionKeyFilterMapFromPrivateLinkAttachments(platts []networkingp
 	}
 	return result
 }
+
+// We filter locally to get around a query parameter bug: https://confluentinc.atlassian.net/browse/TRAFFIC-19819
+func filterPrivateLinkNetworks(networks []networkingv1.NetworkingV1Network) []networkingv1.NetworkingV1Network {
+	var filteredNetworks []networkingv1.NetworkingV1Network
+	for _, network := range networks {
+		if slices.Contains(network.Spec.GetConnectionTypes(), "PRIVATELINK") || slices.Contains(network.Spec.GetConnectionTypes(), "privatelink") {
+			filteredNetworks = append(filteredNetworks, network)
+		}
+	}
+	return filteredNetworks
+}

internal/flink/command_endpoint_use.go

@@ -6,6 +6,9 @@ import (
 
 	"github.com/spf13/cobra"
 
+	networkingv1 "github.com/confluentinc/ccloud-sdk-go-v2/networking/v1"
+
+	pcloud "github.com/confluentinc/cli/v4/pkg/cloud"
 	"github.com/confluentinc/cli/v4/pkg/errors"
 	"github.com/confluentinc/cli/v4/pkg/examples"
 	"github.com/confluentinc/cli/v4/pkg/log"
@@ -72,9 +75,6 @@ func (c *command) endpointUse(_ *cobra.Command, args []string) error {
 // 3. Private endpoints associated with Confluent Cloud Networks
 // Returns true if the endpoint is valid, false otherwise.
 func validateUserProvidedFlinkEndpoint(endpoint, cloud, region string, c *command) bool {
-	if c.Config.IsTest {
-		return true
-	}
 	if endpoint == "" {
 		log.CliLogger.Debug("Invalid input: given endpoint is empty")
 		return false
@@ -116,10 +116,19 @@ func validateUserProvidedFlinkEndpoint(endpoint, cloud, region string, c *comman
 	}
 
 	// Check if the endpoint is PRIVATE associated with CCN
-	networks, err := c.V2Client.ListNetworks(c.Context.GetCurrentEnvironment(), nil, []string{cloud}, []string{region}, nil, []string{"READY"}, nil)
-	if err != nil {
-		log.CliLogger.Debugf("Error listing networks: %v", err)
-		return false
+	// These endpoints are currently only available for AWS and Azure (with PrivateLink connection type), so we filter accordingly
+	// TODO: Remove these restrictions once we support more connection types
+	var networks []networkingv1.NetworkingV1Network
+	if cloud != pcloud.Gcp {
+		networks, err = c.V2Client.ListNetworks(c.Context.GetCurrentEnvironment(), nil, []string{cloud}, []string{region}, nil, []string{"READY"}, nil)
+		if err != nil {
+			log.CliLogger.Debugf("Error listing networks: %v", err)
+			return false
+		}
+
+		if cloud == pcloud.Azure {
+			networks = filterPrivateLinkNetworks(networks)
+		}
 	}
 
 	for _, network := range networks {

internal/schema-registry/command_endpoint_list.go

@@ -2,9 +2,12 @@ package schemaregistry
 
 import (
 	"fmt"
+	"slices"
 
 	"github.com/spf13/cobra"
 
+	networkingv1 "github.com/confluentinc/ccloud-sdk-go-v2/networking/v1"
+
 	"github.com/confluentinc/cli/v4/pkg/cloud"
 	pcmd "github.com/confluentinc/cli/v4/pkg/cmd"
 	"github.com/confluentinc/cli/v4/pkg/output"
@@ -53,11 +56,18 @@ func (c *command) endpointList(cmd *cobra.Command, _ []string) error {
 	}
 
 	// Note the region has to be empty slice instead of `nil` in case of no filter
-	// Filter out non-AWS networks for initial release
-	networks, err := c.V2Client.ListNetworks(environmentId, nil, []string{cloud.Aws}, []string{}, nil, []string{"READY"}, nil)
+	awsNetworks, err := c.V2Client.ListNetworks(environmentId, nil, []string{cloud.Aws}, []string{}, nil, []string{"READY"}, nil)
+	if err != nil {
+		return fmt.Errorf("unable to list Schema Registry endpoints: failed to list AWS networks: %w", err)
+	}
+	// Filter out non-PrivateLink networks for Azure
+	azureNetworks, err := c.V2Client.ListNetworks(environmentId, nil, []string{cloud.Azure}, []string{}, nil, []string{"READY"}, nil)
 	if err != nil {
-		return fmt.Errorf("unable to list Schema Registry endpoints: failed to list networks: %w", err)
+		return fmt.Errorf("unable to list Schema Registry endpoints: failed to list Azure PrivateLink networks: %w", err)
 	}
+	azureNetworks = filterPrivateLinkNetworks(azureNetworks)
+
+	networks := append(awsNetworks, azureNetworks...)
 	for _, network := range networks {
 		suffix := network.Status.GetEndpointSuffix()
 		if suffix == "-" {
@@ -77,3 +87,14 @@ func (c *command) endpointList(cmd *cobra.Command, _ []string) error {
 
 	return table.Print()
 }
+
+// We filter locally to get around a query parameter bug: https://confluentinc.atlassian.net/browse/TRAFFIC-19819
+func filterPrivateLinkNetworks(networks []networkingv1.NetworkingV1Network) []networkingv1.NetworkingV1Network {
+	var filteredNetworks []networkingv1.NetworkingV1Network
+	for _, network := range networks {
+		if slices.Contains(network.Spec.GetConnectionTypes(), "PRIVATELINK") || slices.Contains(network.Spec.GetConnectionTypes(), "privatelink") {
+			filteredNetworks = append(filteredNetworks, network)
+		}
+	}
+	return filteredNetworks
+}

test/fixtures/output/flink/endpoint/list-azure-with-ccn.golden

@@ -0,0 +1,4 @@
+  Current |                      Endpoint                       | Cloud | Region  |  Type    
+----------+-----------------------------------------------------+-------+---------+----------
+          | https://flink-n-abcde2.eastus.azure.confluent.cloud | AZURE | eastus2 | PRIVATE  
+          | http://127.0.0.1:1026                               | AZURE | eastus2 | PUBLIC   

test/fixtures/output/flink/endpoint/use-azure-ccn-fail.golden

@@ -0,0 +1,4 @@
+Error: Flink endpoint "https://flink-n-abcde7.eastus.azure.confluent.cloud" is invalid for cloud = "azure" and region = "eastus2"
+
+Suggestions:
+    Please run "confluent flink endpoint list" to see all available Flink endpoints, or "confluent flink region use" to switch to a different cloud or region.

test/fixtures/output/flink/endpoint/use-azure-ccn.golden

@@ -0,0 +1 @@
+Using Flink endpoint "https://flink-n-abcde2.eastus.azure.confluent.cloud".

test/fixtures/output/flink/region/use-azure-ccn.golden

@@ -0,0 +1,2 @@
+The current Flink endpoint has been unset due to the cloud or region change.
+Using Flink region "Virginia (eastus2)".

test/fixtures/output/network/delete-autocomplete.golden

@@ -1,5 +1,6 @@
 n-abcde1	prod-gcp-us-central1
 n-abcde2	prod-azure-eastus2
+n-abcde7	prod-azure-eastus2
 n-abcde3	prod-aws-us-east1
 n-abcde4	prod-aws-us-east1
 n-abcde5

test/fixtures/output/network/describe-autocomplete.golden

@@ -1,5 +1,6 @@
 n-abcde1	prod-gcp-us-central1
 n-abcde2	prod-azure-eastus2
+n-abcde7	prod-azure-eastus2
 n-abcde3	prod-aws-us-east1
 n-abcde4	prod-aws-us-east1
 n-abcde5

test/fixtures/output/network/link/endpoint/create-autocomplete.golden

@@ -1,5 +1,6 @@
 n-abcde1	prod-gcp-us-central1
 n-abcde2	prod-azure-eastus2
+n-abcde7	prod-azure-eastus2
 n-abcde3	prod-aws-us-east1
 n-abcde4	prod-aws-us-east1
 n-abcde5