refactor AzureCredentialsProvider to make it reusable

shysank · shysank · commit 61453798a743 · 2021-06-16T14:39:56.000-07:00
diff --git a/azure/scope/clients.go b/azure/scope/clients.go
@@ -99,7 +99,7 @@ func (c *AzureClients) setCredentials(subscriptionID, environmentName string) er
 	return err
 }
 
-func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscriptionID, environmentName string, credentialsProvider *AzureCredentialsProvider) error {
+func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscriptionID, environmentName string, credentialsProvider CredentialsProvider) error {
 	if credentialsProvider == nil {
 		return fmt.Errorf("credentials provider cannot have an empty value")
 	}
diff --git a/azure/scope/cluster.go b/azure/scope/cluster.go
@@ -67,7 +67,7 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc
 			return nil, errors.Wrap(err, "failed to configure azure settings and credentials from environment")
 		}
 	} else {
-		credentailsProvider, err := NewAzureCredentialsProvider(ctx, params.Client, params.AzureCluster)
+		credentailsProvider, err := NewAzureClusterCredentialsProvider(ctx, params.Client, params.AzureCluster)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to init credentials provider")
 		}
diff --git a/azure/scope/identity.go b/azure/scope/identity.go
@@ -37,17 +37,29 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// AzureCredentialsProvider provides credentials for an AzureCluster.
+// CredentialsProvider defines the behavior for azure identity based credential providers.
+type CredentialsProvider interface {
+	GetAuthorizer(ctx context.Context, resourceManagerEndpoint string) (autorest.Authorizer, error)
+}
+
+// AzureCredentialsProvider represents a credential provider with azure cluster identity.
 type AzureCredentialsProvider struct {
-	Client       client.Client
+	Client   client.Client
+	Identity *infrav1.AzureClusterIdentity
+}
+
+// AzureClusterCredentialsProvider wraps AzureCredentialsProvider with AzureCluster.
+type AzureClusterCredentialsProvider struct {
+	AzureCredentialsProvider
 	AzureCluster *infrav1.AzureCluster
-	Identity     *infrav1.AzureClusterIdentity
 }
 
-// NewAzureCredentialsProvider creates a new AzureCredentialsProvider from the supplied inputs.
-func NewAzureCredentialsProvider(ctx context.Context, kubeClient client.Client, azureCluster *infrav1.AzureCluster) (*AzureCredentialsProvider, error) {
+var _ CredentialsProvider = (*AzureClusterCredentialsProvider)(nil)
+
+// NewAzureClusterCredentialsProvider creates a new AzureClusterCredentialsProvider from the supplied inputs.
+func NewAzureClusterCredentialsProvider(ctx context.Context, kubeClient client.Client, azureCluster *infrav1.AzureCluster) (*AzureClusterCredentialsProvider, error) {
 	if azureCluster.Spec.IdentityRef == nil {
-		return nil, errors.New("failed to generate new AzureCredentialsProvider from empty identityName")
+		return nil, errors.New("failed to generate new AzureClusterCredentialsProvider from empty identityName")
 	}
 
 	ref := azureCluster.Spec.IdentityRef
@@ -66,15 +78,22 @@ func NewAzureCredentialsProvider(ctx context.Context, kubeClient client.Client,
 		return nil, errors.New("AzureClusterIdentity is not of type Service Principal")
 	}
 
-	return &AzureCredentialsProvider{
-		Client:       kubeClient,
-		AzureCluster: azureCluster,
-		Identity:     identity,
+	return &AzureClusterCredentialsProvider{
+		AzureCredentialsProvider{
+			Client:   kubeClient,
+			Identity: identity,
+		},
+		azureCluster,
 	}, nil
 }
 
-// GetAuthorizer returns an Azure authorizer based on the provided Azure identity.
-func (p *AzureCredentialsProvider) GetAuthorizer(ctx context.Context, resourceManagerEndpoint string) (autorest.Authorizer, error) {
+// GetAuthorizer returns an Azure authorizer based on the provided azure identity. It delegates to AzureCredentialsProvider with AzureCluster metadata.
+func (p *AzureClusterCredentialsProvider) GetAuthorizer(ctx context.Context, resourceManagerEndpoint string) (autorest.Authorizer, error) {
+	return p.AzureCredentialsProvider.GetAuthorizer(ctx, resourceManagerEndpoint, p.AzureCluster.ObjectMeta)
+}
+
+// GetAuthorizer returns an Azure authorizer based on the provided azure identity and cluster metadata.
+func (p *AzureCredentialsProvider) GetAuthorizer(ctx context.Context, resourceManagerEndpoint string, clusterMeta metav1.ObjectMeta) (autorest.Authorizer, error) {
 	azureIdentityType, err := getAzureIdentityType(p.Identity)
 	if err != nil {
 		return nil, err
@@ -85,17 +104,17 @@ func (p *AzureCredentialsProvider) GetAuthorizer(ctx context.Context, resourceMa
 			APIVersion: "aadpodidentity.k8s.io/v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      identity.GetAzureIdentityName(p.AzureCluster.Name, p.AzureCluster.Namespace, p.Identity.Name),
+			Name:      identity.GetAzureIdentityName(clusterMeta.Name, clusterMeta.Namespace, p.Identity.Name),
 			Namespace: system.GetManagerNamespace(),
 			Annotations: map[string]string{
 				aadpodv1.BehaviorKey: "namespaced",
 			},
 			Labels: map[string]string{
-				clusterv1.ClusterLabelName:         p.AzureCluster.Name,
-				infrav1.ClusterLabelNamespace:      p.AzureCluster.Namespace,
+				clusterv1.ClusterLabelName:         clusterMeta.Name,
+				infrav1.ClusterLabelNamespace:      clusterMeta.Namespace,
 				clusterctl.ClusterctlMoveLabelName: "true",
 			},
-			OwnerReferences: p.AzureCluster.OwnerReferences,
+			OwnerReferences: clusterMeta.OwnerReferences,
 		},
 		Spec: aadpodv1.AzureIdentitySpec{
 			Type:           azureIdentityType,
@@ -119,11 +138,11 @@ func (p *AzureCredentialsProvider) GetAuthorizer(ctx context.Context, resourceMa
 			Name:      fmt.Sprintf("%s-binding", copiedIdentity.Name),
 			Namespace: copiedIdentity.Namespace,
 			Labels: map[string]string{
-				clusterv1.ClusterLabelName:         p.AzureCluster.Name,
-				infrav1.ClusterLabelNamespace:      p.AzureCluster.Namespace,
+				clusterv1.ClusterLabelName:         clusterMeta.Name,
+				infrav1.ClusterLabelNamespace:      clusterMeta.Namespace,
 				clusterctl.ClusterctlMoveLabelName: "true",
 			},
-			OwnerReferences: p.AzureCluster.OwnerReferences,
+			OwnerReferences: clusterMeta.OwnerReferences,
 		},
 		Spec: aadpodv1.AzureIdentityBindingSpec{
 			AzureIdentity: copiedIdentity.Name,
@@ -169,7 +188,7 @@ func IsClusterNamespaceAllowed(ctx context.Context, k8sClient client.Client, all
 		return false
 	}
 
-	// empty value matches with all namespaces.
+	// empty value matches with all namespaces
 	if reflect.DeepEqual(*allowedNamespaces, infrav1.AllowedNamespaces{}) {
 		return true
 	}

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ func (c *AzureClients) setCredentials(subscriptionID, environmentName string) er`
`99`	`99`	`return err`
`100`	`100`	`}`
`101`	`101`
`102`		`-func (c AzureClients) setCredentialsWithProvider(ctx context.Context, subscriptionID, environmentName string, credentialsProvider AzureCredentialsProvider) error {`
	`102`	`+func (c *AzureClients) setCredentialsWithProvider(ctx context.Context, subscriptionID, environmentName string, credentialsProvider CredentialsProvider) error {`
`103`	`103`	`if credentialsProvider == nil {`
`104`	`104`	`return fmt.Errorf("credentials provider cannot have an empty value")`
`105`	`105`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc`
`67`	`67`	`return nil, errors.Wrap(err, "failed to configure azure settings and credentials from environment")`
`68`	`68`	`}`
`69`	`69`	`} else {`
`70`		`- credentailsProvider, err := NewAzureCredentialsProvider(ctx, params.Client, params.AzureCluster)`
	`70`	`+ credentailsProvider, err := NewAzureClusterCredentialsProvider(ctx, params.Client, params.AzureCluster)`
`71`	`71`	`if err != nil {`
`72`	`72`	`return nil, errors.Wrap(err, "failed to init credentials provider")`
`73`	`73`	`}`