Manually manage resource group on Azure

2025-11-29 07:56:47 -05:00 · 2022-08-25 15:12:08 +02:00 · 2022-08-25 15:12:08 +02:00 · f15605cb45
commit f15605cb45
parent e6ae54a25a
25 changed files with 403 additions and 1162 deletions
--- a/cli/internal/cmd/cloud.go
+++ b/cli/internal/cmd/cloud.go
@ -21,8 +21,3 @@ type cloudCreator interface {
 type cloudTerminator interface {
 	Terminate(context.Context, state.ConstellationState) error
 }
-
-type serviceAccountCreator interface {
-	Create(ctx context.Context, stat state.ConstellationState, config *config.Config,
-	) (string, state.ConstellationState, error)
-}
--- a/cli/internal/cmd/cloud_test.go
+++ b/cli/internal/cmd/cloud_test.go
@ -47,12 +47,3 @@ func (c *stubCloudTerminator) Terminate(context.Context, state.ConstellationStat
 func (c *stubCloudTerminator) Called() bool {
 	return c.called
 }
-
-type stubServiceAccountCreator struct {
-	cloudServiceAccountURI string
-	createErr              error
-}
-
-func (c *stubServiceAccountCreator) Create(ctx context.Context, stat state.ConstellationState, config *config.Config) (string, state.ConstellationState, error) {
-	return c.cloudServiceAccountURI, stat, c.createErr
-}
--- a/cli/internal/cmd/init.go
+++ b/cli/internal/cmd/init.go
@ -55,17 +55,16 @@ func NewInitCmd() *cobra.Command {
 // runInitialize runs the initialize command.
 func runInitialize(cmd *cobra.Command, args []string) error {
 	fileHandler := file.NewHandler(afero.NewOsFs())
-	serviceAccountCreator := cloudcmd.NewServiceAccountCreator()
 	newDialer := func(validator *cloudcmd.Validator) *dialer.Dialer {
 		return dialer.New(nil, validator.V(cmd), &net.Dialer{})
 	}
 	helmLoader := &helm.ChartLoader{}
-	return initialize(cmd, newDialer, serviceAccountCreator, fileHandler, helmLoader, license.NewClient())
+	return initialize(cmd, newDialer, fileHandler, helmLoader, license.NewClient())
 }

 // initialize initializes a Constellation.
 func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator) *dialer.Dialer,
-	serviceAccCreator serviceAccountCreator, fileHandler file.Handler, helmLoader helmLoader, quotaChecker license.QuotaChecker,
+	fileHandler file.Handler, helmLoader helmLoader, quotaChecker license.QuotaChecker,
 ) error {
 	flags, err := evalFlagArgs(cmd, fileHandler)
 	if err != nil {
@ -105,22 +104,9 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator
 		return err
 	}

-	var serviceAccURI string
-	// Temporary legacy flow for Azure.
-	if provider == cloudprovider.Azure {
-		cmd.Println("Creating service account ...")
-		serviceAccURI, stat, err = serviceAccCreator.Create(cmd.Context(), stat, config)
-		if err != nil {
-			return err
-		}
-		if err := fileHandler.WriteJSON(constants.StateFilename, stat, file.OptOverwrite); err != nil {
-			return err
-		}
-	} else {
-		serviceAccURI, err = getMarschaledServiceAccountURI(provider, config, fileHandler)
-		if err != nil {
-			return err
-		}
+	serviceAccURI, err := getMarschaledServiceAccountURI(provider, config, fileHandler)
+	if err != nil {
+		return err
 	}

 	workers, err := getScalingGroupsFromState(stat, config)
--- a/cli/internal/cmd/init_test.go
+++ b/cli/internal/cmd/init_test.go
@ -69,49 +69,54 @@ func TestInitialize(t *testing.T) {
 	someErr := errors.New("failed")

 	testCases := map[string]struct {
-		state             *state.ConstellationState
-		existingIDFile    *clusterIDsFile
-		serviceAccCreator serviceAccountCreator
-		configMutator     func(*config.Config)
-		serviceAccKey     *gcpshared.ServiceAccountKey
-		helmLoader        stubHelmLoader
-		initServerAPI     *stubInitServer
-		endpointFlag      string
-		setAutoscaleFlag  bool
-		wantErr           bool
+		state            *state.ConstellationState
+		idFile           *clusterIDsFile
+		configMutator    func(*config.Config)
+		serviceAccKey    *gcpshared.ServiceAccountKey
+		helmLoader       stubHelmLoader
+		initServerAPI    *stubInitServer
+		endpointFlag     string
+		setAutoscaleFlag bool
+		wantErr          bool
 	}{
 		"initialize some gcp instances": {
-			state:          testGcpState,
-			existingIDFile: &clusterIDsFile{IP: "192.0.2.1"},
-			configMutator:  func(c *config.Config) { c.Provider.GCP.ServiceAccountKeyPath = serviceAccPath },
-			serviceAccKey:  gcpServiceAccKey,
-			initServerAPI:  &stubInitServer{initResp: testInitResp},
+			state:         testGcpState,
+			idFile:        &clusterIDsFile{IP: "192.0.2.1"},
+			configMutator: func(c *config.Config) { c.Provider.GCP.ServiceAccountKeyPath = serviceAccPath },
+			serviceAccKey: gcpServiceAccKey,
+			initServerAPI: &stubInitServer{initResp: testInitResp},
 		},
 		"initialize some azure instances": {
-			state:             testAzureState,
-			serviceAccCreator: &stubServiceAccountCreator{},
-			existingIDFile:    &clusterIDsFile{IP: "192.0.2.1"},
-			initServerAPI:     &stubInitServer{initResp: testInitResp},
+			state:  testAzureState,
+			idFile: &clusterIDsFile{IP: "192.0.2.1"},
+			configMutator: func(c *config.Config) {
+				c.Provider.Azure.ResourceGroup = "resourceGroup"
+				c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
+			},
+			initServerAPI: &stubInitServer{initResp: testInitResp},
 		},
 		"initialize some qemu instances": {
-			state:          testQemuState,
-			existingIDFile: &clusterIDsFile{IP: "192.0.2.1"},
-			initServerAPI:  &stubInitServer{initResp: testInitResp},
+			state:         testQemuState,
+			idFile:        &clusterIDsFile{IP: "192.0.2.1"},
+			initServerAPI: &stubInitServer{initResp: testInitResp},
 		},
 		"initialize gcp with autoscaling": {
 			state:            testGcpState,
-			existingIDFile:   &clusterIDsFile{IP: "192.0.2.1"},
+			idFile:           &clusterIDsFile{IP: "192.0.2.1"},
 			configMutator:    func(c *config.Config) { c.Provider.GCP.ServiceAccountKeyPath = serviceAccPath },
 			serviceAccKey:    gcpServiceAccKey,
 			initServerAPI:    &stubInitServer{initResp: testInitResp},
 			setAutoscaleFlag: true,
 		},
 		"initialize azure with autoscaling": {
-			state:             testAzureState,
-			existingIDFile:    &clusterIDsFile{IP: "192.0.2.1"},
-			serviceAccCreator: &stubServiceAccountCreator{},
-			initServerAPI:     &stubInitServer{initResp: testInitResp},
-			setAutoscaleFlag:  true,
+			state:  testAzureState,
+			idFile: &clusterIDsFile{IP: "192.0.2.1"},
+			configMutator: func(c *config.Config) {
+				c.Provider.Azure.ResourceGroup = "resourceGroup"
+				c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
+			},
+			initServerAPI:    &stubInitServer{initResp: testInitResp},
+			setAutoscaleFlag: true,
 		},
 		"initialize with endpoint flag": {
 			state:         testGcpState,
@ -121,27 +126,30 @@ func TestInitialize(t *testing.T) {
 			endpointFlag:  "192.0.2.1",
 		},
 		"empty state": {
-			state:          &state.ConstellationState{},
-			existingIDFile: &clusterIDsFile{IP: "192.0.2.1"},
-			initServerAPI:  &stubInitServer{},
-			wantErr:        true,
+			state:         &state.ConstellationState{},
+			idFile:        &clusterIDsFile{IP: "192.0.2.1"},
+			initServerAPI: &stubInitServer{},
+			wantErr:       true,
 		},
 		"neither endpoint flag nor id file": {
 			state:   &state.ConstellationState{},
 			wantErr: true,
 		},
 		"init call fails": {
-			state:          testGcpState,
-			existingIDFile: &clusterIDsFile{IP: "192.0.2.1"},
-			initServerAPI:  &stubInitServer{initErr: someErr},
-			wantErr:        true,
+			state:         testGcpState,
+			idFile:        &clusterIDsFile{IP: "192.0.2.1"},
+			initServerAPI: &stubInitServer{initErr: someErr},
+			wantErr:       true,
 		},
 		"fail to create service account": {
-			state:             testAzureState,
-			existingIDFile:    &clusterIDsFile{IP: "192.0.2.1"},
-			initServerAPI:     &stubInitServer{},
-			serviceAccCreator: &stubServiceAccountCreator{createErr: someErr},
-			wantErr:           true,
+			state:  testAzureState,
+			idFile: &clusterIDsFile{IP: "192.0.2.1"},
+			configMutator: func(c *config.Config) {
+				c.Provider.Azure.ResourceGroup = "resourceGroup"
+				c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
+			},
+			initServerAPI: &stubInitServer{},
+			wantErr:       true,
 		},
 		"fail to load helm charts": {
 			state:         testGcpState,
@ -194,8 +202,8 @@ func TestInitialize(t *testing.T) {
 			if tc.state != nil {
 				require.NoError(fileHandler.WriteJSON(constants.StateFilename, tc.state, file.OptNone))
 			}
-			if tc.existingIDFile != nil {
-				require.NoError(fileHandler.WriteJSON(constants.ClusterIDsFileName, tc.existingIDFile, file.OptNone))
+			if tc.idFile != nil {
+				require.NoError(fileHandler.WriteJSON(constants.ClusterIDsFileName, tc.idFile, file.OptNone))
 			}
 			if tc.serviceAccKey != nil {
 				require.NoError(fileHandler.WriteJSON(serviceAccPath, tc.serviceAccKey, file.OptNone))
@ -206,7 +214,7 @@ func TestInitialize(t *testing.T) {
 			defer cancel()
 			cmd.SetContext(ctx)

-			err := initialize(cmd, newDialer, tc.serviceAccCreator, fileHandler, &tc.helmLoader, &stubLicenseClient{})
+			err := initialize(cmd, newDialer, fileHandler, &tc.helmLoader, &stubLicenseClient{})

 			if tc.wantErr {
 				assert.Error(err)
@ -477,7 +485,7 @@ func TestAttestation(t *testing.T) {
 	defer cancel()
 	cmd.SetContext(ctx)

-	err := initialize(cmd, newDialer, &stubServiceAccountCreator{}, fileHandler, &stubHelmLoader{}, &stubLicenseClient{})
+	err := initialize(cmd, newDialer, fileHandler, &stubHelmLoader{}, &stubLicenseClient{})
 	assert.Error(err)
 	// make sure the error is actually a TLS handshake error
 	assert.Contains(err.Error(), "transport: authentication handshake failed")
@ -548,6 +556,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 		conf.Provider.Azure.Location = "test-location"
 		conf.Provider.Azure.UserAssignedIdentity = "test-identity"
 		conf.Provider.Azure.Image = "some/image/location"
+		conf.Provider.Azure.ResourceGroup = "test-resource-group"
 		conf.Provider.Azure.Measurements[8] = []byte("00000000000000000000000000000000")
 		conf.Provider.Azure.Measurements[9] = []byte("11111111111111111111111111111111")
 	case cloudprovider.GCP: