constellation/cli/internal/azure/scaleset.go

package azure

import (
	"crypto/rand"
	"math/big"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	armcomputev2 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v2"
)

// ScaleSet defines a Azure scale set.
type ScaleSet struct {
	Name                           string
	NamePrefix                     string
	Subscription                   string
	ResourceGroup                  string
	Location                       string
	InstanceType                   string
	StateDiskSizeGB                int32
	StateDiskType                  string
	Count                          int64
	Username                       string
	SubnetID                       string
	NetworkSecurityGroup           string
	Password                       string
	Image                          string
	UserAssignedIdentity           string
	LoadBalancerName               string
	LoadBalancerBackendAddressPool string
}

// Azure returns the Azure representation of ScaleSet.
func (s ScaleSet) Azure() armcomputev2.VirtualMachineScaleSet {
	return armcomputev2.VirtualMachineScaleSet{
		Name:     to.Ptr(s.Name),
		Location: to.Ptr(s.Location),
		SKU: &armcomputev2.SKU{
			Name:     to.Ptr(s.InstanceType),
			Capacity: to.Ptr(s.Count),
		},
		Properties: &armcomputev2.VirtualMachineScaleSetProperties{
			Overprovision: to.Ptr(false),
			UpgradePolicy: &armcomputev2.UpgradePolicy{
				Mode: to.Ptr(armcomputev2.UpgradeModeManual),
				AutomaticOSUpgradePolicy: &armcomputev2.AutomaticOSUpgradePolicy{
					EnableAutomaticOSUpgrade: to.Ptr(false),
					DisableAutomaticRollback: to.Ptr(false),
				},
			},
			VirtualMachineProfile: &armcomputev2.VirtualMachineScaleSetVMProfile{
				OSProfile: &armcomputev2.VirtualMachineScaleSetOSProfile{
					ComputerNamePrefix: to.Ptr(s.NamePrefix),
					AdminUsername:      to.Ptr(s.Username),
					AdminPassword:      to.Ptr(s.Password),
					LinuxConfiguration: &armcomputev2.LinuxConfiguration{},
				},
				StorageProfile: &armcomputev2.VirtualMachineScaleSetStorageProfile{
					ImageReference: &armcomputev2.ImageReference{
						ID: to.Ptr(s.Image),
					},
					DataDisks: []*armcomputev2.VirtualMachineScaleSetDataDisk{
						{
							CreateOption: to.Ptr(armcomputev2.DiskCreateOptionTypesEmpty),
							DiskSizeGB:   to.Ptr(s.StateDiskSizeGB),
							Lun:          to.Ptr[int32](0),
							ManagedDisk: &armcomputev2.VirtualMachineScaleSetManagedDiskParameters{
								StorageAccountType: (*armcomputev2.StorageAccountTypes)(to.Ptr(s.StateDiskType)),
							},
						},
					},
					OSDisk: &armcomputev2.VirtualMachineScaleSetOSDisk{
						ManagedDisk: &armcomputev2.VirtualMachineScaleSetManagedDiskParameters{
							SecurityProfile: &armcomputev2.VMDiskSecurityProfile{
								SecurityEncryptionType: to.Ptr(armcomputev2.SecurityEncryptionTypesVMGuestStateOnly),
							},
						},
						CreateOption: to.Ptr(armcomputev2.DiskCreateOptionTypesFromImage),
					},
				},
				NetworkProfile: &armcomputev2.VirtualMachineScaleSetNetworkProfile{
					NetworkInterfaceConfigurations: []*armcomputev2.VirtualMachineScaleSetNetworkConfiguration{
						{
							Name: to.Ptr(s.Name),
							Properties: &armcomputev2.VirtualMachineScaleSetNetworkConfigurationProperties{
								Primary:            to.Ptr(true),
								EnableIPForwarding: to.Ptr(true),
								IPConfigurations: []*armcomputev2.VirtualMachineScaleSetIPConfiguration{
									{
										Name: to.Ptr(s.Name),
										Properties: &armcomputev2.VirtualMachineScaleSetIPConfigurationProperties{
											Primary: to.Ptr(true),
											Subnet: &armcomputev2.APIEntityReference{
												ID: to.Ptr(s.SubnetID),
											},
											LoadBalancerBackendAddressPools: []*armcomputev2.SubResource{
												{
													ID: to.Ptr("/subscriptions/" + s.Subscription + "/resourcegroups/" + s.ResourceGroup + "/providers/Microsoft.Network/loadBalancers/" + s.LoadBalancerName + "/backendAddressPools/" + s.LoadBalancerBackendAddressPool),
												},
												{
													ID: to.Ptr("/subscriptions/" + s.Subscription + "/resourcegroups/" + s.ResourceGroup + "/providers/Microsoft.Network/loadBalancers/" + s.LoadBalancerName + "/backendAddressPools/all"),
												},
											},
										},
									},
								},
								NetworkSecurityGroup: &armcomputev2.SubResource{
									ID: to.Ptr(s.NetworkSecurityGroup),
								},
							},
						},
					},
				},
				SecurityProfile: &armcomputev2.SecurityProfile{
					SecurityType: to.Ptr(armcomputev2.SecurityTypesConfidentialVM),
					UefiSettings: &armcomputev2.UefiSettings{VTpmEnabled: to.Ptr(true), SecureBootEnabled: to.Ptr(false)},
				},
				DiagnosticsProfile: &armcomputev2.DiagnosticsProfile{
					BootDiagnostics: &armcomputev2.BootDiagnostics{
						Enabled: to.Ptr(true),
					},
				},
			},
		},
		Identity: &armcomputev2.VirtualMachineScaleSetIdentity{
			Type: to.Ptr(armcomputev2.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armcomputev2.UserAssignedIdentitiesValue{
				s.UserAssignedIdentity: {},
			},
		},
	}
}

// GeneratePassword is a helper function to generate a random password
// for Azure's scale set.
func GeneratePassword() (string, error) {
	letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")

	pwLen := 16
	pw := make([]byte, 0, pwLen)
	for i := 0; i < pwLen; i++ {
		n, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
		if err != nil {
			return "", err
		}
		pw = append(pw, letters[n.Int64()])
	}
	// bypass password rules
	pw = append(pw, []byte("Aa1!")...)
	return string(pw), nil
}