refactor identity type name to AzureServicePrincipalCredentials and r…

…eject injected identity source - update comments for opt parsing, cleanup comments Signed-off-by: Erhan Cagirici <[email protected]>
crossplane-contrib · Dec 7, 2023 · 1ec4c08 · 1ec4c08
1 parent 17ceb75
commit 1ec4c08
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 15 deletions.
diff --git a/apis/v1beta1/types.go b/apis/v1beta1/types.go
@@ -51,13 +51,13 @@ type IdentityType string
 const (
 	IdentityTypeGoogleApplicationCredentials = "GoogleApplicationCredentials"
 
-	IdentityTypeAzurePrincipalCredentials = "AzurePrincipalCredentials"
+	IdentityTypeAzureServicePrincipalCredentials = "AzureServicePrincipalCredentials"
 )
 
 // Identity used to authenticate.
 type Identity struct {
 	// Type of identity.
-	// +kubebuilder:validation:Enum=GoogleApplicationCredentials;AzurePrincipalCredentials
+	// +kubebuilder:validation:Enum=GoogleApplicationCredentials;AzureServicePrincipalCredentials
 	Type IdentityType `json:"type"`
 
 	ProviderCredentials `json:",inline"`

diff --git a/cmd/provider/main.go b/cmd/provider/main.go
@@ -59,14 +59,13 @@ func main() {
 
 	zl := zap.New(zap.UseDevMode(*debug), UseISO8601())
 	log := logging.NewLogrLogger(zl.WithName("provider-helm"))
+	// explicitly  provide a no-op logger by default, otherwise controller-runtime gives a warning
+	ctrl.SetLogger(zap.New(zap.WriteTo(io.Discard)))
 	if *debug {
 		// The controller-runtime runs with a no-op logger by default. It is
 		// *very* verbose even at info level, so we only provide it a real
 		// logger when we're running in debug mode.
 		ctrl.SetLogger(zl)
-	} else {
-		//  explicitly  provide a no-op logger by default, otherwise controller-runtime gives a warning
-		ctrl.SetLogger(zap.New(zap.WriteTo(io.Discard)))
 	}
 
 	cfg, err := ctrl.GetConfig()

diff --git a/examples/provider-config/provider-config-with-secret-azure-identity.yaml b/examples/provider-config/provider-config-with-secret-azure-identity.yaml
@@ -10,7 +10,7 @@ spec:
       namespace: crossplane-system
       key: kubeconfig
   identity:
-    type: AzurePrincipalCredentials
+    type: AzureServicePrincipalCredentials
     source: Secret
     secretRef:
       name: azure-credentials

diff --git a/package/crds/helm.crossplane.io_providerconfigs.yaml b/package/crds/helm.crossplane.io_providerconfigs.yaml
@@ -355,7 +355,7 @@ spec:
                     description: Type of identity.
                     enum:
                     - GoogleApplicationCredentials
-                    - AzurePrincipalCredentials
+                    - AzureServicePrincipalCredentials
                     type: string
                 required:
                 - source

diff --git a/pkg/clients/azure/azure.go b/pkg/clients/azure/azure.go
@@ -29,7 +29,10 @@ func WrapRESTConfig(_ context.Context, rc *rest.Config, credentials []byte, _ ..
 	fs := pflag.NewFlagSet("kubelogin", pflag.ContinueOnError)
 	opts := token.NewOptions()
 	opts.AddFlags(fs)
-	// opts are filled with provided args
+	// opts are filled according to the provided args in the execProvider section of the kubeconfig
+	// we are parsing serverID from here
+	// this will also parse other flags, that will help future integrations with other auth types
+	// see token.Options struct for options reference
 	err := fs.Parse(rc.ExecProvider.Args)
 	if err != nil {
 		return errors.Wrap(err, "could not parse execProvider arguments in kubeconfig")
@@ -46,9 +49,6 @@ func WrapRESTConfig(_ context.Context, rc *rest.Config, credentials []byte, _ ..
 			opts.ClientCertPassword = certpass
 		}
 	}
-	// ServerID is extracted from the execProvider section of unconverted kubeconfig
-	// it is constant for Azure AKS
-	// opts.ServerID = "6dae42f8-4368-4678-94ff-3960e28e3630"
 
 	p, err := token.NewTokenProvider(&opts)
 	if err != nil {

diff --git a/pkg/controller/release/release.go b/pkg/controller/release/release.go
@@ -210,12 +210,11 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
 					return nil, errors.Wrap(err, errFailedToInjectGoogleCredentials)
 				}
 			}
-		case helmv1beta1.IdentityTypeAzurePrincipalCredentials:
+		case helmv1beta1.IdentityTypeAzureServicePrincipalCredentials:
 			switch id.Source { //nolint:exhaustive
 			case xpv1.CredentialsSourceInjectedIdentity:
-				if err := c.azureInjectorFn(ctx, rc, nil); err != nil {
-					return nil, errors.Wrap(err, errFailedToInjectAzureCredentials)
-				}
+				return nil, errors.Errorf("%s is not supported as identity source for identity type %s",
+					xpv1.CredentialsSourceInjectedIdentity, helmv1beta1.IdentityTypeAzureServicePrincipalCredentials)
 			default:
 				creds, err := c.azureExtractorFn(ctx, id.Source, c.client, id.CommonCredentialSelectors)
 				if err != nil {