mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds Azure support for KES configuration in operator-ui (#1070)

Browse Source 
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
This commit is contained in:
Lenin Alevski
2021-09-21 20:56:07 -07:00
committed by GitHub
parent 137ff41be2
commit e6f4ac1e6c
10 changed files with 693 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
operatorapi/embedded_spec.go
View File

@@ -1465,6 +1465,44 @@ func init() {
}
}
},
"azureConfiguration": {
"type": "object",
"required": [
"keyvault"
],
"properties": {
"keyvault": {
"type": "object",
"required": [
"endpoint"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"tenant_id",
"client_id",
"client_secret"
],
"properties": {
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"tenant_id": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
}
}
}
}
},
"certificateInfo": {
"type": "object",
"properties": {
@@ -1672,6 +1710,10 @@ func init() {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"azure": {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
@@ -4567,6 +4609,55 @@ func init() {
}
}
},
"AzureConfigurationKeyvault": {
"type": "object",
"required": [
"endpoint"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"tenant_id",
"client_id",
"client_secret"
],
"properties": {
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"tenant_id": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
}
}
},
"AzureConfigurationKeyvaultCredentials": {
"type": "object",
"required": [
"tenant_id",
"client_id",
"client_secret"
],
"properties": {
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"tenant_id": {
"type": "string"
}
}
},
"GcpConfigurationSecretmanager": {
"type": "object",
"required": [
@@ -5212,6 +5303,44 @@ func init() {
}
}
},
"azureConfiguration": {
"type": "object",
"required": [
"keyvault"
],
"properties": {
"keyvault": {
"type": "object",
"required": [
"endpoint"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"tenant_id",
"client_id",
"client_secret"
],
"properties": {
"client_id": {
"type": "string"
},
"client_secret": {
"type": "string"
},
"tenant_id": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
}
}
}
}
},
"certificateInfo": {
"type": "object",
"properties": {
@@ -5419,6 +5548,10 @@ func init() {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"azure": {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"

15
operatorapi/operator_tenants_helper.go
View File

@@ -498,6 +498,21 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
}
}
}
} else if encryptionCfg.Azure != nil {
// Initialize Azure
kesConfig.Keys.Azure = &kes.Azure{
KeyVault: &kes.AzureKeyVault{},
}
if encryptionCfg.Azure.Keyvault != nil {
kesConfig.Keys.Azure.KeyVault.Endpoint = *encryptionCfg.Azure.Keyvault.Endpoint
if encryptionCfg.Azure.Keyvault.Credentials != nil {
kesConfig.Keys.Azure.KeyVault.Credentials = &kes.AzureCredentials{
TenantID: *encryptionCfg.Azure.Keyvault.Credentials.TenantID,
ClientID: *encryptionCfg.Azure.Keyvault.Credentials.ClientID,
ClientSecret: *encryptionCfg.Azure.Keyvault.Credentials.ClientSecret,
}
}
}
}
imm := true
// if mTLSCertificates contains elements we create the kubernetes secret