replace the homegrown vault delete functions in azure with the sdk ones.

This commit is contained in:
Megan Marsh 2020-03-18 13:38:38 -07:00
parent e7dba3e55e
commit 28797dd709
5 changed files with 9 additions and 83 deletions

View File

@ -13,6 +13,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute"
newCompute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network"
"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources"
armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
@ -50,7 +51,7 @@ type AzureClient struct {
InspectorMaxLength int
Template *CaptureTemplate
LastError azureErrorResponse
VaultClientDelete common.VaultClient
VaultClientDelete keyvault.VaultsClient
}
func getCaptureResponse(body string) *CaptureTemplate {
@ -251,15 +252,9 @@ func NewAzureClient(subscriptionID, resourceGroupName, storageAccountName string
azureClient.VaultClient.UserAgent = fmt.Sprintf("%s %s", useragent.String(), azureClient.VaultClient.UserAgent)
azureClient.VaultClient.Client.PollingDuration = PollingDuration
// TODO(boumenot) - SDK still does not have a full KeyVault client.
// There are two ways that KeyVault has to be accessed, and each one has their own SPN. An authenticated SPN
// is tied to the URL, and the URL associated with getting the secret is different than the URL
// associated with deleting the KeyVault. As a result, I need to have *two* different clients to
// access KeyVault. I did not want to split it into two separate files, so I am starting with this.
//
// I do not like this implementation. It is getting long in the tooth, and should be re-examined now
// that we have a "working" solution.
azureClient.VaultClientDelete = common.NewVaultClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
// This client is different than the above because it manages the vault
// itself rather than the contents of the vault.
azureClient.VaultClientDelete = keyvault.NewVaultsClient(subscriptionID)
azureClient.VaultClientDelete.Authorizer = autorest.NewBearerAuthorizer(servicePrincipalToken)
azureClient.VaultClientDelete.RequestInspector = withInspection(maxlen)
azureClient.VaultClientDelete.ResponseInspector = byConcatDecorators(byInspecting(maxlen), errorCapture(azureClient))

View File

@ -45,7 +45,8 @@ func (s *StepDeleteResourceGroup) deleteResourceGroup(ctx context.Context, state
if keyVaultDeploymentName, ok := state.GetOk(constants.ArmKeyVaultDeploymentName); ok {
// Only delete if custom keyvault was not provided.
if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); exists {
if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); !exists {
s.say("\n Deleting the keyvault deployment because it was created by Packer...")
err = s.deleteDeploymentResources(ctx, keyVaultDeploymentName.(string), resourceGroupName)
if err != nil {
return err

View File

@ -117,8 +117,7 @@ func deleteResource(ctx context.Context, client *AzureClient, resourceType strin
}
return err
case "Microsoft.KeyVault/vaults":
// TODO(paulmey): not sure why VaultClient doesn't do cancellation
_, err := client.VaultClientDelete.Delete(resourceGroupName, resourceName)
_, err := client.VaultClientDelete.Delete(ctx, resourceGroupName, resourceName)
return err
case "Microsoft.Network/networkInterfaces":
f, err := client.InterfacesClient.Delete(ctx, resourceGroupName, resourceName)

View File

@ -9,7 +9,6 @@ import (
"net/url"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure"
)
const (
@ -20,9 +19,6 @@ const (
type AZVaultClientIface interface {
GetSecret(string, string) (*Secret, error)
SetSecret(string, string, string) error
DeletePreparer(string, string) (*http.Request, error)
DeleteResponder(*http.Response) (autorest.Response, error)
DeleteSender(*http.Request) (*http.Response, error)
}
type VaultClient struct {
@ -137,72 +133,6 @@ func (client *VaultClient) SetSecret(vaultName, secretName string, secretValue s
return nil
}
// Delete deletes the specified Azure key vault.
//
// resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault
// to delete
func (client *VaultClient) Delete(resourceGroupName string, vaultName string) (result autorest.Response, err error) {
req, err := client.DeletePreparer(resourceGroupName, vaultName)
if err != nil {
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", nil, "Failure preparing request")
return
}
resp, err := client.DeleteSender(req)
if err != nil {
result.Response = resp
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure sending request")
return
}
result, err = client.DeleteResponder(resp)
if err != nil {
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure responding to request")
}
return
}
// DeletePreparer prepares the Delete request.
func (client *VaultClient) DeletePreparer(resourceGroupName string, vaultName string) (*http.Request, error) {
pathParameters := map[string]interface{}{
"resourceGroupName": autorest.Encode("path", resourceGroupName),
"SubscriptionID": autorest.Encode("path", client.SubscriptionID),
"vaultName": autorest.Encode("path", vaultName),
}
queryParameters := map[string]interface{}{
"api-version": AzureVaultApiVersion,
}
preparer := autorest.CreatePreparer(
autorest.AsDelete(),
autorest.WithBaseURL(client.baseURI),
autorest.WithPathParameters("/subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}", pathParameters),
autorest.WithQueryParameters(queryParameters))
return preparer.Prepare(&http.Request{})
}
// DeleteSender sends the Delete request. The method will close the
// http.Response Body if it receives an error.
func (client *VaultClient) DeleteSender(req *http.Request) (*http.Response, error) {
return autorest.SendWithSender(client,
req,
azure.DoRetryWithRegistration(client.Client))
}
// DeleteResponder handles the response to the Delete request. The method always
// closes the http.Response Body.
func (client *VaultClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) {
err = autorest.Respond(
resp,
client.ByInspecting(),
azure.WithErrorUnlessStatusCode(http.StatusOK),
autorest.ByClosing())
result.Response = resp
return
}
func (client *VaultClient) getVaultUrl(vaultName string) string {
return fmt.Sprintf("%s://%s.%s/", client.keyVaultEndpoint.Scheme, vaultName, client.keyVaultEndpoint.Host)
}

1
vendor/modules.txt vendored
View File

@ -18,6 +18,7 @@ github.com/Azure/azure-sdk-for-go/profiles/latest/compute/mgmt/compute/computeap
github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute
github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute
github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute/computeapi
github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault
github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network
github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-06-01/subscriptions
github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources