replace the homegrown vault delete functions in azure with the sdk ones.

2020-03-18 13:38:38 -07:00 · 2020-03-18 13:38:38 -07:00 · 28797dd709
parent e7dba3e55e
commit 28797dd709
5 changed files with 9 additions and 83 deletions
--- a/builder/azure/arm/azure_client.go
+++ b/builder/azure/arm/azure_client.go
@ -13,6 +13,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute"
 	newCompute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute"
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
 	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources"
 	armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
@ -50,7 +51,7 @@ type AzureClient struct {
 	InspectorMaxLength int
 	Template           *CaptureTemplate
 	LastError          azureErrorResponse
-	VaultClientDelete  common.VaultClient
+	VaultClientDelete  keyvault.VaultsClient
 }
 func getCaptureResponse(body string) *CaptureTemplate {
@ -251,15 +252,9 @@ func NewAzureClient(subscriptionID, resourceGroupName, storageAccountName string
 	azureClient.VaultClient.UserAgent = fmt.Sprintf("%s %s", useragent.String(), azureClient.VaultClient.UserAgent)
 	azureClient.VaultClient.Client.PollingDuration = PollingDuration
-	// TODO(boumenot) - SDK still does not have a full KeyVault client.
+	// This client is different than the above because it manages the vault
-	// There are two ways that KeyVault has to be accessed, and each one has their own SPN.  An authenticated SPN
+	// itself rather than the contents of the vault.
-	// is tied to the URL, and the URL associated with getting the secret is different than the URL
+	azureClient.VaultClientDelete = keyvault.NewVaultsClient(subscriptionID)
 	// associated with deleting the KeyVault.  As a result, I need to have *two* different clients to
 	// access KeyVault.  I did not want to split it into two separate files, so I am starting with this.
 	//
 	// I do not like this implementation.  It is getting long in the tooth, and should be re-examined now
 	// that we have a "working" solution.
 	azureClient.VaultClientDelete = common.NewVaultClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
 	azureClient.VaultClientDelete.Authorizer = autorest.NewBearerAuthorizer(servicePrincipalToken)
 	azureClient.VaultClientDelete.RequestInspector = withInspection(maxlen)
 	azureClient.VaultClientDelete.ResponseInspector = byConcatDecorators(byInspecting(maxlen), errorCapture(azureClient))
--- a/builder/azure/arm/step_delete_resource_group.go
+++ b/builder/azure/arm/step_delete_resource_group.go
@ -45,7 +45,8 @@ func (s *StepDeleteResourceGroup) deleteResourceGroup(ctx context.Context, state
 		if keyVaultDeploymentName, ok := state.GetOk(constants.ArmKeyVaultDeploymentName); ok {
 			// Only delete if custom keyvault was not provided.
-			if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); exists {
+			if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); !exists {
 				s.say("\n Deleting the keyvault deployment because it was created by Packer...")
 				err = s.deleteDeploymentResources(ctx, keyVaultDeploymentName.(string), resourceGroupName)
 				if err != nil {
 					return err
--- a/builder/azure/arm/step_deploy_template.go
+++ b/builder/azure/arm/step_deploy_template.go
@ -117,8 +117,7 @@ func deleteResource(ctx context.Context, client *AzureClient, resourceType strin
 		}
 		return err
 	case "Microsoft.KeyVault/vaults":
-		// TODO(paulmey): not sure why VaultClient doesn't do cancellation
+		_, err := client.VaultClientDelete.Delete(ctx, resourceGroupName, resourceName)
 		_, err := client.VaultClientDelete.Delete(resourceGroupName, resourceName)
 		return err
 	case "Microsoft.Network/networkInterfaces":
 		f, err := client.InterfacesClient.Delete(ctx, resourceGroupName, resourceName)
--- a/builder/azure/common/vault.go
+++ b/builder/azure/common/vault.go
@ -9,7 +9,6 @@ import (
 	"net/url"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/azure"
 )
 const (
@ -20,9 +19,6 @@ const (
 type AZVaultClientIface interface {
 	GetSecret(string, string) (*Secret, error)
 	SetSecret(string, string, string) error
 	DeletePreparer(string, string) (*http.Request, error)
 	DeleteResponder(*http.Response) (autorest.Response, error)
 	DeleteSender(*http.Request) (*http.Response, error)
 }
 type VaultClient struct {
@ -137,72 +133,6 @@ func (client *VaultClient) SetSecret(vaultName, secretName string, secretValue s
 	return nil
 }
 // Delete deletes the specified Azure key vault.
 //
 // resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault
 // to delete
 func (client *VaultClient) Delete(resourceGroupName string, vaultName string) (result autorest.Response, err error) {
 	req, err := client.DeletePreparer(resourceGroupName, vaultName)
 	if err != nil {
 		err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", nil, "Failure preparing request")
 		return
 	}
 	resp, err := client.DeleteSender(req)
 	if err != nil {
 		result.Response = resp
 		err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure sending request")
 		return
 	}
 	result, err = client.DeleteResponder(resp)
 	if err != nil {
 		err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure responding to request")
 	}
 	return
 }
 // DeletePreparer prepares the Delete request.
 func (client *VaultClient) DeletePreparer(resourceGroupName string, vaultName string) (*http.Request, error) {
 	pathParameters := map[string]interface{}{
 		"resourceGroupName": autorest.Encode("path", resourceGroupName),
 		"SubscriptionID":    autorest.Encode("path", client.SubscriptionID),
 		"vaultName":         autorest.Encode("path", vaultName),
 	}
 	queryParameters := map[string]interface{}{
 		"api-version": AzureVaultApiVersion,
 	}
 	preparer := autorest.CreatePreparer(
 		autorest.AsDelete(),
 		autorest.WithBaseURL(client.baseURI),
 		autorest.WithPathParameters("/subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}", pathParameters),
 		autorest.WithQueryParameters(queryParameters))
 	return preparer.Prepare(&http.Request{})
 }
 // DeleteSender sends the Delete request. The method will close the
 // http.Response Body if it receives an error.
 func (client *VaultClient) DeleteSender(req *http.Request) (*http.Response, error) {
 	return autorest.SendWithSender(client,
 		req,
 		azure.DoRetryWithRegistration(client.Client))
 }
 // DeleteResponder handles the response to the Delete request. The method always
 // closes the http.Response Body.
 func (client *VaultClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) {
 	err = autorest.Respond(
 		resp,
 		client.ByInspecting(),
 		azure.WithErrorUnlessStatusCode(http.StatusOK),
 		autorest.ByClosing())
 	result.Response = resp
 	return
 }
 func (client *VaultClient) getVaultUrl(vaultName string) string {
 	return fmt.Sprintf("%s://%s.%s/", client.keyVaultEndpoint.Scheme, vaultName, client.keyVaultEndpoint.Host)
 }
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -18,6 +18,7 @@ github.com/Azure/azure-sdk-for-go/profiles/latest/compute/mgmt/compute/computeap
 github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute
 github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute
 github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute/computeapi
 github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault
 github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network
 github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-06-01/subscriptions
 github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources