Add azureaccesskeyrequest approval (#10)

kubevault · May 22, 2019 · f552450 · f552450
1 parent 69fc1d1
commit f552450
Show file tree

Hide file tree

Showing 48 changed files with 2,447 additions and 463 deletions.
diff --git a/go.mod b/go.mod
@@ -6,17 +6,20 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
 	github.com/appscode/go v0.0.0-20190424183524-60025f1135c9
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/kubedb/apimachinery v0.0.0-20190506191700-871d6b5d30ee
-	github.com/kubevault/operator v0.0.0-20190509030635-7f32eefb5188
+	github.com/kubevault/operator v0.0.0-20190522102911-da03839fcb8c
+	github.com/mattn/go-isatty v0.0.8 // indirect
 	github.com/pkg/errors v0.8.1
-	github.com/spf13/cobra v0.0.3
+	github.com/sirupsen/logrus v1.4.2 // indirect
+	github.com/spf13/cobra v0.0.4
 	k8s.io/apimachinery v0.0.0-20190508063446-a3da69d3723c
 	k8s.io/cli-runtime v0.0.0-20190508184404-b26560c459bd
 	k8s.io/client-go v11.0.0+incompatible
 	k8s.io/component-base v0.0.0-20190509023737-8de8845fb642
-	k8s.io/kubernetes v1.14.1
+	k8s.io/kubernetes v1.14.2
 	kmodules.xyz/client-go v0.0.0-20190508091620-0d215c04352f
 	kmodules.xyz/custom-resources v0.0.0-20190508103408-464e8324c3ec
 )

diff --git a/go.sum b/go.sum
diff --git a/hack/make.py b/hack/make.py
@@ -151,7 +151,7 @@ def update_registry():
 
 
 def install():
-    die(call(libbuild.GOC + ' install ./...'))
+    die(call(libbuild.GOC + ' install  -mod=vendor ./...'))
 
 
 def default():

diff --git a/pkg/cmds/approve.go b/pkg/cmds/approve.go
@@ -43,6 +43,12 @@ var (
 		Reason:  "KubectlApprove",
 		Message: "This was approved by kubectl vault approve gcpaccesskeyrequest",
 	}
+
+	azureApprovedCond = engineapi.AzureAccessKeyRequestCondition{
+		Type:    engineapi.AccessApproved,
+		Reason:  "KubectlApprove",
+		Message: "This was approved by kubectl vault approve azureaccesskeyrequest",
+	}
 )
 
 func NewCmdApprove(clientGetter genericclioptions.RESTClientGetter) *cobra.Command {
@@ -55,6 +61,9 @@ func NewCmdApprove(clientGetter genericclioptions.RESTClientGetter) *cobra.Comma
 				ResourceName = args[0]
 				ObjectNames = args[1:]
 			}
+			if EnableStatusSubresource {
+				EnableStatusSubresource = GetDefaultValueForStatusSubresource(clientGetter)
+			}
 
 			if err := modifyStatusCondition(clientGetter, true); err != nil {
 				Fatal(err)
@@ -78,6 +87,8 @@ func modifyStatusCondition(clientGetter genericclioptions.RESTClientGetter, isAp
 		resourceName = dbapi.ResourceDatabaseAccessRequest
 	case engineapi.ResourceGCPAccessKeyRequest, engineapi.ResourceGCPAccessKeyRequests:
 		resourceName = engineapi.ResourceGCPAccessKeyRequest
+	case engineapi.ResourceAzureAccessKeyRequest, engineapi.ResourceAzureAccessKeyRequests:
+		resourceName = engineapi.ResourceAzureAccessKeyRequest
 	case "":
 		resourceName = ""
 	default:
@@ -110,12 +121,12 @@ func modifyStatusCondition(clientGetter genericclioptions.RESTClientGetter, isAp
 	r := builder.
 		WithScheme(clientsetscheme.Scheme, clientsetscheme.Scheme.PrioritizedVersionsAllGroups()...).
 		ContinueOnError().
+		NamespaceParam(namespace).DefaultNamespace().
 		FilenameParam(false, &FilenameOptions).
 		ResourceNames(resourceName, ObjectNames...).
 		RequireObject(true).
 		Flatten().
 		Latest().
-		NamespaceParam(namespace).
 		Do()
 	err = r.Visit(func(info *resource.Info, err error) error {
 		if err != nil {
@@ -145,6 +156,13 @@ func modifyStatusCondition(clientGetter genericclioptions.RESTClientGetter, isAp
 				cond = gcpApprovedCond
 			}
 			err2 = UpdateGCPAccessKeyRequest(engineClient, obj, cond)
+		case *engineapi.AzureAccessKeyRequest:
+			obj := info.Object.(*engineapi.AzureAccessKeyRequest)
+			cond := azureDeniedCond
+			if isApproveReq {
+				cond = azureApprovedCond
+			}
+			err2 = UpdateAzureAccessKeyRequest(engineClient, obj, cond)
 		default:
 			err2 = errors.New("unknown/unsupported type")
 		}
@@ -198,3 +216,17 @@ func UpdateGCPAccessKeyRequest(c enginecs.EngineV1alpha1Interface, gcpAKR *engin
 	}, EnableStatusSubresource)
 	return err
 }
+
+func UpdateAzureAccessKeyRequest(c enginecs.EngineV1alpha1Interface, azureAKR *engineapi.AzureAccessKeyRequest, cond engineapi.AzureAccessKeyRequestCondition) error {
+	_, err := engineutil.UpdateAzureAccessKeyRequestStatus(c, azureAKR, func(in *engineapi.AzureAccessKeyRequestStatus) *engineapi.AzureAccessKeyRequestStatus {
+		for _, cond := range in.Conditions {
+			if cond.Type == cond.Type {
+				return in
+			}
+		}
+		cond.LastUpdateTime = metav1.Now()
+		in.Conditions = append(in.Conditions, cond)
+		return in
+	}, EnableStatusSubresource)
+	return err
+}
diff --git a/pkg/cmds/deny.go b/pkg/cmds/deny.go
@@ -7,6 +7,7 @@ import (
 	dbapi "github.com/kubedb/apimachinery/apis/authorization/v1alpha1"
 	engineapi "github.com/kubevault/operator/apis/engine/v1alpha1"
 	"github.com/spf13/cobra"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 )
@@ -29,6 +30,13 @@ var (
 		Reason:  "KubectlDeny",
 		Message: "This was denied by kubectl vault deny gcpaccesskeyrequest",
 	}
+
+	azureDeniedCond = engineapi.AzureAccessKeyRequestCondition{
+		Type:           engineapi.AccessDenied,
+		Reason:         "KubectlDeny",
+		Message:        "This was denied by kubectl vault deny azureaccesskeyrequest",
+		LastUpdateTime: v1.Time{},
+	}
 )
 
 func NewCmdDeny(clientGetter genericclioptions.RESTClientGetter) *cobra.Command {
@@ -41,6 +49,9 @@ func NewCmdDeny(clientGetter genericclioptions.RESTClientGetter) *cobra.Command
 				ResourceName = args[0]
 				ObjectNames = args[1:]
 			}
+			if EnableStatusSubresource {
+				EnableStatusSubresource = GetDefaultValueForStatusSubresource(clientGetter)
+			}
 
 			if err := modifyStatusCondition(clientGetter, false); err != nil {
 				Fatal(err)

diff --git a/pkg/cmds/root.go b/pkg/cmds/root.go
@@ -48,7 +48,7 @@ func NewRootCmd() *cobra.Command {
 	logs.ParseFlags()
 	flags.BoolVar(&cli.EnableAnalytics, "analytics", cli.EnableAnalytics, "Send analytical events to Google Analytics")
 	flag.Set("stderrthreshold", "ERROR")
-	flags.BoolVar(&EnableStatusSubresource, "enable-status-subresource", GetDefaultValueForStatusSubresource(matchVersionKubeConfigFlags), "If true, uses sub resource for crds.")
+	flags.BoolVar(&EnableStatusSubresource, "enable-status-subresource", true, "If true, uses sub resource for crds.")
 
 	rootCmd.AddCommand(NewCmdApprove(matchVersionKubeConfigFlags))
 	rootCmd.AddCommand(NewCmdDeny(matchVersionKubeConfigFlags))

diff --git a/vendor/github.com/emicklei/go-restful/CHANGES.md b/vendor/github.com/emicklei/go-restful/CHANGES.md
diff --git a/vendor/github.com/emicklei/go-restful/mime.go b/vendor/github.com/emicklei/go-restful/mime.go
diff --git a/vendor/github.com/emicklei/go-restful/response.go b/vendor/github.com/emicklei/go-restful/response.go
diff --git a/vendor/github.com/emicklei/go-restful/route_builder.go b/vendor/github.com/emicklei/go-restful/route_builder.go
diff --git a/vendor/github.com/kubevault/operator/apis/engine/v1alpha1/azure_access_request_helpers.go b/vendor/github.com/kubevault/operator/apis/engine/v1alpha1/azure_access_request_helpers.go