source-git / osbuild-composer

Clone
Source Code
GIT

Files

  1.   509fd43ac82544c04c8310db8c70992d6aa5692e
  2.   internal
  3.   boot
  4.   azuretest
  5.   azure.go
Blob Blame History Raw 
// +build integration

package azuretest

import (
	"context"
	"errors"
	"fmt"
	"io/ioutil"
	"log"
	"net/url"
	"os"

	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-09-01/network"
	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources"
	"github.com/Azure/azure-storage-blob-go/azblob"
	"github.com/Azure/go-autorest/autorest"
	"github.com/Azure/go-autorest/autorest/azure/auth"

	"github.com/osbuild/osbuild-composer/internal/upload/azure"
)

// wrapErrorf returns error constructed using fmt.Errorf from format and any
// other args. If innerError != nil, it's appended at the end of the new
// error.
func wrapErrorf(innerError error, format string, a ...interface{}) error {
	if innerError != nil {
		a = append(a, innerError)
		return fmt.Errorf(format+"\n\ninner error: %#s", a...)
	}

	return fmt.Errorf(format, a...)
}

type azureCredentials struct {
	azure.Credentials
	ContainerName  string
	SubscriptionID string
	ClientID       string
	ClientSecret   string
	TenantID       string
	Location       string
	ResourceGroup  string
}

// getAzureCredentialsFromEnv gets the credentials from environment variables
// If none of the environment variables is set, it returns nil.
// If some but not all environment variables are set, it returns an error.
func GetAzureCredentialsFromEnv() (*azureCredentials, error) {
	storageAccount, saExists := os.LookupEnv("AZURE_STORAGE_ACCOUNT")
	storageAccessKey, sakExists := os.LookupEnv("AZURE_STORAGE_ACCESS_KEY")
	containerName, cExists := os.LookupEnv("AZURE_CONTAINER_NAME")
	subscriptionId, siExists := os.LookupEnv("AZURE_SUBSCRIPTION_ID")
	clientId, ciExists := os.LookupEnv("AZURE_CLIENT_ID")
	clientSecret, csExists := os.LookupEnv("AZURE_CLIENT_SECRET")
	tenantId, tiExists := os.LookupEnv("AZURE_TENANT_ID")
	location, lExists := os.LookupEnv("AZURE_LOCATION")
	resourceGroup, rgExists := os.LookupEnv("AZURE_RESOURCE_GROUP")

	// If non of the variables is set, just ignore the test
	if !saExists && !sakExists && !cExists && !siExists && !ciExists && !csExists && !tiExists && !lExists && !rgExists {
		return nil, nil
	}
	// If only one/two of them are not set, then fail
	if !saExists || !sakExists || !cExists || !siExists || !ciExists || !csExists || !tiExists || !lExists || !rgExists {
		return nil, errors.New("not all required env variables were set")
	}

	return &azureCredentials{
		Credentials: azure.Credentials{
			StorageAccount:   storageAccount,
			StorageAccessKey: storageAccessKey,
		},
		ContainerName:  containerName,
		SubscriptionID: subscriptionId,
		ClientID:       clientId,
		ClientSecret:   clientSecret,
		TenantID:       tenantId,
		Location:       location,
		ResourceGroup:  resourceGroup,
	}, nil
}

// UploadImageToAzure mimics the upload feature of osbuild-composer.
func UploadImageToAzure(c *azureCredentials, imagePath string, imageName string) error {
	metadata := azure.ImageMetadata{
		ContainerName: c.ContainerName,
		ImageName:     imageName,
	}
	err := azure.UploadImage(c.Credentials, metadata, imagePath, 16)
	if err != nil {
		return fmt.Errorf("upload to azure failed: %v", err)
	}

	return nil
}

// DeleteImageFromAzure deletes the image uploaded by osbuild-composer
// (or UpluadImageToAzure method).
func DeleteImageFromAzure(c *azureCredentials, imageName string) error {
	// Create a default request pipeline using your storage account name and account key.
	credential, err := azblob.NewSharedKeyCredential(c.StorageAccount, c.StorageAccessKey)
	if err != nil {
		return err
	}

	p := azblob.NewPipeline(credential, azblob.PipelineOptions{})

	// get storage account blob service URL endpoint.
	URL, _ := url.Parse(fmt.Sprintf("https://%s.blob.core.windows.net/%s", c.StorageAccount, c.ContainerName))

	// Create a ContainerURL object that wraps the container URL and a request
	// pipeline to make requests.
	containerURL := azblob.NewContainerURL(*URL, p)

	// Create the container, use a never-expiring context
	ctx := context.Background()

	blobURL := containerURL.NewPageBlobURL(imageName)

	_, err = blobURL.Delete(ctx, azblob.DeleteSnapshotsOptionInclude, azblob.BlobAccessConditions{})

	if err != nil {
		return fmt.Errorf("cannot delete the image: %v", err)
	}

	return nil
}

// readPublicKey reads the public key from a file and returns it as a string
func readPublicKey(publicKeyFile string) (string, error) {
	publicKey, err := ioutil.ReadFile(publicKeyFile)
	if err != nil {
		return "", fmt.Errorf("cannot read the public key file: %v", err)
	}

	return string(publicKey), nil
}

// deleteResource is a convenient wrapper around Azure SDK to delete a resource
func deleteResource(client resources.Client, id string, apiVersion string) error {
	deleteFuture, err := client.DeleteByID(context.Background(), id, apiVersion)
	if err != nil {
		return fmt.Errorf("cannot delete the resourceType %s: %v", id, err)
	}

	err = deleteFuture.WaitForCompletionRef(context.Background(), client.BaseClient.Client)
	if err != nil {
		return fmt.Errorf("waiting for the resourceType %s deletion failed: %v", id, err)
	}

	_, err = deleteFuture.Result(client)
	if err != nil {
		return fmt.Errorf("cannot retrieve the result of %s deletion: %v", id, err)
	}

	return nil
}

func NewDeploymentParameters(creds *azureCredentials, imageName, testId, publicKey string) DeploymentParameters {
	// Azure requires a lot of names - for a virtual machine, a virtual network,
	// a virtual interface and so on and so forth.
	// Let's create all of them here from the test id so we can delete them
	// later.

	imagePath := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", creds.StorageAccount, creds.ContainerName, imageName)

	return DeploymentParameters{
		NetworkInterfaceName:     newDeploymentParameter("iface-" + testId),
		NetworkSecurityGroupName: newDeploymentParameter("nsg-" + testId),
		VirtualNetworkName:       newDeploymentParameter("vnet-" + testId),
		PublicIPAddressName:      newDeploymentParameter("ip-" + testId),
		VirtualMachineName:       newDeploymentParameter("vm-" + testId),
		DiskName:                 newDeploymentParameter("disk-" + testId),
		ImageName:                newDeploymentParameter("image-" + testId),
		Location:                 newDeploymentParameter(creds.Location),
		ImagePath:                newDeploymentParameter(imagePath),
		AdminUsername:            newDeploymentParameter("redhat"),
		AdminPublicKey:           newDeploymentParameter(publicKey),
	}
}

func CleanUpBootedVM(creds *azureCredentials, parameters DeploymentParameters, authorizer autorest.Authorizer, testId string) (retErr error) {
	deploymentName := testId

	deploymentsClient := resources.NewDeploymentsClient(creds.SubscriptionID)
	deploymentsClient.Authorizer = authorizer

	resourcesClient := resources.NewClient(creds.SubscriptionID)
	resourcesClient.Authorizer = authorizer

	// This array specifies all the resources we need to delete. The
	// order is important, e.g. one cannot delete a network interface
	// that is still attached to a virtual machine.
	resourcesToDelete := []struct {
		resType    string
		name       string
		apiVersion string
	}{
		{
			resType:    "Microsoft.Compute/virtualMachines",
			name:       parameters.VirtualMachineName.Value,
			apiVersion: "2019-07-01",
		},
		{
			resType:    "Microsoft.Network/networkInterfaces",
			name:       parameters.NetworkInterfaceName.Value,
			apiVersion: "2019-09-01",
		},
		{
			resType:    "Microsoft.Network/publicIPAddresses",
			name:       parameters.PublicIPAddressName.Value,
			apiVersion: "2019-09-01",
		},
		{
			resType:    "Microsoft.Network/networkSecurityGroups",
			name:       parameters.NetworkSecurityGroupName.Value,
			apiVersion: "2019-09-01",
		},
		{
			resType:    "Microsoft.Network/virtualNetworks",
			name:       parameters.VirtualNetworkName.Value,
			apiVersion: "2019-09-01",
		},
		{
			resType:    "Microsoft.Compute/disks",
			name:       parameters.DiskName.Value,
			apiVersion: "2019-07-01",
		},
		{
			resType:    "Microsoft.Compute/images",
			name:       parameters.ImageName.Value,
			apiVersion: "2019-07-01",
		},
	}

	// Delete all the resources
	for _, resourceToDelete := range resourcesToDelete {
		resourceID := fmt.Sprintf(
			"subscriptions/%s/resourceGroups/%s/providers/%s/%s",
			creds.SubscriptionID,
			creds.ResourceGroup,
			resourceToDelete.resType,
			resourceToDelete.name,
		)

		err := deleteResource(resourcesClient, resourceID, resourceToDelete.apiVersion)
		if err != nil {
			log.Printf("deleting the resource %s errored: %v", resourceToDelete.name, err)
			retErr = wrapErrorf(retErr, "cannot delete the resource %s: %v", resourceToDelete.name, err)
			// do not return here, try deleting as much as possible
		}
	}

	// Delete the deployment
	// This actually does not delete any resources created by the
	// deployment as one might think. Therefore the code above
	// is needed.
	result, err := deploymentsClient.Delete(context.Background(), creds.ResourceGroup, deploymentName)
	if err != nil {
		retErr = wrapErrorf(retErr, "cannot create the request for the deployment deletion: %v", err)
		return
	}

	err = result.WaitForCompletionRef(context.Background(), deploymentsClient.Client)
	if err != nil {
		retErr = wrapErrorf(retErr, "waiting for the deployment deletion failed: %v", err)
		return
	}

	_, err = result.Result(deploymentsClient)
	if err != nil {
		retErr = wrapErrorf(retErr, "cannot retrieve the deployment deletion result: %v", err)
		return
	}
	return
}

// WithBootedImageInAzure runs the function f in the context of booted
// image in Azure
func WithBootedImageInAzure(creds *azureCredentials, imageName, testId, publicKeyFile string, f func(address string) error) (retErr error) {
	publicKey, err := readPublicKey(publicKeyFile)
	if err != nil {
		return err
	}

	clientCredentialsConfig := auth.NewClientCredentialsConfig(creds.ClientID, creds.ClientSecret, creds.TenantID)
	authorizer, err := clientCredentialsConfig.Authorizer()
	if err != nil {
		return fmt.Errorf("cannot create the authorizer: %v", err)
	}

	template, err := loadDeploymentTemplate()
	if err != nil {
		return err
	}

	deploymentsClient := resources.NewDeploymentsClient(creds.SubscriptionID)
	deploymentsClient.Authorizer = authorizer

	deploymentName := testId
	parameters := NewDeploymentParameters(creds, imageName, testId, publicKey)

	deploymentFuture, err := deploymentsClient.CreateOrUpdate(context.Background(), creds.ResourceGroup, deploymentName, resources.Deployment{
		Properties: &resources.DeploymentProperties{
			Mode:       resources.Incremental,
			Template:   template,
			Parameters: parameters,
		},
	})

	// Let's registed the clean-up function as soon as possible.
	defer func() {
		retErr = CleanUpBootedVM(creds, parameters, authorizer, testId)
	}()

	if err != nil {
		return fmt.Errorf("creating a deployment failed: %v", err)
	}

	err = deploymentFuture.WaitForCompletionRef(context.Background(), deploymentsClient.Client)
	if err != nil {
		return fmt.Errorf("waiting for deployment completion failed: %v", err)
	}

	_, err = deploymentFuture.Result(deploymentsClient)
	if err != nil {
		return fmt.Errorf("retrieving the deployment result failed: %v", err)
	}

	// get the IP address
	publicIPAddressClient := network.NewPublicIPAddressesClient(creds.SubscriptionID)
	publicIPAddressClient.Authorizer = authorizer

	publicIPAddress, err := publicIPAddressClient.Get(context.Background(), creds.ResourceGroup, parameters.PublicIPAddressName.Value, "")
	if err != nil {
		return fmt.Errorf("cannot get the ip address details: %v", err)
	}

	return f(*publicIPAddress.IPAddress)
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation