Adds the controller implementation

It currently implements only one feature: NSG flow logs

cmd/aro/operator.go

@@ -35,6 +35,7 @@ import (
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/monitoring"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/muo"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/node"
+	"github.com/Azure/ARO-RP/pkg/operator/controllers/previewfeature"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/pullsecret"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/rbac"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/routefix"
@@ -197,6 +198,9 @@ func operator(ctx context.Context, log *logrus.Entry) error {
 		if err = (imageconfig.NewReconciler(
 			arocli, configcli)).SetupWithManager(mgr); err != nil {
 			return fmt.Errorf("unable to create controller ImageConfig: %v", err)
+		if err = (previewfeature.NewReconciler(
+			log.WithField("controller", controllers.PreviewFeatureControllerName),
+			arocli, kubernetescli)).SetupWithManager(mgr); err != nil {
 		}
 		if err = (storageaccounts.NewReconciler(
 			log.WithField("controller", controllers.StorageAccountsControllerName),

pkg/operator/controllers/const.go

@@ -7,6 +7,7 @@ const (
 	AlertwebhookControllerName             = "Alertwebhook"
 	AzureSubnetsControllerName             = "AzureSubnets"
 	BannerControllerName                   = "Banner"
+	PreviewFeatureControllerName           = "PreviewFeature"
 	ClusterOperatorAROName                 = "ClusterOperatorARO"
 	GenevaLoggingControllerName            = "GenevaLogging"
 	PullSecretControllerName               = "PullSecret"

pkg/operator/controllers/previewfeature/nsgflowlogs/nsgflowlogs.go

@@ -0,0 +1,48 @@
+package nsgflowlogs
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	aropreviewv1alpha1 "github.com/Azure/ARO-RP/pkg/operator/apis/preview.aro.openshift.io/v1alpha1"
+
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/network"
+)
+
+func NewFeature(flowLogsClient network.FlowLogsClient) *nsgFlowLogsFeature {
+	return &nsgFlowLogsFeature{
+		flowLogsClient: flowLogsClient,
+	}
+}
+
+type nsgFlowLogsFeature struct {
+	flowLogsClient network.FlowLogsClient
+}
+
+func (n *nsgFlowLogsFeature) Name() string {
+	return "nsgFlowLogsFeature"
+}
+
+func (n *nsgFlowLogsFeature) Reconcile(ctx context.Context, instance *aropreviewv1alpha1.PreviewFeature) error {
+	if instance.Spec.NSGFlowLogs == nil {
+		return nil
+	}
+
+	if !instance.Spec.NSGFlowLogs.Enabled {
+		return n.Disable(instance)
+	}
+
+	return n.Enable(instance)
+}
+
+func (n *nsgFlowLogsFeature) Enable(instance *aropreviewv1alpha1.PreviewFeature) error {
+	// TODO: Implement
+	return nil
+}
+
+func (n *nsgFlowLogsFeature) Disable(instance *aropreviewv1alpha1.PreviewFeature) error {
+	// TODO: Implement
+	return nil
+}

pkg/operator/controllers/previewfeature/previewfeature_controller.go

@@ -0,0 +1,102 @@
+package previewfeature
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	"github.com/sirupsen/logrus"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	aropreviewv1alpha1 "github.com/Azure/ARO-RP/pkg/operator/apis/preview.aro.openshift.io/v1alpha1"
+	aroclient "github.com/Azure/ARO-RP/pkg/operator/clientset/versioned"
+	"github.com/Azure/ARO-RP/pkg/operator/controllers"
+	"github.com/Azure/ARO-RP/pkg/operator/controllers/previewfeature/nsgflowlogs"
+	"github.com/Azure/ARO-RP/pkg/util/azureclient"
+	"github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/network"
+	"github.com/Azure/ARO-RP/pkg/util/clusterauthorizer"
+	"github.com/Azure/go-autorest/autorest/azure"
+)
+
+type feature interface {
+	Name() string
+	Reconcile(ctx context.Context, instance *aropreviewv1alpha1.PreviewFeature) error
+}
+
+type Reconciler struct {
+	log *logrus.Entry
+
+	arocli        aroclient.Interface
+	kubernetescli kubernetes.Interface
+}
+
+func NewReconciler(log *logrus.Entry, arocli aroclient.Interface, kubernetescli kubernetes.Interface) *Reconciler {
+	return &Reconciler{
+		log:           log,
+		arocli:        arocli,
+		kubernetescli: kubernetescli,
+	}
+}
+
+// Reconcile reconciles ARO preview features
+func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
+	instance, err := r.arocli.PreviewV1alpha1().PreviewFeatures().Get(ctx, aropreviewv1alpha1.SingletonPreviewFeatureName, metav1.GetOptions{})
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	// Get endpoints from operator
+	azEnv, err := azureclient.EnvironmentFromName(instance.Spec.AZEnvironment)
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	resource, err := azure.ParseResourceID(instance.Spec.ResourceID)
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	// create refreshable authorizer from token
+	authorizer, err := clusterauthorizer.NewAzRefreshableAuthorizer(ctx, r.log, &azEnv, r.kubernetescli)
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	flowLogsClient := network.NewFlowLogsClient(&azEnv, resource.SubscriptionID, authorizer)
+
+	features := []feature{
+		nsgflowlogs.NewFeature(flowLogsClient),
+	}
+
+	err = nil
+	for _, f := range features {
+		thisErr := f.Reconcile(ctx, instance)
+		if thisErr != nil {
+			// Reconcile all features even if there is an error in some of them
+			err = thisErr
+			r.log.Errorf("error reconciling %q: %s", f.Name(), err)
+		}
+	}
+
+	// Controller-runtime will requeue when err != nil
+	return reconcile.Result{}, err
+}
+
+// SetupWithManager setup our manager
+func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
+	aroPreviewFeaturePredicate := predicate.NewPredicateFuncs(func(o client.Object) bool {
+		return o.GetName() == aropreviewv1alpha1.SingletonPreviewFeatureName
+	})
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&aropreviewv1alpha1.PreviewFeature{}, builder.WithPredicates(aroPreviewFeaturePredicate)).
+		Named(controllers.PreviewFeatureControllerName).
+		Complete(r)
+}

pkg/util/azureclient/mgmt/network/flowlogs.go

@@ -0,0 +1,32 @@
+package network
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	mgmtnetwork "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2020-08-01/network"
+	"github.com/Azure/go-autorest/autorest"
+
+	"github.com/Azure/ARO-RP/pkg/util/azureclient"
+)
+
+// FlowLogsClient is a minimal interface for azure FlowLogsClient
+type FlowLogsClient interface {
+	FlowLogsClientAddons
+}
+
+type flowLogsClient struct {
+	mgmtnetwork.FlowLogsClient
+}
+
+var _ FlowLogsClient = &flowLogsClient{}
+
+// NewFlowLogsClient creates a new FlowLogsClient
+func NewFlowLogsClient(environment *azureclient.AROEnvironment, tenantID string, authorizer autorest.Authorizer) FlowLogsClient {
+	client := mgmtnetwork.NewFlowLogsClientWithBaseURI(environment.ResourceManagerEndpoint, tenantID)
+	client.Authorizer = authorizer
+
+	return &flowLogsClient{
+		FlowLogsClient: client,
+	}
+}

pkg/util/azureclient/mgmt/network/flowlogs_addons.go

@@ -0,0 +1,24 @@
+package network
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+
+	mgmtnetwork "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2020-08-01/network"
+)
+
+// FlowLogsClientAddons contains addons to WatchersClient
+type FlowLogsClientAddons interface {
+	CreateOrUpdateAndWait(ctx context.Context, resourceGroupName string, networkWatcherName string, flowLogName string, parameters mgmtnetwork.FlowLog) error
+}
+
+func (c *flowLogsClient) CreateOrUpdateAndWait(ctx context.Context, resourceGroupName string, networkWatcherName string, flowLogName string, parameters mgmtnetwork.FlowLog) error {
+	future, err := c.FlowLogsClient.CreateOrUpdate(ctx, resourceGroupName, networkWatcherName, flowLogName, parameters)
+	if err != nil {
+		return err
+	}
+
+	return future.WaitForCompletionRef(ctx, c.Client)
+}

pkg/util/azureclient/mgmt/network/generate.go

@@ -4,5 +4,5 @@ package network
 // Licensed under the Apache License 2.0.
 
 //go:generate rm -rf ../../../../util/mocks/$GOPACKAGE
-//go:generate go run ../../../../../vendor/github.com/golang/mock/mockgen -destination=../../../../util/mocks/azureclient/mgmt/$GOPACKAGE/$GOPACKAGE.go github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/$GOPACKAGE InterfacesClient,LoadBalancersClient,PrivateEndpointsClient,PrivateLinkServicesClient,PublicIPAddressesClient,RouteTablesClient,SubnetsClient,VirtualNetworksClient,SecurityGroupsClient,VirtualNetworkPeeringsClient,UsageClient
+//go:generate go run ../../../../../vendor/github.com/golang/mock/mockgen -destination=../../../../util/mocks/azureclient/mgmt/$GOPACKAGE/$GOPACKAGE.go github.com/Azure/ARO-RP/pkg/util/azureclient/mgmt/$GOPACKAGE InterfacesClient,LoadBalancersClient,PrivateEndpointsClient,PrivateLinkServicesClient,PublicIPAddressesClient,RouteTablesClient,SubnetsClient,VirtualNetworksClient,SecurityGroupsClient,VirtualNetworkPeeringsClient,UsageClient,FlowLogsClient
 //go:generate go run ../../../../../vendor/golang.org/x/tools/cmd/goimports -local=github.com/Azure/ARO-RP -e -w ../../../../util/mocks/azureclient/mgmt/$GOPACKAGE/$GOPACKAGE.go