github.com/kyma-project/kyma-environment-broker@v0.0.1/cmd/subscriptioncleanup/cloudprovider/azure.go

github.com/kyma-project/kyma-environment-broker@v0.0.1/cmd/subscriptioncleanup/cloudprovider/azure.go (about)

     1  package cloudprovider
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources"
     8  	"github.com/Azure/go-autorest/autorest"
     9  	"github.com/Azure/go-autorest/autorest/adal"
    10  	"github.com/Azure/go-autorest/autorest/azure"
    11  	log "github.com/sirupsen/logrus"
    12  )
    13  
    14  type azureResourceCleaner struct {
    15  	azureClient resources.GroupsClient
    16  }
    17  
    18  type config struct {
    19  	clientID       string
    20  	clientSecret   string
    21  	subscriptionID string
    22  	tenantID       string
    23  	userAgent      string
    24  }
    25  
    26  func NewAzureResourcesCleaner(secretData map[string][]byte) (ResourceCleaner, error) {
    27  	config, err := toConfig(secretData)
    28  	if err != nil {
    29  		return nil, err
    30  	}
    31  
    32  	azureClient, err := newResourceGroupsClient(config)
    33  	if err != nil {
    34  		return nil, err
    35  	}
    36  
    37  	return &azureResourceCleaner{
    38  		azureClient: azureClient,
    39  	}, nil
    40  }
    41  
    42  func (ac azureResourceCleaner) Do() error {
    43  	ctx := context.Background()
    44  	resourceGroups, err := ac.azureClient.List(ctx, "", nil)
    45  	if err != nil {
    46  		return err
    47  	}
    48  
    49  	for _, resourceGroup := range resourceGroups.Values() {
    50  		if resourceGroup.Name != nil {
    51  			log.Infof("Deleting resource group '%s'", *resourceGroup.Name)
    52  			future, err := ac.azureClient.Delete(ctx, *resourceGroup.Name)
    53  			if err != nil {
    54  				log.Errorf("failed to init resource group '%s' deletion", *resourceGroup.Name)
    55  				continue
    56  			}
    57  
    58  			err = future.WaitForCompletionRef(ctx, ac.azureClient.Client)
    59  			if err != nil {
    60  				log.Errorf("failed to remove resource group '%s', %s: ", *resourceGroup.Name, err.Error())
    61  			}
    62  		}
    63  	}
    64  
    65  	return nil
    66  }
    67  
    68  func toConfig(secretData map[string][]byte) (config, error) {
    69  	clientID, exists := secretData["clientID"]
    70  	if !exists {
    71  		return config{}, fmt.Errorf("clientID not provided in the secret")
    72  	}
    73  
    74  	clientSecret, exists := secretData["clientSecret"]
    75  	if !exists {
    76  		return config{}, fmt.Errorf("clientSecret not provided in the secret")
    77  	}
    78  
    79  	subscriptionID, exists := secretData["subscriptionID"]
    80  	if !exists {
    81  		return config{}, fmt.Errorf("subscriptionID not provided in the secret")
    82  	}
    83  
    84  	tenantID, exists := secretData["tenantID"]
    85  	if !exists {
    86  		return config{}, fmt.Errorf("tenantID not provided in the secret")
    87  	}
    88  
    89  	return config{
    90  		clientID:       string(clientID),
    91  		clientSecret:   string(clientSecret),
    92  		subscriptionID: string(subscriptionID),
    93  		tenantID:       string(tenantID),
    94  		userAgent:      "kyma-environment-broker",
    95  	}, nil
    96  }
    97  
    98  func newResourceGroupsClient(config config) (resources.GroupsClient, error) {
    99  	azureEnv, err := azure.EnvironmentFromName("AzurePublicCloud") // shouldn't fail
   100  	if err != nil {
   101  		return resources.GroupsClient{}, err
   102  	}
   103  
   104  	authorizer, err := getResourceManagementAuthorizer(&config, &azureEnv)
   105  	if err != nil {
   106  		return resources.GroupsClient{}, err
   107  	}
   108  
   109  	return getGroupsClient(&config, authorizer)
   110  }
   111  
   112  // getGroupsClient gets a client for handling of Azure ResourceGroups
   113  func getGroupsClient(config *config, authorizer autorest.Authorizer) (resources.GroupsClient, error) {
   114  	client := resources.NewGroupsClient(config.subscriptionID)
   115  	client.Authorizer = authorizer
   116  
   117  	if err := client.AddToUserAgent(config.userAgent); err != nil {
   118  		return resources.GroupsClient{}, fmt.Errorf("while adding user agent [%s]: %w", config.userAgent, err)
   119  	}
   120  
   121  	return client, nil
   122  }
   123  
   124  func getResourceManagementAuthorizer(config *config, environment *azure.Environment) (autorest.Authorizer, error) {
   125  	armAuthorizer, err := getAuthorizerForResource(config, environment)
   126  	if err != nil {
   127  		return nil, fmt.Errorf("while creating resource authorizer: %w", err)
   128  	}
   129  
   130  	return armAuthorizer, err
   131  }
   132  
   133  func getAuthorizerForResource(config *config, environment *azure.Environment) (autorest.Authorizer, error) {
   134  	oauthConfig, err := adal.NewOAuthConfig(environment.ActiveDirectoryEndpoint, config.tenantID)
   135  	if err != nil {
   136  		return nil, err
   137  	}
   138  
   139  	token, err := adal.NewServicePrincipalToken(*oauthConfig, config.clientID, config.clientSecret, environment.ResourceManagerEndpoint)
   140  	if err != nil {
   141  		return nil, err
   142  	}
   143  	return autorest.NewBearerAuthorizer(token), err
   144  }