v2.2.5-rc3

分支 (545)

标签 (1936)

管理

管理

master

main

release/v2.9

fix/v2.9/42823

release/v2.8

release/v2.7

fix/42823

v2.9.2-hotfix-tigeraoperator-conflict

v2.8.9-hotfix-test-cve-monitoring

v2.7.16-hotfix-test-cve-monitoring

v2.8-define-artifacts-to-upload

v2.9.2-hotfix-metrics-downstream-network

v2.9.2-hotfix-downstream-caches-reduction

v2.8-self-hosted-runners

v2.9.2-hotfix-transport-leak

v2.8.5-hotfix-tigeraoperator-conflict

markus/temp-remove-rsa

fix/42788-v2.9

fix/42788

backport-userretention-to-v2.8

v2.9.3-alpha4

v2.10.0-alpha2

v2.8.9-alpha9

v2.9.2-hotfix-ch-2-efe7cd186

v2.10.0-alpha1

v2.7.16-alpha3

v2.7.16-alpha4

v2.8.9-alpha8

v2.8.9-alpha7

v2.9.3-alpha3

v2.9.3-alpha2

v2.9.3-alpha1

v2.8.9-alpha6

v2.8.9-alpha5

v2.8.9-alpha4

v2.8.9-alpha3

v2.8.9-alpha2

v2.8.9-alpha1

v2.9.2-hotfix-ch-1-77f48fb9f

v2.9.2-hotfix-ch-2-3778e74e6

rancher
/
server
/
capabilities
/
aks_virtual_networks_endpoint.go

package capabilities

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"net/http"
	"regexp"

	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-05-01/network"
	"github.com/Azure/go-autorest/autorest"
	"github.com/Azure/go-autorest/autorest/adal"
	"github.com/Azure/go-autorest/autorest/azure"
)

var regex = regexp.MustCompile("/resourceGroups/(.+?)/")

func NewAKSVirtualNetworksHandler() *AKSVirtualNetworksHandler {
	return &AKSVirtualNetworksHandler{}
}

type AKSVirtualNetworksHandler struct {
}

type virtualNetworksRequestBody struct {
	// credentials
	ClientID       string `json:"clientId"`
	ClientSecret   string `json:"clientSecret"`
	SubscriptionID string `json:"subscriptionId"`
	TenantID       string `json:"tenantId"`
}

type virtualNetworksResponseBody struct {
	Name          string   `json:"name"`
	ResourceGroup string   `json:"resourceGroup"`
	Subnets       []subnet `json:"subnets"`
}

type subnet struct {
	Name         string `json:"name"`
	AddressRange string `json:"addressRange"`
}

func (g *AKSVirtualNetworksHandler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
	if req.Method != http.MethodPost {
		writer.WriteHeader(http.StatusMethodNotAllowed)
		return
	}

	writer.Header().Set("Content-Type", "application/json")

	var body virtualNetworksRequestBody
	if err := extractRequestBody(writer, req, &body); err != nil {
		handleErr(writer, err)
		return
	}

	if err := validateVirtualNetworksRequestBody(&body); err != nil {
		writer.WriteHeader(http.StatusBadRequest)
		handleErr(writer, err)
		return
	}

	clientID := body.ClientID
	clientSecret := body.ClientSecret
	subscriptionID := body.SubscriptionID
	tenantID := body.TenantID

	oAuthConfig, err := adal.NewOAuthConfig(azure.PublicCloud.ActiveDirectoryEndpoint, tenantID)
	if err != nil {
		writer.WriteHeader(http.StatusBadRequest)
		handleErr(writer, fmt.Errorf("failed to configure azure oauth: %v", err))
		return
	}

	spToken, err := adal.NewServicePrincipalToken(*oAuthConfig, clientID, clientSecret, azure.PublicCloud.ResourceManagerEndpoint)
	if err != nil {
		writer.WriteHeader(http.StatusBadRequest)
		handleErr(writer, fmt.Errorf("failed to create token: %v", err))
		return
	}

	authorizer := autorest.NewBearerAuthorizer(spToken)

	client := network.NewVirtualNetworksClient(subscriptionID)
	client.Authorizer = authorizer

	var networks []virtualNetworksResponseBody

	pointer, err := client.ListAll(context.Background())
	if err != nil {
		writer.WriteHeader(http.StatusBadRequest)
		handleErr(writer, fmt.Errorf("failed to get networks: %v", err))
		return
	}

	for pointer.NotDone() {
		var batch []virtualNetworksResponseBody

		for _, azureNetwork := range pointer.Values() {
			var subnets []subnet

			if azureNetwork.Subnets != nil {
				for _, azureSubnet := range *azureNetwork.Subnets {
					if azureSubnet.Name != nil {
						subnets = append(subnets, subnet{
							Name:         *azureSubnet.Name,
							AddressRange: *azureSubnet.AddressPrefix,
						})
					}
				}
			}

			if azureNetwork.ID == nil {
				writer.WriteHeader(http.StatusInternalServerError)
				handleErr(writer, errors.New("no ID on virtual network"))
				return
			}

			match := regex.FindStringSubmatch(*azureNetwork.ID)

			if len(match) < 2 || match[1] == "" {
				writer.WriteHeader(http.StatusInternalServerError)
				handleErr(writer, errors.New("could not parse virtual network ID"))
				return
			}

			if azureNetwork.Name == nil {
				writer.WriteHeader(http.StatusInternalServerError)
				handleErr(writer, errors.New("no name on virtual network"))
				return
			}

			batch = append(batch, virtualNetworksResponseBody{
				Name:          *azureNetwork.Name,
				ResourceGroup: match[1],
				Subnets:       subnets,
			})
		}

		networks = append(networks, batch...)

		err = pointer.Next()
		if err != nil {
			writer.WriteHeader(http.StatusInternalServerError)
			handleErr(writer, err)
			return
		}
	}

	serialized, err := json.Marshal(networks)
	if err != nil {
		writer.WriteHeader(http.StatusInternalServerError)
		handleErr(writer, err)
		return
	}

	writer.Write(serialized)
}

func validateVirtualNetworksRequestBody(body *virtualNetworksRequestBody) error {
	if body.ClientID == "" {
		return fmt.Errorf("invalid clientID")
	}

	if body.ClientSecret == "" {
		return fmt.Errorf("invalid clientSecret")
	}

	if body.SubscriptionID == "" {
		return fmt.Errorf("invalid subscriptionID")
	}

	if body.TenantID == "" {
		return fmt.Errorf("invalid tenantID")
	}

	return nil
}