Storage Credentials

controllers/suite_test.go

@@ -664,7 +664,7 @@ func setup() error {
 	err = (&StorageAccountReconciler{
 		Reconciler: &AsyncReconciler{
 			Client:      k8sManager.GetClient(),
-			AzureClient: resourcemanagerstorageaccount.New(),
+			AzureClient: resourcemanagerstorageaccount.New(secretClient, k8sManager.GetScheme()),
 			Telemetry: telemetry.InitializeTelemetryDefault(
 				"StorageAccount",
 				ctrl.Log.WithName("controllers").WithName("StorageAccount"),

docs/storage/storageaccount.md

@@ -32,4 +32,9 @@ A Storage Account needs the following fields to deploy, along with a location an
 
 ## Deploy, view and delete resources
 
-You can follow the steps [here](/docs/customresource.md) to deploy, view and delete resources.
+You can follow the steps [here](/docs/customresource.md) to deploy, view and delete resources.
+
+## Secrets
+After creating a storage account, the operator stores a JSON formatted secret with the following fields. For more details on where the secrets are stored, look [here](/docs/secrets.md).
+* `key1` (depending on the number of keys, there could be up to keyn)
+* `connectionString1` (depending on the number of keys, there could be up to connectionStringn)

main.go

@@ -161,7 +161,7 @@ func main() {
 	err = (&controllers.StorageAccountReconciler{
 		Reconciler: &controllers.AsyncReconciler{
 			Client:      mgr.GetClient(),
-			AzureClient: storageaccountManager.New(),
+			AzureClient: storageaccountManager.New(secretClient, scheme),
 			Telemetry: telemetry.InitializeTelemetryDefault(
 				"StorageAccount",
 				ctrl.Log.WithName("controllers").WithName("StorageAccount"),

pkg/resourcemanager/storages/managers.go

@@ -6,14 +6,18 @@ package storages
 import (
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/storages/blobcontainer"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/storages/storageaccount"
+	"github.com/Azure/azure-service-operator/pkg/secrets"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 type StorageManagers struct {
 	StorageAccount storageaccount.StorageManager
 	BlobContainer  blobcontainer.BlobContainerManager
 }
 
-var AzureStorageManagers = StorageManagers{
-	StorageAccount: storageaccount.New(),
-	BlobContainer:  blobcontainer.New(),
+func NewAzureStorageManagers(secretClient secrets.SecretClient, scheme *runtime.Scheme) StorageManagers {
+	return StorageManagers{
+		StorageAccount: storageaccount.New(secretClient, scheme),
+		BlobContainer:  blobcontainer.New(),
+	}
 }

pkg/resourcemanager/storages/storageaccount/storageaccount.go

@@ -6,19 +6,29 @@ package storageaccount
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-04-01/storage"
 	"github.com/Azure/azure-service-operator/api/v1alpha1"
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
+	resourcemgrconfig "github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/iam"
+	"github.com/Azure/azure-service-operator/pkg/secrets"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/to"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 )
 
-type azureStorageManager struct{}
+const templateForConnectionString = "DefaultEndpointsProtocol=https;AccountName=%s;AccountKey=%s;EndpointSuffix=%s"
+
+type azureStorageManager struct {
+	SecretClient secrets.SecretClient
+	Scheme       *runtime.Scheme
+}
 
 // ParseNetworkPolicy - helper function to parse network policies from Kubernetes spec
 func ParseNetworkPolicy(ruleSet *v1alpha1.StorageNetworkRuleSet) storage.NetworkRuleSet {
@@ -183,3 +193,39 @@ func (_ *azureStorageManager) ListKeys(ctx context.Context, resourceGroupName st
 
 	return storagesClient.ListKeys(ctx, resourceGroupName, accountName, storage.Kerb)
 }
+
+// StoreSecrets upserts the secret information for this storage account
+func (s *azureStorageManager) StoreSecrets(ctx context.Context, resourceGroupName string, accountName string, instance *v1alpha1.StorageAccount) error {
+
+	// get the keys
+	keyResult, err := s.ListKeys(ctx, resourceGroupName, accountName)
+	if err != nil {
+		return err
+	}
+	if keyResult.Keys == nil {
+		return fmt.Errorf("No keys were returned from ListKeys")
+	}
+	keys := *keyResult.Keys
+	storageEndpointSuffix := resourcemgrconfig.Environment().StorageEndpointSuffix
+
+	// build the connection string
+	data := map[string][]byte{
+		"StorageAccountName": []byte(accountName),
+	}
+	for i, key := range keys {
+		data[fmt.Sprintf("connectionString%v", i)] = []byte(fmt.Sprintf(templateForConnectionString, accountName, *key.Value, storageEndpointSuffix))
+		data[fmt.Sprintf("key%v", i)] = []byte(*key.Value)
+	}
+
+	// upsert
+	key := types.NamespacedName{
+		Name:      fmt.Sprintf("storageaccount-%s-%s", resourceGroupName, accountName),
+		Namespace: instance.Namespace,
+	}
+	return s.SecretClient.Upsert(ctx,
+		key,
+		data,
+		secrets.WithOwner(instance),
+		secrets.WithScheme(s.Scheme),
+	)
+}

pkg/resourcemanager/storages/storageaccount/storageaccount_manager.go

@@ -7,14 +7,20 @@ import (
 	"context"
 
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-04-01/storage"
+	"github.com/Azure/azure-service-operator/api/v1alpha1"
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager"
+	"github.com/Azure/azure-service-operator/pkg/secrets"
 	"github.com/Azure/go-autorest/autorest"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // New returns an instance of the Storage Account Client
-func New() *azureStorageManager {
-	return &azureStorageManager{}
+func New(secretClient secrets.SecretClient, scheme *runtime.Scheme) *azureStorageManager {
+	return &azureStorageManager{
+		SecretClient: secretClient,
+		Scheme:       scheme,
+	}
 }
 
 type StorageManager interface {
@@ -42,5 +48,10 @@ type StorageManager interface {
 
 	ListKeys(ctx context.Context, groupName string, storageAccountName string) (result storage.AccountListKeysResult, err error)
 
+	StoreSecrets(ctx context.Context,
+		resourceGroupName string,
+		accountName string,
+		instance *v1alpha1.StorageAccount) error
+
 	resourcemanager.ARMClient
 }

pkg/resourcemanager/storages/storageaccount/storageaccount_reconcile.go

@@ -82,6 +82,14 @@ func (sa *azureStorageManager) Ensure(ctx context.Context, obj runtime.Object, o
 	}
 
 	if instance.Status.State == "Succeeded" {
+
+		// upsert
+		err = sa.StoreSecrets(ctx, groupName, name, instance)
+		if err != nil {
+			return false, err
+		}
+
+		// everything finished successfully!
 		instance.Status.Message = resourcemanager.SuccessMsg
 		instance.Status.Provisioned = true
 		instance.Status.Provisioning = false
@@ -166,6 +174,12 @@ func (sa *azureStorageManager) Delete(ctx context.Context, obj runtime.Object, o
 
 	name := instance.ObjectMeta.Name
 	groupName := instance.Spec.ResourceGroup
+	key := types.NamespacedName{
+		Name: fmt.Sprintf("storageaccount-%s-%s",
+			instance.Spec.ResourceGroup,
+			instance.Name),
+		Namespace: instance.Namespace,
+	}
 
 	_, err = sa.DeleteStorage(ctx, groupName, name)
 	if err != nil {
@@ -177,6 +191,8 @@ func (sa *azureStorageManager) Delete(ctx context.Context, obj runtime.Object, o
 		err = errhelp.NewAzureError(err)
 		if azerr, ok := err.(*errhelp.AzureError); ok {
 			if helpers.ContainsString(catch, azerr.Type) {
+				// Best case deletion of secrets
+				sa.SecretClient.Delete(ctx, key)
 				return false, nil
 			}
 		}
@@ -186,6 +202,8 @@ func (sa *azureStorageManager) Delete(ctx context.Context, obj runtime.Object, o
 	_, err = sa.GetStorage(ctx, groupName, name)
 	if err != nil {
 		if errhelp.IsStatusCode404(err) {
+			// Best case deletion of secrets
+			sa.SecretClient.Delete(ctx, key)
 			return false, nil
 		}
 	}

pkg/resourcemanager/storages/suite_test.go

@@ -35,7 +35,6 @@ type TestContext struct {
 	ResourceGroupName     string
 	ResourceGroupLocation string
 	ResourceGroupManager  resourcegroupsresourcemanager.ResourceGroupManager
-	StorageManagers       StorageManagers
 	timeout               time.Duration
 	retryInterval         time.Duration
 }
@@ -72,7 +71,6 @@ var _ = BeforeSuite(func() {
 		ResourceGroupName:     resourceGroupName,
 		ResourceGroupLocation: resourceGroupLocation,
 		ResourceGroupManager:  resourceGroupManager,
-		StorageManagers:       AzureStorageManagers,
 		timeout:               time.Second * 300,
 		retryInterval:         time.Second * 1,
 	}