env

package
v0.0.0-...-090f0e2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2026 License: Apache-2.0 Imports: 45 Imported by: 93

Documentation

Index

Constants

View Source 
const (
	RPDevARMSecretName               = "dev-arm"
	RPFirstPartySecretName           = "rp-firstparty"
	RPServerSecretName               = "rp-server"
	ClusterLoggingSecretName         = "cluster-mdsd"
	EncryptionSecretName             = "encryption-key"
	EncryptionSecretV2Name           = "encryption-key-v2"
	FrontendEncryptionSecretName     = "fe-encryption-key"
	FrontendEncryptionSecretV2Name   = "fe-encryption-key-v2"
	PortalServerSecretName           = "portal-server"
	PortalServerClientSecretName     = "portal-client"
	PortalServerSessionKeySecretName = "portal-session-key"
	PortalServerSSHKeySecretName     = "portal-sshkey"
	ClusterKeyvaultSuffix            = "-cls"
	GatewayKeyvaultSuffix            = "-gwy"
	PortalKeyvaultSuffix             = "-por"
	ServiceKeyvaultSuffix            = "-svc"
	ClusterMsiKeyVaultSuffix         = "-msi"
	RPPrivateEndpointPrefix          = "rp-pe-"
	ProxyHostName                    = "PROXY_HOSTNAME"
)
View Source 
const (
	EnvDatabaseName        = "DATABASE_NAME"
	EnvDatabaseAccountName = "DATABASE_ACCOUNT_NAME"
)
View Source 
const (
	KeyvaultPrefix         = "KEYVAULT_PREFIX"
	OIDCAFDEndpoint        = "OIDC_AFD_ENDPOINT"
	OIDCStorageAccountName = "OIDC_STORAGE_ACCOUNT_NAME"
	OtelAuditQueueSize     = "OTEL_AUDIT_QUEUE_SIZE"
	ARMCABundlePath        = "/etc/aro-rp/arm-ca-bundle.pem"
	AdminCABundlePath      = "/etc/aro-rp/admin-ca-bundle.pem"
)
View Source 
const EnvUseWorkloadIdentity = "ARO_RP_WORKLOAD_IDENTITY"
View Source 
const (
	SharedMSIKeyVaultNameSuffix = "-dev-msi"
)

Variables

This section is empty.

Functions

func ClientDebugLoggerMiddleware 

func ClientDebugLoggerMiddleware(log *logrus.Entry) policy.Policy

func DBAccountName 

func DBAccountName() (string, error)

Fetch the database account name from the environment.

func DBName 

func DBName(c Core) (string, error)

func FeatureStrings 

func FeatureStrings() []string

FeatureStrings returns a slice of all String values of the enum

func IsCI 

func IsCI() bool

func IsLocalDevelopmentMode 

func IsLocalDevelopmentMode() bool

func LoggerForService 

func LoggerForService(service ServiceName, logger *logrus.Entry) *logrus.Entry

func MockMSIResponses 

func MockMSIResponses(aadHost string, msiResourceId *arm.ResourceID) dataplane.ClientFactory

func ValidateVars 

func ValidateVars(vars ...string) error

ValidateVars iterates over all the elements of vars and if it does not exist an environment variable with that name, it will return an error. Otherwise it returns nil.

Types

type ARMHelper 

type ARMHelper interface {
	EnsureARMResourceGroupRoleAssignment(context.Context, string) error
}

type CertificateRefresher 

type CertificateRefresher interface {
	Start(context.Context) error
	GetCertificates() (*rsa.PrivateKey, []*x509.Certificate)
}

type Core 

type Core interface {
	IsLocalDevelopmentMode() bool
	IsCI() bool
	NewMSITokenCredential() (azcore.TokenCredential, error)
	NewMSIAuthorizer(scope string) (autorest.Authorizer, error)
	NewLiveConfigManager(context.Context) (liveconfig.Manager, error)
	instancemetadata.InstanceMetadata

	Service() string
	Logger() *logrus.Entry
	LoggerForComponent(string) *logrus.Entry

	// for ease of faking, load time in a consistent place everywhere
	Now() time.Time
}

Core collects basic configuration information which is expected to be available on any PROD service VMSS (i.e. instance metadata, MSI authorizer, etc.)

func NewCore 

func NewCore(ctx context.Context, _log *logrus.Entry, service ServiceName) (Core, error)

func NewCoreForCI 

func NewCoreForCI(ctx context.Context, _log *logrus.Entry, service ServiceName) (Core, error)

NewCoreForCI returns an env.Core which respects RP_MODE but always uses AZURE_* environment variables instead of IMDS. This is used for entrypoints which may run on CI VMs. CI VMs don't currently have MSI and hence cannot resolve their tenant ID, and also may access resources in a different tenant (e.g. AME).

type Feature 

type Feature int
const (
	FeatureDisableDenyAssignments Feature = iota
	FeatureDisableSignedCertificates
	FeatureEnableDevelopmentAuthorizer
	FeatureRequireD2sWorkers
	FeatureDisableReadinessDelay
	FeatureRequireOIDCStorageWebEndpoint
	FeatureUseMockMsiRp
	FeatureEnableMISE
	FeatureEnforceMISE
	// Expanded Availability Zones are AZs in zonal regions above 3. This
	// affects whether we allow it for created clusters, it does not affect the
	// RP's deployments.
	FeatureEnableClusterExpandedAvailabilityZones
)

RP Features are boolean options with defined on/off behaviour that is required at the RP level. Most of them are only relevant for development environments.

func FeatureString 

func FeatureString(s string) (Feature, error)

FeatureString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func FeatureValues 

func FeatureValues() []Feature

FeatureValues returns all values of the enum

func (Feature) IsAFeature 

func (i Feature) IsAFeature() bool

IsAFeature returns "true" if the value is listed in the enum definition. "false" otherwise

func (Feature) String 

func (i Feature) String() string

type Interface 

type Interface interface {
	Core
	proxy.Dialer
	ARMHelper

	InitializeAuthorizers() error
	ArmClientAuthorizer() clientauthorizer.ClientAuthorizer
	AdminClientAuthorizer() clientauthorizer.ClientAuthorizer
	MISEAuthorizer() miseadapter.MISEAdapter
	ClusterGenevaLoggingAccount() string
	ClusterGenevaLoggingConfigVersion() string
	ClusterGenevaLoggingEnvironment() string
	ClusterGenevaLoggingNamespace() string
	ClusterGenevaLoggingSecret() (*rsa.PrivateKey, *x509.Certificate)
	ClusterKeyvault() azsecrets.Client
	ClusterMsiKeyVaultName() string
	Domain() string
	FeatureIsSet(Feature) bool
	// TODO: Delete FPAuthorizer once the replace from track1 to track2 is done.
	FPAuthorizer(string, []string, ...string) (autorest.Authorizer, error)
	FPNewClientCertificateCredential(string, []string) (*azidentity.ClientCertificateCredential, error)
	FPClientID() string
	Listen() (net.Listener, error)
	GatewayDomains() []string
	GatewayResourceGroup() string
	ServiceKeyvault() azsecrets.Client
	ACRResourceID() string
	ACRDomain() string
	OIDCStorageAccountName() string
	OIDCEndpoint() string
	OIDCKeyBitSize() int
	OtelAuditQueueSize() (int, error)
	MsiRpEndpoint() string
	MsiDataplaneClientOptions(correlationData *api.CorrelationData) (*policy.ClientOptions, error)
	MockMSIResponses(msiResourceId *arm.ResourceID) dataplane.ClientFactory
	AROOperatorImage() string
	LiveConfig() liveconfig.Manager
	ClusterCertificates() azcertificates.Client
}

Interface is clunky and somewhat legacy and only used in the RP codebase (not monitor/portal/gateway, etc.). It is a grab-bag of items which modify RP behaviour depending on where it is running (dev, prod, etc.) Outside of the RP codebase, use Core. Ideally we might break Interface into smaller pieces, either closer to their point of use, or maybe using dependency injection. Try to remove methods, not add more. A refactored approach to configuration is generally necessary across all of the ARO services; dealing with Interface should be part of that.

func NewEnv 

func NewEnv(ctx context.Context, log *logrus.Entry, component ServiceName) (Interface, error)

type MSIContext 

type MSIContext string
const (
	MSIContextRP      MSIContext = "RP"
	MSIContextGateway MSIContext = "GATEWAY"
)

type ServiceName 

type ServiceName string

ServiceName is the name of the runtime service (e.g. gateway, monitor) 

const (
	SERVICE_RP                  ServiceName = "RP"
	SERVICE_GATEWAY             ServiceName = "GATEWAY"
	SERVICE_MONITOR             ServiceName = "MONITOR"
	SERVICE_OPERATOR            ServiceName = "OPERATOR"
	SERVICE_MIRROR              ServiceName = "MIRROR"
	SERVICE_PORTAL              ServiceName = "PORTAL"
	SERVICE_UPDATE_OCP_VERSIONS ServiceName = "UPDATE_OCP_VERSIONS"
	SERVICE_UPDATE_ROLE_SETS    ServiceName = "UPDATE_ROLE_SETS"
	SERVICE_DEPLOY              ServiceName = "DEPLOY"
	SERVICE_TOOLING             ServiceName = "TOOLING"
	SERVICE_MIMO_SCHEDULER      ServiceName = "MIMO_SCHEDULER"
	SERVICE_MIMO_ACTUATOR       ServiceName = "MIMO_ACTUATOR"
	SERVICE_E2E                 ServiceName = "E2E"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.