azureutil

package
v0.1.75 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 6, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// InternalLoadBalancerAnnotation is the Azure annotation key for internal load balancers.
	InternalLoadBalancerAnnotation = "service.beta.kubernetes.io/azure-load-balancer-internal"

	// InternalLoadBalancerValue is the value that enables internal load balancing.
	InternalLoadBalancerValue = "true"
)
View Source 
const (
	// PollTimeout is the timeout for Azure long-running operations (PollUntilDone)
	// to prevent reconciler goroutines from blocking indefinitely.
	PollTimeout = 5 * time.Minute

	// DriftDetectionRequeueInterval is the interval for periodic reconciliation
	// to detect out-of-band changes to Azure resources.
	DriftDetectionRequeueInterval = 5 * time.Minute

	// PLSRequeueInterval is the interval used when requeuing because a prerequisite
	// (PLS alias, KAS hostname, Private Endpoint IP, or LoadBalancerIP) is not yet available.
	PLSRequeueInterval = 30 * time.Second

	// AzureResourceNameMaxLength is the maximum length for Azure resource names.
	AzureResourceNameMaxLength = 80

	// PEConnectionStateApproved indicates a Private Endpoint connection has been approved.
	PEConnectionStateApproved = "Approved"
	// PEConnectionStatePending indicates a Private Endpoint connection is awaiting approval.
	PEConnectionStatePending = "Pending"
	// PEConnectionStateRejected indicates a Private Endpoint connection has been rejected.
	PEConnectionStateRejected = "Rejected"
)
View Source 
const CPOUserAgent = "hypershift-cpo"

CPOUserAgent is the User-Agent identifier for the Control Plane Operator. Azure SDK has a 24-character limit for ApplicationID, and spaces are replaced with "/".

Variables

This section is empty.

Functions

func ClassifyAzureError added in v0.1.75 

func ClassifyAzureError(err error) (requeueAfter time.Duration, message string)

ClassifyAzureError inspects an Azure API error and returns an appropriate requeue duration and human-readable message. This provides differentiated backoff instead of relying on controller-runtime's exponential backoff:

  • 429 (Too Many Requests): uses Retry-After header if present, otherwise 5 minutes
  • 403 (Forbidden): 10 minutes - permissions issues unlikely to self-resolve quickly
  • 409 (Conflict): 30 seconds - transient conflict, retry soon
  • Other Azure API errors: 2 minutes - general retry interval
  • Non-Azure errors: 2 minutes - general retry interval

func CreateEnvVarsForAzureManagedIdentity added in v0.1.52 

func CreateEnvVarsForAzureManagedIdentity(azureCredentialsName string) []corev1.EnvVar

func CreateVolumeForAzureSecretStoreProviderClass added in v0.1.52 

func CreateVolumeForAzureSecretStoreProviderClass(secretStoreVolumeName, secretProviderClassName string) corev1.Volume

func CreateVolumeMountForAzureSecretStoreProviderClass added in v0.1.52 

func CreateVolumeMountForAzureSecretStoreProviderClass(secretStoreVolumeName string) corev1.VolumeMount

func CreateVolumeMountForKMSAzureSecretStoreProviderClass added in v0.1.58 

func CreateVolumeMountForKMSAzureSecretStoreProviderClass(secretStoreVolumeName string) corev1.VolumeMount

func GetAzureCloudConfiguration added in v0.1.70 

func GetAzureCloudConfiguration(cloudName string) (cloud.Configuration, error)

GetAzureCloudConfiguration converts a cloud name string to the Azure SDK cloud.Configuration. This function maps the cloud names used in the HyperShift API to the corresponding Azure SDK cloud configurations. Valid cloud names are: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, and empty string (defaults to AzurePublicCloud). Returns an error if the cloud name is not recognized.

func GetKeyVaultAuthorizedUser added in v0.1.50 

func GetKeyVaultAuthorizedUser() string

func GetKeyVaultDNSSuffixFromCloudType added in v0.1.58 

func GetKeyVaultDNSSuffixFromCloudType(cloud string) (string, error)

GetKeyVaultDNSSuffixFromCloudType simply mimics the functionality in environments.go from the Azure SDK, github.com/Azure/go-autorest. This function is used to get the DNS suffix for the Key Vault based on the cloud type.

func GetKeyVaultFQDN added in v0.1.75 

func GetKeyVaultFQDN(hcp *hyperv1.HostedControlPlane) (string, error)

GetKeyVaultFQDN constructs the fully qualified domain name for an Azure Key Vault from the HCP spec. It uses the active key's vault name and the cloud-specific DNS suffix.

func GetNameAndResourceGroupFromNetworkSecurityGroupID 

func GetNameAndResourceGroupFromNetworkSecurityGroupID(nsgID string) (string, string, error)

GetNameAndResourceGroupFromNetworkSecurityGroupID extracts the network security group (nsg) name and its resourrce group name from a nsg ID Example nsg ID: /subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/networkSecurityGroups/<nsgName>

func GetNetworkSecurityGroupInfo added in v0.1.53 

func GetNetworkSecurityGroupInfo(ctx context.Context, nsgID string, subscriptionID string, azureCreds azcore.TokenCredential, cloudName string) (armnetwork.SecurityGroupsClientGetResponse, error)

GetNetworkSecurityGroupInfo gets the full information on a network security group based on its ID. The cloudName parameter specifies the Azure cloud environment (e.g., "AzurePublicCloud", "AzureUSGovernmentCloud").

func GetResourceGroupInfo added in v0.1.53 

func GetResourceGroupInfo(ctx context.Context, rgName string, subscriptionID string, azureCreds azcore.TokenCredential, cloudName string) (armresources.ResourceGroupsClientGetResponse, error)

GetResourceGroupInfo gets the full information on a resource group based on its name. The cloudName parameter specifies the Azure cloud environment (e.g., "AzurePublicCloud", "AzureUSGovernmentCloud").

func GetServicePrincipalScopes added in v0.1.58 

func GetServicePrincipalScopes(subscriptionID, managedResourceGroupName, nsgResourceGroupName, vnetResourceGroupName, dnsZoneResourceGroupName, component string, assignCustomHCPRoles bool) (string, []string)

func GetSubnetNameFromSubnetID 

func GetSubnetNameFromSubnetID(subnetID string) (string, error)

GetSubnetNameFromSubnetID extracts the subnet name from a subnet ID Example subnet ID: /subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>

func GetVnetInfoFromVnetID 

func GetVnetInfoFromVnetID(ctx context.Context, vnetID string, subscriptionID string, azureCreds azcore.TokenCredential, cloudName string) (armnetwork.VirtualNetworksClientGetResponse, error)

GetVnetInfoFromVnetID extracts the full information on a VNET from a VNET ID by first getting the VNET name and its resource group's name and then using those parameters to query the full information on the VNET using Azure's SDK. The cloudName parameter specifies the Azure cloud environment (e.g., "AzurePublicCloud", "AzureUSGovernmentCloud").

func GetVnetNameAndResourceGroupFromVnetID 

func GetVnetNameAndResourceGroupFromVnetID(vnetID string) (string, string, error)

GetVnetNameAndResourceGroupFromVnetID extracts the VNET name and its resource group from a VNET ID Example VNET ID: /subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>

func IsAroHCP added in v0.1.50 

func IsAroHCP() bool

IsAroHCP returns true if the managed service environment variable is set to ARO-HCP

func IsAzureNotFoundError added in v0.1.75 

func IsAzureNotFoundError(err error) bool

IsAzureNotFoundError checks if an error is an Azure 404 Not Found response.

func IsPrivateKeyVault added in v0.1.75 

func IsPrivateKeyVault(hcp *hyperv1.HostedControlPlane) bool

IsPrivateKeyVault returns true if the HCP is configured with private Key Vault access

func IsSelfManagedAzure added in v0.1.69 

func IsSelfManagedAzure(platform hyperv1.PlatformType) bool

IsSelfManagedAzure returns true when the platform is Azure and the managed service is not ARO-HCP

func NewARMClientOptions added in v0.1.74 

func NewARMClientOptions(cloudConfig cloud.Configuration) *arm.ClientOptions

NewARMClientOptions creates Azure ARM client options with proper cloud configuration and telemetry settings for the Control Plane Operator. The telemetry options include the CPOUserAgent as the ApplicationID, which is added to the User-Agent header of all Azure API requests for proper request attribution and tracing.

func ParseRetryAfterDuration added in v0.1.75 

func ParseRetryAfterDuration(err error) (time.Duration, bool)

ParseRetryAfterDuration extracts and parses the Retry-After header from an Azure ResponseError's raw HTTP response. Azure 429 responses typically include this header to indicate how long the client should wait before retrying.

The Retry-After header supports two formats per RFC 7231 section 7.1.3:

  • Seconds: a non-negative decimal integer (e.g., "120")
  • HTTP-date: an absolute timestamp (e.g., "Thu, 01 Dec 2025 16:00:00 GMT")

Returns the parsed duration and true if successful, or (0, false) if:

  • The error is not an *azcore.ResponseError
  • The RawResponse is nil
  • The Retry-After header is absent or empty
  • The header value cannot be parsed in either format
  • The parsed HTTP-date is in the past (returns 0, false)

func ReconcileAzureCredentials added in v0.1.69 

func ReconcileAzureCredentials(
	ctx context.Context,
	client client.Client,
	createOrUpdate upsert.CreateOrUpdateFN,
	baseSecretData map[string][]byte,
	configs []AzureCredentialConfig,
	capabilities *hyperv1.Capabilities,
) []error

ReconcileAzureCredentials creates or updates Azure credential secrets based on the provided configurations

func SetAsAroHCPTest added in v0.1.66 

func SetAsAroHCPTest(t *testing.T)

SetAsAroHCPTest sets the proper environment variable for the test, designating this is an ARO-HCP environment

func ValidateAzureResourceName added in v0.1.75 

func ValidateAzureResourceName(name, resourceType string) error

ValidateAzureResourceName checks that a constructed Azure resource name does not exceed the Azure maximum of 80 characters. It returns an error if the name is too long.

Types

type AzureCredentialConfig added in v0.1.69 

type AzureCredentialConfig struct {
	Name              string
	ManifestFunc      func() *corev1.Secret
	ClientID          string
	CapabilityChecker func(*hyperv1.Capabilities) bool
	ErrorContext      string
}

AzureCredentialConfig defines the configuration for creating an Azure credential secret

type AzureEncryptionKey added in v0.1.69 

type AzureEncryptionKey struct {
	KeyVaultName string
	KeyName      string
	KeyVersion   string
}

AzureEncryptionKey represents the information needed to access an encryption key in Azure Key Vault This information comes from the encryption key ID, which is in the form of https://<vaultName>.vault.azure.net/keys/<keyName>/<keyVersion>

func GetAzureEncryptionKeyInfo added in v0.1.69 

func GetAzureEncryptionKeyInfo(encryptionKeyID string) (*AzureEncryptionKey, error)

GetAzureEncryptionKeyInfo extracts the key vault name, key name, and key version from an encryption key ID The encryption key ID is in the form of https://<vaultName>.vault.azure.net/keys/<keyName>/<keyVersion>

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.