Azure independence (#95)

.vscode/launch.json

@@ -28,9 +28,10 @@
             "env": {
                 "AZURE_LOCATION": "West Europe",
                 "VAULT_ADDR": "http://localhost:54969/",
-                //"VAULT_TOKEN": "PLEASE_ADD_VAULT_TOKEN"",                
+                //"VAULT_TOKEN": "PLEASE_ADD_VAULT_TOKEN",
                 "AZURE_MANAGED_IDENTITY_RG": "global",
                 "AZURE_MANAGED_IDENTITY_NAME": "scriptidentity",
+                "AZURE_ENABLED": "true",
                 //"RUSI_ENABLED": "true"
                 //"PULUMI_SKIP_REFRESH": "true",
             },

helm/templates/provisioner-deployment.yaml

@@ -31,6 +31,9 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        - name: AZURE_ENABLED
+          value: {{ .Values.global.azure.enabled | quote }}
+        {{- if .Values.global.azure.enabled }}
         - name: AZURE_CLIENT_SECRET
           valueFrom:
             secretKeyRef:
@@ -65,7 +68,7 @@ spec:
           valueFrom:
             configMapKeyRef:
               name: azure-config
-              key: managedIdentityName            
+              key: managedIdentityName
         - name: ARM_CLIENT_ID
           valueFrom:
             configMapKeyRef:
@@ -81,12 +84,13 @@ spec:
             configMapKeyRef:
               name: azure-config
               key: tenantId
+        {{- end }}
         - name: PULUMI_ACCESS_TOKEN
           valueFrom:
             secretKeyRef:
               name: provisioner-secrets
               key: pulumiAccessToken
-        {{- if .Values.global.vault.enabled }}              
+        {{- if .Values.global.vault.enabled }}
         - name: VAULT_ADDR
           value: "{{ .Values.global.vault.address }}"
         - name: VAULT_TOKEN

helm/values.yaml

@@ -9,3 +9,6 @@ global:
     address: http://vault.vault:8200
   rusi:
     enabled: true
+  azure:
+    enabled: true
+

internal/controllers/provisioning/provisioners/pulumi/pulumi.go

@@ -25,6 +25,7 @@ import (
 
 var (
 	EnvPulumiSkipRefresh = "PULUMI_SKIP_REFRESH"
+	EnvAzureEnabled      = "AZURE_ENABLED"
 )
 
 type provisionedResourceMap = map[provisioningv1.ProvisioningResourceIdendtifier]pulumi.Resource
@@ -153,16 +154,24 @@ func createOrSelectStack(ctx context.Context, stackName, projectName string, dep
 	klog.V(4).Info("Installing plugins")
 	w := s.Workspace()
 
-	// for inline source programs, we must manage plugins ourselves
-	err = w.InstallPlugin(ctx, "azure-native", "v2.4.0")
+	azureEnabled, err := strconv.ParseBool(os.Getenv(EnvAzureEnabled))
 	if err != nil {
-		klog.Errorf("Failed to install azure-native plugin: %v", err)
+		klog.Errorf("Failed to parse %s: %v", EnvAzureEnabled, err)
 		return auto.Stack{}, err
 	}
-	err = w.InstallPlugin(ctx, "azuread", "v5.38.0")
-	if err != nil {
-		klog.Errorf("Failed to install azure-ad plugin: %v", err)
-		return auto.Stack{}, err
+
+	// for inline source programs, we must manage plugins ourselves
+	if azureEnabled {
+		err = w.InstallPlugin(ctx, "azure-native", "v2.4.0")
+		if err != nil {
+			klog.Errorf("Failed to install azure-native plugin: %v", err)
+			return auto.Stack{}, err
+		}
+		err = w.InstallPlugin(ctx, "azuread", "v5.38.0")
+		if err != nil {
+			klog.Errorf("Failed to install azure-ad plugin: %v", err)
+			return auto.Stack{}, err
+		}
 	}
 	err = w.InstallPlugin(ctx, "random", "v4.13.2")
 	if err != nil {
@@ -182,17 +191,33 @@ func createOrSelectStack(ctx context.Context, stackName, projectName string, dep
 	klog.V(4).Info("Successfully installed plugins")
 
 	// set stack configuration
-	_ = s.SetAllConfig(ctx, map[string]auto.ConfigValue{
-		"azure-native:location":       {Value: os.Getenv("AZURE_LOCATION")},
-		"azure-native:clientId":       {Value: os.Getenv("AZURE_CLIENT_ID")},
-		"azure-native:subscriptionId": {Value: os.Getenv("AZURE_SUBSCRIPTION_ID")},
-		"azure-native:tenantId":       {Value: os.Getenv("AZURE_TENANT_ID")},
-		"azure-native:clientSecret":   {Value: os.Getenv("AZURE_CLIENT_SECRET"), Secret: true},
-		"azuread:clientId":            {Value: os.Getenv("ARM_CLIENT_ID")},
-		"azuread:tenantId":            {Value: os.Getenv("ARM_TENANT_ID")},
-		"azuread:clientSecret":        {Value: os.Getenv("ARM_CLIENT_SECRET"), Secret: true}})
-
-	klog.V(4).Info("Successfully set config")
+	configValues := map[string]auto.ConfigValue{}
+	if azureEnabled {
+		azureConfigValues := map[string]auto.ConfigValue{
+			"azure-native:location":       {Value: os.Getenv("AZURE_LOCATION")},
+			"azure-native:clientId":       {Value: os.Getenv("AZURE_CLIENT_ID")},
+			"azure-native:subscriptionId": {Value: os.Getenv("AZURE_SUBSCRIPTION_ID")},
+			"azure-native:tenantId":       {Value: os.Getenv("AZURE_TENANT_ID")},
+			"azure-native:clientSecret":   {Value: os.Getenv("AZURE_CLIENT_SECRET"), Secret: true},
+			"azuread:clientId":            {Value: os.Getenv("ARM_CLIENT_ID")},
+			"azuread:tenantId":            {Value: os.Getenv("ARM_TENANT_ID")},
+			"azuread:clientSecret":        {Value: os.Getenv("ARM_CLIENT_SECRET"), Secret: true},
+		}
+
+		for key, value := range azureConfigValues {
+			configValues[key] = value
+		}
+	}
+
+	if len(configValues) > 0 {
+		err := s.SetAllConfig(ctx, configValues)
+		if err != nil {
+			klog.Errorf("Failed to set config: %v", err)
+			return auto.Stack{}, err
+		} else {
+			klog.V(4).Info("Successfully set config")
+		}
+	}
 
 	if skipRefresh, err := strconv.ParseBool(os.Getenv(EnvPulumiSkipRefresh)); err == nil && skipRefresh {
 		klog.V(4).Info("Skipping refresh")

internal/controllers/provisioning/provisioning_controller.go

@@ -3,7 +3,9 @@ package provisioning
 import (
 	"context"
 	"fmt"
+	"os"
 	"reflect"
+	"strconv"
 	"strings"
 	"time"
 
@@ -43,6 +45,8 @@ const (
 
 	DomainProvisionedSuccessfullyFormat string = "%s domain provisioned successfully"
 	DomainProvisionningFailedFormat     string = "%s domain provisionning failed"
+
+	EnvAzureEnabled = "AZURE_ENABLED"
 )
 
 // ProvisioningController is the controller implementation for Tenant resources
@@ -74,6 +78,8 @@ type ProvisioningController struct {
 	entraUserInformer             provisioningInformersv1.EntraUserInformer
 
 	messagingPublisher messaging.MessagingPublisher
+
+	azureEnabled bool
 }
 
 func NewProvisioningController(clientSet clientset.Interface,
@@ -90,6 +96,11 @@ func NewProvisioningController(clientSet clientset.Interface,
 	utilruntime.Must(clientsetScheme.AddToScheme(scheme.Scheme))
 	klog.V(4).Info("Creating event broadcaster")
 
+	azureEnabled, err := strconv.ParseBool(os.Getenv(EnvAzureEnabled))
+	if err != nil {
+		azureEnabled = true
+	}
+
 	c := &ProvisioningController{
 		workqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "provisioning"),
 		recorder:  &record.FakeRecorder{},
@@ -109,6 +120,8 @@ func NewProvisioningController(clientSet clientset.Interface,
 		clientset:          clientSet,
 		tenantMigrator:     tenantMigrator,
 		messagingPublisher: messagingPublisher,
+
+		azureEnabled: azureEnabled,
 	}
 
 	if eventBroadcaster != nil {
@@ -118,13 +131,16 @@ func NewProvisioningController(clientSet clientset.Interface,
 	addTenantHandlers(c.tenantInformer, c.enqueueTenant)
 	addPlatformHandlers(c.platformInformer)
 
-	addResourceHandlers[*provisioningv1.AzureDatabase]("Azure database", c.azureDbInformer.Informer(), c.enqueueDomain)
-	addResourceHandlers[*provisioningv1.AzureManagedDatabase]("Azure managed database", c.azureManagedDbInformer.Informer(), c.enqueueDomain)
-	addResourceHandlers[*provisioningv1.AzurePowerShellScript]("Azure PowerShell script", c.azurePowerShellScriptInformer.Informer(), c.enqueueDomain)
 	addResourceHandlers[*provisioningv1.HelmRelease]("Helm release", c.helmReleaseInformer.Informer(), c.enqueueDomain)
-	addResourceHandlers[*provisioningv1.AzureVirtualMachine]("Azure virtual machine", c.azureVirtualMachineInformer.Informer(), c.enqueueDomain)
-	addResourceHandlers[*provisioningv1.AzureVirtualDesktop]("Azure virtual Desktop", c.azureVirtualDesktopInformer.Informer(), c.enqueueDomain)
-	addResourceHandlers[*provisioningv1.EntraUser]("Entra user", c.entraUserInformer.Informer(), c.enqueueDomain)
+
+	if azureEnabled {
+		addResourceHandlers[*provisioningv1.AzureDatabase]("Azure database", c.azureDbInformer.Informer(), c.enqueueDomain)
+		addResourceHandlers[*provisioningv1.AzureManagedDatabase]("Azure managed database", c.azureManagedDbInformer.Informer(), c.enqueueDomain)
+		addResourceHandlers[*provisioningv1.AzurePowerShellScript]("Azure PowerShell script", c.azurePowerShellScriptInformer.Informer(), c.enqueueDomain)
+		addResourceHandlers[*provisioningv1.AzureVirtualMachine]("Azure virtual machine", c.azureVirtualMachineInformer.Informer(), c.enqueueDomain)
+		addResourceHandlers[*provisioningv1.AzureVirtualDesktop]("Azure virtual Desktop", c.azureVirtualDesktopInformer.Informer(), c.enqueueDomain)
+		addResourceHandlers[*provisioningv1.EntraUser]("Entra user", c.entraUserInformer.Informer(), c.enqueueDomain)
+	}
 
 	return c
 }
@@ -281,36 +297,6 @@ func (c *ProvisioningController) syncHandler(key string) error {
 
 func (c *ProvisioningController) syncTarget(target ProvisioningTarget, domain string) error {
 
-	azureDbs, err := c.azureDbInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	azureDbs = selectItemsInTarget(target.GetPlatformName(), domain, azureDbs, target)
-	azureDbs, err = applyTargetOverrides(azureDbs, target)
-	if err != nil {
-		return err
-	}
-
-	azureManagedDbs, err := c.azureManagedDbInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	azureManagedDbs = selectItemsInTarget(target.GetPlatformName(), domain, azureManagedDbs, target)
-	azureManagedDbs, err = applyTargetOverrides(azureManagedDbs, target)
-	if err != nil {
-		return err
-	}
-
-	azurePowerShellScripts, err := c.azurePowerShellScriptInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	azurePowerShellScripts = selectItemsInTarget(target.GetPlatformName(), domain, azurePowerShellScripts, target)
-	azurePowerShellScripts, err = applyTargetOverrides(azurePowerShellScripts, target)
-	if err != nil {
-		return err
-	}
-
 	helmReleases, err := c.helmReleaseInformer.Lister().List(labels.Everything())
 	if err != nil {
 		return err
@@ -321,34 +307,73 @@ func (c *ProvisioningController) syncTarget(target ProvisioningTarget, domain st
 		return err
 	}
 
-	azureVirtualMachines, err := c.azureVirtualMachineInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	azureVirtualMachines = selectItemsInTarget(target.GetPlatformName(), domain, azureVirtualMachines, target)
-	azureVirtualMachines, err = applyTargetOverrides(azureVirtualMachines, target)
-	if err != nil {
-		return err
-	}
+	azureDbs := []*provisioningv1.AzureDatabase{}
+	azureManagedDbs := []*provisioningv1.AzureManagedDatabase{}
+	azurePowerShellScripts := []*provisioningv1.AzurePowerShellScript{}
+	azureVirtualMachines := []*provisioningv1.AzureVirtualMachine{}
+	azureVirtualDesktops := []*provisioningv1.AzureVirtualDesktop{}
+	entraUsers := []*provisioningv1.EntraUser{}
 
-	azureVirtualDesktops, err := c.azureVirtualDesktopInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	azureVirtualDesktops = selectItemsInTarget(target.GetPlatformName(), domain, azureVirtualDesktops, target)
-	azureVirtualDesktops, err = applyTargetOverrides(azureVirtualDesktops, target)
-	if err != nil {
-		return err
-	}
+	if c.azureEnabled {
+		azureDbs, err = c.azureDbInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		azureDbs = selectItemsInTarget(target.GetPlatformName(), domain, azureDbs, target)
+		azureDbs, err = applyTargetOverrides(azureDbs, target)
+		if err != nil {
+			return err
+		}
 
-	entraUsers, err := c.entraUserInformer.Lister().List(labels.Everything())
-	if err != nil {
-		return err
-	}
-	entraUsers = selectItemsInTarget(target.GetPlatformName(), domain, entraUsers, target)
-	entraUsers, err = applyTargetOverrides(entraUsers, target)
-	if err != nil {
-		return err
+		azureManagedDbs, err = c.azureManagedDbInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		azureManagedDbs = selectItemsInTarget(target.GetPlatformName(), domain, azureManagedDbs, target)
+		azureManagedDbs, err = applyTargetOverrides(azureManagedDbs, target)
+		if err != nil {
+			return err
+		}
+
+		azurePowerShellScripts, err = c.azurePowerShellScriptInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		azurePowerShellScripts = selectItemsInTarget(target.GetPlatformName(), domain, azurePowerShellScripts, target)
+		azurePowerShellScripts, err = applyTargetOverrides(azurePowerShellScripts, target)
+		if err != nil {
+			return err
+		}
+
+		azureVirtualMachines, err = c.azureVirtualMachineInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		azureVirtualMachines = selectItemsInTarget(target.GetPlatformName(), domain, azureVirtualMachines, target)
+		azureVirtualMachines, err = applyTargetOverrides(azureVirtualMachines, target)
+		if err != nil {
+			return err
+		}
+
+		azureVirtualDesktops, err = c.azureVirtualDesktopInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		azureVirtualDesktops = selectItemsInTarget(target.GetPlatformName(), domain, azureVirtualDesktops, target)
+		azureVirtualDesktops, err = applyTargetOverrides(azureVirtualDesktops, target)
+		if err != nil {
+			return err
+		}
+
+		entraUsers, err = c.entraUserInformer.Lister().List(labels.Everything())
+		if err != nil {
+			return err
+		}
+		entraUsers = selectItemsInTarget(target.GetPlatformName(), domain, entraUsers, target)
+		entraUsers, err = applyTargetOverrides(entraUsers, target)
+		if err != nil {
+			return err
+		}
 	}
 
 	result := c.provisioner(target, domain, &InfrastructureManifests{