in pkg/env/prod.go [85:239]
func newProd(ctx context.Context, log *logrus.Entry, component ServiceComponent) (*prod, error) {
if err := ValidateVars("AZURE_FP_CLIENT_ID", "DOMAIN_NAME"); err != nil {
return nil, err
}
if !IsLocalDevelopmentMode() {
err := ValidateVars(
"CLUSTER_MDSD_CONFIG_VERSION",
"CLUSTER_MDSD_ACCOUNT",
"GATEWAY_DOMAINS",
"GATEWAY_RESOURCEGROUP",
"MDSD_ENVIRONMENT",
"CLUSTER_MDSD_NAMESPACE")
if err != nil {
return nil, err
}
}
core, err := NewCore(ctx, log, component)
if err != nil {
return nil, err
}
dialer, err := proxy.NewDialer(core.IsLocalDevelopmentMode())
if err != nil {
return nil, err
}
p := &prod{
Core: core,
Dialer: dialer,
fpClientID: os.Getenv("AZURE_FP_CLIENT_ID"),
clusterGenevaLoggingAccount: os.Getenv("CLUSTER_MDSD_ACCOUNT"),
clusterGenevaLoggingConfigVersion: os.Getenv("CLUSTER_MDSD_CONFIG_VERSION"),
clusterGenevaLoggingEnvironment: os.Getenv("MDSD_ENVIRONMENT"),
clusterGenevaLoggingNamespace: os.Getenv("CLUSTER_MDSD_NAMESPACE"),
log: log,
features: map[Feature]bool{},
}
features := os.Getenv("RP_FEATURES")
if features != "" {
for _, feature := range strings.Split(features, ",") {
f, err := FeatureString("Feature" + feature)
if err != nil {
return nil, err
}
p.features[f] = true
}
}
msiCredential, err := p.NewMSITokenCredential()
if err != nil {
return nil, err
}
if err := ValidateVars(KeyvaultPrefix); err != nil {
return nil, err
}
keyVaultPrefix := os.Getenv(KeyvaultPrefix)
serviceKeyvaultURI := azsecrets.URI(p, ServiceKeyvaultSuffix, keyVaultPrefix)
serviceKeyvaultClient, err := azsecrets.NewClient(serviceKeyvaultURI, msiCredential, p.Environment().AzureClientOptions())
if err != nil {
return nil, fmt.Errorf("cannot create key vault secrets client: %w", err)
}
p.serviceKeyvault = serviceKeyvaultClient
p.fpCertificateRefresher = newCertificateRefresher(log, 1*time.Hour, p.serviceKeyvault, RPFirstPartySecretName)
err = p.fpCertificateRefresher.Start(ctx)
if err != nil {
return nil, err
}
localFPKVCredential, err := p.FPNewClientCertificateCredential(p.TenantID(), nil)
if err != nil {
return nil, err
}
clusterKeyvaultURI := azsecrets.URI(p, ClusterKeyvaultSuffix, keyVaultPrefix)
clusterKeyvaultClient, err := azsecrets.NewClient(clusterKeyvaultURI, localFPKVCredential, p.Environment().AzureClientOptions())
if err != nil {
return nil, fmt.Errorf("cannot create key vault secrets client: %w", err)
}
p.clusterKeyvault = clusterKeyvaultClient
clusterCertificatesClient, err := azcertificates.NewClient(clusterKeyvaultURI, localFPKVCredential, p.Environment().AzureClientOptions())
if err != nil {
return nil, fmt.Errorf("cannot create key vault certificates client: %w", err)
}
p.clusterCertificates = clusterCertificatesClient
genevaCertificate, err := p.serviceKeyvault.GetSecret(ctx, ClusterLoggingSecretName, "", nil)
if err != nil {
return nil, err
}
clusterGenevaLoggingPrivateKey, clusterGenevaLoggingCertificates, err := azsecrets.ParseSecretAsCertificate(genevaCertificate)
if err != nil {
return nil, err
}
p.clusterGenevaLoggingPrivateKey = clusterGenevaLoggingPrivateKey
p.clusterGenevaLoggingCertificate = clusterGenevaLoggingCertificates[0]
var acrDataDomain string
if p.ACRResourceID() != "" { // TODO: ugh!
acrResource, err := azure.ParseResourceID(p.ACRResourceID())
if err != nil {
return nil, err
}
p.acrDomain = acrResource.ResourceName + "." + p.Environment().ContainerRegistryDNSSuffix
acrDataDomain = acrResource.ResourceName + "." + p.Location() + ".data." + p.Environment().ContainerRegistryDNSSuffix
} else {
p.acrDomain = "arointsvc." + azure.PublicCloud.ContainerRegistryDNSSuffix // TODO: make cloud aware once this is set up for US Gov Cloud
acrDataDomain = "arointsvc." + p.Location() + ".data." + azure.PublicCloud.ContainerRegistryDNSSuffix // TODO: make cloud aware once this is set up for US Gov Cloud
}
if !p.IsLocalDevelopmentMode() {
gatewayDomains := os.Getenv("GATEWAY_DOMAINS")
if gatewayDomains != "" {
p.gatewayDomains = strings.Split(gatewayDomains, ",")
}
for _, rawurl := range []string{
p.Environment().ActiveDirectoryEndpoint,
p.Environment().ResourceManagerEndpoint,
} {
u, err := url.Parse(rawurl)
if err != nil {
return nil, err
}
p.gatewayDomains = append(p.gatewayDomains, u.Hostname())
}
p.gatewayDomains = append(p.gatewayDomains, p.acrDomain, acrDataDomain)
}
p.ARMHelper, err = newARMHelper(ctx, log, p)
if err != nil {
return nil, err
}
p.liveConfig, err = p.Core.NewLiveConfigManager(ctx)
if err != nil {
return nil, err
}
return p, nil
}