in pkg/operator/controllers/storageaccounts/storageaccounts.go [22:128]
func (r *reconcileManager) reconcileAccounts(ctx context.Context) error {
location := r.instance.Spec.Location
resourceGroup := stringutils.LastTokenByte(r.instance.Spec.ClusterResourceGroupID, '/')
serviceSubnets := r.instance.Spec.ServiceSubnets
subnets, err := r.kubeSubnets.List(ctx)
if err != nil {
return err
}
// Check each of the cluster subnets for the Microsoft.Storage service endpoint. If the subnet has
// the service endpoint, it needs to be included in the storage account vnet rules.
for _, subnet := range subnets {
mgmtSubnet, err := r.subnets.Get(ctx, subnet.ResourceID)
if err != nil {
if azureerrors.IsNotFoundError(err) {
r.log.Infof("Subnet %s not found, skipping", subnet.ResourceID)
break
}
return err
}
if mgmtSubnet.SubnetPropertiesFormat != nil && mgmtSubnet.SubnetPropertiesFormat.ServiceEndpoints != nil {
for _, serviceEndpoint := range *mgmtSubnet.SubnetPropertiesFormat.ServiceEndpoints {
isStorageEndpoint := (serviceEndpoint.Service != nil) && (*serviceEndpoint.Service == "Microsoft.Storage")
matchesClusterLocation := false
if serviceEndpoint.Locations != nil {
for _, l := range *serviceEndpoint.Locations {
if l == "*" || l == location {
matchesClusterLocation = true
break
}
}
}
if isStorageEndpoint && matchesClusterLocation {
serviceSubnets = append(serviceSubnets, subnet.ResourceID)
break
}
}
}
}
rc := &imageregistryv1.Config{}
err = r.client.Get(ctx, types.NamespacedName{Name: "cluster"}, rc)
if err != nil {
return err
}
if rc.Spec.Storage.Azure == nil {
return fmt.Errorf("azure storage field is nil in image registry config")
}
storageAccounts := []string{
"cluster" + r.instance.Spec.StorageSuffix, // this is our creation, so name is deterministic
rc.Spec.Storage.Azure.AccountName,
}
for _, accountName := range storageAccounts {
var changed bool
account, err := r.storage.GetProperties(ctx, resourceGroup, accountName, "")
if err != nil {
return err
}
for _, subnet := range serviceSubnets {
// if subnet ResourceID was found and we need to append
found := false
if account.AccountProperties.NetworkRuleSet != nil && account.AccountProperties.NetworkRuleSet.VirtualNetworkRules != nil {
for _, rule := range *account.AccountProperties.NetworkRuleSet.VirtualNetworkRules {
if strings.EqualFold(to.String(rule.VirtualNetworkResourceID), subnet) {
found = true
break
}
}
}
// if rule was not found - we add it
if !found {
*account.AccountProperties.NetworkRuleSet.VirtualNetworkRules = append(*account.AccountProperties.NetworkRuleSet.VirtualNetworkRules, mgmtstorage.VirtualNetworkRule{
VirtualNetworkResourceID: to.StringPtr(subnet),
Action: mgmtstorage.ActionAllow,
})
changed = true
}
}
if changed {
sa := mgmtstorage.AccountUpdateParameters{
AccountPropertiesUpdateParameters: &mgmtstorage.AccountPropertiesUpdateParameters{
NetworkRuleSet: account.AccountProperties.NetworkRuleSet,
},
}
_, err = r.storage.Update(ctx, resourceGroup, accountName, sa)
if err != nil {
return err
}
}
}
return nil
}