Address Polaris Azure API changes (#96)

SetAzureCloudAccountCustomerAppCredentialsInput now has an additional field, called shouldReplace, which can be used to guard against accidentally replacing app credentials. This functionality is accessible through the azure.AddServicePrincipal API.
rubrikinc · Oct 31, 2022 · de80072 · de80072
1 parent beef90f
commit de80072
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 19 deletions.
diff --git a/pkg/polaris/azure/azure.go b/pkg/polaris/azure/azure.go
@@ -524,10 +524,11 @@ func (a API) UpdateSubscription(ctx context.Context, id IdentityFunc, feature co
 	return nil
 }
 
-// SetServicePrincipal sets the default service principal. Note that it's not
-// possible to remove a service account once it has been set. Returns the
-// application id of the service principal set.
-func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipalFunc) (uuid.UUID, error) {
+// AddServicePrincipal adds the service principal for the app. If shouldReplace
+// is true and the app already has a service principal, it will be replaced.
+// Note that it's not possible to remove a service principal once it has been
+// set. Returns the application id of the service principal set.
+func (a API) AddServicePrincipal(ctx context.Context, principal ServicePrincipalFunc, shouldReplace bool) (uuid.UUID, error) {
 	a.gql.Log().Print(log.Trace)
 
 	config, err := principal(ctx)
@@ -536,10 +537,20 @@ func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipal
 	}
 
 	err = azure.Wrap(a.gql).SetCloudAccountCustomerAppCredentials(ctx, azure.PublicCloud, config.appID,
-		config.tenantID, config.appName, config.tenantDomain, config.appSecret)
+		config.tenantID, config.appName, config.tenantDomain, config.appSecret, shouldReplace)
 	if err != nil {
 		return uuid.Nil, fmt.Errorf("failed to set customer app credentials: %v", err)
 	}
 
 	return config.appID, nil
 }
+
+// SetServicePrincipal sets the service principal for the app. If the app
+// already has a service principal, it will be replaced. Note that it's not
+// possible to remove a service principal once it has been set. Returns the
+// application id of the service principal set.
+func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipalFunc) (uuid.UUID, error) {
+	a.gql.Log().Print(log.Trace)
+
+	return a.AddServicePrincipal(ctx, principal, true)
+}
diff --git a/pkg/polaris/graphql/azure/azure.go b/pkg/polaris/graphql/azure/azure.go
@@ -224,29 +224,33 @@ func Wrap(gql *graphql.Client) API {
 }
 
 // SetCloudAccountCustomerAppCredentials sets the credentials for the customer
-// application for the specified tenant domain. If the tenant domain is empty,
-// set it for all the tenants of the customer.
-func (a API) SetCloudAccountCustomerAppCredentials(ctx context.Context, cloud Cloud, appID, appTenantID uuid.UUID, appName, appTenantDomain, appSecretKey string) error {
+// application for the specified tenant domain. If shouldReplace is true and the
+// app already has a service principal, it will be replaced. If the tenant
+// domain is empty, set it for all the tenants of the customer.
+func (a API) SetCloudAccountCustomerAppCredentials(ctx context.Context, cloud Cloud, appID, appTenantID uuid.UUID, appName, appTenantDomain, appSecretKey string, shouldReplace bool) error {
 	a.GQL.Log().Print(log.Trace)
 
 	query := setAzureCloudAccountCustomerAppCredentialsQuery
 	if graphql.VersionOlderThan(a.Version, "master-45693", "v20220301") {
 		query = setAzureCloudAccountCustomerAppCredentialsV0Query
+	} else if graphql.VersionOlderThan(a.Version, "master-51681", "v20221102") {
+		query = setAzureCloudAccountCustomerAppCredentialsV1Query
 	}
 	buf, err := a.GQL.Request(ctx, query, struct {
-		Cloud        Cloud     `json:"azureCloudType"`
-		ID           uuid.UUID `json:"appId"`
-		Name         string    `json:"appName"`
-		SecretKey    string    `json:"appSecretKey"`
-		TenantID     uuid.UUID `json:"appTenantId"`
-		TenantDomain string    `json:"tenantDomainName"`
-	}{Cloud: cloud, ID: appID, Name: appName, TenantID: appTenantID, TenantDomain: appTenantDomain, SecretKey: appSecretKey})
+		Cloud         Cloud     `json:"azureCloudType"`
+		ID            uuid.UUID `json:"appId"`
+		Name          string    `json:"appName"`
+		SecretKey     string    `json:"appSecretKey"`
+		TenantID      uuid.UUID `json:"appTenantId"`
+		TenantDomain  string    `json:"tenantDomainName"`
+		ShouldReplace bool      `json:"shouldReplace"`
+	}{Cloud: cloud, ID: appID, Name: appName, TenantID: appTenantID, TenantDomain: appTenantDomain, SecretKey: appSecretKey, ShouldReplace: shouldReplace})
 	if err != nil {
 		return fmt.Errorf("failed to request SetCloudAccountCustomerAppCredentials: %v", err)
 	}
 
-	a.GQL.Log().Printf(log.Debug, "%s(%q, %q, %q, \"<REDACTED>\", %q, %q): %s", graphql.QueryName(query), cloud,
-		appID, appName, appTenantID, appTenantDomain, string(buf))
+	a.GQL.Log().Printf(log.Debug, "%s(%v, %v, %v, \"<REDACTED>\", %v, %v, %v): %s", graphql.QueryName(query), cloud,
+		appID, appName, appTenantID, appTenantDomain, shouldReplace, string(buf))
 
 	var payload struct {
 		Data struct {

diff --git a/pkg/polaris/graphql/azure/queries.go b/pkg/polaris/graphql/azure/queries.go
diff --git a/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql b/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql
@@ -1,10 +1,11 @@
-mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) {
+mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String, $shouldReplace: Boolean!) {
     result: setAzureCloudAccountCustomerAppCredentials(input: {
         appId:            $appId,
         appSecretKey:     $appSecretKey,
         appTenantId:      $appTenantId,
         appName:          $appName,
         tenantDomainName: $tenantDomainName,
+        shouldReplace:    $shouldReplace,
         azureCloudType:   $azureCloudType
     })
 }
diff --git a/...polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials_v1.graphql b/...polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials_v1.graphql
@@ -0,0 +1,10 @@
+mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) {
+    result: setAzureCloudAccountCustomerAppCredentials(input: {
+        appId:            $appId,
+        appSecretKey:     $appSecretKey,
+        appTenantId:      $appTenantId,
+        appName:          $appName,
+        tenantDomainName: $tenantDomainName,
+        azureCloudType:   $azureCloudType
+    })
+}