diff --git a/pkg/polaris/azure/azure.go b/pkg/polaris/azure/azure.go index 416f7bab..36baf874 100644 --- a/pkg/polaris/azure/azure.go +++ b/pkg/polaris/azure/azure.go @@ -524,10 +524,11 @@ func (a API) UpdateSubscription(ctx context.Context, id IdentityFunc, feature co return nil } -// SetServicePrincipal sets the default service principal. Note that it's not -// possible to remove a service account once it has been set. Returns the -// application id of the service principal set. -func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipalFunc) (uuid.UUID, error) { +// AddServicePrincipal adds the service principal for the app. If shouldReplace +// is true and the app already has a service principal, it will be replaced. +// Note that it's not possible to remove a service principal once it has been +// set. Returns the application id of the service principal set. +func (a API) AddServicePrincipal(ctx context.Context, principal ServicePrincipalFunc, shouldReplace bool) (uuid.UUID, error) { a.gql.Log().Print(log.Trace) config, err := principal(ctx) @@ -536,10 +537,20 @@ func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipal } err = azure.Wrap(a.gql).SetCloudAccountCustomerAppCredentials(ctx, azure.PublicCloud, config.appID, - config.tenantID, config.appName, config.tenantDomain, config.appSecret) + config.tenantID, config.appName, config.tenantDomain, config.appSecret, shouldReplace) if err != nil { return uuid.Nil, fmt.Errorf("failed to set customer app credentials: %v", err) } return config.appID, nil } + +// SetServicePrincipal sets the service principal for the app. If the app +// already has a service principal, it will be replaced. Note that it's not +// possible to remove a service principal once it has been set. Returns the +// application id of the service principal set. +func (a API) SetServicePrincipal(ctx context.Context, principal ServicePrincipalFunc) (uuid.UUID, error) { + a.gql.Log().Print(log.Trace) + + return a.AddServicePrincipal(ctx, principal, true) +} diff --git a/pkg/polaris/graphql/azure/azure.go b/pkg/polaris/graphql/azure/azure.go index 4b2da734..acff4fc0 100644 --- a/pkg/polaris/graphql/azure/azure.go +++ b/pkg/polaris/graphql/azure/azure.go @@ -224,29 +224,33 @@ func Wrap(gql *graphql.Client) API { } // SetCloudAccountCustomerAppCredentials sets the credentials for the customer -// application for the specified tenant domain. If the tenant domain is empty, -// set it for all the tenants of the customer. -func (a API) SetCloudAccountCustomerAppCredentials(ctx context.Context, cloud Cloud, appID, appTenantID uuid.UUID, appName, appTenantDomain, appSecretKey string) error { +// application for the specified tenant domain. If shouldReplace is true and the +// app already has a service principal, it will be replaced. If the tenant +// domain is empty, set it for all the tenants of the customer. +func (a API) SetCloudAccountCustomerAppCredentials(ctx context.Context, cloud Cloud, appID, appTenantID uuid.UUID, appName, appTenantDomain, appSecretKey string, shouldReplace bool) error { a.GQL.Log().Print(log.Trace) query := setAzureCloudAccountCustomerAppCredentialsQuery if graphql.VersionOlderThan(a.Version, "master-45693", "v20220301") { query = setAzureCloudAccountCustomerAppCredentialsV0Query + } else if graphql.VersionOlderThan(a.Version, "master-51681", "v20221102") { + query = setAzureCloudAccountCustomerAppCredentialsV1Query } buf, err := a.GQL.Request(ctx, query, struct { - Cloud Cloud `json:"azureCloudType"` - ID uuid.UUID `json:"appId"` - Name string `json:"appName"` - SecretKey string `json:"appSecretKey"` - TenantID uuid.UUID `json:"appTenantId"` - TenantDomain string `json:"tenantDomainName"` - }{Cloud: cloud, ID: appID, Name: appName, TenantID: appTenantID, TenantDomain: appTenantDomain, SecretKey: appSecretKey}) + Cloud Cloud `json:"azureCloudType"` + ID uuid.UUID `json:"appId"` + Name string `json:"appName"` + SecretKey string `json:"appSecretKey"` + TenantID uuid.UUID `json:"appTenantId"` + TenantDomain string `json:"tenantDomainName"` + ShouldReplace bool `json:"shouldReplace"` + }{Cloud: cloud, ID: appID, Name: appName, TenantID: appTenantID, TenantDomain: appTenantDomain, SecretKey: appSecretKey, ShouldReplace: shouldReplace}) if err != nil { return fmt.Errorf("failed to request SetCloudAccountCustomerAppCredentials: %v", err) } - a.GQL.Log().Printf(log.Debug, "%s(%q, %q, %q, \"\", %q, %q): %s", graphql.QueryName(query), cloud, - appID, appName, appTenantID, appTenantDomain, string(buf)) + a.GQL.Log().Printf(log.Debug, "%s(%v, %v, %v, \"\", %v, %v, %v): %s", graphql.QueryName(query), cloud, + appID, appName, appTenantID, appTenantDomain, shouldReplace, string(buf)) var payload struct { Data struct { diff --git a/pkg/polaris/graphql/azure/queries.go b/pkg/polaris/graphql/azure/queries.go index 914468dc..736e184a 100644 --- a/pkg/polaris/graphql/azure/queries.go +++ b/pkg/polaris/graphql/azure/queries.go @@ -374,13 +374,14 @@ var deleteAzureCloudAccountWithoutOauthV1Query = `mutation SdkGolangDeleteAzureC }` // setAzureCloudAccountCustomerAppCredentials GraphQL query -var setAzureCloudAccountCustomerAppCredentialsQuery = `mutation SdkGolangSetAzureCloudAccountCustomerAppCredentials($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) { +var setAzureCloudAccountCustomerAppCredentialsQuery = `mutation SdkGolangSetAzureCloudAccountCustomerAppCredentials($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String, $shouldReplace: Boolean!) { result: setAzureCloudAccountCustomerAppCredentials(input: { appId: $appId, appSecretKey: $appSecretKey, appTenantId: $appTenantId, appName: $appName, tenantDomainName: $tenantDomainName, + shouldReplace: $shouldReplace, azureCloudType: $azureCloudType }) }` @@ -397,6 +398,18 @@ var setAzureCloudAccountCustomerAppCredentialsV0Query = `mutation SdkGolangSetAz }) }` +// setAzureCloudAccountCustomerAppCredentialsV1 GraphQL query +var setAzureCloudAccountCustomerAppCredentialsV1Query = `mutation SdkGolangSetAzureCloudAccountCustomerAppCredentialsV1($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) { + result: setAzureCloudAccountCustomerAppCredentials(input: { + appId: $appId, + appSecretKey: $appSecretKey, + appTenantId: $appTenantId, + appName: $appName, + tenantDomainName: $tenantDomainName, + azureCloudType: $azureCloudType + }) +}` + // startDisableAzureNativeSubscriptionProtectionJob GraphQL query var startDisableAzureNativeSubscriptionProtectionJobQuery = `mutation SdkGolangStartDisableAzureNativeSubscriptionProtectionJob($azureSubscriptionRubrikId: UUID!, $shouldDeleteNativeSnapshots: Boolean!, $azureNativeProtectionFeature: AzureNativeProtectionFeature!) { result: startDisableAzureNativeSubscriptionProtectionJob(input: { diff --git a/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql b/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql index 6d533adb..d7e2ea50 100644 --- a/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql +++ b/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials.graphql @@ -1,10 +1,11 @@ -mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) { +mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String, $shouldReplace: Boolean!) { result: setAzureCloudAccountCustomerAppCredentials(input: { appId: $appId, appSecretKey: $appSecretKey, appTenantId: $appTenantId, appName: $appName, tenantDomainName: $tenantDomainName, + shouldReplace: $shouldReplace, azureCloudType: $azureCloudType }) } diff --git a/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials_v1.graphql b/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials_v1.graphql new file mode 100644 index 00000000..6d533adb --- /dev/null +++ b/pkg/polaris/graphql/azure/queries/set_azure_cloud_account_customer_app_credentials_v1.graphql @@ -0,0 +1,10 @@ +mutation RubrikPolarisSDKRequest($azureCloudType: AzureCloudType!, $appId: String!, $appName: String, $appSecretKey: String!, $appTenantId: String, $tenantDomainName: String) { + result: setAzureCloudAccountCustomerAppCredentials(input: { + appId: $appId, + appSecretKey: $appSecretKey, + appTenantId: $appTenantId, + appName: $appName, + tenantDomainName: $tenantDomainName, + azureCloudType: $azureCloudType + }) +}