diff --git a/builder/azure/arm/azure_client.go b/builder/azure/arm/azure_client.go index 67c293366..2fdfafd8f 100644 --- a/builder/azure/arm/azure_client.go +++ b/builder/azure/arm/azure_client.go @@ -13,6 +13,7 @@ import ( "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute" newCompute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute" + "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault" "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network" "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources" armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage" @@ -50,7 +51,7 @@ type AzureClient struct { InspectorMaxLength int Template *CaptureTemplate LastError azureErrorResponse - VaultClientDelete common.VaultClient + VaultClientDelete keyvault.VaultsClient } func getCaptureResponse(body string) *CaptureTemplate { @@ -251,15 +252,9 @@ func NewAzureClient(subscriptionID, resourceGroupName, storageAccountName string azureClient.VaultClient.UserAgent = fmt.Sprintf("%s %s", useragent.String(), azureClient.VaultClient.UserAgent) azureClient.VaultClient.Client.PollingDuration = PollingDuration - // TODO(boumenot) - SDK still does not have a full KeyVault client. - // There are two ways that KeyVault has to be accessed, and each one has their own SPN. An authenticated SPN - // is tied to the URL, and the URL associated with getting the secret is different than the URL - // associated with deleting the KeyVault. As a result, I need to have *two* different clients to - // access KeyVault. I did not want to split it into two separate files, so I am starting with this. - // - // I do not like this implementation. It is getting long in the tooth, and should be re-examined now - // that we have a "working" solution. - azureClient.VaultClientDelete = common.NewVaultClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID) + // This client is different than the above because it manages the vault + // itself rather than the contents of the vault. + azureClient.VaultClientDelete = keyvault.NewVaultsClient(subscriptionID) azureClient.VaultClientDelete.Authorizer = autorest.NewBearerAuthorizer(servicePrincipalToken) azureClient.VaultClientDelete.RequestInspector = withInspection(maxlen) azureClient.VaultClientDelete.ResponseInspector = byConcatDecorators(byInspecting(maxlen), errorCapture(azureClient)) diff --git a/builder/azure/arm/step_delete_resource_group.go b/builder/azure/arm/step_delete_resource_group.go index 80564b1c6..ed83c56a4 100644 --- a/builder/azure/arm/step_delete_resource_group.go +++ b/builder/azure/arm/step_delete_resource_group.go @@ -45,7 +45,8 @@ func (s *StepDeleteResourceGroup) deleteResourceGroup(ctx context.Context, state if keyVaultDeploymentName, ok := state.GetOk(constants.ArmKeyVaultDeploymentName); ok { // Only delete if custom keyvault was not provided. - if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); exists { + if exists := state.Get(constants.ArmIsExistingKeyVault).(bool); !exists { + s.say("\n Deleting the keyvault deployment because it was created by Packer...") err = s.deleteDeploymentResources(ctx, keyVaultDeploymentName.(string), resourceGroupName) if err != nil { return err diff --git a/builder/azure/arm/step_deploy_template.go b/builder/azure/arm/step_deploy_template.go index a8626bd00..e23effbe5 100644 --- a/builder/azure/arm/step_deploy_template.go +++ b/builder/azure/arm/step_deploy_template.go @@ -117,8 +117,7 @@ func deleteResource(ctx context.Context, client *AzureClient, resourceType strin } return err case "Microsoft.KeyVault/vaults": - // TODO(paulmey): not sure why VaultClient doesn't do cancellation - _, err := client.VaultClientDelete.Delete(resourceGroupName, resourceName) + _, err := client.VaultClientDelete.Delete(ctx, resourceGroupName, resourceName) return err case "Microsoft.Network/networkInterfaces": f, err := client.InterfacesClient.Delete(ctx, resourceGroupName, resourceName) diff --git a/builder/azure/common/vault.go b/builder/azure/common/vault.go index 2be3e8a36..a1732d8f5 100644 --- a/builder/azure/common/vault.go +++ b/builder/azure/common/vault.go @@ -9,7 +9,6 @@ import ( "net/url" "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/azure" ) const ( @@ -20,9 +19,6 @@ const ( type AZVaultClientIface interface { GetSecret(string, string) (*Secret, error) SetSecret(string, string, string) error - DeletePreparer(string, string) (*http.Request, error) - DeleteResponder(*http.Response) (autorest.Response, error) - DeleteSender(*http.Request) (*http.Response, error) } type VaultClient struct { @@ -137,72 +133,6 @@ func (client *VaultClient) SetSecret(vaultName, secretName string, secretValue s return nil } -// Delete deletes the specified Azure key vault. -// -// resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault -// to delete -func (client *VaultClient) Delete(resourceGroupName string, vaultName string) (result autorest.Response, err error) { - req, err := client.DeletePreparer(resourceGroupName, vaultName) - if err != nil { - err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", nil, "Failure preparing request") - return - } - - resp, err := client.DeleteSender(req) - if err != nil { - result.Response = resp - err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure sending request") - return - } - - result, err = client.DeleteResponder(resp) - if err != nil { - err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure responding to request") - } - - return -} - -// DeletePreparer prepares the Delete request. -func (client *VaultClient) DeletePreparer(resourceGroupName string, vaultName string) (*http.Request, error) { - pathParameters := map[string]interface{}{ - "resourceGroupName": autorest.Encode("path", resourceGroupName), - "SubscriptionID": autorest.Encode("path", client.SubscriptionID), - "vaultName": autorest.Encode("path", vaultName), - } - - queryParameters := map[string]interface{}{ - "api-version": AzureVaultApiVersion, - } - - preparer := autorest.CreatePreparer( - autorest.AsDelete(), - autorest.WithBaseURL(client.baseURI), - autorest.WithPathParameters("/subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}", pathParameters), - autorest.WithQueryParameters(queryParameters)) - return preparer.Prepare(&http.Request{}) -} - -// DeleteSender sends the Delete request. The method will close the -// http.Response Body if it receives an error. -func (client *VaultClient) DeleteSender(req *http.Request) (*http.Response, error) { - return autorest.SendWithSender(client, - req, - azure.DoRetryWithRegistration(client.Client)) -} - -// DeleteResponder handles the response to the Delete request. The method always -// closes the http.Response Body. -func (client *VaultClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { - err = autorest.Respond( - resp, - client.ByInspecting(), - azure.WithErrorUnlessStatusCode(http.StatusOK), - autorest.ByClosing()) - result.Response = resp - return -} - func (client *VaultClient) getVaultUrl(vaultName string) string { return fmt.Sprintf("%s://%s.%s/", client.keyVaultEndpoint.Scheme, vaultName, client.keyVaultEndpoint.Host) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 81cbb28d8..24e0831cf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -18,6 +18,7 @@ github.com/Azure/azure-sdk-for-go/profiles/latest/compute/mgmt/compute/computeap github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2019-03-01/compute/computeapi +github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-01-01/network github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-06-01/subscriptions github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2018-02-01/resources