From 1020621ab9b1051bfef4935ee9c192dd97b27554 Mon Sep 17 00:00:00 2001
From: Masudur Rahman <masud@appscode.com>
Date: Tue, 17 Oct 2023 15:02:10 +0600
Subject: [PATCH] Add AzureDNS related fields

Signed-off-by: Masudur Rahman <masud@appscode.com>
---
 apis/installer/v1alpha1/ace_ace_types.go      | 15 ++++++++++-
 .../v1alpha1/zz_generated.deepcopy.go         | 20 +++++++++++++++
 charts/ace/templates/dns/dns-cred.yaml        | 12 +++++++++
 charts/ace/templates/ingress/issuer.yaml      | 12 +++++++++
 charts/ace/values.openapiv3_schema.yaml       | 25 +++++++++++++++++++
 charts/ace/values.yaml                        |  8 ++++++
 .../ace-options/values.openapiv3_schema.yaml  | 25 +++++++++++++++++++
 7 files changed, 116 insertions(+), 1 deletion(-)

diff --git a/apis/installer/v1alpha1/ace_ace_types.go b/apis/installer/v1alpha1/ace_ace_types.go
index 570a85254..b563ea485 100644
--- a/apis/installer/v1alpha1/ace_ace_types.go
+++ b/apis/installer/v1alpha1/ace_ace_types.go
@@ -259,7 +259,7 @@ type TLSIssuerAcme struct {
 	Email string `json:"email"`
 }
 
-// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS
+// +kubebuilder:validation:Enum=external;cloudflare;route53;cloudDNS;azureDNS
 type DNSProvider string
 
 const (
@@ -267,6 +267,7 @@ const (
 	DNSProviderCloudflare DNSProvider = "cloudflare"
 	DNSProviderRoute53    DNSProvider = "route53"
 	DNSProviderCloudDNS   DNSProvider = "cloudDNS"
+	DNSProviderAzureDNS   DNSProvider = "azureDNS"
 )
 
 type InfraDns struct {
@@ -278,6 +279,7 @@ type DNSProviderAuth struct {
 	Cloudflare *CloudflareAuth `json:"cloudflare,omitempty"`
 	Route53    *Route53Auth    `json:"route53,omitempty"`
 	CloudDNS   *CloudDNSAuth   `json:"cloudDNS,omitempty"`
+	AzureDNS   *AzureDNSAuth   `json:"azureDNS,omitempty"`
 }
 
 type CloudflareAuth struct {
@@ -297,6 +299,17 @@ type CloudDNSAuth struct {
 	GoogleServiceAccountJSONKey string `json:"GOOGLE_SERVICE_ACCOUNT_JSON_KEY"`
 }
 
+type AzureDNSAuth struct {
+	SubscriptionID              string `json:"subscriptionID"`
+	TenantID                    string `json:"tenantID"`
+	ResourceGroupName           string `json:"resourceGroupName"`
+	HostedZoneName              string `json:"hostedZoneName"`
+	ServicePrincipalAppID       string `json:"servicePrincipalAppID"`
+	ServicePrincipalAppPassword string `json:"servicePrincipalAppPassword"`
+	// +optional
+	Environment string `json:"environment,omitempty"`
+}
+
 // +kubebuilder:validation:Enum=gcs;s3;azure;swift
 type ObjstoreProvider string
 
diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
index ee77b30ea..e21263648 100644
--- a/apis/installer/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go
@@ -1357,6 +1357,21 @@ func (in *AzureAuth) DeepCopy() *AzureAuth {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AzureDNSAuth) DeepCopyInto(out *AzureDNSAuth) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureDNSAuth.
+func (in *AzureDNSAuth) DeepCopy() *AzureDNSAuth {
+	if in == nil {
+		return nil
+	}
+	out := new(AzureDNSAuth)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *B2) DeepCopyInto(out *B2) {
 	*out = *in
@@ -2328,6 +2343,11 @@ func (in *DNSProviderAuth) DeepCopyInto(out *DNSProviderAuth) {
 		*out = new(CloudDNSAuth)
 		**out = **in
 	}
+	if in.AzureDNS != nil {
+		in, out := &in.AzureDNS, &out.AzureDNS
+		*out = new(AzureDNSAuth)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSProviderAuth.
diff --git a/charts/ace/templates/dns/dns-cred.yaml b/charts/ace/templates/dns/dns-cred.yaml
index 99dc1fa75..0dbc89d74 100644
--- a/charts/ace/templates/dns/dns-cred.yaml
+++ b/charts/ace/templates/dns/dns-cred.yaml
@@ -24,4 +24,16 @@ stringData:
 {{- if eq .Values.global.infra.dns.provider "cloudDNS" }}
   GOOGLE_SERVICE_ACCOUNT_JSON_KEY: '{{ .Values.global.infra.dns.auth.cloudDNS.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }}'
 {{- end }}
+{{- if eq .Values.global.infra.dns.provider "azureDNS" }}
+  SERVICE_PRINCIPAL_PASSWORD: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppSecret }}
+  # https://github.com/kubeops/external-dns-operator/blob/master/examples/azure-credential.md
+  AZURE_CREDENTIAL_FILE: |
+    {
+      "tenantId": {{ .Values.global.infra.dns.auth.azureDNS.tenantID | quote }},
+      "subscriptionId": {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID | quote }},
+      "resourceGroup": {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName | quote }},
+      "aadClientId": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID | quote }},
+      "aadClientSecret": {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppSecret | quote }}
+    }
+{{- end }}
 {{- end }}
diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml
index 4590b9bfc..cb970045b 100644
--- a/charts/ace/templates/ingress/issuer.yaml
+++ b/charts/ace/templates/ingress/issuer.yaml
@@ -61,5 +61,17 @@ spec:
             name: {{ include "ace.fullname" . }}-dns-cred
             key: AWS_SECRET_ACCESS_KEY
       {{- end }}
+      {{- if eq.global.infra.dns.provider "azureDNS" }}
+        azureDNS:
+          clientID: {{ .Values.global.infra.dns.auth.azureDNS.servicePrincipalAppID }}
+          clientSecretSecretRef:
+            name: {{ include "ace.fullname" . }}-dns-cred
+            key: SERVICE_PRINCIPAL_PASSWORD
+          subscriptionID: {{ .Values.global.infra.dns.auth.azureDNS.subscriptionID }}
+          tenantID: {{ .Values.global.infra.dns.auth.azureDNS.tenantID }}
+          resourceGroupName: {{ .Values.global.infra.dns.auth.azureDNS.resourceGroupName }}
+          hostedZoneName: {{ .Values.global.infra.dns.auth.azureDNS.hostedZoneName }}
+          environment: {{ default "AzurePublicCloud" .Values.global.infra.dns.auth.azureDNS.environment }}
+      {{- end }}
   {{- end }}
 {{- end }}
diff --git a/charts/ace/values.openapiv3_schema.yaml b/charts/ace/values.openapiv3_schema.yaml
index b9855eb91..4d41955bf 100644
--- a/charts/ace/values.openapiv3_schema.yaml
+++ b/charts/ace/values.openapiv3_schema.yaml
@@ -3702,6 +3702,30 @@ properties:
             properties:
               auth:
                 properties:
+                  azureDNS:
+                    properties:
+                      environment:
+                        type: string
+                      hostedZoneName:
+                        type: string
+                      resourceGroupName:
+                        type: string
+                      servicePrincipalAppID:
+                        type: string
+                      servicePrincipalAppPassword:
+                        type: string
+                      subscriptionID:
+                        type: string
+                      tenantID:
+                        type: string
+                    required:
+                    - hostedZoneName
+                    - resourceGroupName
+                    - servicePrincipalAppID
+                    - servicePrincipalAppPassword
+                    - subscriptionID
+                    - tenantID
+                    type: object
                   cloudDNS:
                     properties:
                       GOOGLE_PROJECT_ID:
@@ -3741,6 +3765,7 @@ properties:
                 - cloudflare
                 - route53
                 - cloudDNS
+                - azureDNS
                 type: string
             required:
             - auth
diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml
index af276ff06..bfcda89e1 100644
--- a/charts/ace/values.yaml
+++ b/charts/ace/values.yaml
@@ -150,6 +150,14 @@ global:
         # cloudDNS:
           # GOOGLE_PROJECT_ID: "project-id"
           # GOOGLE_SERVICE_ACCOUNT_JSON_KEY: xyz
+        # azureDNS:
+          # subscriptionID: "azure-subscription-id"
+          # tenantID: "azure-tenant-id"
+          # resourceGroupName: "resource-group-name"
+          # hostedZoneName: "zone-name-for-hosted-domain"
+          # servicePrincipalAppID: "service-principal-id"
+          # servicePrincipalAppPassword: "service-principal-app"
+          # environment: AzurePublicCloud
         # route53:
           # AWS_ACCESS_KEY_ID: "access-id"
           # AWS_SECRET_ACCESS_KEY: "secret-key"
diff --git a/schema/ace-options/values.openapiv3_schema.yaml b/schema/ace-options/values.openapiv3_schema.yaml
index c466150d4..3f5bdb38d 100644
--- a/schema/ace-options/values.openapiv3_schema.yaml
+++ b/schema/ace-options/values.openapiv3_schema.yaml
@@ -389,6 +389,30 @@ properties:
         properties:
           auth:
             properties:
+              azureDNS:
+                properties:
+                  environment:
+                    type: string
+                  hostedZoneName:
+                    type: string
+                  resourceGroupName:
+                    type: string
+                  servicePrincipalAppID:
+                    type: string
+                  servicePrincipalAppPassword:
+                    type: string
+                  subscriptionID:
+                    type: string
+                  tenantID:
+                    type: string
+                required:
+                - hostedZoneName
+                - resourceGroupName
+                - servicePrincipalAppID
+                - servicePrincipalAppPassword
+                - subscriptionID
+                - tenantID
+                type: object
               cloudDNS:
                 properties:
                   GOOGLE_PROJECT_ID:
@@ -428,6 +452,7 @@ properties:
             - cloudflare
             - route53
             - cloudDNS
+            - azureDNS
             type: string
         required:
         - auth