Improved cloud provider location matching for private endpoints.

couchbaselabs · Sep 14, 2023 · 0d2acc2 · 0d2acc2
1 parent aa4e895
commit 0d2acc2
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/cmd/cleanup-azure.go b/cmd/cleanup-azure.go
@@ -24,8 +24,8 @@ var cleanupAzureCmd = &cobra.Command{
 			Logger: logger,
 			Region: config.Azure.Region,
 			Creds:  azureCreds,
-			SubID:  "5ef34701-b858-4231-a9c1-103e4604ad8f",
-			RgName: "sdkqe-github-runners",
+			SubID:  config.Azure.SubID,
+			RgName: config.Azure.RGName,
 		}
 
 		err := peCtrl.Cleanup(ctx)

diff --git a/cmd/privateendpoints-setuplink.go b/cmd/privateendpoints-setuplink.go
@@ -17,6 +17,7 @@ var privateEndpointsSetupLinkCmd = &cobra.Command{
 		helper := CmdHelper{}
 		logger := helper.GetLogger()
 		ctx := helper.GetContext()
+		config := helper.GetConfig(ctx)
 
 		shouldAutoConfig, _ := cmd.Flags().GetBool("auto")
 		instanceId, _ := cmd.Flags().GetString("instance-id")
@@ -74,9 +75,13 @@ var privateEndpointsSetupLinkCmd = &cobra.Command{
 		if instanceId != "" {
 			awsCreds := helper.GetAWSCredentials(ctx)
 
+			if !config.AWS.Enabled.Value() {
+				logger.Fatal("cannot setup AWS private endpoint without AWS configuration")
+			}
+
 			peCtrl := awscontrol.PrivateEndpointsController{
 				Logger:      logger,
-				Region:      cloudCluster.Region,
+				Region:      config.AWS.Region,
 				Credentials: awsCreds,
 			}
 
@@ -103,10 +108,16 @@ var privateEndpointsSetupLinkCmd = &cobra.Command{
 		} else if vmId != "" {
 			azureCreds := helper.GetAzureCredentials(ctx)
 
+			if !config.Azure.Enabled.Value() {
+				logger.Fatal("cannot setup Azure private endpoint without Azure configuration")
+			}
+
 			peCtrl := azurecontrol.PrivateEndpointsController{
 				Logger: logger,
-				Region: cloudCluster.Region,
+				Region: config.Azure.Region,
 				Creds:  azureCreds,
+				SubID:  config.Azure.SubID,
+				RgName: config.Azure.RGName,
 			}
 
 			peData, err := peCtrl.CreateVPCEndpoint(ctx, &azurecontrol.CreateVPCEndpointOptions{

diff --git a/utils/azurecontrol/privateendpointcontroller.go b/utils/azurecontrol/privateendpointcontroller.go
@@ -44,8 +44,15 @@ func (c *PrivateEndpointsController) CreateVPCEndpoint(ctx context.Context, opts
 	}
 
 	vmName := vmResInfo.Name
-	rgName := vmResInfo.ResourceGroupName
 	subId := vmResInfo.SubscriptionID
+	rgName := vmResInfo.ResourceGroupName
+
+	if c.SubID != subId {
+		return nil, errors.New("virtual machine is not in expected subscription")
+	}
+	if c.RgName != rgName {
+		return nil, errors.New("virtual machine is not in expected resource-group")
+	}
 
 	computeClient, err := armcompute.NewVirtualMachinesClient(subId, c.Creds, nil)
 	if err != nil {
@@ -61,7 +68,7 @@ func (c *PrivateEndpointsController) CreateVPCEndpoint(ctx context.Context, opts
 
 	vmLocation := *vmData.Location
 	if c.Region != vmLocation {
-		return nil, errors.New("virtual machine is not in same region")
+		return nil, errors.New("virtual machine is not in expected region")
 	}
 
 	if len(vmData.Properties.NetworkProfile.NetworkInterfaces) < 1 {