Suppport proxy for NSXServiceAccount (#224) (#226)

Signed-off-by: gran <gran@vmware.com>

pkg/nsx/services/nsxserviceaccount/cluster.go

@@ -16,6 +16,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/tools/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/vmware-tanzu/nsx-operator/pkg/apis/v1alpha1"
 	"github.com/vmware-tanzu/nsx-operator/pkg/logger"
@@ -44,6 +45,8 @@ var (
 
 	antreaClusterResourceType = "AntreaClusterControlPlane"
 	revision1                 = int64(1)
+
+	proxyLabels = map[string]string{"mgmt-proxy.antrea-nsx.vmware.com": ""}
 )
 
 type NSXServiceAccountService struct {
@@ -98,6 +101,12 @@ func (s *NSXServiceAccountService) CreateOrUpdateNSXServiceAccount(ctx context.C
 	vpcName := obj.Namespace + "-default-vpc"
 	vpcPath := fmt.Sprintf("/orgs/default/projects/%s/vpcs/%s", util.NormalizeId(project), vpcName)
 
+	// get proxy
+	proxyEndpoints, err := s.getProxyEndpoints(ctx)
+	if err != nil {
+		return err
+	}
+
 	// generate certificate
 	subject := util.DefaultSubject
 	subject.CommonName = normalizedClusterName
@@ -189,10 +198,40 @@ func (s *NSXServiceAccountService) CreateOrUpdateNSXServiceAccount(ctx context.C
 		Namespace: secretNamespace,
 	}}
 	obj.Status.VPCPath = vpcPath
-	// TODO: Add proxy
+	obj.Status.ProxyEndpoints = proxyEndpoints
 	return s.Client.Status().Update(ctx, obj)
 }
 
+func (s *NSXServiceAccountService) getProxyEndpoints(ctx context.Context) (v1alpha1.NSXProxyEndpoint, error) {
+	proxyEndpoints := v1alpha1.NSXProxyEndpoint{}
+	proxies := &v1.ServiceList{}
+	if err := s.Client.List(ctx, proxies, client.MatchingLabels(proxyLabels)); err != nil {
+		return v1alpha1.NSXProxyEndpoint{}, err
+	}
+	for _, proxy := range proxies.Items {
+		if proxy.Spec.Type == v1.ServiceTypeLoadBalancer {
+			for _, ingress := range proxy.Status.LoadBalancer.Ingress {
+				proxyEndpoints.Addresses = append(proxyEndpoints.Addresses, v1alpha1.NSXProxyEndpointAddress{IP: ingress.IP})
+			}
+			for _, port := range proxy.Spec.Ports {
+				switch port.Name {
+				case PortRestAPI, PortNSXRPCFwdProxy:
+					switch port.Protocol {
+					case "", v1.ProtocolTCP:
+						proxyEndpoints.Ports = append(proxyEndpoints.Ports, v1alpha1.NSXProxyEndpointPort{
+							Name:     port.Name,
+							Port:     uint16(port.Port),
+							Protocol: v1alpha1.NSXProxyProtocolTCP,
+						})
+					}
+				}
+			}
+			break
+		}
+	}
+	return proxyEndpoints, nil
+}
+
 func (s *NSXServiceAccountService) DeleteNSXServiceAccount(ctx context.Context, namespacedName types.NamespacedName) error {
 	clusterName := s.getClusterName(namespacedName.Namespace, namespacedName.Name)
 	normalizedClusterName := util.NormalizeId(clusterName)

pkg/nsx/services/nsxserviceaccount/cluster_test.go

@@ -716,3 +716,112 @@ func TestNSXServiceAccountService_GetNSXServiceAccountNameByUID(t *testing.T) {
 		})
 	}
 }
+
+func TestNSXServiceAccountService_getProxyEndpoints(t *testing.T) {
+	tests := []struct {
+		name        string
+		prepareFunc func(*testing.T, *NSXServiceAccountService, context.Context)
+		want        nsxvmwarecomv1alpha1.NSXProxyEndpoint
+		wantErr     assert.ErrorAssertionFunc
+	}{
+		{
+			name: "NoProxy",
+			prepareFunc: func(t *testing.T, s *NSXServiceAccountService, c context.Context) {
+				svc := &v1.Service{
+					TypeMeta: metav1.TypeMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "no-label",
+						Namespace: "any",
+					},
+					Spec: v1.ServiceSpec{Type: v1.ServiceTypeLoadBalancer},
+					Status: v1.ServiceStatus{
+						LoadBalancer: v1.LoadBalancerStatus{
+							Ingress: []v1.LoadBalancerIngress{{IP: "1.2.3.4"}},
+						},
+					},
+				}
+				assert.NoError(t, s.Client.Create(c, svc))
+			},
+			want: nsxvmwarecomv1alpha1.NSXProxyEndpoint{
+				Addresses: nil,
+				Ports:     nil,
+			},
+			wantErr: assert.NoError,
+		},
+		{
+			name: "Proxy",
+			prepareFunc: func(t *testing.T, s *NSXServiceAccountService, c context.Context) {
+				svc := &v1.Service{
+					TypeMeta: metav1.TypeMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "with-label",
+						Namespace: "any",
+						Labels:    map[string]string{"mgmt-proxy.antrea-nsx.vmware.com": "", "dummy": "dummy"},
+					},
+					Spec: v1.ServiceSpec{
+						Ports: []v1.ServicePort{
+							{
+								Name:     "rest-api",
+								Protocol: "",
+								Port:     10000,
+							},
+							{
+								Name:     "nsx-rpc-fwd-proxy",
+								Protocol: "TCP",
+								Port:     10001,
+							},
+							{
+								Name:     "rest-api",
+								Protocol: "UDP",
+								Port:     10002,
+							},
+							{
+								Name:     "wrong-rest-api",
+								Protocol: "TCP",
+								Port:     10003,
+							},
+						},
+						Type: v1.ServiceTypeLoadBalancer,
+					},
+					Status: v1.ServiceStatus{
+						LoadBalancer: v1.LoadBalancerStatus{
+							Ingress: []v1.LoadBalancerIngress{{IP: "1.2.3.4"}, {IP: "1.2.3.5"}},
+						},
+					},
+				}
+				assert.NoError(t, s.Client.Create(c, svc))
+			},
+			want: nsxvmwarecomv1alpha1.NSXProxyEndpoint{
+				Addresses: []nsxvmwarecomv1alpha1.NSXProxyEndpointAddress{{IP: "1.2.3.4"}, {IP: "1.2.3.5"}},
+				Ports: []nsxvmwarecomv1alpha1.NSXProxyEndpointPort{
+					{
+						Name:     "rest-api",
+						Port:     10000,
+						Protocol: "TCP",
+					},
+					{
+						Name:     "nsx-rpc-fwd-proxy",
+						Port:     10001,
+						Protocol: "TCP",
+					},
+				},
+			},
+			wantErr: assert.NoError,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.TODO()
+			commonService := newFakeCommonService()
+			s := &NSXServiceAccountService{Service: commonService}
+			s.SetUpStore()
+			tt.prepareFunc(t, s, ctx)
+
+			got, err := s.getProxyEndpoints(ctx)
+			if !tt.wantErr(t, err, fmt.Sprintf("getProxyEndpoints()")) {
+				return
+			}
+			assert.Equalf(t, tt.want, got, "getProxyEndpoints()")
+		})
+	}
+}