Update cluster.go

2024-11-15 10:02:20 -08:00 · 2024-11-15 10:02:20 -08:00 · 9719391dd5
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -325,7 +325,12 @@ func New(ctx context.Context, log *logrus.Entry, _env env.Interface, db database
 			return nil, err
 		}

-		authenticatorPolicy := dataplane.NewAuthenticatorPolicy(fpCredRPTenant, _env.MsiRpEndpoint())
+		// MSI dataplane client receives tenant from the bearer challenge, so we can't limit the allowed tenants in the credential
+		fpMSICred, err := _env.FPNewClientCertificateCredential(_env.TenantID(), []string{"*"})
+		if err != nil {
+			return nil, err
+		}
+		authenticatorPolicy := dataplane.NewAuthenticatorPolicy(fpMSICred, _env.MsiRpEndpoint())
 		msiDataplane, err := dataplane.NewClient(cloud, authenticatorPolicy, msiDataplaneClientOptions)
 		if err != nil {
 			return nil, err
--- a/pkg/util/mocks/env/env.go
+++ b/pkg/util/mocks/env/env.go
@ -1,5 +1,10 @@
 // Code generated by MockGen. DO NOT EDIT.
 // Source: env.go
+//
+// Generated by this command:
+//
+//	mockgen -destination=../util/mocks/env/env.go -source env.go -aux_files github.com/Azure/ARO-RP/pkg/env=core.go,github.com/Azure/ARO-RP/pkg/env=armhelper.go
+//

 // Package mock_env is a generated GoMock package.
 package mock_env
@ -22,14 +27,15 @@ import (
 	azidentity "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	compute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
 	autorest "github.com/Azure/go-autorest/autorest"
-	gomock "github.com/golang/mock/gomock"
 	logrus "github.com/sirupsen/logrus"
+	gomock "go.uber.org/mock/gomock"
 )

 // MockInterface is a mock of Interface interface.
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
+	isgomock struct{}
 }

 // MockInterfaceMockRecorder is the mock recorder for MockInterface.
@ -242,7 +248,7 @@ func (m *MockInterface) DialContext(ctx context.Context, network, address string
 }

 // DialContext indicates an expected call of DialContext.
-func (mr *MockInterfaceMockRecorder) DialContext(ctx, network, address interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) DialContext(ctx, network, address any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DialContext", reflect.TypeOf((*MockInterface)(nil).DialContext), ctx, network, address)
 }
@ -270,7 +276,7 @@ func (m *MockInterface) EnsureARMResourceGroupRoleAssignment(arg0 context.Contex
 }

 // EnsureARMResourceGroupRoleAssignment indicates an expected call of EnsureARMResourceGroupRoleAssignment.
-func (mr *MockInterfaceMockRecorder) EnsureARMResourceGroupRoleAssignment(arg0, arg1 interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) EnsureARMResourceGroupRoleAssignment(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EnsureARMResourceGroupRoleAssignment", reflect.TypeOf((*MockInterface)(nil).EnsureARMResourceGroupRoleAssignment), arg0, arg1)
 }
@ -292,7 +298,7 @@ func (mr *MockInterfaceMockRecorder) Environment() *gomock.Call {
 // FPAuthorizer mocks base method.
 func (m *MockInterface) FPAuthorizer(arg0 string, arg1 []string, arg2 ...string) (autorest.Authorizer, error) {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
+	varargs := []any{arg0, arg1}
 	for _, a := range arg2 {
 		varargs = append(varargs, a)
 	}
@ -303,9 +309,9 @@ func (m *MockInterface) FPAuthorizer(arg0 string, arg1 []string, arg2 ...string)
 }

 // FPAuthorizer indicates an expected call of FPAuthorizer.
-func (mr *MockInterfaceMockRecorder) FPAuthorizer(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) FPAuthorizer(arg0, arg1 any, arg2 ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	varargs := append([]any{arg0, arg1}, arg2...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FPAuthorizer", reflect.TypeOf((*MockInterface)(nil).FPAuthorizer), varargs...)
 }

@ -333,7 +339,7 @@ func (m *MockInterface) FPNewClientCertificateCredential(arg0 string, arg1 []str
 }

 // FPNewClientCertificateCredential indicates an expected call of FPNewClientCertificateCredential.
-func (mr *MockInterfaceMockRecorder) FPNewClientCertificateCredential(arg0, arg1 interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) FPNewClientCertificateCredential(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FPNewClientCertificateCredential", reflect.TypeOf((*MockInterface)(nil).FPNewClientCertificateCredential), arg0, arg1)
 }
@ -347,7 +353,7 @@ func (m *MockInterface) FeatureIsSet(arg0 env.Feature) bool {
 }

 // FeatureIsSet indicates an expected call of FeatureIsSet.
-func (mr *MockInterfaceMockRecorder) FeatureIsSet(arg0 interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) FeatureIsSet(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FeatureIsSet", reflect.TypeOf((*MockInterface)(nil).FeatureIsSet), arg0)
 }
@ -503,7 +509,7 @@ func (m *MockInterface) MsiDataplaneClientOptions(msiResourceId *arm.ResourceID)
 }

 // MsiDataplaneClientOptions indicates an expected call of MsiDataplaneClientOptions.
-func (mr *MockInterfaceMockRecorder) MsiDataplaneClientOptions(msiResourceId interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) MsiDataplaneClientOptions(msiResourceId any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MsiDataplaneClientOptions", reflect.TypeOf((*MockInterface)(nil).MsiDataplaneClientOptions), msiResourceId)
 }
@ -532,7 +538,7 @@ func (m *MockInterface) NewLiveConfigManager(arg0 context.Context) (liveconfig.M
 }

 // NewLiveConfigManager indicates an expected call of NewLiveConfigManager.
-func (mr *MockInterfaceMockRecorder) NewLiveConfigManager(arg0 interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) NewLiveConfigManager(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewLiveConfigManager", reflect.TypeOf((*MockInterface)(nil).NewLiveConfigManager), arg0)
 }
@ -547,7 +553,7 @@ func (m *MockInterface) NewMSIAuthorizer(scope string) (autorest.Authorizer, err
 }

 // NewMSIAuthorizer indicates an expected call of NewMSIAuthorizer.
-func (mr *MockInterfaceMockRecorder) NewMSIAuthorizer(scope interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) NewMSIAuthorizer(scope any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewMSIAuthorizer", reflect.TypeOf((*MockInterface)(nil).NewMSIAuthorizer), scope)
 }
@ -675,7 +681,7 @@ func (m *MockInterface) VMSku(vmSize string) (*compute.ResourceSku, error) {
 }

 // VMSku indicates an expected call of VMSku.
-func (mr *MockInterfaceMockRecorder) VMSku(vmSize interface{}) *gomock.Call {
+func (mr *MockInterfaceMockRecorder) VMSku(vmSize any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "VMSku", reflect.TypeOf((*MockInterface)(nil).VMSku), vmSize)
 }