diff --git a/pkg/api/admin/openshiftcluster.go b/pkg/api/admin/openshiftcluster.go index 8acbeeb5b..d1bab4bb6 100644 --- a/pkg/api/admin/openshiftcluster.go +++ b/pkg/api/admin/openshiftcluster.go @@ -43,7 +43,7 @@ type OpenShiftClusterProperties struct { ClusterProfile ClusterProfile `json:"clusterProfile,omitempty"` FeatureProfile FeatureProfile `json:"featureProfile,omitempty"` ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` MasterProfile MasterProfile `json:"masterProfile,omitempty"` @@ -149,8 +149,9 @@ type ConsoleProfile struct { // ServicePrincipalProfile represents a service principal profile. type ServicePrincipalProfile struct { - ClientID string `json:"clientId,omitempty"` - SPObjectID string `json:"spObjectId,omitempty"` + ClientID string `json:"clientId,omitempty"` + SPObjectID string `json:"spObjectId,omitempty"` + ClientSecret string `json:"clientSecret,omitempty"` } // SoftwareDefinedNetwork constants. diff --git a/pkg/api/admin/openshiftcluster_convert.go b/pkg/api/admin/openshiftcluster_convert.go index 2b24888ce..b0a563bcf 100644 --- a/pkg/api/admin/openshiftcluster_convert.go +++ b/pkg/api/admin/openshiftcluster_convert.go @@ -45,10 +45,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - SPObjectID: oc.Properties.ServicePrincipalProfile.SPObjectID, - }, NetworkProfile: NetworkProfile{ SoftwareDefinedNetwork: SoftwareDefinedNetwork(oc.Properties.NetworkProfile.SoftwareDefinedNetwork), PodCIDR: oc.Properties.NetworkProfile.PodCIDR, @@ -77,6 +73,14 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + SPObjectID: oc.Properties.ServicePrincipalProfile.SPObjectID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.NetworkProfile.LoadBalancerProfile != nil { out.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{} @@ -275,8 +279,13 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.FeatureProfile.GatewayEnabled = oc.Properties.FeatureProfile.GatewayEnabled out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.SPObjectID = oc.Properties.ServicePrincipalProfile.SPObjectID + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + SPObjectID: oc.Properties.ServicePrincipalProfile.SPObjectID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { out.Properties.PlatformWorkloadIdentityProfile = &api.PlatformWorkloadIdentityProfile{} out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]api.PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) diff --git a/pkg/api/admin/openshiftcluster_validatestatic_test.go b/pkg/api/admin/openshiftcluster_validatestatic_test.go index 77a4c0d70..3088f319a 100644 --- a/pkg/api/admin/openshiftcluster_validatestatic_test.go +++ b/pkg/api/admin/openshiftcluster_validatestatic_test.go @@ -314,7 +314,7 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) { oc: func() *OpenShiftCluster { return &OpenShiftCluster{ Properties: OpenShiftClusterProperties{ - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientID: "clientId", }, }, @@ -330,7 +330,7 @@ func TestOpenShiftClusterStaticValidateDelta(t *testing.T) { oc: func() *OpenShiftCluster { return &OpenShiftCluster{ Properties: OpenShiftClusterProperties{ - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ SPObjectID: "clientId", }, }, diff --git a/pkg/api/admin/openshiftversion_validatestatic.go b/pkg/api/admin/openshiftversion_validatestatic.go index 83fb14215..63fee7ebc 100644 --- a/pkg/api/admin/openshiftversion_validatestatic.go +++ b/pkg/api/admin/openshiftversion_validatestatic.go @@ -21,7 +21,7 @@ func (sv openShiftVersionStaticValidator) Static(_new interface{}, _current *api current = (&openShiftVersionConverter{}).ToExternal(_current).(*OpenShiftVersion) } - err := sv.validate(new, current == nil) + err := sv.validate(new) if err != nil { return err } @@ -33,7 +33,7 @@ func (sv openShiftVersionStaticValidator) Static(_new interface{}, _current *api return sv.validateDelta(new, current) } -func (sv openShiftVersionStaticValidator) validate(new *OpenShiftVersion, isCreate bool) error { +func (sv openShiftVersionStaticValidator) validate(new *OpenShiftVersion) error { if new.Properties.Version == "" { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, "properties.version", "Must be provided") } diff --git a/pkg/api/openshiftcluster.go b/pkg/api/openshiftcluster.go index 6095bb9bd..0826520d0 100644 --- a/pkg/api/openshiftcluster.go +++ b/pkg/api/openshiftcluster.go @@ -121,7 +121,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` diff --git a/pkg/api/openshiftclusterdocument_example.go b/pkg/api/openshiftclusterdocument_example.go index 3f2de969a..9d972621f 100644 --- a/pkg/api/openshiftclusterdocument_example.go +++ b/pkg/api/openshiftclusterdocument_example.go @@ -45,7 +45,7 @@ func ExampleOpenShiftClusterDocument() *OpenShiftClusterDocument { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "clientId", }, diff --git a/pkg/api/v20191231preview/openshiftcluster.go b/pkg/api/v20191231preview/openshiftcluster.go index f72054b19..2e9272c93 100644 --- a/pkg/api/v20191231preview/openshiftcluster.go +++ b/pkg/api/v20191231preview/openshiftcluster.go @@ -48,7 +48,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20191231preview/openshiftcluster_convert.go b/pkg/api/v20191231preview/openshiftcluster_convert.go index 5967fbf8a..d813b32b0 100644 --- a/pkg/api/v20191231preview/openshiftcluster_convert.go +++ b/pkg/api/v20191231preview/openshiftcluster_convert.go @@ -30,10 +30,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -50,6 +46,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -130,8 +133,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.Version = oc.Properties.ClusterProfile.Version out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.MasterProfile.VMSize = api.VMSize(oc.Properties.MasterProfile.VMSize) diff --git a/pkg/api/v20191231preview/openshiftcluster_validatestatic.go b/pkg/api/v20191231preview/openshiftcluster_validatestatic.go index 84ceba628..d2c8ba858 100644 --- a/pkg/api/v20191231preview/openshiftcluster_validatestatic.go +++ b/pkg/api/v20191231preview/openshiftcluster_validatestatic.go @@ -91,7 +91,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile); err != nil { @@ -172,6 +172,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20191231preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20191231preview/openshiftcluster_validatestatic_test.go index 85ce86574..a1c738e65 100644 --- a/pkg/api/v20191231preview/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20191231preview/openshiftcluster_validatestatic_test.go @@ -56,7 +56,7 @@ func validOpenShiftCluster() *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20200430/openshiftcluster.go b/pkg/api/v20200430/openshiftcluster.go index b195fdc4d..0db22063e 100644 --- a/pkg/api/v20200430/openshiftcluster.go +++ b/pkg/api/v20200430/openshiftcluster.go @@ -48,7 +48,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20200430/openshiftcluster_convert.go b/pkg/api/v20200430/openshiftcluster_convert.go index f2ae201f8..ef4cfadcc 100644 --- a/pkg/api/v20200430/openshiftcluster_convert.go +++ b/pkg/api/v20200430/openshiftcluster_convert.go @@ -30,10 +30,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -50,6 +46,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -130,8 +133,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.Version = oc.Properties.ClusterProfile.Version out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.MasterProfile.VMSize = api.VMSize(oc.Properties.MasterProfile.VMSize) diff --git a/pkg/api/v20200430/openshiftcluster_validatestatic.go b/pkg/api/v20200430/openshiftcluster_validatestatic.go index f7212a4b7..d255d5158 100644 --- a/pkg/api/v20200430/openshiftcluster_validatestatic.go +++ b/pkg/api/v20200430/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile); err != nil { @@ -175,6 +175,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20200430/openshiftcluster_validatestatic_test.go b/pkg/api/v20200430/openshiftcluster_validatestatic_test.go index 9ae089e40..76018da3a 100644 --- a/pkg/api/v20200430/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20200430/openshiftcluster_validatestatic_test.go @@ -56,7 +56,7 @@ func validOpenShiftCluster() *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20210901preview/openshiftcluster.go b/pkg/api/v20210901preview/openshiftcluster.go index b5e5d07ba..5e758c78f 100644 --- a/pkg/api/v20210901preview/openshiftcluster.go +++ b/pkg/api/v20210901preview/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20210901preview/openshiftcluster_convert.go b/pkg/api/v20210901preview/openshiftcluster_convert.go index 47da24e83..ef1cbae6b 100644 --- a/pkg/api/v20210901preview/openshiftcluster_convert.go +++ b/pkg/api/v20210901preview/openshiftcluster_convert.go @@ -30,10 +30,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -53,6 +49,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -144,8 +147,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.Version = oc.Properties.ClusterProfile.Version out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.SoftwareDefinedNetwork = api.SoftwareDefinedNetwork(oc.Properties.NetworkProfile.SoftwareDefinedNetwork) diff --git a/pkg/api/v20210901preview/openshiftcluster_validatestatic.go b/pkg/api/v20210901preview/openshiftcluster_validatestatic.go index 3735f46b8..b1ffe12c7 100644 --- a/pkg/api/v20210901preview/openshiftcluster_validatestatic.go +++ b/pkg/api/v20210901preview/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile); err != nil { @@ -175,6 +175,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20210901preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20210901preview/openshiftcluster_validatestatic_test.go index e1614ed13..c66de1602 100644 --- a/pkg/api/v20210901preview/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20210901preview/openshiftcluster_validatestatic_test.go @@ -70,7 +70,7 @@ func validOpenShiftCluster() *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20220401/openshiftcluster.go b/pkg/api/v20220401/openshiftcluster.go index 569a41aa9..0a8217a4b 100644 --- a/pkg/api/v20220401/openshiftcluster.go +++ b/pkg/api/v20220401/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20220401/openshiftcluster_convert.go b/pkg/api/v20220401/openshiftcluster_convert.go index f780dce78..0ea465c1f 100644 --- a/pkg/api/v20220401/openshiftcluster_convert.go +++ b/pkg/api/v20220401/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -53,6 +49,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -145,8 +148,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.MasterProfile.VMSize = api.VMSize(oc.Properties.MasterProfile.VMSize) diff --git a/pkg/api/v20220401/openshiftcluster_validatestatic.go b/pkg/api/v20220401/openshiftcluster_validatestatic.go index 4f4068750..91b42bc3d 100644 --- a/pkg/api/v20220401/openshiftcluster_validatestatic.go +++ b/pkg/api/v20220401/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile); err != nil { @@ -181,6 +181,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20220401/openshiftcluster_validatestatic_test.go b/pkg/api/v20220401/openshiftcluster_validatestatic_test.go index 31c7c4550..2cebe0a57 100644 --- a/pkg/api/v20220401/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20220401/openshiftcluster_validatestatic_test.go @@ -71,7 +71,7 @@ func validOpenShiftCluster() *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20220904/openshiftcluster.go b/pkg/api/v20220904/openshiftcluster.go index 113eedb66..d39218d63 100644 --- a/pkg/api/v20220904/openshiftcluster.go +++ b/pkg/api/v20220904/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20220904/openshiftcluster_convert.go b/pkg/api/v20220904/openshiftcluster_convert.go index cc3a7076c..60137d5f2 100644 --- a/pkg/api/v20220904/openshiftcluster_convert.go +++ b/pkg/api/v20220904/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -53,6 +49,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -145,8 +148,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.MasterProfile.VMSize = api.VMSize(oc.Properties.MasterProfile.VMSize) diff --git a/pkg/api/v20220904/openshiftcluster_validatestatic.go b/pkg/api/v20220904/openshiftcluster_validatestatic.go index 02df81a0e..4fc1481f3 100644 --- a/pkg/api/v20220904/openshiftcluster_validatestatic.go +++ b/pkg/api/v20220904/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile); err != nil { @@ -181,6 +181,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20220904/openshiftcluster_validatestatic_test.go b/pkg/api/v20220904/openshiftcluster_validatestatic_test.go index f22336d52..e8273d16b 100644 --- a/pkg/api/v20220904/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20220904/openshiftcluster_validatestatic_test.go @@ -77,7 +77,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20230401/openshiftcluster.go b/pkg/api/v20230401/openshiftcluster.go index ba3941502..003d562c9 100644 --- a/pkg/api/v20230401/openshiftcluster.go +++ b/pkg/api/v20230401/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20230401/openshiftcluster_convert.go b/pkg/api/v20230401/openshiftcluster_convert.go index b23f4343c..4f3442cb1 100644 --- a/pkg/api/v20230401/openshiftcluster_convert.go +++ b/pkg/api/v20230401/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -54,6 +50,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles @@ -146,8 +149,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.OutboundType = api.OutboundType(oc.Properties.NetworkProfile.OutboundType) diff --git a/pkg/api/v20230401/openshiftcluster_validatestatic.go b/pkg/api/v20230401/openshiftcluster_validatestatic.go index 28b628f05..b628afcf2 100644 --- a/pkg/api/v20230401/openshiftcluster_validatestatic.go +++ b/pkg/api/v20230401/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { @@ -181,6 +181,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20230401/openshiftcluster_validatestatic_test.go b/pkg/api/v20230401/openshiftcluster_validatestatic_test.go index e46454528..a1b82758e 100644 --- a/pkg/api/v20230401/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20230401/openshiftcluster_validatestatic_test.go @@ -77,7 +77,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20230701preview/openshiftcluster.go b/pkg/api/v20230701preview/openshiftcluster.go index df4ab807a..af891b3c3 100644 --- a/pkg/api/v20230701preview/openshiftcluster.go +++ b/pkg/api/v20230701preview/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20230701preview/openshiftcluster_convert.go b/pkg/api/v20230701preview/openshiftcluster_convert.go index 9b5d027e0..59ff4b9dd 100644 --- a/pkg/api/v20230701preview/openshiftcluster_convert.go +++ b/pkg/api/v20230701preview/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -54,6 +50,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.NetworkProfile.LoadBalancerProfile != nil { out.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{} @@ -187,8 +190,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.OutboundType = api.OutboundType(oc.Properties.NetworkProfile.OutboundType) diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic.go index 74b39283c..2b8538fed 100644 --- a/pkg/api/v20230701preview/openshiftcluster_validatestatic.go +++ b/pkg/api/v20230701preview/openshiftcluster_validatestatic.go @@ -95,7 +95,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { @@ -187,6 +187,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go index d73e1b77a..e5a031d0e 100644 --- a/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20230701preview/openshiftcluster_validatestatic_test.go @@ -79,7 +79,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20230904/openshiftcluster.go b/pkg/api/v20230904/openshiftcluster.go index 8b03c9d80..d8bb9fd29 100644 --- a/pkg/api/v20230904/openshiftcluster.go +++ b/pkg/api/v20230904/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20230904/openshiftcluster_convert.go b/pkg/api/v20230904/openshiftcluster_convert.go index 4bee9bf36..fd8069d55 100644 --- a/pkg/api/v20230904/openshiftcluster_convert.go +++ b/pkg/api/v20230904/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -55,6 +51,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.WorkerProfiles != nil { workerProfiles := oc.Properties.WorkerProfiles out.Properties.WorkerProfiles = make([]WorkerProfile, 0, len(workerProfiles)) @@ -157,8 +160,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.ResourceGroupID = oc.Properties.ClusterProfile.ResourceGroupID out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.OutboundType = api.OutboundType(oc.Properties.NetworkProfile.OutboundType) diff --git a/pkg/api/v20230904/openshiftcluster_validatestatic.go b/pkg/api/v20230904/openshiftcluster_validatestatic.go index bbb480036..23476c732 100644 --- a/pkg/api/v20230904/openshiftcluster_validatestatic.go +++ b/pkg/api/v20230904/openshiftcluster_validatestatic.go @@ -92,7 +92,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { @@ -185,6 +185,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20230904/openshiftcluster_validatestatic_test.go b/pkg/api/v20230904/openshiftcluster_validatestatic_test.go index b0852939b..a9138383e 100644 --- a/pkg/api/v20230904/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20230904/openshiftcluster_validatestatic_test.go @@ -77,7 +77,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "https://console-openshift-console.apps.cluster.location.aroapp.io/", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20231122/openshiftcluster.go b/pkg/api/v20231122/openshiftcluster.go index aef15848c..44ff2e88d 100644 --- a/pkg/api/v20231122/openshiftcluster.go +++ b/pkg/api/v20231122/openshiftcluster.go @@ -53,7 +53,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` diff --git a/pkg/api/v20231122/openshiftcluster_convert.go b/pkg/api/v20231122/openshiftcluster_convert.go index f4f107665..53c89d1da 100644 --- a/pkg/api/v20231122/openshiftcluster_convert.go +++ b/pkg/api/v20231122/openshiftcluster_convert.go @@ -31,10 +31,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -55,6 +51,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.NetworkProfile.LoadBalancerProfile != nil { out.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{} @@ -178,8 +181,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL } out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.OutboundType = api.OutboundType(oc.Properties.NetworkProfile.OutboundType) diff --git a/pkg/api/v20231122/openshiftcluster_validatestatic.go b/pkg/api/v20231122/openshiftcluster_validatestatic.go index c310909c9..bcc7dcce8 100644 --- a/pkg/api/v20231122/openshiftcluster_validatestatic.go +++ b/pkg/api/v20231122/openshiftcluster_validatestatic.go @@ -95,7 +95,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { @@ -191,6 +191,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20231122/openshiftcluster_validatestatic_test.go b/pkg/api/v20231122/openshiftcluster_validatestatic_test.go index 6a03d7518..5a86ed005 100644 --- a/pkg/api/v20231122/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20231122/openshiftcluster_validatestatic_test.go @@ -87,7 +87,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/api/v20240812preview/openshiftcluster.go b/pkg/api/v20240812preview/openshiftcluster.go index 519f33425..09a5a632d 100644 --- a/pkg/api/v20240812preview/openshiftcluster.go +++ b/pkg/api/v20240812preview/openshiftcluster.go @@ -56,7 +56,7 @@ type OpenShiftClusterProperties struct { ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` // The cluster service principal profile. - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` // The workload identity profile. PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` diff --git a/pkg/api/v20240812preview/openshiftcluster_convert.go b/pkg/api/v20240812preview/openshiftcluster_convert.go index 295c77c07..8fea9cd4a 100644 --- a/pkg/api/v20240812preview/openshiftcluster_convert.go +++ b/pkg/api/v20240812preview/openshiftcluster_convert.go @@ -32,10 +32,6 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, }, - ServicePrincipalProfile: ServicePrincipalProfile{ - ClientID: oc.Properties.ServicePrincipalProfile.ClientID, - ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), - }, NetworkProfile: NetworkProfile{ PodCIDR: oc.Properties.NetworkProfile.PodCIDR, ServiceCIDR: oc.Properties.NetworkProfile.ServiceCIDR, @@ -56,6 +52,13 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac }, } + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: string(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } + if oc.Properties.NetworkProfile.LoadBalancerProfile != nil { out.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{} @@ -214,9 +217,12 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL } out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) - out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID - out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) - + if oc.Properties.ServicePrincipalProfile != nil { + out.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: oc.Properties.ServicePrincipalProfile.ClientID, + ClientSecret: api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret), + } + } if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { out.Properties.PlatformWorkloadIdentityProfile = &api.PlatformWorkloadIdentityProfile{} out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]api.PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) diff --git a/pkg/api/v20240812preview/openshiftcluster_validatestatic.go b/pkg/api/v20240812preview/openshiftcluster_validatestatic.go index 8896cd106..43550d710 100644 --- a/pkg/api/v20240812preview/openshiftcluster_validatestatic.go +++ b/pkg/api/v20240812preview/openshiftcluster_validatestatic.go @@ -95,7 +95,7 @@ func (sv openShiftClusterStaticValidator) validateProperties(path string, p *Ope if err := sv.validateConsoleProfile(path+".consoleProfile", &p.ConsoleProfile); err != nil { return err } - if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", &p.ServicePrincipalProfile); err != nil { + if err := sv.validateServicePrincipalProfile(path+".servicePrincipalProfile", p.ServicePrincipalProfile); err != nil { return err } if err := sv.validateNetworkProfile(path+".networkProfile", &p.NetworkProfile, p.APIServerProfile.Visibility, p.IngressProfiles[0].Visibility); err != nil { @@ -191,6 +191,10 @@ func (sv openShiftClusterStaticValidator) validateConsoleProfile(path string, cp } func (sv openShiftClusterStaticValidator) validateServicePrincipalProfile(path string, spp *ServicePrincipalProfile) error { + if spp == nil { + return nil + } + valid := uuid.IsValid(spp.ClientID) if !valid { return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, path+".clientId", "The provided client ID '%s' is invalid.", spp.ClientID) diff --git a/pkg/api/v20240812preview/openshiftcluster_validatestatic_test.go b/pkg/api/v20240812preview/openshiftcluster_validatestatic_test.go index 949bc60b4..9e7e4d26d 100644 --- a/pkg/api/v20240812preview/openshiftcluster_validatestatic_test.go +++ b/pkg/api/v20240812preview/openshiftcluster_validatestatic_test.go @@ -87,7 +87,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster { ConsoleProfile: ConsoleProfile{ URL: "", }, - ServicePrincipalProfile: ServicePrincipalProfile{ + ServicePrincipalProfile: &ServicePrincipalProfile{ ClientSecret: "clientSecret", ClientID: "11111111-1111-1111-1111-111111111111", }, diff --git a/pkg/cluster/clusterserviceprincipal_test.go b/pkg/cluster/clusterserviceprincipal_test.go index f160ab67d..0f85431fd 100644 --- a/pkg/cluster/clusterserviceprincipal_test.go +++ b/pkg/cluster/clusterserviceprincipal_test.go @@ -50,7 +50,7 @@ func TestCreateOrUpdateClusterServicePrincipalRBAC(t *testing.T) { ClusterProfile: api.ClusterProfile{ ResourceGroupID: resourceGroupID, }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ SPObjectID: fakeClusterSPObjectId, }, }, @@ -263,7 +263,7 @@ func TestServicePrincipalUpdated(t *testing.T) { for _, tt := range []struct { name string kubernetescli func() *fake.Clientset - spp api.ServicePrincipalProfile + spp *api.ServicePrincipalProfile wantSecret func() *corev1.Secret wantErrMsg string }{ @@ -272,7 +272,7 @@ func TestServicePrincipalUpdated(t *testing.T) { kubernetescli: func() *fake.Clientset { return fake.NewSimpleClientset() }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -287,7 +287,7 @@ func TestServicePrincipalUpdated(t *testing.T) { }) return cli }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -300,7 +300,7 @@ func TestServicePrincipalUpdated(t *testing.T) { secret.Data["cloud-config"] = []byte("This is some random data that is not going to unmarshal properly!") return fake.NewSimpleClientset(&secret) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -312,7 +312,7 @@ func TestServicePrincipalUpdated(t *testing.T) { secret := getFakeAROSecret("aadClientId", "aadClientSecret") return fake.NewSimpleClientset(&secret) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientIdNew", ClientSecret: "aadClientSecretNew", }, @@ -327,7 +327,7 @@ func TestServicePrincipalUpdated(t *testing.T) { secret := getFakeAROSecret("aadClientId", "aadClientSecret") return fake.NewSimpleClientset(&secret) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -342,7 +342,7 @@ func TestServicePrincipalUpdated(t *testing.T) { secret := getFakeAROSecret("aadClientId", "aadClientSecret") return fake.NewSimpleClientset(&secret) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecret", }, @@ -397,7 +397,7 @@ func TestUpdateAROSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecret", }, @@ -418,7 +418,7 @@ func TestUpdateAROSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "new-client-id", ClientSecret: "aadClientSecret", }, @@ -449,7 +449,7 @@ func TestUpdateAROSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "clientID", ClientSecret: "aadClientSecret", }, @@ -528,7 +528,7 @@ func TestUpdateOpenShiftSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "azure_client_id_value", ClientSecret: "azure_client_secret_value", }, @@ -553,7 +553,7 @@ func TestUpdateOpenShiftSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "azure_client_id_value", ClientSecret: "new_azure_client_secret_value", }, @@ -580,7 +580,7 @@ func TestUpdateOpenShiftSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "azure_client_id_value", ClientSecret: "azure_client_secret_value", }, @@ -606,7 +606,7 @@ func TestUpdateOpenShiftSecret(t *testing.T) { }, doc: api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "azure_client_id_value", ClientSecret: "azure_client_secret_value", }, diff --git a/pkg/cluster/condition_test.go b/pkg/cluster/condition_test.go index 74ded8740..a05156592 100644 --- a/pkg/cluster/condition_test.go +++ b/pkg/cluster/condition_test.go @@ -248,7 +248,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { name string kubernetescli func() *fake.Clientset dynamiccli func() *dynamicfake.FakeDynamicClient - spp api.ServicePrincipalProfile + spp *api.ServicePrincipalProfile want bool wantErrMsg string }{ @@ -261,7 +261,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { dynamiccli: func() *dynamicfake.FakeDynamicClient { return dynamicfake.NewSimpleDynamicClient(scheme.Scheme) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecret", }, @@ -276,7 +276,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { dynamiccli: func() *dynamicfake.FakeDynamicClient { return dynamicfake.NewSimpleDynamicClient(scheme.Scheme) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -295,7 +295,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { }) return dynamiccli }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -317,7 +317,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { } return dynamicfake.NewSimpleDynamicClient(scheme.Scheme, &cr) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -343,7 +343,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { } return dynamicfake.NewSimpleDynamicClient(scheme.Scheme, &cr) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, @@ -368,7 +368,7 @@ func TestAroCredentialsRequestReconciled(t *testing.T) { } return dynamicfake.NewSimpleDynamicClient(scheme.Scheme, &cr) }, - spp: api.ServicePrincipalProfile{ + spp: &api.ServicePrincipalProfile{ ClientID: "aadClientId", ClientSecret: "aadClientSecretNew", }, diff --git a/pkg/cluster/denyassignment_test.go b/pkg/cluster/denyassignment_test.go index 77a53d83e..e9316ca47 100644 --- a/pkg/cluster/denyassignment_test.go +++ b/pkg/cluster/denyassignment_test.go @@ -30,7 +30,7 @@ func TestCreateOrUpdateDenyAssignment(t *testing.T) { ClusterProfile: api.ClusterProfile{ ResourceGroupID: fmt.Sprintf("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/%s", clusterRGName), }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ SPObjectID: fakeClusterSPObjectId, }, }, diff --git a/pkg/cluster/install.go b/pkg/cluster/install.go index 660b3f75e..b9c340745 100644 --- a/pkg/cluster/install.go +++ b/pkg/cluster/install.go @@ -187,12 +187,10 @@ func (m *manager) Update(ctx context.Context) error { steps.AuthorizationRetryingAction(m.fpAuthorizer, m.validateResources), steps.Action(m.initializeKubernetesClients), // All init steps are first steps.Action(m.initializeOperatorDeployer), // depends on kube clients - steps.Action(m.initializeClusterSPClients), + // Since ServicePrincipalProfile is now a pointer and our converters re-build the struct, + // our update path needs to enrich the doc with SPObjectID since it was overwritten by our API on put/patch. + steps.AuthorizationRetryingAction(m.fpAuthorizer, m.fixupClusterSPObjectID), - // TODO: this relies on an authorizer that isn't exposed in the manager - // struct, so we'll rebuild the fpAuthorizer and use the error catching - // to advance - steps.AuthorizationRetryingAction(m.fpAuthorizer, m.clusterSPObjectID), // credentials rotation flow steps steps.Action(m.createOrUpdateClusterServicePrincipalRBAC), steps.Action(m.createOrUpdateDenyAssignment), diff --git a/pkg/frontend/admin_openshiftcluster_list_test.go b/pkg/frontend/admin_openshiftcluster_list_test.go index 1e7d7da88..c39934e30 100644 --- a/pkg/frontend/admin_openshiftcluster_list_test.go +++ b/pkg/frontend/admin_openshiftcluster_list_test.go @@ -49,7 +49,7 @@ func TestAdminListOpenShiftCluster(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret1", }, }, @@ -65,7 +65,7 @@ func TestAdminListOpenShiftCluster(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret2", }, }, @@ -80,11 +80,17 @@ func TestAdminListOpenShiftCluster(t *testing.T) { ID: testdatabase.GetResourcePath(mockSubID, "resourceName1"), Name: "resourceName1", Type: "Microsoft.RedHatOpenShift/openshiftClusters", + Properties: admin.OpenShiftClusterProperties{ + ServicePrincipalProfile: &admin.ServicePrincipalProfile{}, + }, }, { ID: testdatabase.GetResourcePath(otherMockSubID, "resourceName2"), Name: "resourceName2", Type: "Microsoft.RedHatOpenShift/openshiftClusters", + Properties: admin.OpenShiftClusterProperties{ + ServicePrincipalProfile: &admin.ServicePrincipalProfile{}, + }, }, }, }, diff --git a/pkg/frontend/asyncoperationresult_get_test.go b/pkg/frontend/asyncoperationresult_get_test.go index 2e56de15d..516fcac90 100644 --- a/pkg/frontend/asyncoperationresult_get_test.go +++ b/pkg/frontend/asyncoperationresult_get_test.go @@ -49,7 +49,7 @@ func TestGetAsyncOperationResult(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, @@ -69,6 +69,9 @@ func TestGetAsyncOperationResult(t *testing.T) { ID: testdatabase.GetResourcePath(mockSubID, "fakeClusterID"), Name: "resourceName", Type: "Microsoft.RedHatOpenShift/openshiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, }, }, { diff --git a/pkg/frontend/openshiftcluster_get_test.go b/pkg/frontend/openshiftcluster_get_test.go index 91a3988f3..65fff1687 100644 --- a/pkg/frontend/openshiftcluster_get_test.go +++ b/pkg/frontend/openshiftcluster_get_test.go @@ -47,7 +47,7 @@ func TestGetOpenShiftCluster(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, @@ -62,6 +62,9 @@ func TestGetOpenShiftCluster(t *testing.T) { ID: tt.resourceID, Name: "resourceName", Type: "Microsoft.RedHatOpenShift/openshiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, } }, }, diff --git a/pkg/frontend/openshiftcluster_list_test.go b/pkg/frontend/openshiftcluster_list_test.go index fc6e0678f..c22c16c99 100644 --- a/pkg/frontend/openshiftcluster_list_test.go +++ b/pkg/frontend/openshiftcluster_list_test.go @@ -32,7 +32,7 @@ func makeDoc(num int) *api.OpenShiftClusterDocument { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: (api.SecureString)(clientSecret), }, }, @@ -78,11 +78,17 @@ func TestListOpenShiftCluster(t *testing.T) { ID: fmt.Sprintf("/subscriptions/%s/resourcegroups/resourceGroup/providers/Microsoft.RedHatOpenShift/openShiftClusters/resourceName01", mockSubID), Name: "resourceName01", Type: "Microsoft.RedHatOpenShift/openShiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, }, { ID: testdatabase.GetResourcePath(mockSubID, "resourceName02"), Name: "resourceName02", Type: "Microsoft.RedHatOpenShift/openShiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, }, }, } @@ -117,6 +123,9 @@ func TestListOpenShiftCluster(t *testing.T) { ID: testdatabase.GetResourcePath(mockSubID, fmt.Sprintf("resourceName%02d", i)), Name: fmt.Sprintf("resourceName%02d", i), Type: "Microsoft.RedHatOpenShift/openShiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, }) } @@ -145,6 +154,9 @@ func TestListOpenShiftCluster(t *testing.T) { ID: testdatabase.GetResourcePath(mockSubID, "resourceName11"), Name: "resourceName11", Type: "Microsoft.RedHatOpenShift/openShiftClusters", + Properties: v20200430.OpenShiftClusterProperties{ + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, + }, }, }, } diff --git a/pkg/frontend/openshiftcluster_putorpatch.go b/pkg/frontend/openshiftcluster_putorpatch.go index 9390a1f8f..1fa6f26fd 100644 --- a/pkg/frontend/openshiftcluster_putorpatch.go +++ b/pkg/frontend/openshiftcluster_putorpatch.go @@ -126,7 +126,7 @@ func (f *frontend) _putOrPatchOpenShiftCluster(ctx context.Context, log *logrus. // Our base structure for unmarshal is skeleton document with values we // think is required. We expect payload to have everything else required. case http.MethodPut: - ext = converter.ToExternal(&api.OpenShiftCluster{ + document := &api.OpenShiftCluster{ ID: doc.OpenShiftCluster.ID, Name: doc.OpenShiftCluster.Name, Type: doc.OpenShiftCluster.Type, @@ -136,12 +136,16 @@ func (f *frontend) _putOrPatchOpenShiftCluster(ctx context.Context, log *logrus. PullSecret: doc.OpenShiftCluster.Properties.ClusterProfile.PullSecret, Version: doc.OpenShiftCluster.Properties.ClusterProfile.Version, }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ - ClientSecret: doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret, - }, }, SystemData: doc.OpenShiftCluster.SystemData, - }) + } + + if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil { + document.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{} + document.Properties.ServicePrincipalProfile.ClientSecret = doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret + } + + ext = converter.ToExternal(document) // In case of PATCH we take current cluster document, which is enriched // from the cluster and use it as base for unmarshal. So customer can @@ -190,7 +194,11 @@ func (f *frontend) _putOrPatchOpenShiftCluster(ctx context.Context, log *logrus. doc.OpenShiftCluster.Properties.ClusterProfile.ResourceGroupID = strings.ToLower(doc.OpenShiftCluster.Properties.ClusterProfile.ResourceGroupID) doc.ClusterResourceGroupIDKey = strings.ToLower(doc.OpenShiftCluster.Properties.ClusterProfile.ResourceGroupID) - doc.ClientIDKey = strings.ToLower(doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientID) + + if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil { + doc.ClientIDKey = strings.ToLower(doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientID) + } + doc.OpenShiftCluster.Properties.ProvisioningState = api.ProvisioningStateCreating doc.Bucket, err = f.bucketAllocator.Allocate() @@ -235,7 +243,10 @@ func (f *frontend) _putOrPatchOpenShiftCluster(ctx context.Context, log *logrus. // We remove sensitive data from document to prevent sensitive data being // returned to the customer. doc.OpenShiftCluster.Properties.ClusterProfile.PullSecret = "" - doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = "" + + if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil { + doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = "" + } // We don't return enriched worker profile data on PUT/PATCH operations doc.OpenShiftCluster.Properties.WorkerProfilesStatus = nil diff --git a/pkg/frontend/openshiftcluster_putorpatch_test.go b/pkg/frontend/openshiftcluster_putorpatch_test.go index afb59df38..f7c10ade9 100644 --- a/pkg/frontend/openshiftcluster_putorpatch_test.go +++ b/pkg/frontend/openshiftcluster_putorpatch_test.go @@ -2123,7 +2123,7 @@ func TestPutOrPatchOpenShiftCluster(t *testing.T) { }, IngressProfiles: []api.IngressProfile{{Name: "will-be-removed"}}, WorkerProfiles: []api.WorkerProfile{{Name: "will-be-removed"}}, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "will-be-kept", }, NetworkProfile: api.NetworkProfile{ @@ -2162,7 +2162,7 @@ func TestPutOrPatchOpenShiftCluster(t *testing.T) { Domain: "changed", FipsValidatedModules: api.FipsValidatedModulesDisabled, }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "will-be-kept", }, NetworkProfile: api.NetworkProfile{ @@ -2195,6 +2195,7 @@ func TestPutOrPatchOpenShiftCluster(t *testing.T) { ClusterProfile: v20200430.ClusterProfile{ Domain: "changed", }, + ServicePrincipalProfile: &v20200430.ServicePrincipalProfile{}, }, }, }, @@ -2678,7 +2679,9 @@ func TestPutOrPatchOpenShiftCluster(t *testing.T) { { name: "creating cluster failing when provided cluster resource group already contains a cluster", request: func(oc *v20200430.OpenShiftCluster) { - oc.Properties.ServicePrincipalProfile.ClientID = mockSubID + oc.Properties.ServicePrincipalProfile = &v20200430.ServicePrincipalProfile{ + ClientID: mockSubID, + } oc.Properties.ClusterProfile.ResourceGroupID = fmt.Sprintf("/subscriptions/%s/resourcegroups/aro-vjb21wca", mockSubID) }, fixture: func(f *testdatabase.Fixture) { @@ -2726,7 +2729,9 @@ func TestPutOrPatchOpenShiftCluster(t *testing.T) { { name: "creating cluster failing when provided client ID is not unique", request: func(oc *v20200430.OpenShiftCluster) { - oc.Properties.ServicePrincipalProfile.ClientID = mockSubID + oc.Properties.ServicePrincipalProfile = &v20200430.ServicePrincipalProfile{ + ClientID: mockSubID, + } }, fixture: func(f *testdatabase.Fixture) { f.AddSubscriptionDocuments(&api.SubscriptionDocument{ @@ -2918,7 +2923,7 @@ func TestPutOrPatchOpenShiftClusterValidated(t *testing.T) { VMSize: v20220401.VMSize("Standard_D32s_v3"), SubnetID: fmt.Sprintf("/subscriptions/%s/resourcegroups/network/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/master", mockSubID), }, - ServicePrincipalProfile: v20220401.ServicePrincipalProfile{ + ServicePrincipalProfile: &v20220401.ServicePrincipalProfile{ ClientID: "00000000-0000-0000-1111-000000000000", ClientSecret: "00000000-0000-0000-0000-000000000000", }, @@ -2973,7 +2978,7 @@ func TestPutOrPatchOpenShiftClusterValidated(t *testing.T) { VMSize: api.VMSize("Standard_D32s_v3"), SubnetID: fmt.Sprintf("/subscriptions/%s/resourcegroups/network/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/master", mockSubID), }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "00000000-0000-0000-1111-000000000000", ClientSecret: "00000000-0000-0000-0000-000000000000", }, @@ -3032,7 +3037,7 @@ func TestPutOrPatchOpenShiftClusterValidated(t *testing.T) { VMSize: api.VMSize("Standard_D32s_v3"), SubnetID: fmt.Sprintf("/subscriptions/%s/resourcegroups/network/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/master", mockSubID), }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "00000000-0000-0000-1111-000000000000", ClientSecret: "00000000-0000-0000-0000-000000000000", }, @@ -3089,7 +3094,7 @@ func TestPutOrPatchOpenShiftClusterValidated(t *testing.T) { VMSize: v20220401.VMSize("Standard_D32s_v3"), SubnetID: fmt.Sprintf("/subscriptions/%s/resourcegroups/network/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/master", mockSubID), }, - ServicePrincipalProfile: v20220401.ServicePrincipalProfile{ + ServicePrincipalProfile: &v20220401.ServicePrincipalProfile{ ClientID: "00000000-0000-0000-1111-000000000000", }, NetworkProfile: v20220401.NetworkProfile{ diff --git a/pkg/frontend/openshiftclustercredentials_post_test.go b/pkg/frontend/openshiftclustercredentials_post_test.go index e70924557..54f445928 100644 --- a/pkg/frontend/openshiftclustercredentials_post_test.go +++ b/pkg/frontend/openshiftclustercredentials_post_test.go @@ -58,7 +58,7 @@ func TestPostOpenShiftClusterCredentials(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, KubeadminPassword: "password", @@ -105,7 +105,7 @@ func TestPostOpenShiftClusterCredentials(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, @@ -139,7 +139,7 @@ func TestPostOpenShiftClusterCredentials(t *testing.T) { ClusterProfile: api.ClusterProfile{ PullSecret: "{}", }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, @@ -174,7 +174,7 @@ func TestPostOpenShiftClusterCredentials(t *testing.T) { PullSecret: "{}", }, FailedProvisioningState: api.ProvisioningStateCreating, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, @@ -209,7 +209,7 @@ func TestPostOpenShiftClusterCredentials(t *testing.T) { PullSecret: "{}", }, FailedProvisioningState: api.ProvisioningStateDeleting, - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientSecret: "clientSecret", }, }, diff --git a/pkg/frontend/openshiftclusterkubeconfigcredentials_post_test.go b/pkg/frontend/openshiftclusterkubeconfigcredentials_post_test.go index e9c476184..c233024ba 100644 --- a/pkg/frontend/openshiftclusterkubeconfigcredentials_post_test.go +++ b/pkg/frontend/openshiftclusterkubeconfigcredentials_post_test.go @@ -54,8 +54,9 @@ func TestPostOpenShiftClusterKubeConfigCredentials(t *testing.T) { Name: "resourceName", Type: "Microsoft.RedHatOpenShift/openshiftClusters", Properties: api.OpenShiftClusterProperties{ - ProvisioningState: api.ProvisioningStateSucceeded, - UserAdminKubeconfig: api.SecureBytes("{kubeconfig}"), + ProvisioningState: api.ProvisioningStateSucceeded, + UserAdminKubeconfig: api.SecureBytes("{kubeconfig}"), + ServicePrincipalProfile: &api.ServicePrincipalProfile{}, }, }, }) diff --git a/pkg/util/cluster/cluster.go b/pkg/util/cluster/cluster.go index 49e01b49b..aae01d6a2 100644 --- a/pkg/util/cluster/cluster.go +++ b/pkg/util/cluster/cluster.go @@ -425,10 +425,6 @@ func (c *Cluster) createCluster(ctx context.Context, vnetResourceGroup, clusterN FipsValidatedModules: api.FipsValidatedModulesEnabled, Version: osClusterVersion, }, - ServicePrincipalProfile: api.ServicePrincipalProfile{ - ClientID: clientID, - ClientSecret: api.SecureString(clientSecret), - }, NetworkProfile: api.NetworkProfile{ PodCIDR: "10.128.0.0/14", ServiceCIDR: "172.30.0.0/16", @@ -464,6 +460,13 @@ func (c *Cluster) createCluster(ctx context.Context, vnetResourceGroup, clusterN Location: c.env.Location(), } + if clientID != "" && clientSecret != "" { + oc.Properties.ServicePrincipalProfile = &api.ServicePrincipalProfile{ + ClientID: clientID, + ClientSecret: api.SecureString(clientSecret), + } + } + if c.env.IsLocalDevelopmentMode() { err := c.registerSubscription(ctx) if err != nil { diff --git a/pkg/util/clusterdata/service_principal_test.go b/pkg/util/clusterdata/service_principal_test.go index 70b940596..9a0b95f3e 100644 --- a/pkg/util/clusterdata/service_principal_test.go +++ b/pkg/util/clusterdata/service_principal_test.go @@ -44,7 +44,7 @@ func TestClusterServidePrincipalEnricherTask(t *testing.T) { }), wantOc: &api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "new-client-id", ClientSecret: api.SecureString("new-client-secret"), }, @@ -56,7 +56,7 @@ func TestClusterServidePrincipalEnricherTask(t *testing.T) { client: fake.NewSimpleClientset(), wantOc: &api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "old-client-id", ClientSecret: "old-client-secret", }, @@ -68,7 +68,7 @@ func TestClusterServidePrincipalEnricherTask(t *testing.T) { t.Run(tt.name, func(t *testing.T) { oc := &api.OpenShiftCluster{ Properties: api.OpenShiftClusterProperties{ - ServicePrincipalProfile: api.ServicePrincipalProfile{ + ServicePrincipalProfile: &api.ServicePrincipalProfile{ ClientID: "old-client-id", ClientSecret: api.SecureString("old-client-secret"), },