* Generate federated MIWI credentials
bring in more changes from master
typos
add len check for federated Identity naming
don't return cluster ID when OIDC issuer is nil
skip RBAC on CSP for WI cluster
check for invalid object ID before RBAC template creation
single qoute when passing resource Name
check for nil clusterMsiFederatedIdentityCredentials
remove unused controller
ensure the case folding of cluster MSI resourceID
Fed Cred name logic
update calls to fetch fed cred name
No RBAC for Cluster MSI
update getPlatformWorkloadIdentityFederatedCredName
fix WI RG RBAC
define constants to imporve readability
correct the call to resourceGroupRoleAssignmentWithDetails
Move fed cred deletion to be before cluster MSI cert deletion and add a log statement for fed cred deletion
Rename function for clarity and to match name of unit test function
Nitpick test case names for clarity and test data for correctness
* don't continue resource clean up on fed cred deletion fails
* remove duplicate of clusterServicePrincipalRBAC()
* nit
---------
Co-authored-by: gniranjan <gniranjan@microsoft.com>
Dumps the VM info + console logs on failure so that we don't need to run the Geneva Action or have the control plane still around to get it. Also refactors frontend and geneva action to make use of the same code path.
* adds the missing functionality to these apis
* removes the functionality from 20230904 as it is not needed
* replaces old api referencings with new ones
* small fixup and referencing to new api
* creates cluster with new api
* Add Cosmos DB container for PlatformWorkloadIdentityRoleSets
* Revert change to AKS k8s version - committed by mistake
* Fix bug in converter
When I first wrote the converter, I thought Go would treat the the slice
we `make` few lines above these changes as a slice full of zero-value
structs, but it actually treats it as an empty slice, which led to
out-of-bound issues when I first tried to use this converter to work on
the API endpoints.
* Add the PlatformWorkloadIdentityRoleSetConverter to the API register
* Implement the change feed for role sets in the easiest, most naive way
* Implement the external API endpoint for listing role sets
* Fix a small oversight from earlier on
* Add unit tests for the list endpoint
* Add unit tests for changefeed changes
* Uncomment the static validator
* Fix more slice out of bounds bugs in the converters...
* Add converter and static validator to the admin API register
* Add list and put endpoints
* Fix name of function to match convention
* Fix bug in static validator
I originally wrote the code the way I did so that we could aggregate
errors so that we could provide a better UX in cases where there are
multiple similar errors in the request content. I found while writing
unit tests that aggregating the errors in this way and not wrapping them
in a CloudError causes the RP to return an internal server error instead
of a 400 bad request.
Is there a way we can aggregate the errors and still wrap them in a
CloudError? I'm not sure of the formatting requirements for the text of
CloudErrors.
* Add unit tests for new API endpoints
* Fix typo
* Appease the linter
* Appease the linter
* Add TODO comment re: the number of parameters
* Update static validator to return multiple validation issues at the same time where applicable for better UX
* Add a simple utility function to make semver comparisons of OpenShift minor version more readable
* Log error before returning 500 to user
* Log errors before returning 500 to user
* Improve naming of unit test cases
* Add additional unit test cases
* Wrap Delete call in Eventually to hopefully prevent flakes where Service deletion fails
* Simplify logic and properly handle the case where the Service is not
found during the delete call
* After deleting the Service, confirm that it's gone
* api: Avoid referencing DefaultInstallStream in tests
* frontend: Avoid referencing DefaultInstallStream
The frontend's OpenShiftVersions change feed handler will record
the current default version for the rest of the frontend to use.
* monitor: Remove latestGaMinorVersion metric
The RP no longer has this information internally, so the metric
is no longer relevant.
* update_ocp_versions: Read versions from an environment variable
Read OpenShift versions and pull specs from an OPENSHIFT_VERSIONS
environment variable containing a JSON object. This data includes
the default OpenShift version for new installs that don't specify
a version.
This moves us toward eliminating hard-coded OpenShift versions in
pkg/util/version/const.go.
* cache_fallback_discovery_client_test.go: Hard-code version
I'm not sure what to do with this test. Install stream data has
moved to RP-Config, so if the test is worth keeping then I guess
the oldest supported version will have to be hard-coded and kept
up-to-date. But it probably won't be.
* version: Remove DefaultInstallStreams
DefaultInstallStream will remain for now, but it's ONLY for use by
local development mode until we can come up with a better solution.
---------
Co-authored-by: Matthew Barnes <mbarnes@fedorapeople.org>
Kipp Morris
Goutham Muguluvalli Niranjan
Lisa Ranjbar Miller
Goutham Muguluvalli Niranjan
Amber Brown
Ayato Tokubi
Maitiú Ó Ciaráin
Rajdeep Chauhan
Tanmay Satam
Mohammed Safwan Aslam Kazi
Tony Schneider
Maitiú Ó Ciaráin
Srinivas Atmakuri
Matthew Barnes