* bump cluster-credentials-operator
* add Get to roledefinitions client
* check script
* pipeline
* use parameters
* change target-version help message
* vendor
* fix role.go
* use candidate channel
* use operator names in RP-Config
* modify the output format
* changed to use quay.io API
* add some comments
* remove pipeline resource
* change role definition names
* Selenium Service Migration to Docker Compose
* Improved the consistency and readability of your code.
* Remove unused build target, switch to standalone-chrome, and update scripts for consistency
* fix(docker-compose): revert to using selenium/standalone-edge
* Changed the image to selenium/standalone-edge:4.10.0-20230607 to match the original configuration
* Add a parameter for enabling Entra ID RBAC on key vaults
* Add an RP-level feature flag for determining whether to use the mock MSI RP
* Tweak the mock identity URL to play nicely with the mock MSI RP
* Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane)
* Vendor in new Azure SDK clients and update msi-dataplane
* Lay groundwork for use of cluster MSI...
- Initialize the MSI dataplane client, using the mock MSI RP/stub if
appropriate
- Initialize key vault store client (for MSI certificates; functionality
is implemented in MSI dataplane module)
- Create a cluster MSI certificate and store it in the key vault during
cluster bootstrap
- Instantiate an Azure SDK FederatedIdentityCredential client using the
cluster MSI certificate
- Delete the cluster MSI certificate as needed during cluster deletion
* Don't fail during cluster deletion if the cluster MSI certificate is
already gone from the key vault (or was potentially never created)
* Establish an RP-Config variable for the MSI RP endpoint
- Update doc comment for ensureClusterMsiCertificate
- Simplify conditional logic in MSI cert deletion
* Use pointer conversion functions that aren't deprecated
* Respond to PR comments (and fix some other things along the way)
- Move `clusterMsiResourceId` function to `OpenShiftCluster` type
- When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value)
- Move `getClientOptions` functionality to `AROEnvironment` type
- Move logic for determining cluster MSI key vault name to `pkg/env`
- Pull cloud name mapping stuff out to `AROEnvironment` type
- Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go`
- Fix typo in https URL in comment in `pkg/cluster/delete.go`
- Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go`
* Update documentation with info about new feature flag
- Move new cluster MSI steps forward in bootstrap step order
- Move MSI dataplane client options stuff to pkg/env
- Explicitly check for a single cluster MSI in `ClusterMsiResourceId`
- Other small tweaks
* Vendor in msi-dataplane update that prevents a potential nil pointer dereference
* Add missing method to internal key vault client
* Make error messages more specific in ClusterMsiResourceId
* Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step
- In newly added Azure clients, return struct types instead of interface
types
- Move cluster MSI certificate deletion to be after Azure resource
deletion for safety just in case cx continues to use cluster that is
in Failed/Deleting provisioning state
* Add new env vars for MIWI to env.example for clarity/completeness
* Turn check for nonzero number of user assigned identities into a utility function
* Use existing constant for key vault dns suffix
- Converted containerized CI process to use docker for ease of use in ADO
- Added stage to authenticate and push CI images to ACR
- Added support for extracting test results and coverage files from containerized build
* fix make aro build in onebranch
* just install jq for clean subscription
* move fipsdetect and gojq out of go run/manual go build territory
* install tools for validate-fips and e2e
* add to bin
* copy gojq here too
* go mod tidy
* go mod vendor
- reverts changes to runlocal-rp
- updates old run-portal to runlocal-portal since it uses local bins
- adds new targets for containerized run of RP and Portal; opt-in
- fixes docs and pipelines to use updated targets
* This is the new CI-RP stage for the pipline (#3753)
* Ensure Podman Service is Started and PODMAN_REMOTE_ARGS is Configured Automatically
Ensure Podman Service is Started and PODMAN_REMOTE_ARGS is Configured Automatically
Ensure Podman Service is Started and PODMAN_REMOTE_ARGS is Configured Automatically
removed the tag
Add Podman service start and remote args setup for seamless operation
Add sudo to start Podman service for elevated permissions and fix permission errors
Add sudo to start Podman service for elevated permissions and fix permission errors
Refactor Makefile: Update Podman service handling with sudo and remove default PODMAN_REMOTE_ARGS to improve flexibility and ensure proper permissions.
Add sudo to start Podman service for elevated permissions and fix permission errors
* Added Podman service target and set PODMAN_REMOTE_ARGS for seamless builds.
* fix the makefile
* added the port to fix the Makefile
- Allows true use of NO_CACHE by using LABELs and podman tag commands instead of --cache-from
- Standardizes formatting of image names and variables
- Standardizes use of VERSION for image tags
- Standardizes formatting of podman commands and parameter ordering
Runlocal-RP is Containerized
- Modified Makefile to execute a local `podman run` for the RP on 127.0.0.1
- Local RPs now by default interact with Hive due to MacOS limitations
- Updated RP dev config to serve on all IPs due to MacOS limitations
- Doc updates
We previously added the Azure Extension dev_sources property the user's global Azure
configuration file, but with #3554 this is no longer necessary, as we set this
property via environment variable within the RP development context instead.
* Update ci-go
* Update go toolset
* Update prepare shared rp dev
* Update prepare your dev
* More 1.21 updates
* more changes
* save work
* test
* tidy up
* Add license to typealker test
- eliminated TCP errors attempting to hit localhost:443 as a registry domain
- eliminated build failures caused by incorrect final tag name with unset envvars
* adding new variables to handle tagging of intermediate docker images in a multi-stage container file, which helps differentiating them from final slim image
* building intermediate docker images individually
* using --cache-from flag to point to an image name instead of tags
* building intermediate images pointing to localhost instead of actual registry
* creates new variable in code to manage fake FQDN for localhost
* removing complexity and avoiding using fake FQDN for localhost
* rearranging the code line to maintain the relevance of the code
* using conditional assignment
* adding labels to each stage in docker file ci-rp
* added a new makefile target ci-clean to prune local images
* removing ci-portal from .PHONY accidentally came with previous commit
* multi staged CI via make and docker build
* Improving docker mobilty and performance
- fixing file handles during build
- removing vendor checks
- allowing "dirty" builds
- improving cache hits via multiple COPY operations
- adding specific dockerignore
- removing all makefile dependencies during docker build
- adding docs for podman machine sizing
- using most recent golang version
* Add support for MacOS vendoring
Co-authored-by: Kipp Morris <117932707+kimorris27@users.noreply.github.com>
---------
Co-authored-by: tschneid <tschneid@redhat.com>
Co-authored-by: Kipp Morris <117932707+kimorris27@users.noreply.github.com>
* Add CI containerfile for portal NPM commands + makefile target
* Update docs to reflect new envvar for makefile, including a reasonable default for local dev: NO_CACHE
* Update the hack script to require the new envs
* Add new targets to the Makefile
* Update the docs
* Fix typo
* Add some info to the delete flow
* Update docs/shared-cluster.md
Co-authored-by: Jason Healy <jason@jhealy.net>
* Tag all created resource groups with persist
* Drop shared-cluster from the explicit denys
* Update docs
---------
Co-authored-by: Jason Healy <jason@jhealy.net>
Ayato Tokubi
kimorris27
Shubhadapaithankar
Rajdeep Chauhan
Amber Brown
Kipp Morris
Brendan Bergen
Tanmay Satam
Nicolas Ontiveros
Mohammed Safwan Aslam Kazi
oraz
Jeff Yuan
Jeff Yuan
Shubhadapaithankar
Sanjana Lawande
Maitiú Ó Ciaráin
Jory Horeman