* Add a parameter for enabling Entra ID RBAC on key vaults
* Add an RP-level feature flag for determining whether to use the mock MSI RP
* Tweak the mock identity URL to play nicely with the mock MSI RP
* Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane)
* Vendor in new Azure SDK clients and update msi-dataplane
* Lay groundwork for use of cluster MSI...
- Initialize the MSI dataplane client, using the mock MSI RP/stub if
appropriate
- Initialize key vault store client (for MSI certificates; functionality
is implemented in MSI dataplane module)
- Create a cluster MSI certificate and store it in the key vault during
cluster bootstrap
- Instantiate an Azure SDK FederatedIdentityCredential client using the
cluster MSI certificate
- Delete the cluster MSI certificate as needed during cluster deletion
* Don't fail during cluster deletion if the cluster MSI certificate is
already gone from the key vault (or was potentially never created)
* Establish an RP-Config variable for the MSI RP endpoint
- Update doc comment for ensureClusterMsiCertificate
- Simplify conditional logic in MSI cert deletion
* Use pointer conversion functions that aren't deprecated
* Respond to PR comments (and fix some other things along the way)
- Move `clusterMsiResourceId` function to `OpenShiftCluster` type
- When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value)
- Move `getClientOptions` functionality to `AROEnvironment` type
- Move logic for determining cluster MSI key vault name to `pkg/env`
- Pull cloud name mapping stuff out to `AROEnvironment` type
- Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go`
- Fix typo in https URL in comment in `pkg/cluster/delete.go`
- Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go`
* Update documentation with info about new feature flag
- Move new cluster MSI steps forward in bootstrap step order
- Move MSI dataplane client options stuff to pkg/env
- Explicitly check for a single cluster MSI in `ClusterMsiResourceId`
- Other small tweaks
* Vendor in msi-dataplane update that prevents a potential nil pointer dereference
* Add missing method to internal key vault client
* Make error messages more specific in ClusterMsiResourceId
* Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step
- In newly added Azure clients, return struct types instead of interface
types
- Move cluster MSI certificate deletion to be after Azure resource
deletion for safety just in case cx continues to use cluster that is
in Failed/Deleting provisioning state
* Add new env vars for MIWI to env.example for clarity/completeness
* Turn check for nonzero number of user assigned identities into a utility function
* Use existing constant for key vault dns suffix
* Set Azure prefix and USER as optional at env.example
Follow up commit to use an Azure unique prefix for the Azure resources that ARO-RP is using instead of always fetching the USER. When AZURE_PREFIX env var is not set, then use the USER env var
* Use westeurope as default location
Don't override existed LOCATION env var when it is already set, and 'westeurope' as the default value
Runlocal-RP is Containerized
- Modified Makefile to execute a local `podman run` for the RP on 127.0.0.1
- Local RPs now by default interact with Hive due to MacOS limitations
- Updated RP dev config to serve on all IPs due to MacOS limitations
- Doc updates
* Fetch USER env var once
Fetch the USER env var once instead of multiple times for faster DevConfig func execution time
* Set Azure unique prefix and USER as optional
Use an Azure unique prefix for the Azure resources that ARO-RP is using instead of always fetching the USER. When AZURE_UNIQUE_PREFIX env var is not set, then use the USER env var
* Modify more USER references
Rename AZURE_UNIQUE_PREFIX to AZURE_PREFIX, and export the usage of this env var for Azure prefix name resources when it is set. When it is missing use the default USER env var, as before
* Add CI containerfile for portal NPM commands + makefile target
* Update docs to reflect new envvar for makefile, including a reasonable default for local dev: NO_CACHE
Shubhadapaithankar
Rajdeep Chauhan
Kipp Morris
Or Raz
Aldo Fuster Turpin
Ayato Tokubi
Shubhadapaithankar
Brendan Bergen
Angus Salkeld
Jim Minter