Граф коммитов

7181 Коммитов

Автор SHA1 Сообщение Дата
Alex Chvatal bd47ae7abf
ARO-4639 update the operator master deployment to support workload identity (#3776)
* update the operator master deployment to support workload identity

This causes the spec for the operator master deployment to mount the
service account token as a volume, and maps the path to the environment
variable expected by Azure to support workload identities

* remove unused ExpectError value from test struct

* mount the token secret as a directory, not a file
2024-09-18 08:38:02 -04:00
Amber Brown 813de36fcb
Fix make aro build in onebranch (#3822)
* fix make aro build in onebranch
* add to bin
* fix it properly
* fix build properly by putting it in a pre-step
2024-09-18 13:32:36 +02:00
Ayato Tokubi c18b9244ae
Merge pull request #3839 from Azure/ehvs/troubleshooting-rp
Steps to resolve recurrent issues
2024-09-18 12:17:37 +02:00
Steven Fairchild aebd2bb504
Remove dnf cronjob (#3840)
* Remove dnf update cron job

Automatic OS Updates are configured. Updating packages via a cron job is no longer required.

* Remove certs arg from verify_role, Add/Remove comments

Certificate generation has been broken up into a named function for each VMSS role. This means it's no longer necessary to provide the certs=true argumenet when checking VMSS roles.

Add a comment for why AZURE_CLOUD_NAME returns an error if unset.
Remove az cli login comment from pull_container_images, it is no longer relevant after the last refactor.
2024-09-17 12:12:21 -07:00
Or Raz 8fdfa78b24
Fix env.example Default Values (#3827)
* Set Azure prefix and USER as optional at env.example

Follow up commit to use an Azure unique prefix for the Azure resources that ARO-RP is using instead of always fetching the USER. When AZURE_PREFIX env var is not set, then use the USER env var

* Use westeurope as default location

Don't override existed LOCATION env var when it is already set, and 'westeurope' as the default value
2024-09-17 09:17:45 -06:00
Rajdeep Chauhan 1e3f475416
ARO-4518 pass custom manifests(MIWI) to hive cluster deployment as secret (#3841)
* ARO-4518 pass custom manifests to hive cluster deployment as secret

* ARO-4518 add unit test cases
2024-09-17 10:30:45 -04:00
Shubhadapaithankar 4ba9270b2a
Remove loki/pipeline-swarm branch from pipeline and refactor for clarity (#3846) 2024-09-17 08:54:16 -04:00
Nont 87d18c11fb
[SFI] Fix CVE-2024-41110 (#3845)
* [SFI] Fix CVE-2024-41110
* Go mod verify with compat v1.21
2024-09-17 12:28:31 +10:00
Hilliary Lipsig 48ff446de4
Merge pull request #3837 from Azure/lranjbar/ARO-9990-etchosts-mimo-m0
ARO-9990: Update etchosts controller to use ForceReconcilation flag
2024-09-16 17:18:58 -07:00
Tanmay Satam 73bc5f68f3
MI/WI - Generate secrets for platform identities (#3802)
* Add secret location to PlatformWorkloadIdentityRoleSet

* Add generatePlatformWorkloadIdentitySecrets function

* Add mutable:true validate:required struct tags to SecretLocation fields on admin api

* Add functions for other required WI resources

* Remove redundant UsesWorkloadIdentity check from generatePlatformWorkloadIdentitySecrets

* Fix coordinates for static CCO secret; move static coordinate strings to const values

* Return resources as map (w/ filename as key) instead of list

* Explicitly set TypeMeta on workload identity resources

This is needed in order to easily serialize these resources to YAML,
e.g. when setting them as string values in a Secret map for Hive to use
as an install manifest. Not setting these values will result in them being
omitted from the resulting JSON/YAML.
2024-09-13 10:03:45 -04:00
Hevellyn ede36dfef2
Update docs/prepare-your-dev-environment.md
Co-authored-by: Ayato Tokubi <atokubi@redhat.com>
2024-09-13 15:31:12 +02:00
Hevellyn 2d640a81c2
Update docs/deploy-development-rp.md
Co-authored-by: Ayato Tokubi <atokubi@redhat.com>
2024-09-13 15:30:43 +02:00
Hevellyn b2bb4e18a4
Update docs/deploy-development-rp.md
Co-authored-by: Ayato Tokubi <atokubi@redhat.com>
2024-09-13 15:30:34 +02:00
Tony Schneider 9584d669b6
generalize secret storage deployment and update shared rp documentation (#3828)
* generalize secret storage account deployment template
* update secret storage deployment step
2024-09-13 18:14:38 +10:00
Hilliary Lipsig 9564d81f94
Merge pull request #3835 from stevekuznetsov/skuznets/bump-enumer
.bingo: use a fork of enumer for compat
2024-09-12 15:57:49 -07:00
Amber Brown 4d538c1503
Bump admin portal dependencies for Sept 24 (#3833)
* bump "send"

* update semver portal deps

* build portal
2024-09-12 13:58:30 -04:00
Ehvs 2fa480e7ed Steps to resolve recurrent issues 2024-09-12 18:59:23 +02:00
Lisa Rashidi-Ranjbar 3762a791fe ARO-9990: Update etchosts controller to use ForceReconcilation flag 2024-09-12 09:49:10 -07:00
Steve Kuznetsov 2780c18ecd
*: update generated enumerations
Signed-off-by: Steve Kuznetsov <stekuznetsov@microsoft.com>
2024-09-11 06:56:15 -06:00
Steve Kuznetsov 0de9cb15c9
.bingo: use a fork of enumer for compat
The original `enumer` tool is not maintained for the last five years and
does not support newer Go syntax. We can use this fork of the tool that
is getting life support for this reason instead.

Signed-off-by: Steve Kuznetsov <stekuznetsov@microsoft.com>
2024-09-11 06:53:17 -06:00
Or Raz abf4167f01
Refactor Hive Directory (#3765)
* Move Hive hack files under one directory
Group the Hive files under hack directory to hack/hive

* Refactor Hive installation and hack files location
Group the Hive files under hack directory to hack/hive, and refactor Hive installation using main function and utils.sh

* Print troubleshooting for Hive deployment rollout
Trust in the operator installation and print two options to monitor Hive deployment rollout

* Small fixes for hive installation script
Use double quote to prevent word splitting, break long line into multiple, use '-n' over '! -z', simpler if check, use consistent function declaration syntax, trap outside main and after cleanup is declared
2024-09-11 14:31:35 +02:00
Hilliary Lipsig fa7af61f57
Merge pull request #3818 from Azure/lranjbar/ARO-10003-etchosts-managed-flag
ARO-10003: Add managed flag to etchosts controller
2024-09-10 16:33:39 -07:00
Rajdeep Chauhan 66f073f205
Dynamic validation for workload identity permissions and requirements (#3619)
* ARO-4376 Track2 authorization api addition for roledefinitions

* ARO-4376 add a stringutil funcs

* ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version

* ARO-4376 add dynamic validation for platformworkloadidentityprofile

* ARO-4376 resolve initial comments

* ARO-4376 refactor error messages and checkaccess action crosscheck

* ARO-4376 Add unit tests and comments resolution

* ARO-4376 add validation for upgradeableTo

* ARO-4376 Comment resoultion and additional unit tests

* ARO-4376 minor version comparison handling

* ARO-4376 update permission error messaging handling for MIWI

* ARO-4376 update constructors to return non-interface type

* ARO-4376 add unit tests for GroupsIntersect

* ARO-4376 update generate files to support bingo
2024-09-10 16:32:25 -04:00
Lisa Rashidi-Ranjbar 89be0b2e96
ARO-10003: Add managed flag to etchosts controller 2024-09-10 11:19:01 -07:00
Amber Brown 590e82881c
Clean up the remainder of `go run` uses of external tools (#3823)
* fix make aro build in onebranch
* just install jq for clean subscription
* move fipsdetect and gojq out of go run/manual go build territory
* install tools for validate-fips and e2e
* add to bin
* copy gojq here too
* go mod tidy
* go mod vendor
2024-09-10 18:28:06 +10:00
Amber Brown bd9af03917
Only perform machineconfig reconciliation during OpenShift upgrades (#3473) 2024-09-10 18:24:46 +10:00
Ayato Tokubi 98fe23c8a2
Merge pull request #3787 from Azure/rhamitarora/ARO-0000-minor-dockerfile-change
Docker file change replace as with AS
2024-09-09 09:48:29 +01:00
Amber Brown 44bc3cc724
[MIMO] Move cluster certificate functionality to ClientHelper (#3736)
* move over TLS applying, as well as some clienthelper work
2024-09-05 15:44:46 +10:00
Amber Brown c554e98391
Drop some unneccessary dependencies by moving to `bingo` for tooling (#3719)
* Move to using bingo for tools
* go mod vendor
2024-09-05 15:29:19 +10:00
Brendan Bergen 159b5ab7ef Add run-rp docs
- adds documentation on build/run dependencies of containerized build
- adds instructions on how to use 'make run-rp'
2024-09-04 17:15:28 -06:00
Brendan Bergen 0c5b8e6acc
Separate Makefile targets for local vs containers (#3816)
- reverts changes to runlocal-rp
- updates old run-portal to runlocal-portal since it uses local bins
- adds new targets for containerized run of RP and Portal; opt-in
- fixes docs and pipelines to use updated targets
2024-09-04 15:45:44 -04:00
Brendan Bergen 4059644b4a
Make CI-RP Improvements (#3791)
- Remove linting from ci-rp
- Remove generate from ci-rp
2024-09-04 15:03:26 -04:00
Brendan Bergen 865e01be58
Generate smaller OIDC keys for unit tests (#3811)
- significantly increases unit test performance by moving from 4096 -> 256 bit keys
- preserves 4096 bit keys for all non-testing scenarios
2024-09-04 15:03:15 -04:00
Brendan Bergen 4323fa741d
Fix slow tests in /pkg/frontend (#3810)
* Clarifying etcd cert renew test

- Updated the test to make it clear it is passing because timeout is being reached
- Updated the timeout from 10s -> 0s to pass faster

* Fix slow changefeed tests
2024-09-04 11:30:31 -06:00
Brendan Bergen 49525d2cff
Fix slow tests in /pkg/backend (#3809) 2024-09-04 11:29:15 -06:00
Brendan Bergen c2da97aa53
Correct testing/time issues in pkg/deploy (#3808)
- Percolate up the time to wait for LB healthcheck probes, test @ 0 sec
- Correct a context timeout test case, test @ 0 sec timeout
2024-09-04 11:26:50 -06:00
Hilliary Lipsig 635c5a3493
Merge pull request #3755 from Azure/nwnt/security-waves-2-vulns
Address the vulnerability reported in Security Wave II
2024-09-03 23:21:43 -07:00
Nont 7e7703fab7 Use sudo for tdnf 2024-09-03 17:39:54 -05:00
Brendan Bergen ddff7a2e56
Fix make ci-clean and runlocal-rp (#3806)
* Fix make ci-clean error for running work containers by buildah that prevents prune from working
* Fix make runlocal-rp image syntax
2024-09-03 11:39:49 -06:00
Hilliary Lipsig efc69527a0
Merge pull request #3814 from Azure/mabadper/update-owners
Adding Ayato to CODEOWNERS
2024-09-03 09:18:23 -07:00
Miguel Abad Perez 0e05db447a
Adding Ayato to CODEOWNERS 2024-09-03 12:54:24 +02:00
Ayato Tokubi 9c23bd9234
Add smoke test documents (#3813) 2024-09-03 09:49:30 +02:00
Brendan Bergen 710eb2bdf0
Add the old make runlocal-rp as an alternative to containerization (#3789) 2024-08-30 14:52:47 -06:00
Nont 29f922900d Change home dir to /tmp for podman
see https://github.com/containers/podman/issues/23818
for more details.
2024-08-30 14:44:55 -05:00
Nont 09756dcfe8 Install more OCI packages 2024-08-30 14:44:55 -05:00
Nont e504eb2a88 Install crun 2024-08-30 14:44:55 -05:00
Nont 62d628de86 Switch back to OneBranch build image 2024-08-30 14:44:54 -05:00
Nont da9bf68821 Install required binary for Podman 5 in ci 2024-08-30 14:43:34 -05:00
Nont 962402bff1 Upgrade to Podman 5 to fix the vuln 2024-08-30 14:40:37 -05:00
Petr Kotas 751cfe3b6b
Move ARM swagger to subfolder (#3805)
To add new HCP RP, the ARO RP is moved into the subfolder openshiftclusters.

There are no additional changes, no impact on the SDK and clients.
2024-08-30 18:18:40 +02:00