* update the operator master deployment to support workload identity
This causes the spec for the operator master deployment to mount the
service account token as a volume, and maps the path to the environment
variable expected by Azure to support workload identities
* remove unused ExpectError value from test struct
* mount the token secret as a directory, not a file
* Remove dnf update cron job
Automatic OS Updates are configured. Updating packages via a cron job is no longer required.
* Remove certs arg from verify_role, Add/Remove comments
Certificate generation has been broken up into a named function for each VMSS role. This means it's no longer necessary to provide the certs=true argumenet when checking VMSS roles.
Add a comment for why AZURE_CLOUD_NAME returns an error if unset.
Remove az cli login comment from pull_container_images, it is no longer relevant after the last refactor.
* Set Azure prefix and USER as optional at env.example
Follow up commit to use an Azure unique prefix for the Azure resources that ARO-RP is using instead of always fetching the USER. When AZURE_PREFIX env var is not set, then use the USER env var
* Use westeurope as default location
Don't override existed LOCATION env var when it is already set, and 'westeurope' as the default value
* Add secret location to PlatformWorkloadIdentityRoleSet
* Add generatePlatformWorkloadIdentitySecrets function
* Add mutable:true validate:required struct tags to SecretLocation fields on admin api
* Add functions for other required WI resources
* Remove redundant UsesWorkloadIdentity check from generatePlatformWorkloadIdentitySecrets
* Fix coordinates for static CCO secret; move static coordinate strings to const values
* Return resources as map (w/ filename as key) instead of list
* Explicitly set TypeMeta on workload identity resources
This is needed in order to easily serialize these resources to YAML,
e.g. when setting them as string values in a Secret map for Hive to use
as an install manifest. Not setting these values will result in them being
omitted from the resulting JSON/YAML.
The original `enumer` tool is not maintained for the last five years and
does not support newer Go syntax. We can use this fork of the tool that
is getting life support for this reason instead.
Signed-off-by: Steve Kuznetsov <stekuznetsov@microsoft.com>
* Move Hive hack files under one directory
Group the Hive files under hack directory to hack/hive
* Refactor Hive installation and hack files location
Group the Hive files under hack directory to hack/hive, and refactor Hive installation using main function and utils.sh
* Print troubleshooting for Hive deployment rollout
Trust in the operator installation and print two options to monitor Hive deployment rollout
* Small fixes for hive installation script
Use double quote to prevent word splitting, break long line into multiple, use '-n' over '! -z', simpler if check, use consistent function declaration syntax, trap outside main and after cleanup is declared
* ARO-4376 Track2 authorization api addition for roledefinitions
* ARO-4376 add a stringutil funcs
* ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version
* ARO-4376 add dynamic validation for platformworkloadidentityprofile
* ARO-4376 resolve initial comments
* ARO-4376 refactor error messages and checkaccess action crosscheck
* ARO-4376 Add unit tests and comments resolution
* ARO-4376 add validation for upgradeableTo
* ARO-4376 Comment resoultion and additional unit tests
* ARO-4376 minor version comparison handling
* ARO-4376 update permission error messaging handling for MIWI
* ARO-4376 update constructors to return non-interface type
* ARO-4376 add unit tests for GroupsIntersect
* ARO-4376 update generate files to support bingo
* fix make aro build in onebranch
* just install jq for clean subscription
* move fipsdetect and gojq out of go run/manual go build territory
* install tools for validate-fips and e2e
* add to bin
* copy gojq here too
* go mod tidy
* go mod vendor
- reverts changes to runlocal-rp
- updates old run-portal to runlocal-portal since it uses local bins
- adds new targets for containerized run of RP and Portal; opt-in
- fixes docs and pipelines to use updated targets
* Clarifying etcd cert renew test
- Updated the test to make it clear it is passing because timeout is being reached
- Updated the timeout from 10s -> 0s to pass faster
* Fix slow changefeed tests