Граф коммитов

206 Коммитов

Автор SHA1 Сообщение Дата
Goutham Muguluvalli Niranjan cb74242f14
use the latest changes from checkaccess SDK 2024-10-30 11:15:39 -05:00
Goutham Muguluvalli Niranjan 354f0f4f95
go mod tidy 2024-10-30 11:15:38 -05:00
Goutham Muguluvalli Niranjan a1be39a3b5
go mod tidy 2024-10-30 11:15:38 -05:00
Goutham Muguluvalli Niranjan a7421723c4
go mod tidy 2024-10-30 11:12:53 -05:00
Ayato Tokubi d89a378897
Check Role Definition for MIWI (#3876)
* bump cluster-credentials-operator

* add Get to roledefinitions client

* check script

* pipeline

* use parameters

* change target-version help message

* vendor

* fix role.go

* use candidate channel

* use operator names in RP-Config

* modify the output format

* changed to use quay.io API

* add some comments

* remove pipeline resource

* change role definition names
2024-10-24 12:35:57 -04:00
Steven Fairchild f7404a1877
Hive version bump to resolve RHSA-2024:5535 (CVE-2023-6597) (#3893)
* Updated hive apis module to 986c5efa21

* Update hive cmd/mirror to use hive image tag 986c5efa21
2024-10-09 14:56:49 -04:00
kimorris27 086f532624 Replace all references to the golang mock repo with references to the
Uber fork, then `go mod tidy` and `go mod vendor`

Note the change to `deps.go`
2024-09-26 09:00:11 -05:00
Kipp Morris e3cec21b73
Lay groundwork for cluster MSI usage (#3757)
* Add a parameter for enabling Entra ID RBAC on key vaults
* Add an RP-level feature flag for determining whether to use the mock MSI RP
* Tweak the mock identity URL to play nicely with the mock MSI RP
* Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane)
* Vendor in new Azure SDK clients and update msi-dataplane

* Lay groundwork for use of cluster MSI...
- Initialize the MSI dataplane client, using the mock MSI RP/stub if
  appropriate
- Initialize key vault store client (for MSI certificates; functionality
  is implemented in MSI dataplane module)
- Create a cluster MSI certificate and store it in the key vault during
  cluster bootstrap
- Instantiate an Azure SDK FederatedIdentityCredential client using the
  cluster MSI certificate
- Delete the cluster MSI certificate as needed during cluster deletion

* Don't fail during cluster deletion if the cluster MSI certificate is
already gone from the key vault (or was potentially never created)

* Establish an RP-Config variable for the MSI RP endpoint

- Update doc comment for ensureClusterMsiCertificate
- Simplify conditional logic in MSI cert deletion

* Use pointer conversion functions that aren't deprecated

* Respond to PR comments (and fix some other things along the way)

- Move `clusterMsiResourceId` function to `OpenShiftCluster` type
- When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value)
- Move `getClientOptions` functionality to `AROEnvironment` type
- Move logic for determining cluster MSI key vault name to `pkg/env`
- Pull cloud name mapping stuff out to `AROEnvironment` type
- Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go`
- Fix typo in https URL in comment in `pkg/cluster/delete.go`
- Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go`

* Update documentation with info about new feature flag

- Move new cluster MSI steps forward in bootstrap step order
- Move MSI dataplane client options stuff to pkg/env
- Explicitly check for a single cluster MSI in `ClusterMsiResourceId`
- Other small tweaks

* Vendor in msi-dataplane update that prevents a potential nil pointer dereference

* Add missing method to internal key vault client

* Make error messages more specific in ClusterMsiResourceId

* Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step

- In newly added Azure clients, return struct types instead of interface
  types
- Move cluster MSI certificate deletion to be after Azure resource
  deletion for safety just in case cx continues to use cluster that is
  in Failed/Deleting provisioning state

* Add new env vars for MIWI to env.example for clarity/completeness

* Turn check for nonzero number of user assigned identities into a utility function

* Use existing constant for key vault dns suffix
2024-09-24 08:14:56 -04:00
Nont 87d18c11fb
[SFI] Fix CVE-2024-41110 (#3845)
* [SFI] Fix CVE-2024-41110
* Go mod verify with compat v1.21
2024-09-17 12:28:31 +10:00
Rajdeep Chauhan 66f073f205
Dynamic validation for workload identity permissions and requirements (#3619)
* ARO-4376 Track2 authorization api addition for roledefinitions

* ARO-4376 add a stringutil funcs

* ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version

* ARO-4376 add dynamic validation for platformworkloadidentityprofile

* ARO-4376 resolve initial comments

* ARO-4376 refactor error messages and checkaccess action crosscheck

* ARO-4376 Add unit tests and comments resolution

* ARO-4376 add validation for upgradeableTo

* ARO-4376 Comment resoultion and additional unit tests

* ARO-4376 minor version comparison handling

* ARO-4376 update permission error messaging handling for MIWI

* ARO-4376 update constructors to return non-interface type

* ARO-4376 add unit tests for GroupsIntersect

* ARO-4376 update generate files to support bingo
2024-09-10 16:32:25 -04:00
Amber Brown 590e82881c
Clean up the remainder of `go run` uses of external tools (#3823)
* fix make aro build in onebranch
* just install jq for clean subscription
* move fipsdetect and gojq out of go run/manual go build territory
* install tools for validate-fips and e2e
* add to bin
* copy gojq here too
* go mod tidy
* go mod vendor
2024-09-10 18:28:06 +10:00
Amber Brown c554e98391
Drop some unneccessary dependencies by moving to `bingo` for tooling (#3719)
* Move to using bingo for tools
* go mod vendor
2024-09-05 15:29:19 +10:00
Nont 962402bff1 Upgrade to Podman 5 to fix the vuln 2024-08-30 14:40:37 -05:00
Ayato Tokubi 725fd1b017
Add smoke test for alerts from Alertmanager (#3801) 2024-08-30 18:16:31 +02:00
Ayato Tokubi 0d991571c8
Add missing dependencies (#3749) 2024-08-19 08:56:09 +02:00
Steven Fairchild d874268829
Update hive image to tag bdf9d08a06 (#3770)
hive:bdf9d08a06 uses github.com/openshift/hive git commit bdf9d08a060abf558ca60e014123bf9278f58b4b.
2024-08-14 08:21:03 -04:00
Nicolas Ontiveros 78feafb7f3
Add middleware for mock MSI headers (#3714)
* Add middleware

* Add frontend

* Add unit test

* Add license and update go mod

* vendor

* Fix linting

* lint

* Remove unneeded comments
2024-07-29 13:41:22 -05:00
Anshul Verma cb9a49bb5f generated code from jewzaam/go-cosmosdb 2024-07-23 13:38:57 +05:30
Nicolas Ontiveros ce31826325
Update Go to 1.21 (#3698)
* Update ci-go

* Update go toolset

* Update prepare shared rp dev

* Update prepare your dev

* More 1.21 updates

* more changes

* save work

* test

* tidy up

* Add license to typealker test
2024-07-18 17:35:06 +10:00
Maitiú Ó Ciaráin 28ced6807d
Merge pull request #3688 from Azure/tsatam/hotfix-add-cpms-e2e-test
Add cpms e2e test
2024-07-17 17:36:38 +02:00
Amber Brown d9800f0e7d
Update controllergen commands to work with 0.9.0 (#3680)
* update controllergen commands to work with 0.9.0

* changes from yaml output

* go mod vendor
2024-07-16 19:10:56 +10:00
Tanmay Satam 976404a1ab Update openshift/client-go to release-4.12 2024-07-15 16:07:43 -04:00
Tanmay Satam 1b6e0e7584
Add controller to disable CPMS on ARO clusters (#3660)
* Update openshift/api to release-4.12

* Add machinev1 resources to scheme

* Add CPMSDeactivatorEnabled flag

* Add CPMS Deactivator operator controller

* Add controlplanemachinesets to system:aro-sre ClusterRole

* Use better naming convention for CPMS controller flag

* Change debug log messages to info

* Make CPMS controller exit early if clusterversion < 4.12

* Only setup CPMS controller on clusters with machinev1 API

This is necessary in order to Watch the CPMS resource - this operation will fail on
clusters that do not support the Machine V1 API (OCP <= 4.11), causing controller
setup to fail. Since these clusters do not have a CPMS resource to manage, we can
safely skip running this controller on those clusters.

* Fix CPMS controller name
2024-07-12 12:38:39 -06:00
Amber Brown e711e610a0
Move to maintained yaml lib (#3454)
* move to maintained yaml lib

* update validate-imports

* go mod
2024-07-10 09:57:42 +10:00
Steven Fairchild a69a16029e Bump Hive Image to commit b1ac27b248159f179abf8c7e03e6ada5f17e86c0 - ARO-5063
Update default hive commit for config script
2024-07-08 13:11:43 -07:00
dependabot[bot] 66eb2f2f53
Bump github.com/gorilla/schema from 1.2.1 to 1.4.1
Bumps [github.com/gorilla/schema](https://github.com/gorilla/schema) from 1.2.1 to 1.4.1.
- [Release notes](https://github.com/gorilla/schema/releases)
- [Commits](https://github.com/gorilla/schema/compare/v1.2.1...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/gorilla/schema
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 20:39:23 +00:00
Rajdeep Singh Chauhan bd9a5b8638 ARO-4373 resolve PR comments 2024-06-30 20:38:28 -04:00
Rajdeep Singh Chauhan 883f1cb0ed vendor changes for ARO-4373 2024-06-30 20:38:28 -04:00
Rajdeep Singh Chauhan 5c6ca9d820 ARO-4373 generate keypair and oidc docs for miwi clusters 2024-06-30 20:38:28 -04:00
Jonathan CHang a8ee84c506
[ARO-4562] Migrate DNS to track2 SDK, arm dns client creation. (#3625) 2024-06-26 15:14:37 -04:00
Hilliary Lipsig fa15953397
Merge pull request #3628 from Azure/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.6.0
Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.6.0
2024-06-13 18:23:19 -07:00
dependabot[bot] f911902d9f
Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.4.0 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.4.0...sdk/azcore/v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-11 20:26:39 +00:00
Anshul Verma 7b5dc42104 generated code from the lastest merge in go-cosmosdb repo 2024-06-11 22:24:45 +05:30
dependabot[bot] 43d9e071fb Bump github.com/containers/image/v5 from 5.29.2 to 5.29.3
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.29.2 to 5.29.3.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.29.2...v5.29.3)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-11 08:43:59 -04:00
Steven Fairchild 08ebcf1631 Revender hive to commit d7ead609f495785360aeea7c318f28fe82f9bcbf 2024-06-06 08:55:00 -04:00
Steven Fairchild 24f43d8b6a
Revendor Hive Dependencies - ARO-5061 (#3578)
* Revender Hive Dependencies - ARO-5061

Revendering Hive Dependencies against hive commit git, commit 83aedb9f6e73f9668a3b96025c97052bfb1e5282, built at 2024-05-10T15:02:58Z

* Revender hive dependencies
2024-05-15 12:31:13 -04:00
Jonathan CHang 32c15b1a3f
[ARO-4637] Migrate keyvault to track2 SDK (#3275)
* create client and vendor for armkeyvault

* fix cluster

* remove old keyvault

* change input option to environment option

* add credit

* fix mix import

* fix lint

* fix import in valut

* reoreder valut impoty

* fix vulnerability

* remobe package lock

* fix audit

* audit force

* fix audit

* ufix audit

* run npm update then fix

* fix nit

* bump version

* bump version

* bump

* bump

* match with master

* remove

* lint

* remove package-lock.json

* change to arm option

* mod vendor

* fix lint

* fix lint

---------

Co-authored-by: jonachang <jonachang@microsoft.com>
2024-04-25 11:40:15 +02:00
Miguel Abad Perez e5c4065427
Merge pull request #3488 from Azure/dependabot/go_modules/github.com/containers/podman/v4-4.9.4
Bump github.com/containers/podman/v4 from 4.9.3 to 4.9.4
2024-03-29 16:05:53 +00:00
Ben Vesel 968211d549
Merge pull request #3446 from Azure/dependabot/go_modules/gopkg.in/go-jose/go-jose.v2-2.6.3
Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3
2024-03-28 14:29:09 -04:00
Ben Vesel 365d2eac3d
Merge pull request #3483 from Azure/dependabot/go_modules/github.com/containers/buildah-1.33.7
Bump github.com/containers/buildah from 1.33.5 to 1.33.7
2024-03-28 14:27:58 -04:00
dependabot[bot] 6ae39e1ae8
Bump github.com/containers/podman/v4 from 4.9.3 to 4.9.4
Bumps [github.com/containers/podman/v4](https://github.com/containers/podman) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/containers/podman/blob/v4.9.4/RELEASE_NOTES.md)
- [Commits](https://github.com/containers/podman/compare/v4.9.3...v4.9.4)

---
updated-dependencies:
- dependency-name: github.com/containers/podman/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-28 17:56:18 +00:00
dependabot[bot] 993be19774 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-28 09:21:02 -04:00
dependabot[bot] 7caaec77cb
Bump github.com/containers/buildah from 1.33.5 to 1.33.7
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.33.5 to 1.33.7.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/v1.33.7/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.33.5...v1.33.7)

---
updated-dependencies:
- dependency-name: github.com/containers/buildah
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 13:19:21 +00:00
dependabot[bot] d6c204f133 Bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v24.0.9)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 09:15:07 -04:00
Tanmay Satam e32a4402b6 Update go-cosmosdb to latest version 2024-03-20 18:17:20 -04:00
dependabot[bot] 7b42115e55
Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3
Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3.

---
updated-dependencies:
- dependency-name: gopkg.in/go-jose/go-jose.v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 05:05:50 +00:00
dependabot[bot] 53c0b2adaf
Bump google.golang.org/protobuf from 1.32.0 to 1.33.0
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 23:43:40 +00:00
Amber Brown 7a415b07de
Remove unneeded OpenShift pins & imports (#3430)
* Remove dependencies on console-operator and cluster-api-azure

* remove the forks that we don't use

* go mod updates

* go mod vendor

* stop relying on the providerspec being registered in tests

* cleanups

* update go sum

* test coverage fixes
2024-03-12 16:23:44 +11:00
Amber Brown c1c0622054
Update dependencies (#3432)
Update dependencies (containerd, podman...)
2024-03-11 14:29:47 +01:00
dependabot[bot] e794becec0
Bump github.com/containerd/containerd from 1.7.0 to 1.7.11
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.0 to 1.7.11.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.0...v1.7.11)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-06 02:50:56 +00:00