* api changes
fix tag package-2023-11
this was wrong in the readme
remove UserAssignedIdentities
top level fields must not have additionalproperties
update the default tag to latest
define a new IdentityType with x-ms-enum
modelAsString on identityType x-ms-enum should be false
rename IdentityType to ResourceIdentityType to match v3/types.json
make client
add descriptions to all new API fields
make client
fix unit test that was failing as a result of removing the UserAssignedIdentity type from the API
Adjust a doc comment according to feedback
make client
* add platformworkloadidentityroleset to API definition and examples
Update client generation to account for swagger subfolder
make client
fix pwip and validatestatic unit tests
fix relative path to common-types
migrate from common-types/v3 to common-types/v6
it was requested that we use the latest version of
common types. This involves some changes to our examples
to match the UUID expected.
move from Identity to ManagedServiceIdentity type
defined in common-types/v6
use modelerfour.lenient-model-deduplication=true
avoids python client generation issues
convert PlatformWorkloadIdentity to map
ARO-4382 fix unit test cases
make generate swagger
fix unit tests
revert naming openShiftCluster.ManagedServiceIdentity to Identity
fix prod code and unit tests post-rebase, reference common-types
directly for the identity property
* more swagger CI fixes
* fix examples to contain identity and type
* remove PlatformWorkloadIdentityRoleSetUpdate
oct 16th changes
oct 17th changes
fix issues post-rebase
* update readme to contain suppression for avoidAdditionalProperties
* fix ModelValidation error by converting example IDs to resourceIDs
* Update python/go clients
* Update az aro extension to enumerate platform_workload_identities as a dict instead of a list
* Fix python linter issues
* configure suppression for PatchBodyParametersSchema
appease the linter, fix subscriptionID type in util/azureclient
appease the linter again
correct log statement, use better naming
* regenerate examples
* changes operatorName and roleDefinitionName in PWIRS_List.json
---------
Co-authored-by: Tanmay Satam <tsatam@redhat.com>
* bump cluster-credentials-operator
* add Get to roledefinitions client
* check script
* pipeline
* use parameters
* change target-version help message
* vendor
* fix role.go
* use candidate channel
* use operator names in RP-Config
* modify the output format
* changed to use quay.io API
* add some comments
* remove pipeline resource
* change role definition names
* Add new clusterIdentityIDs manager function
* Add clusterIdentityIDs step to install for WI clusters
* Add new client wrapper for armmsi UserAssignedIdentitiesClient
* Add userAssignedIdentities client to cluster manager
* Add new platformWorkloadIdentityIDs manager function
* Add platformWorkloadIdentityIDs step to install for WI clusters
* Do not allow clusterIdentityIDs to be called for a CSP cluster
* Perform all clientID/objectID enrichment before dynamic validation
* Return UserAssignedIdentitiesClient implementation instead of interface in constructor
* Use cluster MSI credentials for userAssignedIdentities client
This requires moving client instantiation from the cluster manager constructor to the
initializeClusterMsiClients install step.
* Extract ExplicitIdentity access/handling in clustermsi to common function
* Preserve passed-in casing on cluster identity resource IDs
* Actually use extracted identity from getSingleExpectedIdentity
* Clarify purpose of getSingleExplicitIdentity function
Adds a comment and unit tests indicating its usage
* Generate mocks for Azure clients added in cluster MSI PR
* Add other small changes in response to previous PR feedback:
- Get subscription ID from subscription doc instead of a platform MI
- Remove an unused mock controller
Mocks for these interfaces were previously present, but if you remove them and make generate, they don't get replaced. I'm guessing that when they were added, the committer forgot to commit their changes to the generate.go files. This came to my attention as I was moving us over to the Uber fork because it caused errors while I was trying to get builds and unit tests working, so I codified the generation properly in this commit.
* Add a parameter for enabling Entra ID RBAC on key vaults
* Add an RP-level feature flag for determining whether to use the mock MSI RP
* Tweak the mock identity URL to play nicely with the mock MSI RP
* Add Azure SDK client wrappers for new clients (federated identity credentials control plane and key vault data plane)
* Vendor in new Azure SDK clients and update msi-dataplane
* Lay groundwork for use of cluster MSI...
- Initialize the MSI dataplane client, using the mock MSI RP/stub if
appropriate
- Initialize key vault store client (for MSI certificates; functionality
is implemented in MSI dataplane module)
- Create a cluster MSI certificate and store it in the key vault during
cluster bootstrap
- Instantiate an Azure SDK FederatedIdentityCredential client using the
cluster MSI certificate
- Delete the cluster MSI certificate as needed during cluster deletion
* Don't fail during cluster deletion if the cluster MSI certificate is
already gone from the key vault (or was potentially never created)
* Establish an RP-Config variable for the MSI RP endpoint
- Update doc comment for ensureClusterMsiCertificate
- Simplify conditional logic in MSI cert deletion
* Use pointer conversion functions that aren't deprecated
* Respond to PR comments (and fix some other things along the way)
- Move `clusterMsiResourceId` function to `OpenShiftCluster` type
- When persisting the MSI cert to KV, use the `NotAfter` returned by the MSI RP (for the stub, just use an arbitrary value)
- Move `getClientOptions` functionality to `AROEnvironment` type
- Move logic for determining cluster MSI key vault name to `pkg/env`
- Pull cloud name mapping stuff out to `AROEnvironment` type
- Update msi-dataplane module to include new changes and use `UserAssignedIdentities` type to get Azure credential in `pkg/cluster/clustermsi.go`
- Fix typo in https URL in comment in `pkg/cluster/delete.go`
- Implement suggestion to use `errors.As` instead of a type assertion in `pkg/cluster/delete.go`
* Update documentation with info about new feature flag
- Move new cluster MSI steps forward in bootstrap step order
- Move MSI dataplane client options stuff to pkg/env
- Explicitly check for a single cluster MSI in `ClusterMsiResourceId`
- Other small tweaks
* Vendor in msi-dataplane update that prevents a potential nil pointer dereference
* Add missing method to internal key vault client
* Make error messages more specific in ClusterMsiResourceId
* Add missing env vars to run-rp make target and uncomment dynamic validation bootstrap step
- In newly added Azure clients, return struct types instead of interface
types
- Move cluster MSI certificate deletion to be after Azure resource
deletion for safety just in case cx continues to use cluster that is
in Failed/Deleting provisioning state
* Add new env vars for MIWI to env.example for clarity/completeness
* Turn check for nonzero number of user assigned identities into a utility function
* Use existing constant for key vault dns suffix
* ARO-4376 Track2 authorization api addition for roledefinitions
* ARO-4376 add a stringutil funcs
* ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version
* ARO-4376 add dynamic validation for platformworkloadidentityprofile
* ARO-4376 resolve initial comments
* ARO-4376 refactor error messages and checkaccess action crosscheck
* ARO-4376 Add unit tests and comments resolution
* ARO-4376 add validation for upgradeableTo
* ARO-4376 Comment resoultion and additional unit tests
* ARO-4376 minor version comparison handling
* ARO-4376 update permission error messaging handling for MIWI
* ARO-4376 update constructors to return non-interface type
* ARO-4376 add unit tests for GroupsIntersect
* ARO-4376 update generate files to support bingo
Amber Brown
Kipp Morris
Nicolas Ontiveros
Ayato Tokubi
Daniel J. Holmes (jaitaiwan)
Rajdeep Chauhan
Nicolas Ontiveros
Tanmay Satam
Goutham Muguluvalli Niranjan
Taylor Fahlman
Caden Marchese
Alex Chvatal
bennerv
Hilliary Lipsig
Andrew Denton
Sanjana Lawande
kimorris27