* Generate federated MIWI credentials
bring in more changes from master
typos
add len check for federated Identity naming
don't return cluster ID when OIDC issuer is nil
skip RBAC on CSP for WI cluster
check for invalid object ID before RBAC template creation
single qoute when passing resource Name
check for nil clusterMsiFederatedIdentityCredentials
remove unused controller
ensure the case folding of cluster MSI resourceID
Fed Cred name logic
update calls to fetch fed cred name
No RBAC for Cluster MSI
update getPlatformWorkloadIdentityFederatedCredName
fix WI RG RBAC
define constants to imporve readability
correct the call to resourceGroupRoleAssignmentWithDetails
Move fed cred deletion to be before cluster MSI cert deletion and add a log statement for fed cred deletion
Rename function for clarity and to match name of unit test function
Nitpick test case names for clarity and test data for correctness
* don't continue resource clean up on fed cred deletion fails
* remove duplicate of clusterServicePrincipalRBAC()
* nit
---------
Co-authored-by: gniranjan <gniranjan@microsoft.com>
- Add secretLocation for all identities (required to put down CCO secrets in-cluster)
- Update MachineAPI to use correct service account (machine-api-controllers)
- Prefix all service account identifiers with 'system:serviceaccount:'
* Selenium Service Migration to Docker Compose
* Improved the consistency and readability of your code.
* Remove unused build target, switch to standalone-chrome, and update scripts for consistency
* fix(docker-compose): revert to using selenium/standalone-edge
* Changed the image to selenium/standalone-edge:4.10.0-20230607 to match the original configuration
* Add missing RP-Config param to RP deploy ARM template
* Plumb msiRpEndpoint ARM parameter through to RP environment variable
* Regenerate RP ARM template
* Remove duplicated MSI_RP_ENDPOINT envvar in RP env
* Add env var to aro-rp.service startup
* Regenerate RP ARM template
---------
Co-authored-by: Tanmay Satam <tsatam@redhat.com>
* Add new clusterIdentityIDs manager function
* Add clusterIdentityIDs step to install for WI clusters
* Add new client wrapper for armmsi UserAssignedIdentitiesClient
* Add userAssignedIdentities client to cluster manager
* Add new platformWorkloadIdentityIDs manager function
* Add platformWorkloadIdentityIDs step to install for WI clusters
* Do not allow clusterIdentityIDs to be called for a CSP cluster
* Perform all clientID/objectID enrichment before dynamic validation
* Return UserAssignedIdentitiesClient implementation instead of interface in constructor
* Use cluster MSI credentials for userAssignedIdentities client
This requires moving client instantiation from the cluster manager constructor to the
initializeClusterMsiClients install step.
* Extract ExplicitIdentity access/handling in clustermsi to common function
* Preserve passed-in casing on cluster identity resource IDs
* Actually use extracted identity from getSingleExpectedIdentity
* Clarify purpose of getSingleExplicitIdentity function
Adds a comment and unit tests indicating its usage
bennerv
Tanmay Satam
Rajdeep Chauhan
Hilliary Lipsig
Caden Marchese
Ayato Tokubi
Lisa Ranjbar Miller
Anshul Verma
dependabot[bot]
Andrew Denton
Goutham Muguluvalli Niranjan
Sanjana Lawande
Jory Horeman
kimorris27
Shubhadapaithankar
Kipp Morris
Steven Fairchild