* Update the cluster authorizer to use a DefaultAzureCredential
* Update the ARO operator to set and use DefaultAzureCredential via env vars
* Add a CredentialsRequest to the ARO operator deployment
* Restart the ARO operator upon `az aro update`
* Removed now unused AzCredentials function
* Changed ARO operator deployment wait time during `az aro update` from
20 minutes -> 5 minutes
* Refactor CliWithApply to generalize to different object types
* Updated Restart in pkg/util/kubernetes to use server-side apply
* Updated Restart in pkg/operator/deploy to only return an error after
at least attempting to restart all of the deployments passed in
* E2E test for ARO operator master deployment's restart upon cluster update
* Wait for the ARO operator's CredentialsRequest to be reconciled before
restarting
Hive needs to be vendored at the same commit level as it is deployed in
ARO. One reason, as described in the linked card, is that changes in
APIs can lead to unintended edits during round-trip Get()/Update()
flows.
ARO-3801
* go.mod: Add github.com/microsoftgraph/msgraph-sdk-go
* azureclient: Add NewGraphServiceClient
Creates a GraphServiceClient with scope and graph endpoint set
appropriately for the cloud environment (public or US government).
* pkg/util/graph: Add GetServicePrincipalIDByAppID
* armhelper: Use MS Graph to obtain service principal ID
* armhelper: Remove unused authorizer parameter
* Use MS Graph endpoint to validate service principal
I don't think it matters for the purpose of validation, but the
AD Graph endpoint is nearing its end-of-life.
* pkg/cluster: Use MS Graph to obtain service principal ID
* pkg/util/cluster: Use MS Graph to create and delete clusters
* Pretty-print OData errors from MS Graph
To aid debugging failed MS Graph requests.
MS Graph's top-level APIError message is hard-coded and only says
"error status code received from the API". Further details have
to be extracted from the "ODataErrorable" interface type.
* azureclient: Remove ActiveDirectoryGraphScope
No longer used.
* Remove pkg/util/azureclient/graphrbac
No longer used.
* pipelines: Run CodeQL analysis for Go on 1ES Hosted Pool
Vendoring the Microsoft Graph SDK for Go causes memory consumption
during CodeQL analysis to double due to its enormous API surface,
putting it well beyond the memory limit of standard GitHub Action
runners.
I inquired with the Azure organization admins about provisioning
larger GitHub runners, but was directed instead to use the 1ES
Hosted Pool which runs our other CI checks. Since ARO controls
the VM type for Hosted Pool agents, we can use a VM type with
adequate memory for CodeQL analysis with the Graph SDK.
Note: Implemented CodeQL commands in a template in case we
ever decide to move Javascript or Python analysis to
1ES Hosted Pool as well.
* ARO Cluster Operator Status derives the Cluster Operator's Available/Progressing/Degraded conditions from the state of its controllers
* Implements controller status conditions on the node operator controller
* Updates vendoring docs and scripts
* Makes use of `go mod tidy -compat=1.17`:
we do not have to be compatible with prior versions.
Saves a bit of headache when dealing with dependencies.
* Makes `hack/update-go-module-dependencies.sh` ignore `github.com/openshift/hive`:
it is not part of OCP dependencies and is not following `release-4.Y` branching.
We want to update it separately.
* Vendoring: update Hive to the latest version
* make generate
Steven Fairchild
Steven Fairchild
Kipp Morris
Christoph Blecker
dependabot[bot]
Eric Fried
Amber Brown
Matthew Barnes
Jeff Yuan
Tanmay Satam
Srinivas Atmakuri
Mikalai Radchuk
darthhexx
Mikalai Radchuk
Jim Minter
Mangirdas Judeikis
Angus Salkeld
Nils Elde
Julien Stroheker