* use multierror here, so it's more obvious if we're missing multiple keys
* Ignore the written out clusterapp.env
* move create/delete into separate commands, which write out a clusterapp.env file
* delete the app in the e2e.sh file
* update the docs
* Remove dependencies on console-operator and cluster-api-azure
* remove the forks that we don't use
* go mod updates
* go mod vendor
* stop relying on the providerspec being registered in tests
* cleanups
* update go sum
* test coverage fixes
* create oic storage account in dev
* split oic resources into new template for reuse
* add roleassignment, dev script
* parameterize, add documentation
* create new cmd for full env, doc change
* Update the hack script to require the new envs
* Add new targets to the Makefile
* Update the docs
* Fix typo
* Add some info to the delete flow
* Update docs/shared-cluster.md
Co-authored-by: Jason Healy <jason@jhealy.net>
* Tag all created resource groups with persist
* Drop shared-cluster from the explicit denys
* Update docs
---------
Co-authored-by: Jason Healy <jason@jhealy.net>
* fix: match existing hive-config with production hive-config
* bug: bump hive version to use minimal install version and resolve vulns
* Remove oc-cli domain annotation
* go.mod: Add github.com/microsoftgraph/msgraph-sdk-go
* azureclient: Add NewGraphServiceClient
Creates a GraphServiceClient with scope and graph endpoint set
appropriately for the cloud environment (public or US government).
* pkg/util/graph: Add GetServicePrincipalIDByAppID
* armhelper: Use MS Graph to obtain service principal ID
* armhelper: Remove unused authorizer parameter
* Use MS Graph endpoint to validate service principal
I don't think it matters for the purpose of validation, but the
AD Graph endpoint is nearing its end-of-life.
* pkg/cluster: Use MS Graph to obtain service principal ID
* pkg/util/cluster: Use MS Graph to create and delete clusters
* Pretty-print OData errors from MS Graph
To aid debugging failed MS Graph requests.
MS Graph's top-level APIError message is hard-coded and only says
"error status code received from the API". Further details have
to be extracted from the "ODataErrorable" interface type.
* azureclient: Remove ActiveDirectoryGraphScope
No longer used.
* Remove pkg/util/azureclient/graphrbac
No longer used.
* pipelines: Run CodeQL analysis for Go on 1ES Hosted Pool
Vendoring the Microsoft Graph SDK for Go causes memory consumption
during CodeQL analysis to double due to its enormous API surface,
putting it well beyond the memory limit of standard GitHub Action
runners.
I inquired with the Azure organization admins about provisioning
larger GitHub runners, but was directed instead to use the 1ES
Hosted Pool which runs our other CI checks. Since ARO controls
the VM type for Hosted Pool agents, we can use a VM type with
adequate memory for CodeQL analysis with the Graph SDK.
Note: Implemented CodeQL commands in a template in case we
ever decide to move Javascript or Python analysis to
1ES Hosted Pool as well.
* updated cluster creation to use version
* added if statement on env variable
* reverted due to redundant code
* updated Create call with OSVersion
* attempt to resolve conflicts
---------
Co-authored-by: v-taphelps <v-taphelps@microsoft.com>
* Update autorest core to 3.6.3. Update nodejs to new secure LTS version for client generation. Fix permissions error in autorest Dockerfile for client generation.
* Added closing console line after api version generation
Scope strings should mostly go away once the RP code is fully
migrated to the newer TokenCredential-based Azure SDK, but this
was requested by multiple peer-reviewers.
httptest is used to send http responses.
Add Mock for databaseaccounts.
Add DatabaseClient, MasterKeyClient interfaces to allow for mock testing.
Add unit tests for subscriptions.
Add billing unit tests.
Add default http.Client to database.go, update references to use DatabaseClient interface. This will keep from importing "net/http" in every package calling it and allow easy changing within database if needed."
Add unit tests for clustermanager in database package
Add asyncoperations unit tests.
Add monitor tests.
Add gateway unit tests.
Add openshiftversions tests.
Add portal tests.
Add openshiftclusters tests.
Tests for billing and subscriptions are placed in test/database to reuse
fake testing code due without import cycling.
Update documentation to inform readers that SSH_PUBLIC_KEY must be set if ~/.ssh/id_rsa.pub doesn't exist.
Update gendevconfig.go to log a warning if SSH_PUBLIC_KEY is unset
Modified css selectors for test
Remove Test Focus
Minor change in deploy-dev-rp.md
move validate-go to github action (#2153)
include openshift-operator-lifecycle-manager in monitoring
for gateway change arm deployment template name from storage to gatewayprivateendpoint
fix bug where mhc wouldn't kick in after CR change
RP support for 2-zone regions, centraluseuap
Bump github.com/coreos/ignition/v2 from 2.13.0 to 2.14.0
Bumps [github.com/coreos/ignition/v2](https://github.com/coreos/ignition) from 2.13.0 to 2.14.0.
- [Release notes](https://github.com/coreos/ignition/releases)
- [Changelog](https://github.com/coreos/ignition/blob/main/docs/release-notes.md)
- [Commits](https://github.com/coreos/ignition/compare/v2.13.0...v2.14.0)
---
updated-dependencies:
- dependency-name: github.com/coreos/ignition/v2
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
reduce the use of bindata by using embed for machinehealthcheck controller
Add the development AKS ARM template.
New deploy_aks_dev function for the AKS ARM template.
Script to SSH into AKS node pool VM instances for prototyping and debugging.
Add 'make aks.kubeconfig' for use in development environments.
Documentation on accessing the private AKS cluster via the VPN for oc or direct SSH access.
Display list of clusters when a search returns 0 or >1 AKS clusters.
Filter for the system node pool for cases when there are more than one deployed.
Updates to ARM template for AKS keyvault access, node resource group, and various AAD changes.
add managed identity
Format JSON.
Wire up the user assigned MSI, peer with rp-vnet, and add the AKS keyvault back in.
Minor tweaks to naming, max agent VMs, and variables.
Add a podSubnet, autoscaling, and orchestratorVersion for nodepool upgrades.
Add aks.kubeconfig to Makefile .PHONY
Output an error if the AKS kubeconfig generation fails
Delegate pod subnet and wire up the AzureSecrets identity for keyvault access.
Remove any previous AKS config.
Limit MSI role assignment to subnet collaborator, bump max pods, and parameterize availabilityZones.
improve Python unit testing and refactor _validators.py (#2120)
* refactor: apply Guard clauses in _validators.py to simplify code
* fix _validators.py trailing whitespace
* improve python test tructure, include execution of unit tests in make test-python
* crate make directive to run python unit tests, add unit tests for azext_aro._validators.validate_cidr
* add tests for test_validate_client_id and include test cases description
* add unit tests for validate_client_secret from azext_aro._validators
* add explicit fields to named tuple in test cases in test_validators.py
* add two test scenarios for validate_cluster_resource_group
* simplify mocks
* add test case for test_validate_cluster_resource_group
* improve test descriptions
* add test_validate_disk_encryption_set test to test validate_disk_encryption_set
* add test cases to test_validate_disk_encryption_set()
* refactor test_validator.py to use classes instead of namedtuples. Use mocks instead of specific defined classes
* refactor (simplify code): remove explicit assignemnt to None when it is the default value
* create test_validate_domain() with 1st test case
* add test case, domain with '_'
* explicit import of unittest.TestCase
* fix test message in test_validate_domain
* finish test_validate_domain()
* finish test_validate_sdn() and test_validate_pull_secret()
* create test_validate_subnet() with first test case
* finish test_validate_subnet() and minor refactor in _validators.py
* create test_validate_subnets() and add first test case
* finish validate_vnet_resource_group_name()
* finish test_validate_worker_count() of test_validators.py and simple refactor in _validators.py
* finish test_validate_worker_vm_disk_size_gb()
* refactor _validators.py
* add test_validate_refresh_cluster_credentials() and minor refactor of test_validators()
* refactor _test_validators.py to use pytest, create script and invoke it from Makefile
* simplify test_validate_cidr() using pytest.mark.parametrize
* simplify some tests using pytest.mark.parametrize
* finish applying pytest.mark.parametrize
* clean up Makefile test-python
* add blank line to hack/unit-test-python.sh
* fix typo in test case
* fix mega-linter error, blank space
* fix test case to fail due to invalid range
* fix typo in beeing to be being
* remove redundant test case
* reformat code for better readability
* add missing license to __init__.py files
Panic on AdminUpdate with MaintenanceTaskEverything
Fixed formatting issues and made the changes suggested in PR 2152
Panic on AdminUpdate PR changes.
error message updated as per PR comments
move installtime set to startInstallation rather than in the middle of kubeconfig generation
enable reconciling azuresubnets/NSGs by default
refector e2e for removing dependency.
Update 2
removed old code.
make test to fail on getting error.
Expect(err).NotTo(HaveOccurred())
Formating done
White-spaces removed.
handle the use of the AddressPrefixes field alongside AddressPrefix
improved ValidateCIDRRanges test
add vnet names to help with debugging if needed in the future
comment improvement
Bump follow-redirects from 1.14.0 to 1.14.7 in /portal
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.0 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.0...v1.14.7)
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Store downloaded cert only when it differs
When systemd downloader downloads fresh certificate
check whether it differs from the stored one.
Replace old one with fresh when there is a difference.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Restart mdm service on cert change
Forces MDM container to pick up changed certificate.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
doc: Document fp cert rotation
Add doc file with information how the first party certificate is
rotated in the RP and on the host VM.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Replace artifacts with direct code checkout
Replaces configuration fetching via build pipeline with
direct code checkout.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Update .pipelines/int-release.yml
Co-authored-by: Ben Vesel <10840174+bennerv@users.noreply.github.com>
provide the ability to specify an overridden fluentbit image in operator feature flags
Add deploy pipelines using tag
Add new pipelines using tagged deployment
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Set XDG_RUNTIME_DIR explicitly on CI VMs
Add tagged aro image
Add annotated tag build and push into makefile.
Without annotation, the TAG is empty and
action is not performed.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Build and push tagged aro image into ACR
When annotated TAG is not set the new step fails.
Otherwise it builds the tagged image and pushes it
to the ACR.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Build release on tag
When CI started from tag build image and push to registry.
Extract annotation from the tag and use it as summary
for changelog. Automated summary is extracted from commits
titles.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
mdm/mdsd++
make generate
Revert "[PIPELINES 4] Create release based on annotated git tag"
Fix: Broken pull path
The original path is not working as it is blocked for writing,
Using the pipeline default instead
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Fix: Broken checkout code path
The checkout behaves differently when checking out single repository.
It checkout to /s
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Update prod pipeline params to be consistent
Enable SBOM on all OneBranch pipelines
Fixing typo in paths
Add Documentation and Scripts for ARO Monitor Metric testing
Fix typo
Co-authored-by: Caden Marchese <56140267+cadenmarchese@users.noreply.github.com>
Handle cleanup of spawned processes.
Clarify a few things in the procdure.
Add example script to directly inject test data
Revert "Revert "[PIPELINES 4] Create release based on annotated git tag""
Fix: Remove build to run after e2e
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Bump nanoid from 3.1.22 to 3.2.0 in /portal
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.22 to 3.2.0.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/3.1.22...3.2.0)
---
updated-dependencies:
- dependency-name: nanoid
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Add uaenorth to non-zonal regions
imageconfig controller
Fixing bug where incorrect ACR domain name was being generated
added doc for cert rotation
Signed-off-by: Karan.Magdani <kmagdani@redhat.com>
Vendor installer release 4.9
This also forces the RP from Go 1.14 to Go 1.16.
Aside from requiring OCP 4.9 / Kubernetes 1.22 modules, the
other go.mod changes are all manual workarounds from failed
"make vendor" runs.
Automated updates from "make vendor"
Alter client-gen command to stay within repo
The way this is written seems to assume the ARO-RP repo is cloned
under the user's $GOPATH tree. That's not where I typically clone
git repos for development.
Use relative paths in the client-gen command and arguments to stay
within the ARO-RP git repo.
Automated updates from "make generate"
Set InstallStream to OCP 4.9.8
Automated updates from "make discoverycache"
pipelines: Demand agents with go-1.16 capability for CI/E2E
Update documentation for Go 1.16 and installer 4.9
Fix: Remove the wrong git pull path
Removes the wrong git pull path for ADO RP-config
Removes unused parameter
Signed-off-by: Petr Kotas <pkotas@redhat.com>
fix: Add go1.16 requirement to run pipelines
With addition of 4.9 release, the go build
have to run with go1.16
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Add geneva action to reconcile a failed NIC
Suppress stderr within Makefile command
Do not overwrite FIPs environment variable in CI VMs
fix: fix service connection to the github
existing service connection does not meet requirement
for the github release
Signed-off-by: Petr Kotas <pkotas@redhat.com>
ADO Pipelines make no sense
Ensure TAG environment var is consistent case
Incorrect quoting on variables in pipeline
Clean up debug print statement in pipelines
Add INT/Prod variable group requirements
Update correct directory path for pipeline template files
Update release tag pipeline parameters
Vendor updated autorest adal to fix nil pointer exception in MSI
add fl to owners :-)
Fix: use the correct variable syntax for updated variables in pipelines
Bump 4.9.8 to 4.9.9 as it contains a bugfix that prevents cluster creation success
Vendor openshift installer carry patch
Bump golang version to 1.16 in CI VMs
Fix wrongly updated parameters and variables in prod release
Feedback follow up on image config controller
Use INT E2E Creds in Prod pipeline as we pull from the INT image registry and spin up our resources in our INT sub
clean temporary gomock folders (#1912)
Signed-off-by: Karan.Magdani <kmagdani@redhat.com>
fix 2 cred scan findings by adding suppression settings (#1960)
add tsaoptions json file, enable tsa in build rp official pipeline (#1959)
chore: removed logging onebranch pipelines files from aro-rp repo (#1942)
quick fixes in docs (#1956)
Removes unneeded field (#1962)
Updated linux container image for build (#1964)
Updating go-toolset tag to 1.16.12 (#1965)
Bump follow-redirects from 1.14.7 to 1.14.8 in /portal
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8)
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
add fips validation scripts and ci step
drop net_raw and make generate
Adding norwaywest to deploy from tag ALL regions Pipeline. (#1968)
Include variable groups for prod single region release (#1957)
Add Central US EUAP to nonZonalRegions (#1927)
remove network acceleration due to issues discovered
reapply the primary tag
make generate
Add metric gauge for nohost present on request to gateway
Fix net_raw caps, make generate (#1971)
Refactors operator requeues
* Adds the clarifying comment on requeues into the checker controller
* Removes `Requeue: true` in places where we use `RequeueAfter`
as it is has no effect.
add a field to indicate spotInstances in node.conditions metric (#1928)
Bump url-parse from 1.5.3 to 1.5.7 in /portal
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.3 to 1.5.7.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.3...1.5.7)
---
updated-dependencies:
- dependency-name: url-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
docs: add cleaner info to shared env docs
add westus3 to pipeline manifests
add additional logging to redeploy to help understand state when this job fails in e2e
Re-enable Egress Lockdown
Enable egress lockdown feature by default on new clusters while also
allowing current clusters to be admin-upgraded with the new feature
Co-authored-by: Ben Vesel <10840174+bennerv@users.noreply.github.com>
fix: use the tag/commit as the aro version
ARO uses both tags and commits as its version.
The commits are used for the development scenario,
tags are used when building and deploing to
production.
add: copy ARO iamge to integration
Signed-off-by: Petr Kotas <petr@kotas.tech>
add: release pipeline documentation
Signed-off-by: Petr Kotas <petr@kotas.tech>
fix: HTTP 500 from "List cluster Azure resource" Geneva Action for unknown resource types (#1978)
* If don't have an apiVersion defined for a resource, then skip over it instead of returning an error.
* Reword the comment.
* Double quote the resource type in the log warning message.
Co-authored-by: Mikalai Radchuk <509198+m1kola@users.noreply.github.com>
add operator storage acc and endpoints reconcilers
operator tests
storageacc handling for install/update
generate
vendor
review feedback
Add dev env rules exception
Comply with the Authorizer changes
Fix tests
Fix merge conflicts
Add operator flags
Fix tests
Change operator flags
Addressing feedback
generate
Operator flag tests
Addressing feedback
FIx
update cluster spec
Add an Operator controller for Managed Upgrade Operator
add MUO deployment manifests
run go generate
add a mocks directory in the operator
make dynamichelper produce less spurious changes for MUO
fix: move int mirroring to separate pipelines
integration requires it own set of credentials,
this can only by provided in a separate pipeline
Signed-off-by: Petr Kotas <pkotas@redhat.com>
fix: provide the correct dependent pipeline (#1982)
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Update mirror-aro-to-int.yml for Azure Pipelines
Remove unused parameter
fix: replace parameter with variable (#1984)
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Update mirror-aro-to-int.yml for Azure Pipelines
Fix typo
Cleans up unused args in `muo.NewReconciler`
Bump url-parse from 1.5.7 to 1.5.10 in /portal
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.7 to 1.5.10.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](https://github.com/unshiftio/url-parse/compare/1.5.7...1.5.10)
---
updated-dependencies:
- dependency-name: url-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Removes a explicit `gomock.Eq()` matcher calls (#1983)
`gomock.Eq()` is a default matcher in gomock
so it doesn't have to be explicitly called in these cases
Docs: Set GOPATH (#1987)
- A few developers on various OS flavors have seen make generate fail after the upgrade to golang 1.16 due to client-gen updates. This appears to fix.
Adds extra fields to the PreviewFeature CRD
Adds the controller implementation
It currently implements only one feature: NSG flow logs
preview feature controller and NSG flow log feature implementation
L series support - RP changes (#1751)
* add L-series SKUs to internal, admin, validate api
* make client
Add SKU availability and restriction checks to dynamic validation (#1790)
* add sku filtering and restriction checks
* add install-time instance validation
Minor ARO operator refactoring
* Gets rid of exported constants like `ENABLED` where exported constants are not required
* Gets rid of constant concatenations like `CONFIG_NAMESPACE + ".enabled"` to make search easier
* Removes unnecessary `Copy` method of `OperatorFlags` stuct as well as package level `DefaultOperatorFlags` variable.
Introduces `DefaultOperatorFlags()` instead.
Removing call to listByResourceGroup due to flakyness in the Azure API
add validate-fips step into onebranch build rp template
exclude vuln protobuf
exclude vulnerable containerd versions
Changed CloudErrorCodes from vars to consts. (#1997)
Co-authored-by: Jeremy Facchetti <jfacchet@jfacchet.remote.csb>
Add sourcebranchname to build_tag (#1996)
adding a way to pass additional flags to E2E tests (#1998)
Fix typo in deploy-development-rp doc (#2005)
Better documentation support for multiple envs (#1932)
- Now there are two env files: standard, and int-like files
- Instructions modified for int envs to create the new file and source it
- Fixed a small typo in the instructions that was being masked by indentation
vendor: fake operator client
Signed-off-by: Petr Kotas <pkotas@redhat.com>
feature: add autosizednodes reconciler
Introduce autosizednodes reconciler which watches aro cluster object
feature flags for ReconcileAutoSizedNodes.
When feature flag is present new KubeletConfig is created enabling the
AutoSizingReserver feature which auto computes the system reserved
for nodes.
feature: add aro cluster to workaround
Adds aro cluster instance to IsRequires check
to allow for feature flags checking.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
feature: disable systemreserved when autosizednodes enabled
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Avoid AdminUpdate panic when Nodes are down (#1972)
* Skip ensureAROOperator and aroDeploymentReady when the IngressProfiles data is missing, esp after cluster VM restarts as part of the update call
* Refactor Cluster Manager code to make ensureAROOperator code testable
* Add unit test for ensureAROOperator code
Co-authored-by: Ulrich Schlueter <uschlueter@redhat.com>
update go-cosmosdb version to incorporate the latest change (#2006)
Filter out unwanted data from azure list geneva action (#1969)
* filter our Microsoft.Compute/snapshots from azure list geneva action
* change filter input for test
Doc to create & push ARO Operator image to ACR/Quay (#1888)
* Doc to create/push AROOperator image ACR/Quay
A document on How to create & publish ARO Operator image to ACR/Quay.
Added alternative to go get command (#2015)
Update Makefile (#2020)
The ARO-RP returns special characters in color encoding special character, which is not decoded as of now. This change removes the color encoding characters by default in e2e tests
Update node-selector on muo namespace
Dockerfile for MUO image (#1993)
Update OB Build Pipeline to Pass Build Tag as Var (#2011)
* adding release_tag functionality to support releasing by tag or commit
add managed upgrade operator configuration settings and connected MUO if allowed and a pullsecret exists
add muo config yaml
add openshift-azure-logging to the ignored namespaces
run go generate
Fix VM Redeploy Test Flake
- Removing test to check k8s Events for Node readiness
- Adding test for Azure VM readiness (power state)
- Adding test for Linux Kernel uptime to guarantee reboot
disable ipv6 router advertisements on rp/gateway vmss
Install python3 on RP and gateway VMs
make pullspec an optional flag
add enabled and managed by default
add e2e test
Bump minimist from 1.2.5 to 1.2.6 in /portal
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
cleanup: proxy now uses idiomatic waitgroup.
cleanup: removed useless anonymous function definition.
add containers_image_openpgp tag (#2032)
Change secrets-update to allow subsequent updates (#2038)
Co-authored-by: Nont <nthanonchai@microsoft.com>
add containers_image_openpgp everywhere
add controller into operator for machine health check (#1950)
* add worker only controller with operator for machine health check
* align mhc node selector pattern with osd
Create 2022-04-01 API (#1876)
check for default ingressIP when ingressProfiles > 1 (#2021)
Signed-off-by: Karan.Magdani <kmagdani@redhat.com>
Skip Linux AZ Sec Pack policies from running on VMSS creation (#2041)
Admin Portal v2 (#2019)
Add in sre portal v2, still default to v1
Co-authored-by: Amber Brown <ambrown@redhat.com>
Co-authored-by: Brett Embery <bembery@redhat.com>
Co-authored-by: Ben Vesel <10840174+bennerv@users.noreply.github.com>
Bump minimist from 1.2.5 to 1.2.6 in /portal/v2 (#2043)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
added changes to make local e2e test work/ update doc (#2036)
* added changes to make local e2e test work/ update doc
updated operator README to include instructions for running the ARO operator locally for a private cluster (#2045)
Fix off by one error when truncating name
Now it truncates to 14 instead of 15. the corresponding arm templates
truncate to 15.
Refactors createOrUpdateRouterIPFromCluster
Make it reuse isIngressProfileAvailable to check IngressProfile
Adds an extra case into TestAroDeploymentReady
Updates dev env docs
* Removes mention of Python virtualenv as it comes by default with Python 3
* Updates macOS docs to make sure that steps work for Intel and ARM macs
* Markdown formatting fixes
give /tmp a bit more room for when the CI VM gets busy
refactor+test: refactored some functions to test
refactored tests
added license to test file
added err check on validateProxyResquest
made the errors more explicit
fixed typo in function name
removed useless test case
renamed oddly named metrics.Interface to Emitter
update codeowners
renamed github username
updated path to quota file (#2058)
refactor/add-test : refactored linkid and gateway to add tests (#2013)
Enable first basic linters in ARO (#2060)
* Enable first basic linters in ARO
* Remove modules-download-mode from the linter run config
Commit to allow password auth for VMSS jit access (#2027)
* Commit to allow password auth for VMSS jit access
fix: now uses renamed interface metricsEmitter
fix issues with linting new test files
added doc.go for imgconfig controller (#2064)
Signed-off-by: Karan.Magdani <kmagdani@redhat.com>
Revert 2027: Commit to allow password auth for VMSS jit access
Add logic to reconcile failed Nic on az aro delete
Co-authored-by: Ben Vesel <bennerv@users.noreply.github.com>
Update pull secret references from cloud.redhat.com to cloud.openshift.com (#2084)
Enables go fmt simplify (#2081)
update reference to cloud.redhat.com in README file (#2085)
ensure apiserverready check
redesigned the quota computation to something understandable (#2059)
Bump 4.9 install image to latest stable 4.9.28 to address etcd split brain issue
Fail MUO test if we expect an error but don't get one
Bump fluentbit, mdm, and mdsd images to mitigate P0/P1s
Bump async from 2.6.3 to 2.6.4 in /portal/v2
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v2.6.3...v2.6.4)
---
updated-dependencies:
- dependency-name: async
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Update the secret rotate time to 7 days during RP deploy (#2051)
Remove dead mirror code referencing 4.3 version which isn't mirrored (#2092)
add MTU to the internal OCP Document
make generate
before mock
added unit tests for two new functions
fix import order
remove trailing spaces
make validate-go wants to add trailing lines again
found/fixed trailing new line
add new line at end of test file
added admin update method to adminupdate tests
newlinw
fixed unit test issue
add helper method
Improve comment
gofmt
Remove ACR Image Override (#2090)
added stylecheck and moved golangci-lint to a github action (#2083)
* enabled github action instead of running from ADO
* fixed style
* fixed some style
fixed styling
fixed failing tests because of case on errs
Small updates to shared rp docs (#2079)
"note" syntax adjustments
Small updates to shared rp docs from working sessions
added note related to gwy keyvault not being in dev
Update docs/prepare-a-shared-rp-development-environment.md
Language adjustment.
Committing syntax change per Caden's suggestion.
Co-Authored-By: Caden Marchese <56140267+cadenmarchese@users.noreply.github.com>
Co-authored-by: Caden Marchese <56140267+cadenmarchese@users.noreply.github.com>
Additional gateway tests (#2062)
* Add coverage for pkg/gateway. Gateway creation now fails fast when env
properties are missing.
* refactor large test into multiple test cases
Move gateway fluentbit to container
Bump async from 2.6.3 to 2.6.4 in /portal/v1
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v2.6.3...v2.6.4)
---
updated-dependencies:
- dependency-name: async
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
set MDSD_MSGPACK_SORT_COLUMNS to perf column sorting on MDSD side and try to avoid hitting max schema count (#2095)
Remove mwoodson from codeowners (#2106)
Updated FIPs e2e test for 2022-04-01 API
Development subscription migration
prepare for dns migration
Signed-off-by: Karan.Magdani <kmagdani@redhat.com>
Update az cli extension to use api v2022_04_01 (#2042)
* Bumping az aro extenion api version to v2022_04_01
* Adding new command flags and data structures to az aro create
* linting
Update cluster
Update pkg/util/cluster/cluster.go
Co-authored-by: Ben Vesel <10840174+bennerv@users.noreply.github.com>
Better err handling to customer
remove installconfig dependency from deploystorage
Remove unnecessary to.StringPtr usages
Fixing exception handling for missing subnet (#2117)
* Fixing exception handling for missing subnet
* use isinstance
* Another err.message fix
Added a new function for a hardcoded filter of namespaces (#1994)
Added unit test for the makeURLSegments function of dynamichelper (#2031)
add minor version
Master resize (#1889)
* master resize GA
move arm template deploy to util
use the ARM deploytemplate code directly in pkg/cluster
Add David Newman to CODEOWNERS
il5 series support, vm.go improvements and tests (#2086)
Add improvements to `deploy-full-rp-service-in-dev.md` doc (#2048)
* Add improvements to full rp service doc
* Update docs/deploy-full-rp-service-in-dev.md
Co-authored-by: Spencer Amann <samann@redhat.com>
NSG controller - reconcile nil NSG (#2116)
* adding test case for NSGs = nil
* Adding handling of empty NSG
Fix deleteNic when the nic is in failed provisioning state
Add documentation outlining our keyvaults, certificates, and secrets
Provide clearer error for a particular type of PUCM failure
Instead of "subnet ID "" has incorrect length", catch the error
earlier and provide a clearer "lastAdminUpdateError" message.
This particular PUCM failure occurs when a machineset object fails
to decode during cluster document enriching.
increase the timeout to 10 minutes, since a rebuild can trigger the timeout
Vendor installer release 4.10
Switches to go.1.17, OCP 4.10, and Kubernetes 1.23 modules.
Automated updates from "make generate"
Set default InstallStream to OCP 4.10.15
Automated updates from "make discoverycache".
pipelines: Require agents with go-1.17 capability for CI/E2E
Update documentation for Go 1.17 and installer 4.10
Switch from the azureprovider to the new machinev1.AzureMachineProviderSpec machine API
* Due to the move of the AzureMachineProviderSpec into the openshift/api we need to marshal the existing
clusters machine provider spec into the new struct.
* Switches tests to use the new machine API struct.
Ref: f9725ddd94
Switch to building with golang 1.17
Switch maoclient -> machineclient and maofake -> machinefake
gofmt: add "go:build e2e"
Switch to using the ubi8 go-toolset for building.
Add additional values to CloudError and Cluster Operation Logs (#2094)
* Added additional values to CloudError
* Update pkg/api/error.go
Co-authored-by: Weinong Wang <weinong@outlook.com>
* Add details for cluster logs in terminal state
* Fixed issue with logging clusterResult
* Changed to generic name, add String() func
* Update logging comments
Co-authored-by: Weinong Wang <weinong@outlook.com>
* Add prefix to cloudErrorMessage String()
* Add additional json monikers
* Fix bug with resultType output
* Defined CloudErrorCategory string type
* Empty-Commit to retrigger test
* Shift logs, remove code for next PR
* Added log fields, removed category
* Shift resultType to Logs
* Empty-Commit to retrigger test
* Remove all error changes
* Update openshiftcluster.go
change logs to lowercase
Co-authored-by: BCarvalheira <bcarvalheira@microsoft.com>
Co-authored-by: Weinong Wang <weinong@outlook.com>
Improved the unit test coverage for the merge function of dynamichelper
Fixed the validate golang code errors in the pipeline
Updated the code based on Mikalai's feedback
Fixed a go validation error
added yaml lint (#2132)
* added yaml lint
* updated the doc
Build the MSFT Go fips enabled code and tag the CI Agent as having Go 1.17.
Bump to the latest Microsoft Golang FIPS release.
Updated bindata.
Switch back to the vanilla ci vmss names.
Revert the address prefix and keyvault name changes necessary to deploy to CI.
Switch back to using the RHEL go-toolset now that 8.6 is available on Azure.
Double the OS Disk size.
Increase the disk size of the CI vmss to 200GB.
Updated bindata and move disk size to the correct vmss spec.
Add an option to send metrics via UDP instead of Unix Domain Sockets (#2074)
replace allowOCM flag with a forceLocalOnly flag
upgrade image to b4
when mhc is managed create an alert for frequent remediation (#2123)
allow overriding the operator version in the admin API (#2134)
Update pipelines to demand go 1.17 and update OB container to go 1.17 (#2146)
update mdm/mdsd
Add new ARO regions to pipelines
- australiacentral
- australiacentral2
- swedencentral
test for infra ID generation
this does not need installconfig, and so can be moved upwards in the install
replace it with a vendored version, so that we don't need to utilise the installer portion
validate apimachinery rand as utilrand
split ensuregraph into applying customisations and then saving it to the storage account. if we use the vanilla installer, we will likely still need to save the graph (after fetching it from hive) but we will not change things inside of it like currently.
refactored muo to extract deployer (#2122)
removed go-bindata from pkg/operator (#2119)
add: Getpodlogs kubeaction api (#1885)
Migrate from AD to MS Graph
Also changed the AADManager so that it only returns values
instead of the data structure. This hides the implementation
details so that in the future if MSAL changes the internal
representation, any required changes will be contained within
the class (vs. right now custom.py has to be changed accordingly).
fixed conflict created when moving to the new library (#2150)
Bump eventsource from 1.1.0 to 1.1.1 in /portal/v2
Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md)
- [Commits](https://github.com/EventSource/eventsource/compare/v1.1.0...v1.1.1)
---
updated-dependencies:
- dependency-name: eventsource
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Bump eventsource from 1.1.0 to 1.1.1 in /portal/v1
Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md)
- [Commits](https://github.com/EventSource/eventsource/compare/v1.1.0...v1.1.1)
---
updated-dependencies:
- dependency-name: eventsource
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
clean up of validate import, now uses a yaml file for maintainability (#2136)
create lint-go script and call it from Makefile (#2118)
Co-authored-by: Jeremy Facchetti <facchettos@gmail.com>
Add name length validation on ARO clusters for non-zonal regions
Truncate cluster names to 19 char in e2e pipelines
Typo in pipeline script
Minor change in deploy-dev-rp.md
move validate-go to github action (#2153)
include openshift-operator-lifecycle-manager in monitoring
for gateway change arm deployment template name from storage to gatewayprivateendpoint
fix bug where mhc wouldn't kick in after CR change
RP support for 2-zone regions, centraluseuap
Bump github.com/coreos/ignition/v2 from 2.13.0 to 2.14.0
Bumps [github.com/coreos/ignition/v2](https://github.com/coreos/ignition) from 2.13.0 to 2.14.0.
- [Release notes](https://github.com/coreos/ignition/releases)
- [Changelog](https://github.com/coreos/ignition/blob/main/docs/release-notes.md)
- [Commits](https://github.com/coreos/ignition/compare/v2.13.0...v2.14.0)
---
updated-dependencies:
- dependency-name: github.com/coreos/ignition/v2
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
reduce the use of bindata by using embed for machinehealthcheck controller
Add the development AKS ARM template.
New deploy_aks_dev function for the AKS ARM template.
Script to SSH into AKS node pool VM instances for prototyping and debugging.
Add 'make aks.kubeconfig' for use in development environments.
Documentation on accessing the private AKS cluster via the VPN for oc or direct SSH access.
Display list of clusters when a search returns 0 or >1 AKS clusters.
Filter for the system node pool for cases when there are more than one deployed.
Updates to ARM template for AKS keyvault access, node resource group, and various AAD changes.
add managed identity
Format JSON.
Wire up the user assigned MSI, peer with rp-vnet, and add the AKS keyvault back in.
Minor tweaks to naming, max agent VMs, and variables.
Add a podSubnet, autoscaling, and orchestratorVersion for nodepool upgrades.
Add aks.kubeconfig to Makefile .PHONY
Output an error if the AKS kubeconfig generation fails
Delegate pod subnet and wire up the AzureSecrets identity for keyvault access.
Remove any previous AKS config.
Limit MSI role assignment to subnet collaborator, bump max pods, and parameterize availabilityZones.
improve Python unit testing and refactor _validators.py (#2120)
* refactor: apply Guard clauses in _validators.py to simplify code
* fix _validators.py trailing whitespace
* improve python test tructure, include execution of unit tests in make test-python
* crate make directive to run python unit tests, add unit tests for azext_aro._validators.validate_cidr
* add tests for test_validate_client_id and include test cases description
* add unit tests for validate_client_secret from azext_aro._validators
* add explicit fields to named tuple in test cases in test_validators.py
* add two test scenarios for validate_cluster_resource_group
* simplify mocks
* add test case for test_validate_cluster_resource_group
* improve test descriptions
* add test_validate_disk_encryption_set test to test validate_disk_encryption_set
* add test cases to test_validate_disk_encryption_set()
* refactor test_validator.py to use classes instead of namedtuples. Use mocks instead of specific defined classes
* refactor (simplify code): remove explicit assignemnt to None when it is the default value
* create test_validate_domain() with 1st test case
* add test case, domain with '_'
* explicit import of unittest.TestCase
* fix test message in test_validate_domain
* finish test_validate_domain()
* finish test_validate_sdn() and test_validate_pull_secret()
* create test_validate_subnet() with first test case
* finish test_validate_subnet() and minor refactor in _validators.py
* create test_validate_subnets() and add first test case
* finish validate_vnet_resource_group_name()
* finish test_validate_worker_count() of test_validators.py and simple refactor in _validators.py
* finish test_validate_worker_vm_disk_size_gb()
* refactor _validators.py
* add test_validate_refresh_cluster_credentials() and minor refactor of test_validators()
* refactor _test_validators.py to use pytest, create script and invoke it from Makefile
* simplify test_validate_cidr() using pytest.mark.parametrize
* simplify some tests using pytest.mark.parametrize
* finish applying pytest.mark.parametrize
* clean up Makefile test-python
* add blank line to hack/unit-test-python.sh
* fix typo in test case
* fix mega-linter error, blank space
* fix test case to fail due to invalid range
* fix typo in beeing to be being
* remove redundant test case
* reformat code for better readability
* add missing license to __init__.py files
Panic on AdminUpdate with MaintenanceTaskEverything
Fixed formatting issues and made the changes suggested in PR 2152
Panic on AdminUpdate PR changes.
error message updated as per PR comments
move installtime set to startInstallation rather than in the middle of kubeconfig generation
Fix azureproviderspec regression (#2167)
* Fix AzureMachineProviderSpec regression in 4.10
* refactor to reduce branches and clean up
Co-authored-by: bennerv <10840174+bennerv@users.noreply.github.com>
Removed temporary timestamp update code (#2172)
mirror MUO and Hive images to ACR
attempt to make this e2e test a bit more reliable
Add pull secret to allow mirroring from pd -> int
Pass NIC on CreateOrUpdate call
add required build images to mirror
add a listen to the cluster pull secret
move deploystorage portions to pkg/installer
manager for installer code, call the installer code from the cluster/install.go code
move some steps earlier in the installer
we haven't loaded the kubeconfig files into oc yet, so use the ones from the graph directly
Hive AKS development environment deploy (#2171)
* Add hive config generation script
* Script to install hive into the AKS dev environments
* Add note about semi-scientific container image search
* Vanilla hive config gleaned from app-sre config
* Initial OCP 4.10.15 image set
* Ignore the generated hive config files
* Check for crds folder and ask to re-running install
* Add docs
* Add newline to yaml EOF
* Spelling is clearly hard at this hour...
* Fix typo, grammer, and spelling
* Use the shell var instead
* Use the expanded output variable syntax. No lazy typing :)
* Use 1's for all error exit's
* Fix make aks.kubeconfig in docs/hive.md
Co-authored-by: Spencer Amann <samann@redhat.com>
* Fix hive docs kubeconfig typo
* Use HIVE_IMAGE_COMMIT_HASH in the HIVE image and comments for popd/pushd
* Update docs to reflect the use of the HIVE_IMAGE_COMMIT_HASH define
Co-authored-by: Spencer Amann <samann@redhat.com>
Go vet with tags
Tony Schneider
Anshul Verma
Maitiú Ó Ciaráin
Kipp Morris
Amber Brown
Caden Marchese
Brendan Bergen
Tanmay Satam
Steven Fairchild
Maitiú Ó Ciaráin
cadenmarchese
Ben Vesel
Nont
Nicolas Ontiveros
Matthew Barnes
Taylor Phelps
Aldo Fuster Turpin
Ayato Tokubi
Carlo Wisse
kimorris27
Srinivas Atmakuri
Petr Kotas
David Newman
Jeremy Facchetti
Mikalai Radchuk
Steven Fairchild
Andrew Denton
Ellis Johnson
Ellis Johnson