From 8173140fe60c19b46a8c00cecc14115341b538cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Prokopi=C4=87?= <nikola@prokopic.rs>
Date: Fri, 16 Dec 2022 14:35:20 +0100
Subject: [PATCH 1/2] Update upstream cluster-api-provider-azure version from
 v1.2.1 to v1.3.2

---
 CHANGELOG.md                                  |  4 ++++
 ...ities.infrastructure.cluster.x-k8s.io.yaml | 10 +++++-----
 ...lanes.infrastructure.cluster.x-k8s.io.yaml | 20 +++++++++++++++++++
 ...pools.infrastructure.cluster.x-k8s.io.yaml |  3 +++
 helm/cluster-api-provider-azure/values.yaml   |  2 +-
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb7a7a1..cb4632b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Update upstream cluster-api-provider-azure version from v1.2.1 to v1.3.2 (highlights TBA).
+
 ## [1.3.0] - 2022-12-16
 
 ### Changed
diff --git a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml
index de5bdc2..4cf8db7 100644
--- a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml
+++ b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml
@@ -57,7 +57,7 @@
                   type: object
               type: object
             clientID:
-              description: Both User Assigned MSI and SP can use this field.
+              description: ClientID is the service principal client ID. Both User Assigned MSI and SP can use this field.
               type: string
             clientSecret:
               description: ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.
@@ -70,17 +70,17 @@
                   type: string
               type: object
             resourceID:
-              description: User assigned MSI resource id.
+              description: ResourceID is the Azure resource ID for the User Assigned MSI resource. Not currently supported.
               type: string
             tenantID:
-              description: Service principal primary tenant id.
+              description: TenantID is the service principal primary tenant id.
               type: string
             type:
-              description: UserAssignedMSI or Service Principal
+              description: Type is the type of Azure Identity used. ServicePrincipal, ServicePrincipalCertificate, or ManualServicePrincipal.
               enum:
                 - ServicePrincipal
                 - ManualServicePrincipal
-                - UserAssignedMSI
+                - ServicePrincipalCertificate
               type: string
           required:
             - clientID
diff --git a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml
index 3c7f084..7df38f4 100644
--- a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml
+++ b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml
@@ -35,6 +35,26 @@
                 type: string
               description: AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.
               type: object
+            addonProfiles:
+              description: AddonProfiles are the profiles of managed cluster add-on.
+              items:
+                properties:
+                  config:
+                    additionalProperties:
+                      type: string
+                    description: Config - Key-value pairs for configuring an add-on.
+                    type: object
+                  enabled:
+                    description: Enabled - Whether the add-on is enabled or not.
+                    type: boolean
+                  name:
+                    description: Name- The name of managed cluster add-on.
+                    type: string
+                required:
+                  - enabled
+                  - name
+                type: object
+              type: array
             apiServerAccessProfile:
               description: APIServerAccessProfile is the access profile for AKS API server.
               properties:
diff --git a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml
index eda3397..56e4fae 100644
--- a/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml
+++ b/helm/cluster-api-provider-azure/files/infrastructure/patches/versions/v1beta1/azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml
@@ -20,6 +20,9 @@
               items:
                 type: string
               type: array
+            enableUltraSSD:
+              description: EnableUltraSSD enables the storage type UltraSSD_LRS for the agent pool.
+              type: boolean
             maxPods:
               description: MaxPods specifies the kubelet --max-pods configuration for the node pool.
               format: int32
diff --git a/helm/cluster-api-provider-azure/values.yaml b/helm/cluster-api-provider-azure/values.yaml
index cc8211c..4fec066 100644
--- a/helm/cluster-api-provider-azure/values.yaml
+++ b/helm/cluster-api-provider-azure/values.yaml
@@ -2,7 +2,7 @@ name: cluster-api-azure-controller
 image:
   registry: quay.io
   name: giantswarm/cluster-api-azure-controller
-  tag: v1.2.1
+  tag: v1.3.2
 
 project:
   branch: "[[ .Branch ]]"

From 322b252c42a10d565818f7d791bad86e6249d9a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Prokopi=C4=87?= <nikola@prokopic.rs>
Date: Sat, 17 Dec 2022 14:08:57 +0100
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cb4632b..cffecb1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- Update upstream cluster-api-provider-azure version from v1.2.1 to v1.3.2 (highlights TBA).
+- Update upstream cluster-api-provider-azure version from v1.2.1 to v1.3.2 (see highlighted changes below)
+- [CAPZ v1.3.0] [Add support for Service Principal with Certificate auth using AAD pod identity](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/2258). This looks like a breaking change in theory, since `AzureClusterIdentity` `UserAssignedMSI` type is removed, but in practice it is not, because UserAssignedMSI never worked, see [this comment for more details](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/2258/files#r859891486). In any case Giant Swarm workload clusters are not be affected, because all of them are using `ServicePrincipal` type.
+
+### cluster-api-provider-azure upstream release notes
+- [v1.3.0](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.3.0)
+- [v1.3.1](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.3.1)
+- [v1.3.2](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.3.2)
 
 ## [1.3.0] - 2022-12-16