Merge branch 'main' into remove-setcredentials

CHANGELOG/v1.11.7.md

@@ -0,0 +1,162 @@
+## Changes by Kind
+
+### Other (Cleanup or Flake)
+
+- Bump CAPI to v1.5.4 ([#4348](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/4348), [@mboersma](https://github.com/mboersma))
+
+## Dependencies
+
+### Added
+_Nothing has changed._
+
+### Changed
+- cloud.google.com/go/bigquery: v1.53.0 → v1.8.0
+- cloud.google.com/go/datastore: v1.13.0 → v1.1.0
+- cloud.google.com/go/firestore: v1.11.0 → v1.9.0
+- cloud.google.com/go/longrunning: v0.5.1 → v0.4.1
+- cloud.google.com/go/pubsub: v1.33.0 → v1.3.1
+- cloud.google.com/go: v0.110.6 → v0.110.0
+- github.com/docker/docker: [v24.0.5+incompatible → v24.0.7+incompatible](https://github.com/docker/docker/compare/v24.0.5...v24.0.7)
+- github.com/felixge/httpsnoop: [v1.0.3 → v1.0.4](https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4)
+- github.com/go-logr/logr: [v1.2.4 → v1.3.0](https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0)
+- github.com/golang/glog: [v1.1.0 → v1.1.2](https://github.com/golang/glog/compare/v1.1.0...v1.1.2)
+- github.com/google/cel-go: [v0.12.6 → v0.12.7](https://github.com/google/cel-go/compare/v0.12.6...v0.12.7)
+- github.com/google/go-cmp: [v0.5.9 → v0.6.0](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)
+- github.com/rogpeppe/go-internal: [v1.10.0 → v1.11.0](https://github.com/rogpeppe/go-internal/compare/v1.10.0...v1.11.0)
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.35.0 → v0.46.0
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.44.0 → v0.46.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
+- go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
+- go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
+- go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
+- go.opentelemetry.io/otel: v1.19.0 → v1.20.0
+- go.uber.org/goleak: v1.2.1 → v1.3.0
+- golang.org/x/oauth2: v0.10.0 → v0.11.0
+- golang.org/x/sys: v0.13.0 → v0.14.0
+- google.golang.org/genproto/googleapis/api: f966b18 → b8732ec
+- google.golang.org/genproto/googleapis/rpc: f966b18 → b8732ec
+- google.golang.org/genproto: f966b18 → b8732ec
+- google.golang.org/grpc: v1.58.3 → v1.59.0
+- k8s.io/api: v0.27.2 → v0.27.7
+- k8s.io/apiextensions-apiserver: v0.27.2 → v0.27.7
+- k8s.io/apimachinery: v0.27.2 → v0.27.7
+- k8s.io/apiserver: v0.27.2 → v0.27.7
+- k8s.io/client-go: v0.27.2 → v0.27.7
+- k8s.io/code-generator: v0.27.2 → v0.27.7
+- k8s.io/component-base: v0.27.2 → v0.27.7
+- k8s.io/kms: v0.27.2 → v0.27.7
+- sigs.k8s.io/cluster-api/test: v1.5.3 → v1.5.4
+- sigs.k8s.io/cluster-api: v1.5.3 → v1.5.4
+- sigs.k8s.io/controller-runtime: v0.15.1 → v0.15.3
+
+### Removed
+- cloud.google.com/go/accessapproval: v1.7.1
+- cloud.google.com/go/accesscontextmanager: v1.8.1
+- cloud.google.com/go/aiplatform: v1.48.0
+- cloud.google.com/go/analytics: v0.21.3
+- cloud.google.com/go/apigateway: v1.6.1
+- cloud.google.com/go/apigeeconnect: v1.6.1
+- cloud.google.com/go/apigeeregistry: v0.7.1
+- cloud.google.com/go/appengine: v1.8.1
+- cloud.google.com/go/area120: v0.8.1
+- cloud.google.com/go/artifactregistry: v1.14.1
+- cloud.google.com/go/asset: v1.14.1
+- cloud.google.com/go/assuredworkloads: v1.11.1
+- cloud.google.com/go/automl: v1.13.1
+- cloud.google.com/go/baremetalsolution: v1.1.1
+- cloud.google.com/go/batch: v1.3.1
+- cloud.google.com/go/beyondcorp: v1.0.0
+- cloud.google.com/go/billing: v1.16.0
+- cloud.google.com/go/binaryauthorization: v1.6.1
+- cloud.google.com/go/certificatemanager: v1.7.1
+- cloud.google.com/go/channel: v1.16.0
+- cloud.google.com/go/cloudbuild: v1.13.0
+- cloud.google.com/go/clouddms: v1.6.1
+- cloud.google.com/go/cloudtasks: v1.12.1
+- cloud.google.com/go/contactcenterinsights: v1.10.0
+- cloud.google.com/go/container: v1.24.0
+- cloud.google.com/go/containeranalysis: v0.10.1
+- cloud.google.com/go/datacatalog: v1.16.0
+- cloud.google.com/go/dataflow: v0.9.1
+- cloud.google.com/go/dataform: v0.8.1
+- cloud.google.com/go/datafusion: v1.7.1
+- cloud.google.com/go/datalabeling: v0.8.1
+- cloud.google.com/go/dataplex: v1.9.0
+- cloud.google.com/go/dataproc/v2: v2.0.1
+- cloud.google.com/go/dataqna: v0.8.1
+- cloud.google.com/go/datastream: v1.10.0
+- cloud.google.com/go/deploy: v1.13.0
+- cloud.google.com/go/dialogflow: v1.40.0
+- cloud.google.com/go/dlp: v1.10.1
+- cloud.google.com/go/documentai: v1.22.0
+- cloud.google.com/go/domains: v0.9.1
+- cloud.google.com/go/edgecontainer: v1.1.1
+- cloud.google.com/go/errorreporting: v0.3.0
+- cloud.google.com/go/essentialcontacts: v1.6.2
+- cloud.google.com/go/eventarc: v1.13.0
+- cloud.google.com/go/filestore: v1.7.1
+- cloud.google.com/go/functions: v1.15.1
+- cloud.google.com/go/gkebackup: v1.3.0
+- cloud.google.com/go/gkeconnect: v0.8.1
+- cloud.google.com/go/gkehub: v0.14.1
+- cloud.google.com/go/gkemulticloud: v1.0.0
+- cloud.google.com/go/gsuiteaddons: v1.6.1
+- cloud.google.com/go/iam: v1.1.1
+- cloud.google.com/go/iap: v1.8.1
+- cloud.google.com/go/ids: v1.4.1
+- cloud.google.com/go/iot: v1.7.1
+- cloud.google.com/go/kms: v1.15.0
+- cloud.google.com/go/language: v1.10.1
+- cloud.google.com/go/lifesciences: v0.9.1
+- cloud.google.com/go/logging: v1.7.0
+- cloud.google.com/go/managedidentities: v1.6.1
+- cloud.google.com/go/maps: v1.4.0
+- cloud.google.com/go/mediatranslation: v0.8.1
+- cloud.google.com/go/memcache: v1.10.1
+- cloud.google.com/go/metastore: v1.12.0
+- cloud.google.com/go/monitoring: v1.15.1
+- cloud.google.com/go/networkconnectivity: v1.12.1
+- cloud.google.com/go/networkmanagement: v1.8.0
+- cloud.google.com/go/networksecurity: v0.9.1
+- cloud.google.com/go/notebooks: v1.9.1
+- cloud.google.com/go/optimization: v1.4.1
+- cloud.google.com/go/orchestration: v1.8.1
+- cloud.google.com/go/orgpolicy: v1.11.1
+- cloud.google.com/go/osconfig: v1.12.1
+- cloud.google.com/go/oslogin: v1.10.1
+- cloud.google.com/go/phishingprotection: v0.8.1
+- cloud.google.com/go/policytroubleshooter: v1.8.0
+- cloud.google.com/go/privatecatalog: v0.9.1
+- cloud.google.com/go/pubsublite: v1.8.1
+- cloud.google.com/go/recaptchaenterprise/v2: v2.7.2
+- cloud.google.com/go/recommendationengine: v0.8.1
+- cloud.google.com/go/recommender: v1.10.1
+- cloud.google.com/go/redis: v1.13.1
+- cloud.google.com/go/resourcemanager: v1.9.1
+- cloud.google.com/go/resourcesettings: v1.6.1
+- cloud.google.com/go/retail: v1.14.1
+- cloud.google.com/go/run: v1.2.0
+- cloud.google.com/go/scheduler: v1.10.1
+- cloud.google.com/go/secretmanager: v1.11.1
+- cloud.google.com/go/security: v1.15.1
+- cloud.google.com/go/securitycenter: v1.23.0
+- cloud.google.com/go/servicedirectory: v1.11.0
+- cloud.google.com/go/shell: v1.7.1
+- cloud.google.com/go/spanner: v1.47.0
+- cloud.google.com/go/speech: v1.19.0
+- cloud.google.com/go/storagetransfer: v1.10.0
+- cloud.google.com/go/talent: v1.6.2
+- cloud.google.com/go/texttospeech: v1.7.1
+- cloud.google.com/go/tpu: v1.6.1
+- cloud.google.com/go/trace: v1.10.1
+- cloud.google.com/go/translate: v1.8.2
+- cloud.google.com/go/video: v1.19.0
+- cloud.google.com/go/videointelligence: v1.11.1
+- cloud.google.com/go/vision/v2: v2.7.2
+- cloud.google.com/go/vmmigration: v1.7.1
+- cloud.google.com/go/vmwareengine: v1.0.0
+- cloud.google.com/go/vpcaccess: v1.7.1
+- cloud.google.com/go/webrisk: v1.9.1
+- cloud.google.com/go/websecurityscanner: v1.6.1
+- cloud.google.com/go/workflows: v1.11.1

CHANGELOG/v1.12.1.md

@@ -0,0 +1,24 @@
+## Changes by Kind
+
+### Bug or Regression
+
+- Fix: DNSPrefix error on existing tenant cluster (#4368, @mihaiandreiratoiu)
+- Support AKS BYOCNI by allowing networkPlugin: none (#4318, @illrill)
+
+### Other (Cleanup or Flake)
+
+- Bump CAPI to v1.5.4 (#4344, @mboersma)
+
+## Dependencies
+
+### Added
+_Nothing has changed._
+
+### Changed
+- github.com/felixge/httpsnoop: [v1.0.3 → v1.0.4](https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4)
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.44.0 → v0.46.0
+- sigs.k8s.io/cluster-api/test: v1.5.3 → v1.5.4
+- sigs.k8s.io/cluster-api: v1.5.3 → v1.5.4
+
+### Removed
+_Nothing has changed._

Makefile

@@ -583,15 +583,24 @@ RELEASE_TAG ?= $(shell git describe --abbrev=0 2>/dev/null)
 ifneq (,$(findstring -,$(RELEASE_TAG)))
     PRE_RELEASE=true
 endif
+FULL_VERSION := $(RELEASE_TAG:v%=%)
+MINOR_VERSION := $(shell v='$(FULL_VERSION)'; echo "$${v%.*}")
+PATCH_VERSION := $(shell v='$(FULL_VERSION)'; echo "$${v##*.}")
+# if the release tag is a .0 version, use the main branch
+ifeq ($(PATCH_VERSION),0)
+	RELEASE_BRANCH ?= main
+else
+	RELEASE_BRANCH ?= release-$(MINOR_VERSION)
+endif
 # the previous release tag, e.g., v0.3.9, excluding pre-release tags
-PREVIOUS_TAG ?= $(shell git tag -l | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$$" | sort -V | grep -B1 $(RELEASE_TAG) | head -n 1 2>/dev/null)
+PREVIOUS_TAG ?= $(shell git tag --merged $(GIT_REMOTE_NAME)/$(RELEASE_BRANCH) -l | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$$" | sort -V | tail -n 1 2>/dev/null)
+START_SHA ?= $(shell git rev-list -n 1 $(PREVIOUS_TAG) 2>/dev/null)
+END_SHA ?= $(shell git rev-parse $(GIT_REMOTE_NAME)/$(RELEASE_BRANCH) 2>/dev/null)
 RELEASE_DIR ?= out
 RELEASE_NOTES_DIR := CHANGELOG
 GIT_REPO_NAME ?= cluster-api-provider-azure
 GIT_ORG_NAME ?= kubernetes-sigs
-FULL_VERSION := $(RELEASE_TAG:v%=%)
-MINOR_VERSION := $(shell v='$(FULL_VERSION)'; echo "$${v%.*}")
-RELEASE_BRANCH ?= release-$(MINOR_VERSION)
+GIT_REMOTE_NAME ?= upstream
 USER_FORK ?= $(shell git config --get remote.origin.url | cut -d/ -f4)
 IMAGE_REVIEWERS ?= $(shell ./hack/get-project-maintainers.sh)
 
@@ -650,9 +659,11 @@ release-alias-tag: ## Adds the tag to the last build tag.
 
 .PHONY: release-notes
 release-notes: $(RELEASE_NOTES) $(RELEASE_NOTES_DIR) ## Generate/update release notes.
+	@echo "generating release notes from $(PREVIOUS_TAG) to $(RELEASE_TAG) with start sha $(START_SHA) and end sha $(END_SHA)"
 	@if [ -n "${PRE_RELEASE}" ]; then echo ":rotating_light: This is a RELEASE CANDIDATE. Use it only for testing purposes. If you find any bugs, file an [issue](https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/new)." > $(RELEASE_NOTES_DIR)/release-notes-$(RELEASE_TAG).md; \
-	else $(RELEASE_NOTES) --org $(GIT_ORG_NAME) --repo $(GIT_REPO_NAME) --branch $(RELEASE_BRANCH)  --start-rev $(PREVIOUS_TAG) --end-rev $(RELEASE_TAG) --output $(RELEASE_NOTES_DIR)/tmp-release-notes.md --list-v2; \
-	sed 's/\[SIG Cluster Lifecycle\]//g' $(RELEASE_NOTES_DIR)/tmp-release-notes.md > $(RELEASE_NOTES_DIR)/release-notes-$(RELEASE_TAG).md; \
+	else $(RELEASE_NOTES) --org $(GIT_ORG_NAME) --repo $(GIT_REPO_NAME) --branch $(RELEASE_BRANCH)  --start-sha $(START_SHA) --end-sha $(END_SHA) --markdown-links true --output $(RELEASE_NOTES_DIR)/$(RELEASE_TAG).md --list-v2; \
+	sed 's/\[SIG Cluster Lifecycle\]//g' $(RELEASE_NOTES_DIR)/$(RELEASE_TAG).md > $(RELEASE_NOTES_DIR)/tmp-release-notes.md; \
+	cp $(RELEASE_NOTES_DIR)/tmp-release-notes.md $(RELEASE_NOTES_DIR)/$(RELEASE_TAG).md; \
 	rm -f $(RELEASE_NOTES_DIR)/tmp-release-notes.md; \
 	fi
 

api/v1beta1/azureimage_validation_test.go

@@ -223,3 +223,68 @@ func createTestImageByID(imageID string) *Image {
 		ID: &imageID,
 	}
 }
+
+func TestValidateSingleDetailsOnly(t *testing.T) {
+	testCases := map[string]struct {
+		image          *Image
+		expectedErrors field.ErrorList
+	}{
+		"image.Marketplace != nil, image details are found": {
+			image: &Image{
+				ID: ptr.To("ID1234"),
+				Marketplace: &AzureMarketplaceImage{
+					ImagePlan: ImagePlan{
+						Offer:     "OFFER",
+						Publisher: "PUBLISHER",
+						SKU:       "SKU",
+					},
+					Version: "1.0.0",
+				},
+			},
+			expectedErrors: field.ErrorList{
+				{
+					Type:     "FieldValueForbidden",
+					Field:    "image.Marketplace",
+					BadValue: "",
+					Detail:   "Marketplace cannot be used as an image ID has been specified",
+				},
+			},
+		},
+		"image.Marketplace == nil, image.ComputeGallery != nil, image details are found": {
+			image: &Image{
+				ID: ptr.To("ID1234"),
+				ComputeGallery: &AzureComputeGalleryImage{
+					Name:           "IMAGENAME",
+					Gallery:        "GALLERY9876",
+					Version:        "1.0.0",
+					SubscriptionID: ptr.To("SUB1234"),
+					ResourceGroup:  ptr.To("RG1234"),
+				},
+			},
+			expectedErrors: field.ErrorList{
+				{
+					Type:     "FieldValueForbidden",
+					Field:    "image.ComputeGallery",
+					BadValue: "",
+					Detail:   "ComputeGallery cannot be used as an image ID. Marketplace or SharedGallery images has been specified",
+				},
+			},
+		},
+		"image.Marketplace == nil, image.ComputeGallery == nil, image details not found": {
+			image: &Image{},
+			expectedErrors: field.ErrorList{
+				{
+					Type:     "FieldValueRequired",
+					Field:    "image",
+					BadValue: "",
+					Detail:   "You must supply an ID, Marketplace or ComputeGallery image details",
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		g := NewWithT(t)
+		g.Expect(ValidateImage(tc.image, field.NewPath("image"))).To(Equal(tc.expectedErrors))
+	}
+}

api/v1beta1/azuremanagedcontrolplane_default.go

@@ -19,7 +19,6 @@ package v1beta1
 import (
 	"encoding/base64"
 	"fmt"
-	"reflect"
 	"strings"
 
 	"golang.org/x/crypto/ssh"
@@ -195,7 +194,7 @@ func (m *AzureManagedControlPlane) setDefaultOIDCIssuerProfile() {
 }
 
 func (m *AzureManagedControlPlane) setDefaultDNSPrefix() {
-	if reflect.ValueOf(m.Spec.DNSPrefix).IsZero() {
+	if m.Spec.DNSPrefix == nil {
 		m.Spec.DNSPrefix = ptr.To(m.Name)
 	}
 }

api/v1beta1/azuremanagedcontrolplane_webhook.go

@@ -207,22 +207,23 @@ func (mw *azureManagedControlPlaneWebhook) ValidateUpdate(ctx context.Context, o
 		allErrs = append(allErrs, err)
 	}
 
-	oldDNSPrefix := old.Spec.DNSPrefix
-	newDNSPrefix := m.Spec.DNSPrefix
-	if reflect.ValueOf(oldDNSPrefix).IsZero() {
-		oldDNSPrefix = ptr.To(old.Name)
-	}
-
-	if reflect.ValueOf(newDNSPrefix).IsZero() {
-		newDNSPrefix = ptr.To(m.Name)
-	}
-
-	if err := webhookutils.ValidateImmutable(
-		field.NewPath("Spec", "DNSPrefix"),
-		oldDNSPrefix,
-		newDNSPrefix,
-	); err != nil {
-		allErrs = append(allErrs, err)
+	// This nil check is only to streamline tests from having to define this correctly in every test case.
+	// Normally, the defaulting webhooks will always set the new DNSPrefix so users can never entirely unset it.
+	if m.Spec.DNSPrefix != nil {
+		// Pre-1.12 versions of CAPZ do not set this field while 1.12+ defaults it, so emulate the current
+		// defaulting here to avoid unrelated updates from failing this immutability check due to the
+		// nil -> non-nil transition.
+		oldDNSPrefix := old.Spec.DNSPrefix
+		if oldDNSPrefix == nil {
+			oldDNSPrefix = ptr.To(old.Name)
+		}
+		if err := webhookutils.ValidateImmutable(
+			field.NewPath("Spec", "DNSPrefix"),
+			oldDNSPrefix,
+			m.Spec.DNSPrefix,
+		); err != nil {
+			allErrs = append(allErrs, err)
+		}
 	}
 
 	// Consider removing this once moves out of preview

api/v1beta1/azuremanagedcontrolplane_webhook_test.go

@@ -2559,6 +2559,29 @@ func TestAzureManagedControlPlane_ValidateUpdate(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "AzureManagedControlPlane DNSPrefix can be updated from nil when resource name matches",
+			oldAMCP: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "capz-aks",
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					DNSPrefix: nil,
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						Version: "v1.18.0",
+					},
+				},
+			},
+			amcp: &AzureManagedControlPlane{
+				Spec: AzureManagedControlPlaneSpec{
+					DNSPrefix: ptr.To("capz-aks"),
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						Version: "v1.18.0",
+					},
+				},
+			},
+			wantErr: false,
+		},
 		{
 			name: "DisableLocalAccounts cannot be set for non AAD clusters",
 			oldAMCP: &AzureManagedControlPlane{

api/v1beta1/azuremanagedmachinepool_webhook_test.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"testing"
 
-	asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230201"
+	asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001"
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"