✨ Add support for managed identity in machine pool

[shysank]

What type of PR is this?
/kind feature

What this PR does / why we need it:
Adds support for managed identity in machine pool.

• Ports ✨ Add support for user-assigned managed identities in AzureMachine #616 changes to machine pool

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #960

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release Note:

Add support for managed identity in machine pool

[k8s-ci-robot]

Welcome @shysank!

It looks like this is your first PR to kubernetes-sigs/cluster-api-provider-azure 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-provider-azure has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @shysank. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[nader-ziada]

/cc @devigned

[nader-ziada]

Thanks for the PR @shysank

a couple of quick questions

[nader-ziada]

is this converter to just generate the resource id in the azure format?

[shysank]

Yes, this is just a helper for converting []UserIdentity to map[string]VmOrVmssIdentityStruct

[nader-ziada]

/ok-to-test

[nader-ziada]

@devigned can you take a look please

[nader-ziada]

@shysank if you think the PR is ready, can you please remove the [WIP] and add a release note in the PR description.

[devigned]

Looks pretty good. I have some light feedback about the code and documentation.

One thing I would like to see out of this PR is a tutorial in the CAPZ book to describe how to create a MachinePool with a user assigned identity with a link to building a user assigned identity.

[devigned]

No action in the PR, but more for maintainers.

Dang... these tests are verbose with only like 2 lines that need to be updated. It would be nice to dry these up.

cc: @CecileRobertMichon and @nader-ziada

[CecileRobertMichon]

re: documentation, you could add onto the existing Identity doc https://capz.sigs.k8s.io/topics/identity.html

[shysank]

/retitle ✨ Add support for managed identity in machine pool

[k8s-ci-robot]

@shysank: Re-titling can only be requested by trusted users, like repository collaborators.

In response to this:

/retitle ✨ Add support for managed identity in machine pool

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[shysank]

@devigned I've addressed the review comments, PTAL.
cc: @CecileRobertMichon @nader-ziada

[devigned]

lgtm

/assign @nader-ziada @CecileRobertMichon

[nader-ziada]

lgtm pending squashing commits

[CecileRobertMichon]

/retest

looks like an unrelated flake

[shysank]

@CecileRobertMichon I have made the role assignment changes for system assigned identity, PTAL. The api-diff script is failing because I modified the Validate method to accept old machine pool spec as a parameter.

[nader-ziada]

I think its lgtm pending squashing commits

[CecileRobertMichon]

lgtm, please squash the commits @shysank

Awesome work, thanks!

[k8s-ci-robot]

@shysank: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
pull-cluster-api-provider-azure-apidiff	b463637	link	/test pull-cluster-api-provider-azure-apidiff

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[shysank]

@nader-ziada @CecileRobertMichon Thanks for the review, I've squashed the commits.

[CecileRobertMichon]

/lgtm

[devigned]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: devigned

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [devigned]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment