Merge pull request openshift#113 from openshift-cloud-team/rebase-bot…

…-master OCPCLOUD-2607: Merge https://github.com/kubernetes-sigs/cloud-provider-azure:master (e6f5e9a) into master
openshift-cloud-team · Jun 10, 2024 · 08de993 · 08de993
2 parents 0e95532 + 5e3e90b
commit 08de993
Show file tree

Hide file tree

Showing 1,886 changed files with 157,600 additions and 44,241 deletions.
diff --git a/.ci-operator.yaml b/.ci-operator.yaml
@@ -1,4 +1,4 @@
 build_root_image:
   name: release
   namespace: openshift
-  tag: rhel-9-release-golang-1.21-openshift-4.16
+  tag: rhel-9-release-golang-1.22-openshift-4.17
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
diff --git a/.github/workflows/lint-ci-weekly.yaml b/.github/workflows/lint-ci-weekly.yaml
@@ -14,18 +14,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           egress-policy: audit
       - name: Setup Golang
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
           go-version: '>=1.21'
           check-latest: true
       - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
           version: latest
diff --git a/.github/workflows/release-azclient-trace.yml b/.github/workflows/release-azclient-trace.yml
@@ -0,0 +1,31 @@
+name: Release azclient trace
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'pkg/azclient/trace/*'
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      with:
+        fetch-depth: '0'
+    - name: Bump version and push tag
+      id: tag_version
+      uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2
+      with:
+        tag_prefix: pkg/azclient/trace/v
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        fetch_all_tags: true
diff --git a/.github/workflows/release-azclient.yml b/.github/workflows/release-azclient.yml
@@ -0,0 +1,34 @@
+name: Release azclient
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'pkg/azclient/**'
+      - '!pkg/azclient/configloader/**'
+      - '!pkg/azclient/client-gen/**'
+      - '!pkg/azclient/trace/**'
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      with:
+        fetch-depth: '0'
+    - name: Bump version and push tag
+      id: tag_version
+      uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2
+      with:
+        tag_prefix: pkg/azclient/v
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        fetch_all_tags: true
diff --git a/.github/workflows/release-configloader.yml b/.github/workflows/release-configloader.yml
@@ -0,0 +1,31 @@
+name: Release azclient configloader
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'pkg/azclient/configloader/**'
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      with:
+        fetch-depth: '0'
+    - name: Bump version and push tag
+      id: tag_version
+      uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        tag_prefix: pkg/azclient/configloader/v
+        fetch_all_tags: true
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,17 +32,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/update-vendor-license.yml b/.github/workflows/update-vendor-license.yml
@@ -37,14 +37,14 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
       with:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - name: Set up Go 1.x
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         go-version: '>=1.20'
         check-latest: true
@@ -54,7 +54,7 @@ jobs:
       run: |
         make update
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
       with:
         branch: doc/update-vendorlicense-${{github.ref_name}}
         delete-branch: true
@@ -69,7 +69,7 @@ jobs:
             /kind testing
 
             #### What this PR does / why we need it:
-            New release published.
+            go.sum is out of sync
 
             #### Does this PR introduce a user-facing change?
             ```release-note

diff --git a/.pipelines/ccm-image.yml b/.pipelines/ccm-image.yml
@@ -6,7 +6,11 @@ steps:
       git show --stat
       echo $REGISTRY_PASSWORD | docker login $REGISTRY_URL -u $REGISTRY_USERNAME --password-stdin
       export IMAGE_REGISTRY=$REGISTRY_URL
-      export GOPATH="/home/vsts/go"
+      USER="cloudtest"
+      if [[ -n "${RELEASE_PIPELINE:-}" ]]; then
+        USER="vsts"
+      fi
+      export GOPATH="/home/${USER}/go"
       export PATH="${PATH}:${GOPATH}/bin"
 
       if [[ ! -d kubetest2-aks ]]; then
@@ -19,10 +23,10 @@ steps:
       go install sigs.k8s.io/kubetest2@latest
       go mod tidy
       make deployer
-      sudo GOPATH="/home/vsts/go" make install
+      sudo GOPATH="/home/${USER}/go" make install
       popd
 
-      export IMAGE_TAG="$(git describe --tags)"
+      export IMAGE_TAG="$(git describe --tags --match "v[0-9].*")"
       kubetest2 aks --build --target ccm --targetPath `pwd`
     displayName: make and push ccm image
     env:

diff --git a/.pipelines/cnm-image.yml b/.pipelines/cnm-image.yml
@@ -6,7 +6,11 @@ steps:
       git show --stat
       echo $REGISTRY_PASSWORD | docker login $REGISTRY_URL -u $REGISTRY_USERNAME --password-stdin
       export IMAGE_REGISTRY=$REGISTRY_URL
-      export GOPATH="/home/vsts/go"
+      USER="cloudtest"
+      if [[ -n "${RELEASE_PIPELINE:-}" ]]; then
+        USER="vsts"
+      fi
+      export GOPATH="/home/${USER}/go"
       export PATH="${PATH}:${GOPATH}/bin"
 
       if [[ ! -d kubetest2-aks ]]; then
@@ -19,10 +23,10 @@ steps:
       go install sigs.k8s.io/kubetest2@latest
       go mod tidy
       make deployer
-      sudo GOPATH="/home/vsts/go" make install
+      sudo GOPATH="/home/${USER}/go" make install
       popd
 
-      export IMAGE_TAG="$(git describe --tags)"
+      export IMAGE_TAG="$(git describe --tags --match "v[0-9].*")"
       kubetest2 aks --build --target cnm --targetPath `pwd`
     displayName: make and push cnm image
     env:

diff --git a/.pipelines/daily-gc.yml b/.pipelines/daily-gc.yml
@@ -10,6 +10,8 @@ trigger: none
 
 pr: none
 
+pool: cloud-provider-azure-e2e-pool
+
 variables:
 - template: var-e2e.yml
 
@@ -23,13 +25,11 @@ stages:
         - bash: |
             export AZURE_SUBSCRIPTION_ID=$AZ_SUBSCRIPTION_ID
             export AZURE_TENANT_ID=$AZ_TENANT_ID
-            export AZURE_CLIENT_ID=$SP_CLIENT_ID
-            export AZURE_CLIENT_SECRET=$SP_CLIENT_SECRET
+            export AZURE_MANAGED_IDENTITY_CLIENT_ID=$AZ_MANAGED_IDENTITY_CLIENT_ID
 
             .pipelines/scripts/daily-gc.sh
           displayName: gc aks and resource groups
           env:
             AZ_SUBSCRIPTION_ID: $(az.subscription_id)
             AZ_TENANT_ID: $(az.tenant_id)
-            SP_CLIENT_ID: $(sp.client_id)
-            SP_CLIENT_SECRET: $(sp.client_secret)
+            AZ_MANAGED_IDENTITY_PRINCIPAL_ID: $(az.mi_client_id)
diff --git a/.pipelines/run-autoscaling-e2e.yml b/.pipelines/run-autoscaling-e2e.yml
@@ -9,8 +9,7 @@ trigger: none
 
 pr: none
 
-pool:
-  vmImage: ubuntu-latest
+pool: cloud-provider-azure-e2e-pool
 
 variables:
 - template: var-e2e.yml

diff --git a/.pipelines/run-autoscaling-multipool-e2e.yml b/.pipelines/run-autoscaling-multipool-e2e.yml
@@ -9,8 +9,7 @@ trigger: none
 
 pr: none
 
-pool:
-  vmImage: ubuntu-latest
+pool: cloud-provider-azure-e2e-pool
 
 variables:
 - template: var-e2e.yml

diff --git a/.pipelines/run-basic-lb-e2e.yml b/.pipelines/run-basic-lb-e2e.yml
@@ -12,8 +12,7 @@ trigger:
 
 pr: none
 
-pool:
-  vmImage: ubuntu-latest
+pool: cloud-provider-azure-e2e-pool
 
 variables:
 - template: var-e2e.yml

diff --git a/.pipelines/run-e2e.yml b/.pipelines/run-e2e.yml
@@ -8,9 +8,8 @@ steps:
   - bash: |
       export IMAGE_REGISTRY=$REGISTRY_URL
       export AZURE_SUBSCRIPTION_ID=$AZ_SUBSCRIPTION_ID
+      export AZURE_MANAGED_IDENTITY_CLIENT_ID=$AZ_MANAGED_IDENTITY_CLIENT_ID
       export AZURE_TENANT_ID=$AZ_TENANT_ID
-      export AZURE_CLIENT_ID=$SP_CLIENT_ID
-      export AZURE_CLIENT_SECRET=$SP_CLIENT_SECRET
       export ARTIFACT_DIR=$BUILD_ARTIFACT_STAGING_DIRECTORY
       export KUSTO_INGESTION_URI=$KUSTO_INGESTION_URI
 
@@ -24,9 +23,8 @@ steps:
     env:
       REGISTRY_URL: $(registry.url)
       AZ_SUBSCRIPTION_ID: $(az.subscription_id)
+      AZ_MANAGED_IDENTITY_PRINCIPAL_ID: $(az.mi_client_id)
       AZ_TENANT_ID: $(az.tenant_id)
-      SP_CLIENT_ID: $(sp.client_id)
-      SP_CLIENT_SECRET: $(sp.client_secret)
       BUILD_ARTIFACT_STAGING_DIRECTORY: $(Build.ArtifactStagingDirectory)
       BUILD_SOURCE_BRANCH_NAME: $(Build.SourceBranchName)
       KUSTO_INGESTION_URI: $(kusto.ingestion_uri)

diff --git a/.pipelines/run-vmas-e2e.yml b/.pipelines/run-vmas-e2e.yml
@@ -9,8 +9,7 @@ trigger: none
 
 pr: none
 
-pool:
-  vmImage: ubuntu-latest
+pool: cloud-provider-azure-e2e-pool
 
 variables:
 - template: var-e2e.yml

diff --git a/.pipelines/scripts/daily-gc.sh b/.pipelines/scripts/daily-gc.sh
@@ -21,7 +21,7 @@ set -o pipefail
 CLUSTER_NAME="aks-cluster"
 CURRENT_DATE="$(date +%s)"
 
-az login --service-principal -u "${AZURE_CLIENT_ID}" -p "${AZURE_CLIENT_SECRET}" --tenant "${AZURE_TENANT_ID}"
+az login --identity --username "${AZURE_MANAGED_IDENTITY_CLIENT_ID:-}"
 az group list --tag usage=aks-cluster-e2e | jq -r '.[].name' | awk '{print $1}' | while read -r RESOURCE_GROUP; do
   RG_DATE="$(az group show --resource-group ${RESOURCE_GROUP} | jq -r '.tags.creation_date')"
   DATE_DIFF="$(expr ${CURRENT_DATE} - ${RG_DATE})"