fix(cloudid): vendor update for azure iam (#21646)

go.mod

@@ -93,7 +93,7 @@ require (
 	k8s.io/cri-api v0.22.17
 	k8s.io/klog/v2 v2.20.0
 	moul.io/http2curl/v2 v2.3.0
-	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120063054-1c330599f577
+	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120113602-163eeb5fbfbe
 	yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32
 	yunion.io/x/jsonutils v1.0.1-0.20240930100528-1671a2d0d22f
 	yunion.io/x/log v1.0.1-0.20240305175729-7cf2d6cd5a91

go.sum

@@ -1376,8 +1376,8 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120063054-1c330599f577 h1:Db/i0tM3HLB5sXEUztyh94cjCBxP+u2BGjjBY38eOy8=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120063054-1c330599f577/go.mod h1:rj/pb3DitJlQaQD8UW1oxx/KD+PzDZqoywzqRJaFE9A=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120113602-163eeb5fbfbe h1:jQ6fI+DxmfgXpVx3u1uqqC3Bbfm+ogUhpeMUWGY/UTM=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120113602-163eeb5fbfbe/go.mod h1:rj/pb3DitJlQaQD8UW1oxx/KD+PzDZqoywzqRJaFE9A=
 yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32 h1:v7POYkQwo1XzOxBoIoRVr/k0V9Y5JyjpshlIFa9raug=
 yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32/go.mod h1:Uxuou9WQIeJXNpy7t2fPLL0BYLvLiMvGQwY7Qc6aSws=
 yunion.io/x/jsonutils v0.0.0-20190625054549-a964e1e8a051/go.mod h1:4N0/RVzsYL3kH3WE/H1BjUQdFiWu50JGCFQuuy+Z634=

pkg/cloudid/drivers/azure.go

@@ -15,8 +15,16 @@
 package drivers
 
 import (
+	"context"
+
+	"yunion.io/x/cloudmux/pkg/cloudprovider"
+	"yunion.io/x/log"
+	"yunion.io/x/pkg/errors"
+
 	api "yunion.io/x/onecloud/pkg/apis/compute"
+	"yunion.io/x/onecloud/pkg/cloudcommon/db/lockman"
 	"yunion.io/x/onecloud/pkg/cloudid/models"
+	"yunion.io/x/onecloud/pkg/mcclient"
 )
 
 type SAzureDriver struct {
@@ -30,3 +38,82 @@ func (driver SAzureDriver) GetProvider() string {
 func init() {
 	models.RegisterProviderDriver(&SAzureDriver{})
 }
+
+func (base SAzureDriver) RequestSyncCloudaccountResources(ctx context.Context, userCred mcclient.TokenCredential, account *models.SCloudaccount, provider cloudprovider.ICloudProvider) error {
+
+	func() {
+		lockman.LockRawObject(ctx, account.Id, models.SAMLProviderManager.Keyword())
+		defer lockman.ReleaseRawObject(ctx, account.Id, models.SAMLProviderManager.Keyword())
+
+		samls, err := provider.GetICloudSAMLProviders()
+		if err != nil {
+			if errors.Cause(err) != cloudprovider.ErrNotSupported && errors.Cause(err) != cloudprovider.ErrNotImplemented {
+				log.Errorf("get saml providers for account %s error: %v", account.Name, err)
+			}
+			return
+		}
+		result := account.SyncSAMLProviders(ctx, userCred, samls, "")
+		log.Infof("Sync SAMLProviders for account %s(%s) result: %s", account.Name, account.Provider, result.Result())
+	}()
+
+	func() {
+		policies, err := provider.GetICloudpolicies()
+		if err != nil {
+			if errors.Cause(err) != cloudprovider.ErrNotSupported && errors.Cause(err) != cloudprovider.ErrNotImplemented {
+				log.Errorf("get system policies for account %s error: %v", account.Name, err)
+			}
+			return
+		}
+		result := account.SyncPolicies(ctx, userCred, policies, "")
+		log.Infof("Sync policies for account %s(%s) result: %s", account.Name, account.Provider, result.Result())
+	}()
+
+	func() {
+		iGroups, err := provider.GetICloudgroups()
+		if err != nil {
+			if errors.Cause(err) != cloudprovider.ErrNotSupported && errors.Cause(err) != cloudprovider.ErrNotImplemented {
+				log.Errorf("get groups for account %s error: %v", account.Name, err)
+			}
+			return
+		}
+		localGroups, remoteGroups, result := account.SyncCloudgroups(ctx, userCred, iGroups, "")
+		log.Infof("SyncCloudgroups for account %s(%s) result: %s", account.Name, account.Provider, result.Result())
+		for i := 0; i < len(localGroups); i += 1 {
+			func() {
+				// lock cloudgroup
+				lockman.LockObject(ctx, &localGroups[i])
+				defer lockman.ReleaseObject(ctx, &localGroups[i])
+
+				localGroups[i].SyncCloudpolicies(ctx, userCred, remoteGroups[i])
+			}()
+		}
+	}()
+
+	func() {
+		iUsers, err := provider.GetICloudusers()
+		if err != nil {
+			if errors.Cause(err) != cloudprovider.ErrNotSupported && errors.Cause(err) != cloudprovider.ErrNotImplemented {
+				log.Errorf("get users for account %s error: %v", account.Name, err)
+			}
+			return
+		}
+		localUsers, remoteUsers, result := account.SyncCloudusers(ctx, userCred, iUsers, "")
+		log.Infof("SyncCloudusers for account %s(%s) result: %s", account.Name, account.Provider, result.Result())
+		for i := 0; i < len(localUsers); i += 1 {
+			func() {
+				// lock clouduser
+				lockman.LockObject(ctx, &localUsers[i])
+				defer lockman.ReleaseObject(ctx, &localUsers[i])
+
+				localUsers[i].SyncCloudpolicies(ctx, userCred, remoteUsers[i])
+				localUsers[i].SyncCloudgroups(ctx, userCred, remoteUsers[i])
+			}()
+		}
+	}()
+
+	return nil
+}
+
+func (base SAzureDriver) RequestSyncCloudproviderResources(ctx context.Context, userCred mcclient.TokenCredential, cp *models.SCloudprovider, provider cloudprovider.ICloudProvider) error {
+	return nil
+}

pkg/cloudid/models/cloudgroup.go

@@ -642,7 +642,7 @@ func (self *SCloudgroup) PerformSetPolicies(ctx context.Context, userCred mcclie
 			return nil, err
 		}
 		policy := policObj.(*SCloudpolicy)
-		if policy.ManagerId != self.ManagerId || policy.CloudaccountId != self.CloudaccountId {
+		if (policy.ManagerId != self.ManagerId && len(self.ManagerId) > 0) || policy.CloudaccountId != self.CloudaccountId {
 			return nil, httperrors.NewConflictError("Policies and groups do not belong to the same account")
 		}
 		newP.Add(policy.Id)

vendor/modules.txt

@@ -1785,7 +1785,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.2.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
-# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120063054-1c330599f577
+# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20241120113602-163eeb5fbfbe
 ## explicit; go 1.21
 yunion.io/x/cloudmux/pkg/apis
 yunion.io/x/cloudmux/pkg/apis/billing