Merge branch 'main' into feature/support-insight-resources

.github/dependabot.yml

@@ -10,18 +10,22 @@ updates:
     directory: "/" 
     schedule:
       interval: "weekly"
+    rebase-strategy: "disabled"
   # ASO v2 controller 
   - package-ecosystem: "gomod" 
     directory: "/v2" 
     schedule:
       interval: "weekly"
+    rebase-strategy: "disabled"
   # ASO v2 asoctl
   - package-ecosystem: "gomod" 
     directory: "/v2/cmd/asoctl" 
     schedule:
       interval: "weekly"
+    rebase-strategy: "disabled"
   # ASO v2 generator
   - package-ecosystem: "gomod" 
     directory: "/v2/tools/generator" 
     schedule:
       interval: "weekly"
+    rebase-strategy: "disabled"

.github/workflows/push-release-image-test.yaml

@@ -0,0 +1,4 @@
+name: Test docker image
+on:
+  workflow_dispatch:
+  # no content, allows manual triggering

docs/hugo/content/guide/authentication/credential-format.md

@@ -39,26 +39,11 @@ Set the following additional environment variables:
 ```bash
 export MI_RESOURCE_GROUP="my-rg"  # The resource group containing the managed identity that will be used by ASO
 export MI_NAME="my-mi"            # The name of the managed identity that will be used by ASO
-export APPLICATION_OBJECT_ID=$(az resource show --id /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${MI_RESOURCE_GROUP}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${MI_NAME} --query "properties.principalId" -o tsv | tr -d '[:space:]')
 ```
 
 Create the Federated Identity Credential registering your service account with AAD:
 ```bash
-cat <<EOF > body.json
-{
-  "name": "aso-federated-credential",
-  "type":"Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
-  "properties": {
-    "issuer":"${SERVICE_ACCOUNT_ISSUER}",
-    "subject":"system:serviceaccount:azureserviceoperator-system:azureserviceoperator-default",
-    "audiences": [
-      "api://AzureADTokenExchange"
-    ]
-  }
-}
-EOF
-
-az rest --method put --url /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourcegroups/${MI_RESOURCE_GROUP}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${MI_NAME}/federatedIdentityCredentials/aso-federated-credential?api-version=2022-01-31-preview --body @body.json
+az identity federated-credential create --name aso-federated-credential --identity-name ${MI_NAME} --resource-group ${MI_RESOURCE_GROUP} --issuer ${SERVICE_ACCOUNT_ISSUER} --subject "system:serviceaccount:azureserviceoperator-system:azureserviceoperator-default" --audiences "api://AzureADTokenExchange"
 ```
 
 {{% /tab %}}

docs/hugo/content/guide/diagnosing-problems.md

@@ -36,6 +36,39 @@ aso-sample-rg   False     Info       Reconciling     The resource is in the proc
 ```
 if this isn't happening then check the [controller logs](#getting-aso-controller-pod-logs).
 
+### Resource stuck deleting 
+
+This presents slightly differently for different resources, some examples are:
+
+* [#2478](https://github.com/Azure/azure-service-operator/issues/2478)
+* [#2586](https://github.com/Azure/azure-service-operator/issues/2586)
+* [#2607](https://github.com/Azure/azure-service-operator/issues/2607)
+
+For example, you might see something like this:
+```
+deleting resource "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/dev-rg/providers/Microsoft.KeyVault/vaults/kvname/providers/Microsoft.Authorization/roleAssignments/kv-role-assignement3": DELETE https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/dev-rg/providers/Microsoft.KeyVault/vaults/kvname/providers/Microsoft.Authorization/roleAssignments/kv-role-assignement3
+--------------------------------------------------------------------------------
+RESPONSE 400: 400 Bad Request
+ERROR CODE: InvalidRoleAssignmentId
+--------------------------------------------------------------------------------
+{
+    "error": {
+        "code": "InvalidRoleAssignmentId",
+        message": "The role assignment ID 'kv-role-assignement3' is not valid. The role assignment ID must be a GUID."
+    }
+}
+--------------------------------------------------------------------------------
+```
+
+This can happen because the resource was created with an invalid name, and when ASO is trying to delete it,
+it cannot delete the resource because the name is invalid.
+
+_Usually_, ASO will prevent this situation from happening by blocking the original apply that attempts to create the resource, 
+but from time to time that protection may be imperfect.
+
+If you see this problem, the resource wasn't ever created successfully in Azure and so it is safe to instruct ASO to 
+skip deletion of the Azure resource. This can be done by adding the `serviceoperator.azure.com/reconcile-policy: skip` 
+annotation to the resource in your cluster.
 
 ## Getting ASO controller pod logs
 The last stop when investigating most issues is to look at the ASO pod logs. We expect that

docs/hugo/content/guide/frequently-asked-questions.md

@@ -179,3 +179,14 @@ reconcile-policy: skip on the old one, deleting it, and then creating the `RoleA
 allowing it to adopt the existing resource in Azure) you must manually specify the AzureName
 of the `RoleAssignment` as the original UUID. Otherwise, the UUID defaulting algorithm will choose a different UUID since
 the namespace has changed.
+
+### How can I import existing Azure resources into ASO?
+
+See [Annotations understood by the operator]({{< relref "annotations#serviceoperatorazurecomreconcile-policy" >}}) for
+details about how to control whether the operator modifies Azure resources or just watches them.
+
+There are a few options for importing resources into your cluster:
+* If you're looking to import a large number of Azure resources you can use [asoctl]( {{< relref "tools/asoctl" >}}).
+* If you're looking to import a small number of resources, you can also manually create the resources in your cluster 
+  yourself and apply them. As long as the resource name, type and subscription are the same as the existing Azure 
+  resource, ASO will automatically adopt the resource. Make sure to use the `reconcile-policy` you want.

docs/hugo/content/reference/_index.md

@@ -211,6 +211,16 @@ These resource versions are deprecated and will be removed in an upcoming ASO re
 
 To install the CRDs for these resources, your ASO configuration must include `containerservice.azure.com/*` as a one of the configured CRD patterns. See [CRD Management in ASO](https://azure.github.io/azure-service-operator/guide/crd-management/) for details on doing this for both [Helm](https://azure.github.io/azure-service-operator/guide/crd-management/#helm) and [YAML](https://azure.github.io/azure-service-operator/guide/crd-management/#yaml) based installations.
 
+### Next Release
+
+Development of these new resources is complete and they will be available in the next release of ASO.
+
+| Resource        | ARM Version        | CRD Version          | Supported From | Sample                                                                                                                                                       |
+|-----------------|--------------------|----------------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Fleet           | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleet.yaml)           |
+| FleetsMember    | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleetsmember.yaml)    |
+| FleetsUpdateRun | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleetsupdaterun.yaml) |
+
 ### Released
 
 These resource(s) are available for use in the current release of ASO. Different versions of a given resource reflect different versions of the Azure ARM API.

docs/hugo/content/reference/containerservice/_index.md

@@ -5,6 +5,16 @@ no_list: true
 ---
 To install the CRDs for these resources, your ASO configuration must include `containerservice.azure.com/*` as a one of the configured CRD patterns. See [CRD Management in ASO](https://azure.github.io/azure-service-operator/guide/crd-management/) for details on doing this for both [Helm](https://azure.github.io/azure-service-operator/guide/crd-management/#helm) and [YAML](https://azure.github.io/azure-service-operator/guide/crd-management/#yaml) based installations.
 
+### Next Release
+
+Development of these new resources is complete and they will be available in the next release of ASO.
+
+| Resource        | ARM Version        | CRD Version          | Supported From | Sample                                                                                                                                                       |
+|-----------------|--------------------|----------------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Fleet           | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleet.yaml)           |
+| FleetsMember    | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleetsmember.yaml)    |
+| FleetsUpdateRun | 2023-03-15-preview | v1api20230315preview | v2.4.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/containerservice/v1api20230315preview/v1api20230315preview_fleetsupdaterun.yaml) |
+
 ### Released
 
 These resource(s) are available for use in the current release of ASO. Different versions of a given resource reflect different versions of the Azure ARM API.

go.mod

@@ -16,10 +16,10 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/gobuffalo/envy v1.7.0
-	github.com/gofrs/uuid v4.0.0+incompatible
+	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.1
-	github.com/hashicorp/go-multierror v1.0.0
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/lib/pq v1.6.0
 	github.com/marstr/randname v0.0.0-20181206212954-d5b0f288ab8c
 	github.com/onsi/ginkgo v1.16.5

go.sum

@@ -169,8 +169,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gobuffalo/envy v1.7.0 h1:GlXgaiBkmrYMHco6t4j7SacKO4XUjvh5pwXh0f4uxXU=
 github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
+github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -266,8 +266,8 @@ github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/z
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=

hack/crossplane/azure-crossplane.yaml

@@ -172,6 +172,7 @@ typeTransformers:
     target:
       name: float
     matchRequired: false # TODO: Remove this if/when we actually require it
+
   - name: "*"
     property: Tags
     ifType:
@@ -187,16 +188,6 @@ typeTransformers:
         value:
           name: string
     because: Tags is defined as map[string]interface{} when it should be map[string]string
-  - group: deploymenttemplate
-    name: ResourceLocations
-    target:
-      name: string
-    because: Modeling this as an enum doesn't work well in the context of CRDs because new regions are regularly added
-  - group: definitions
-    name: ResourceLocations
-    target:
-      name: string
-    because: Modeling this as an enum doesn't work well in the context of CRDs because new regions are regularly added
 
   # Deal with readonly properties that were not properly pruned in the JSON schema
   - name: ResourceIdentity

v2/api/containerservice/customizations/structure.txt

@@ -1,5 +1,8 @@
 // Code generated by azure-service-operator-codegen. DO NOT EDIT.
 github.com/Azure/azure-service-operator/v2/api/containerservice/customizations
+├── FleetExtension: Object (0 properties)
+├── FleetsMemberExtension: Object (0 properties)
+├── FleetsUpdateRunExtension: Object (0 properties)
 ├── ManagedClusterExtension: Object (0 properties)
 ├── ManagedClustersAgentPoolExtension: Object (0 properties)
 └── TrustedAccessRoleBindingExtension: Object (0 properties)