Merge branch 'main' into copilot/fix-3338

Author: theunrepentantgeek

.gitignore

@@ -84,3 +84,4 @@ hack/tools
 v2/controller
 v2/cmd/asoctl/asoctl
 v2/tools/generator/aso-gen
+v2/tools/generator/generator

README.md

@@ -1,5 +1,10 @@
 # Azure Service Operator (for Kubernetes)
 [![Go Report Card](https://goreportcard.com/badge/github.com/Azure/azure-service-operator)](https://goreportcard.com/report/github.com/Azure/azure-service-operator)
+[![Generate CRD docs](https://github.com/Azure/azure-service-operator/actions/workflows/api-docs-repo.yaml/badge.svg)](https://github.com/Azure/azure-service-operator/actions/workflows/api-docs-repo.yaml)
+[![Publish docs site](https://github.com/Azure/azure-service-operator/actions/workflows/deploy-site.yml/badge.svg)](https://github.com/Azure/azure-service-operator/actions/workflows/deploy-site.yml)
+[![Scan controller image](https://github.com/Azure/azure-service-operator/actions/workflows/scan-controller-image.yaml/badge.svg)](https://github.com/Azure/azure-service-operator/actions/workflows/scan-controller-image.yaml)
+[![Pre Release tests](https://github.com/Azure/azure-service-operator/actions/workflows/pre-release-tests.yaml/badge.svg)](https://github.com/Azure/azure-service-operator/actions/workflows/pre-release-tests.yaml)
+
 <!-- ![v2 Status](https://github.com/azure/azure-service-operator/actions/workflows/live-validation.yml/badge.svg?branch=main) -->
 
 ## What is it?
@@ -20,7 +25,7 @@ There are two major versions of Azure Service Operator: v1 and v2. Consult the b
 > Note: ASO v1 and v2 are two totally independent operators. Each has its own unique set of CRDs and controllers. They can be deployed side by side in the same cluster.
 
 | ASO Version | Lifecycle stage | Development status        | Installation options                                                                                                                                                                                    |
-| ----------- | --------------- |---------------------------| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| ----------- | --------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | v2          | Stable          | Under active development. | [Helm chart](/v2/charts), [GitHub release 2.x](https://github.com/Azure/azure-service-operator/releases). See [installation](https://azure.github.io/azure-service-operator/#installation) for example. |
 | v1          | Deprecated      | Halted                    | [Helm chart](/charts), [OperatorHub](https://operatorhub.io/operator/azure-service-operator) or [GitHub release 1.x](https://github.com/Azure/azure-service-operator/releases)                          |
 

Taskfile.yml

@@ -122,7 +122,6 @@ tasks:
     deps: 
       - header-check
       - specifier-check
-      - controller:check-crd-size
 
   make-release-artifacts:
     desc: Produce files required for an ASOv2 release
@@ -143,12 +142,16 @@ tasks:
     cmds:
       - task: asoctl:unit-tests
       - task: basic-checks
+        vars:
+          DIR: '{{.ASOCTL_ROOT}}'
       - task: asoctl:lint
 
   asoctl:ci:
     cmds:
       - task: asoctl:unit-tests-cover
       - task: basic-checks
+        vars:
+          DIR: '{{.ASOCTL_ROOT}}'
       - task: asoctl:lint
 
   asoctl:unit-tests:
@@ -236,12 +239,16 @@ tasks:
     cmds:
       - task: generator:unit-tests
       - task: basic-checks
+        vars:
+          DIR: '{{.GENERATOR_ROOT}}'
       - task: generator:lint
 
   generator:ci:
     cmds:
       - task: generator:unit-tests-cover
       - task: basic-checks
+        vars:
+          DIR: '{{.GENERATOR_ROOT}}'
       - task: generator:lint
 
   generator:unit-tests:
@@ -308,6 +315,7 @@ tasks:
       - task: controller:test
       # checks must be after test as that will generate code
       - task: basic-checks
+      - task: controller:check-crd-size
       - task: controller:verify-samples
       # Lint is forced to the end because it expects the code is formatted
       - task: controller:lint
@@ -319,6 +327,7 @@ tasks:
       - task: controller:test-integration-ci
       # checks must be after test as that will generate code
       - task: basic-checks
+      - task: controller:check-crd-size
       # lint must be at end after code is formatted
       - task: controller:lint
 
@@ -333,6 +342,7 @@ tasks:
     cmds:
       - task: controller:test-integration-ci-live
       - task: basic-checks
+      - task: controller:check-crd-size
       - task: controller:lint
 
   controller:format-code:
@@ -1031,7 +1041,7 @@ tasks:
     cmds:
       - "kubectl create namespace cert-manager"
       - "kubectl label namespace cert-manager cert-manager.io/disable-validation=true"
-      - "kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.4/cert-manager.yaml"
+      - "kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.18.2/cert-manager.yaml"
     status:
       - "kubectl get namespace cert-manager"
 
@@ -1249,7 +1259,9 @@ tasks:
 
   crossplane:ci:
     deps: 
-      - basic-checks
+      - task: basic-checks
+        vars:
+          DIR: '{{.CROSSPLANE_ROOT}}'
       - crossplane:generate-crds
 
   ############### Documentation targets ###############
@@ -1333,8 +1345,11 @@ tasks:
 
   header-check:
     desc: Ensure all files have an appropriate license header.
+    dir: '{{.DIR}}'
     cmds:
       - "{{.SCRIPTS_ROOT}}/check_headers.py"
+    vars:
+      DIR: "{{default .CONTROLLER_ROOT .DIR}}"
 
   # Stub retained until migration of workflows complete
   frontmatter-check:
@@ -1343,15 +1358,18 @@ tasks:
 
   specifier-check:
     desc: Check that format specifiers %v and %+v are not used
+    dir: '{{.DIR}}'
     # Both %v and %+v result in all the values from structs being dumped into the string. If that
     # struct happens to contain a secret or sensitive information, it ends up dumped out in an
     # uncontrolled way, potentially leading to a security issue or a problem with PII disclosure.
     # The buried risk here is that while %v might be safe now, a future change to the struct might
     # introduce a disclosure later on.
     cmds:
-      - cmd: echo "==> Checking format specifiers <=="
+      - cmd: echo "==> Checking format specifiers for {{.DIR}} <=="
         silent: true
       - cmd: '! git grep -e "%+v" -e "%v" --break --heading --line-number -I "*.go"'
+    vars:
+      DIR: "{{default .CONTROLLER_ROOT .DIR}}"
 
   verify-no-changes:
     desc: Checks that there are no uncommitted modifications to files

docs/hugo/content/_index.md

@@ -46,7 +46,7 @@ If you've got a question, a problem, a request, or just want to chat, here are t
 See [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) if you'd like to learn more about the project.
 
 ``` bash
-$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.1/cert-manager.yaml
+$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.18.2/cert-manager.yaml
 ```
 
 Check that the cert-manager pods have started successfully before continuing.
@@ -390,7 +390,7 @@ to get started. For example, creating and deleting cert-manager.
 
 ``` bash
 # remove the cert-manager components
-$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.14.4/cert-manager.yaml
+$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.18.2/cert-manager.yaml
 ```
 
 ## How to contribute

docs/hugo/content/blogs/_index.md

@@ -0,0 +1,13 @@
+---
+title: Blog
+linkTitle: Blog
+weight: 11
+menu:
+  main:
+    weight: 11
+cascade:
+- type: docs
+description: Azure Service Operator blog with updates, news, and announcements
+---
+
+Welcome to the Azure Service Operator blog! Here you'll find articles with ASO updates, news, and more.

docs/hugo/content/blogs/release-notes-v2.16.0.md

@@ -0,0 +1,57 @@
+---
+title: "ASO v2.16 Release Notes"
+date: 2025-10-29
+description: "Release notes for Azure Service Operator v2.16.0"
+---
+
+We're excited to announce the release of Azure Service Operator v2.16.0! This release comes with a host of improvements and fixes, along with support being added for some oft-requested resources. 
+
+## ⚠️ Breaking changes
+
+This release includes breaking changes. Please review the [breaking changes documentation](https://azure.github.io/azure-service-operator/guide/breaking-changes/) before upgrading.
+
+## 🎉 New and improved resource support
+
+### New resource support
+
+We've added support for three new resources: 
+
+- [Azure Compute Capacity Reservation Groups](https://github.com/Azure/azure-service-operator/pull/4980) allowing capacity reservation manifests to be declaratively included alongside VM manifests 
+   - _Special thanks to [bingikarthik](https://github.com/bingikarthik) for his contribution!_
+- [Managing Azure quotas](https://github.com/Azure/azure-service-operator/pull/4979) for Kubernetes native management of Azure quotas
+   - _Special thanks to [bingikarthik](https://github.com/bingikarthik) for his contribution!_
+- [NetworkWatchers/flowLogs](https://github.com/Azure/azure-service-operator/issues/4614) for management of Network Security Group Flow Logs.
+
+### Enhanced resource references
+
+We've enhanced existing resource references with additional functionality:
+
+- You can now specify Role Assignments using [well-known role defintion names](https://github.com/Azure/azure-service-operator/pull/4923) instead of GUIDs.
+- UserAssignedIdentity now supports [config map](https://github.com/Azure/azure-service-operator/pull/4940).
+- A system-managed identity can now be [specified in the app resources' identity references](https://github.com/Azure/azure-service-operator/pull/4924).
+- Selected ResourceReferences now support [WellKnown names](https://github.com/Azure/azure-service-operator/pull/4922).
+- Fixed 2 broken [ResourceReferenceProperties](https://github.com/Azure/azure-service-operator/pull/4925), `UserAssignedIdentityReference` and `KeyVaultArmReference`, which were previously seen as just strings but are now recognized as proper references.
+
+## 🐛 Bug fixes
+
+- Fixed a [high-priority regression](https://github.com/Azure/azure-service-operator/pull/4966) from ASO v2.15.0 where resources failed with the `"/v1, Kind=Secret is not cached"` error during resource claims.
+- Kusto database reconciliation should [no longer be attempted](https://github.com/Azure/azure-service-operator/pull/4976) while a cluster is stopped. 
+- `NetcfgSubnetRangeOutsideVnet` error is [now retryable](https://github.com/Azure/azure-service-operator/pull/4931) for VirtualNetworksSubnet to avoid the resources becoming stuck in certain scenarios.
+- Added a missing parameter for [default node pool](https://github.com/Azure/azure-service-operator/issues/4942) in Node Auto-Provisioning.
+- Fixed [select annotation changed predicate](https://github.com/Azure/azure-service-operator/pull/4967) from mistakenly classifying creates as containing annotation changes.
+- Fixed `asoctl` import failures for [DataCollectionRule in PostgreSQL tables](https://github.com/Azure/azure-service-operator/issues/4919).
+
+## 🔧 Infrastructure and technical improvements
+
+### Code quality and tooling
+- Updated Azure REST API specs submodule and generated code. Completed in [#4941](https://github.com/Azure/azure-service-operator/pull/4941).
+- Stop generating explict local variables for loop aliasing effects. Completed in [#4949](https://github.com/Azure/azure-service-operator/pull/4949).
+- Improved diagnostics from TypeTransformers. Completed in [#4937](https://github.com/Azure/azure-service-operator/pull/4937).
+- Improved documentation comments in `arm` packages. Completed in [#4914](https://github.com/Azure/azure-service-operator/pull/4914).
+- Fixed linter issues from newly published linter. Completed in [#4916](https://github.com/Azure/azure-service-operator/pull/4916).
+- Deprecated `$export` in favor of `$exportAs` in generator configuration. Completed in [#4879](https://github.com/Azure/azure-service-operator/pull/4879).
+- Added "UnsupportedResourceType" to asoctl exclusions for extension resources. Completed in [#4934](https://github.com/Azure/azure-service-operator/pull/4934).
+
+## 🙏 Thank You
+
+Thank you to the community for the continued engagement in ASO! From opening issues or requests, to submitting PRs of your own, the community helps ASO keep going!