Merge pull request #4831 from nojnhuh/identity-resourceid

k8s-ci-robot · web-flow · commit b9bb05358559 · 2024-05-20T11:04:09.000-07:00
deprecate AzureClusterIdentity spec.resourceID
diff --git a/api/v1beta1/azureclusteridentity_types.go b/api/v1beta1/azureclusteridentity_types.go
@@ -48,6 +48,9 @@ type AzureClusterIdentitySpec struct {
 	Type IdentityType `json:"type"`
 	// ResourceID is the Azure resource ID for the User Assigned MSI resource.
 	// Only applicable when type is UserAssignedMSI.
+	//
+	// Deprecated: This field no longer has any effect.
+	//
 	// +optional
 	ResourceID string `json:"resourceID,omitempty"`
 	// ClientID is the service principal client ID.
diff --git a/api/v1beta1/azureclusteridentity_validation.go b/api/v1beta1/azureclusteridentity_validation.go
@@ -24,9 +24,7 @@ import (
 
 func (c *AzureClusterIdentity) validateClusterIdentity() (admission.Warnings, error) {
 	var allErrs field.ErrorList
-	if c.Spec.Type == UserAssignedMSI && c.Spec.ResourceID == "" {
-		allErrs = append(allErrs, field.Required(field.NewPath("spec", "resourceID"), c.Spec.ResourceID))
-	} else if c.Spec.Type != UserAssignedMSI && c.Spec.ResourceID != "" {
+	if c.Spec.Type != UserAssignedMSI && c.Spec.ResourceID != "" {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resourceID"), c.Spec.ResourceID))
 	}
 	if len(allErrs) == 0 {
diff --git a/api/v1beta1/azureclusteridentity_webhook_test.go b/api/v1beta1/azureclusteridentity_webhook_test.go
@@ -76,7 +76,7 @@ func TestAzureClusterIdentity_ValidateCreate(t *testing.T) {
 					TenantID: fakeTenantID,
 				},
 			},
-			wantErr: true,
+			wantErr: false,
 		},
 	}
 
diff --git a/azure/scope/identity_test.go b/azure/scope/identity_test.go
@@ -143,8 +143,7 @@ func TestHasClientSecret(t *testing.T) {
 			name: "user assigned identity",
 			identity: &infrav1.AzureClusterIdentity{
 				Spec: infrav1.AzureClusterIdentitySpec{
-					Type:       infrav1.UserAssignedMSI,
-					ResourceID: "my-resource-id",
+					Type: infrav1.UserAssignedMSI,
 				},
 			},
 			want: false,
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml
@@ -144,6 +144,9 @@ spec:
                 description: |-
                   ResourceID is the Azure resource ID for the User Assigned MSI resource.
                   Only applicable when type is UserAssignedMSI.
+
+
+                  Deprecated: This field no longer has any effect.
                 type: string
               tenantID:
                 description: TenantID is the service principal primary tenant id.
diff --git a/docs/book/src/topics/identities.md b/docs/book/src/topics/identities.md
@@ -155,7 +155,6 @@ spec:
   type: UserAssignedMSI
   tenantID: <azure-tenant-id>
   clientID: <client-id-of-user-assigned-identity>
-  resourceID: <resource-id-of-user-assigned-identity>
   allowedNamespaces:
     list:
     - <cluster-namespace>
diff --git a/templates/test/ci/cluster-template-prow-private.yaml b/templates/test/ci/cluster-template-prow-private.yaml
diff --git a/templates/test/ci/prow-private/patches/user-assigned.yaml b/templates/test/ci/prow-private/patches/user-assigned.yaml
@@ -3,9 +3,6 @@
   value: UserAssignedMSI
 - op: remove
   path: /spec/clientSecret
-- op: add
-  path: /spec/resourceID
-  value: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity}
 - op: replace
   path: /spec/clientID
   value: ${UAMI_CLIENT_ID}

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ func TestAzureClusterIdentity_ValidateCreate(t *testing.T) {`
`76`	`76`	`TenantID: fakeTenantID,`
`77`	`77`	`},`
`78`	`78`	`},`
`79`		`- wantErr: true,`
	`79`	`+ wantErr: false,`
`80`	`80`	`},`
`81`	`81`	`}`
`82`	`82`