Merge branch 'main' into aso-pause-azuremanagedcontrolplane

.github/workflows/cover.yaml

@@ -23,7 +23,10 @@ jobs:
       with:
         go-version: '1.20'
     - run: "PATH=/usr/local/go/bin:$PATH make test-cover"
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+    - uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0 Retry codecov upload. It is flaky due to a known issue https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954
       with:
-        file: ./coverage.out
-        fail_ci_if_error: true
+        attempt_limit: 20
+        action: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        with: |
+          file: ./coverage.out
+          fail_ci_if_error: true

Makefile

@@ -89,7 +89,7 @@ KUSTOMIZE_VER := v4.5.2
 KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER)
 
-MOCKGEN_VER := v1.6.0
+MOCKGEN_VER := v0.2.0
 MOCKGEN_BIN := mockgen
 MOCKGEN := $(TOOLS_BIN_DIR)/$(MOCKGEN_BIN)-$(MOCKGEN_VER)
 
@@ -800,7 +800,7 @@ $(KUSTOMIZE): ## Build kustomize from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/kustomize/kustomize/v4 $(KUSTOMIZE_BIN) $(KUSTOMIZE_VER)
 
 $(MOCKGEN): ## Build mockgen from tools folder.
-	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) github.com/golang/mock/mockgen $(MOCKGEN_BIN) $(MOCKGEN_VER)
+	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) go.uber.org/mock/mockgen $(MOCKGEN_BIN) $(MOCKGEN_VER)
 
 $(KPROMO): ## Build kpromo from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) sigs.k8s.io/promo-tools/v3/cmd/kpromo $(KPROMO_BIN) $(KPROMO_VER)

api/v1beta1/azuremanagedmachinepool_types.go

@@ -556,6 +556,11 @@ type AzureManagedMachinePoolSpec struct {
 	// Immutable.
 	// +optional
 	SubnetName *string `json:"subnetName,omitempty"`
+
+	// EnableFIPS indicates whether FIPS is enabled on the node pool.
+	// Immutable.
+	// +optional
+	EnableFIPS *bool `json:"enableFIPS,omitempty"`
 }
 
 // ManagedMachinePoolScaling specifies scaling options.

api/v1beta1/azuremanagedmachinepool_webhook.go

@@ -174,6 +174,13 @@ func (mw *azureManagedMachinePoolWebhook) ValidateUpdate(ctx context.Context, ol
 		allErrs = append(allErrs, err)
 	}
 
+	if err := webhookutils.ValidateImmutable(
+		field.NewPath("Spec", "EnableFIPS"),
+		old.Spec.EnableFIPS,
+		m.Spec.EnableFIPS); err != nil && old.Spec.EnableFIPS != nil {
+		allErrs = append(allErrs, err)
+	}
+
 	// custom headers are immutable
 	oldCustomHeaders := maps.FilterByKeyPrefix(old.ObjectMeta.Annotations, CustomHeaderPrefix)
 	newCustomHeaders := maps.FilterByKeyPrefix(m.ObjectMeta.Annotations, CustomHeaderPrefix)

api/v1beta1/azuremanagedmachinepool_webhook_test.go

@@ -585,6 +585,20 @@ func TestAzureManagedMachinePoolUpdatingWebhook(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "Cannot update enableFIPS",
+			new: &AzureManagedMachinePool{
+				Spec: AzureManagedMachinePoolSpec{
+					EnableFIPS: pointer.Bool(true),
+				},
+			},
+			old: &AzureManagedMachinePool{
+				Spec: AzureManagedMachinePoolSpec{
+					EnableFIPS: pointer.Bool(false),
+				},
+			},
+			wantErr: true,
+		},
 	}
 	var client client.Client
 	for _, tc := range tests {

azure/converters/managedagentpool.go

@@ -50,6 +50,7 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool containerservice.AgentPool)
 		Tags:                 properties.Tags,
 		KubeletDiskType:      properties.KubeletDiskType,
 		LinuxOSConfig:        properties.LinuxOSConfig,
+		EnableFIPS:           properties.EnableFIPS,
 	}
 	if properties.KubeletConfig != nil {
 		agentPool.KubeletConfig = properties.KubeletConfig

azure/converters/managedagentpool_test.go

@@ -57,6 +57,7 @@ func Test_AgentPoolToManagedClusterAgentPoolProfile(t *testing.T) {
 					Tags: map[string]*string{
 						"custom": pointer.String("default"),
 					},
+					EnableFIPS: pointer.Bool(true),
 				},
 			},
 
@@ -84,6 +85,7 @@ func Test_AgentPoolToManagedClusterAgentPoolProfile(t *testing.T) {
 					Tags: map[string]*string{
 						"custom": pointer.String("default"),
 					},
+					EnableFIPS: pointer.Bool(true),
 				}))
 			},
 		},

azure/regional_baseuri_test.go

@@ -19,8 +19,8 @@ package azure
 import (
 	"testing"
 
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/mock_azure"
 )
 

azure/scope/machine_test.go

@@ -23,9 +23,9 @@ import (
 
 	azureautorest "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
-	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/pointer"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"

azure/scope/machinepool_test.go

@@ -24,8 +24,8 @@ import (
 
 	azureautorest "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

azure/scope/machinepoolmachine_test.go

@@ -20,9 +20,9 @@ import (
 	"context"
 	"testing"
 
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
 	"github.com/pkg/errors"
+	"go.uber.org/mock/gomock"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

azure/scope/managedmachinepool.go

@@ -194,6 +194,7 @@ func buildAgentPoolSpec(managedControlPlane *infrav1.AzureManagedControlPlane,
 		AdditionalTags:       managedMachinePool.Spec.AdditionalTags,
 		KubeletDiskType:      managedMachinePool.Spec.KubeletDiskType,
 		LinuxOSConfig:        managedMachinePool.Spec.LinuxOSConfig,
+		EnableFIPS:           managedMachinePool.Spec.EnableFIPS,
 	}
 
 	if managedMachinePool.Spec.OSDiskSizeGB != nil {

azure/services/agentpools/agentpools_test.go

@@ -22,8 +22,8 @@ import (
 	"testing"
 
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"k8s.io/utils/pointer"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/agentpools/mock_agentpools"

azure/services/agentpools/spec.go

@@ -147,6 +147,9 @@ type AgentPoolSpec struct {
 
 	// LinuxOSConfig specifies the custom Linux OS settings and configurations
 	LinuxOSConfig *infrav1.LinuxOSConfig
+
+	// EnableFIPS indicates whether FIPS is enabled on the node pool
+	EnableFIPS *bool
 }
 
 // ResourceName returns the name of the agent pool.
@@ -380,6 +383,7 @@ func (s *AgentPoolSpec) Parameters(ctx context.Context, existing interface{}) (p
 			EnableNodePublicIP:   s.EnableNodePublicIP,
 			NodePublicIPPrefixID: s.NodePublicIPPrefixID,
 			Tags:                 tags,
+			EnableFIPS:           s.EnableFIPS,
 			LinuxOSConfig:        linuxOSConfig,
 		},
 	}

azure/services/aso/aso.go

@@ -29,7 +29,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure"
-	"sigs.k8s.io/cluster-api-provider-azure/util/maps"
 	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
 	"sigs.k8s.io/cluster-api/util/patch"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -156,8 +155,14 @@ func (s *Service) CreateOrUpdateResource(ctx context.Context, spec azure.ASOReso
 		}
 	}
 
-	labels := make(map[string]string)
-	annotations := make(map[string]string)
+	labels := parameters.GetLabels()
+	if labels == nil {
+		labels = make(map[string]string)
+	}
+	annotations := parameters.GetAnnotations()
+	if annotations == nil {
+		annotations = make(map[string]string)
+	}
 
 	if existing == nil {
 		labels[infrav1.OwnedByClusterLabelKey] = s.clusterName
@@ -176,12 +181,14 @@ func (s *Service) CreateOrUpdateResource(ctx context.Context, spec azure.ASOReso
 		annotations[ReconcilePolicyAnnotation] = ReconcilePolicyManage
 	}
 
-	if len(labels) > 0 {
-		parameters.SetLabels(maps.Merge(parameters.GetLabels(), labels))
+	if len(labels) == 0 {
+		labels = nil
 	}
-	if len(annotations) > 0 {
-		parameters.SetAnnotations(maps.Merge(parameters.GetAnnotations(), annotations))
+	parameters.SetLabels(labels)
+	if len(annotations) == 0 {
+		annotations = nil
 	}
+	parameters.SetAnnotations(annotations)
 
 	diff := cmp.Diff(existing, parameters)
 	if diff == "" {

azure/services/aso/aso_test.go

@@ -24,8 +24,8 @@ import (
 	asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601"
 	"github.com/Azure/azure-service-operator/v2/pkg/genruntime"
 	"github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"

azure/services/aso/tags_test.go

@@ -21,8 +21,8 @@ import (
 	"testing"
 
 	asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/aso/mock_aso"

azure/services/asogroups/groups_test.go

@@ -22,8 +22,8 @@ import (
 	"testing"
 
 	asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/pointer"

azure/services/async/async_test.go

@@ -26,8 +26,8 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources"
 	"github.com/Azure/go-autorest/autorest"
 	azureautorest "github.com/Azure/go-autorest/autorest/azure"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/mock_azure"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/async/mock_async"

azure/services/availabilitysets/availabilitysets_test.go

@@ -24,9 +24,9 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2021-11-01/compute"
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
 	"github.com/pkg/errors"
+	"go.uber.org/mock/gomock"
 	"k8s.io/utils/pointer"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/async/mock_async"

azure/services/bastionhosts/bastionhosts_test.go

@@ -22,8 +22,8 @@ import (
 	"testing"
 
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"k8s.io/client-go/kubernetes/scheme"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/async/mock_async"

azure/services/disks/disks_test.go

@@ -22,8 +22,8 @@ import (
 	"testing"
 
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/async/mock_async"

azure/services/groups/groups_test.go

@@ -23,8 +23,8 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources"
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"k8s.io/utils/pointer"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/async/mock_async"