diff --git a/.sha256sum b/.sha256sum index 53ec34424a5..8fae07dc734 100644 --- a/.sha256sum +++ b/.sha256sum @@ -6,4 +6,4 @@ b1f1de0fe40d05de90742b17928968923b936adc294000f58974f50a297581dd swagger/redhat c023515341196746454c0ae7af077d40d3ec13f6b88b33cb558f0a7ab17a5a24 swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2023-07-01-preview/redhatopenshift.json 440748951dd1c3b34b5ccbdcb7cd966e3b89490887a1f1d64429561fad789515 swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/stable/2023-09-04/redhatopenshift.json 74a46fdde6ceb0121fe1515c7e11e902dd921b54cffe693307fb02b3dc88f26e swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/stable/2023-11-22/redhatopenshift.json -f6d5633ec3a909b6daba501cd9c13e5619a3506ed868776c9659c1c3d6c0e2c9 swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json +a27184734436629e24b344c3b5c015437f144e18e7eddce7e252a1ed4cda7bca swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json diff --git a/pkg/api/admin/openshiftcluster.go b/pkg/api/admin/openshiftcluster.go index aa38d74976a..8acbeeb5b00 100644 --- a/pkg/api/admin/openshiftcluster.go +++ b/pkg/api/admin/openshiftcluster.go @@ -24,27 +24,29 @@ type OpenShiftCluster struct { Location string `json:"location,omitempty"` Tags map[string]string `json:"tags,omitempty"` Properties OpenShiftClusterProperties `json:"properties,omitempty"` + Identity *Identity `json:"identity,omitempty"` } // OpenShiftClusterProperties represents an OpenShift cluster's properties. type OpenShiftClusterProperties struct { - ArchitectureVersion ArchitectureVersion `json:"architectureVersion"` // ArchitectureVersion is int so 0 is valid value to be returned - ProvisioningState ProvisioningState `json:"provisioningState,omitempty"` - LastProvisioningState ProvisioningState `json:"lastProvisioningState,omitempty"` - FailedProvisioningState ProvisioningState `json:"failedProvisioningState,omitempty"` - LastAdminUpdateError string `json:"lastAdminUpdateError,omitempty"` - MaintenanceTask MaintenanceTask `json:"maintenanceTask,omitempty" mutable:"true"` - OperatorFlags OperatorFlags `json:"operatorFlags,omitempty" mutable:"true"` - OperatorVersion string `json:"operatorVersion,omitempty" mutable:"true"` - CreatedAt time.Time `json:"createdAt,omitempty"` - CreatedBy string `json:"createdBy,omitempty"` - ProvisionedBy string `json:"provisionedBy,omitempty"` - ClusterProfile ClusterProfile `json:"clusterProfile,omitempty"` - FeatureProfile FeatureProfile `json:"featureProfile,omitempty"` - ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` - ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` - NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` - MasterProfile MasterProfile `json:"masterProfile,omitempty"` + ArchitectureVersion ArchitectureVersion `json:"architectureVersion"` // ArchitectureVersion is int so 0 is valid value to be returned + ProvisioningState ProvisioningState `json:"provisioningState,omitempty"` + LastProvisioningState ProvisioningState `json:"lastProvisioningState,omitempty"` + FailedProvisioningState ProvisioningState `json:"failedProvisioningState,omitempty"` + LastAdminUpdateError string `json:"lastAdminUpdateError,omitempty"` + MaintenanceTask MaintenanceTask `json:"maintenanceTask,omitempty" mutable:"true"` + OperatorFlags OperatorFlags `json:"operatorFlags,omitempty" mutable:"true"` + OperatorVersion string `json:"operatorVersion,omitempty" mutable:"true"` + CreatedAt time.Time `json:"createdAt,omitempty"` + CreatedBy string `json:"createdBy,omitempty"` + ProvisionedBy string `json:"provisionedBy,omitempty"` + ClusterProfile ClusterProfile `json:"clusterProfile,omitempty"` + FeatureProfile FeatureProfile `json:"featureProfile,omitempty"` + ConsoleProfile ConsoleProfile `json:"consoleProfile,omitempty"` + ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` + NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` + MasterProfile MasterProfile `json:"masterProfile,omitempty"` // WorkerProfiles is used to store the worker profile data that was sent in the api request WorkerProfiles []WorkerProfile `json:"workerProfiles,omitempty"` // WorkerProfilesStatus is used to store the enriched worker profile data @@ -76,6 +78,9 @@ const ( // FipsValidatedModules determines if FIPS is used. type FipsValidatedModules string +// OIDCIssuer represents the URL of the managed OIDC issuer in a workload identity cluster. +type OIDCIssuer string + // FipsValidatedModules constants. const ( FipsValidatedModulesEnabled FipsValidatedModules = "Enabled" @@ -129,6 +134,7 @@ type ClusterProfile struct { Version string `json:"version,omitempty"` ResourceGroupID string `json:"resourceGroupId,omitempty"` FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"` + OIDCIssuer OIDCIssuer `json:"oidcIssuer,omitempty"` } // FeatureProfile represents a feature profile. @@ -409,6 +415,34 @@ type IngressProfile struct { IP string `json:"ip,omitempty"` } +// PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters. +type PlatformWorkloadIdentityProfile struct { + PlatformWorkloadIdentities []PlatformWorkloadIdentity `json:"platformWorkloadIdentities,omitempty"` +} + +// PlatformWorkloadIdentity stores information representing a single workload identity. +type PlatformWorkloadIdentity struct { + OperatorName string `json:"operatorName,omitempty"` + ResourceID string `json:"resourceId,omitempty"` + ClientID string `json:"clientId,omitempty" swagger:"readOnly"` + ObjectID string `json:"objectId,omitempty" swagger:"readOnly"` +} + +// ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team. +type ClusterUserAssignedIdentity struct { + ClientID string `json:"clientId,omitempty"` + PrincipalID string `json:"principalId,omitempty"` +} + +// UserAssignedIdentities stores a mapping from resource IDs of managed identities to their client/principal IDs. +type UserAssignedIdentities map[string]ClusterUserAssignedIdentity + +// Identity stores information about the cluster MSI(s) in a workload identity cluster. +type Identity struct { + Type string `json:"type,omitempty"` + UserAssignedIdentities UserAssignedIdentities `json:"userAssignedIdentities,omitempty"` +} + // Install represents an install process. type Install struct { Now time.Time `json:"now,omitempty"` diff --git a/pkg/api/admin/openshiftcluster_convert.go b/pkg/api/admin/openshiftcluster_convert.go index f8a7a590ba4..2b24888ce66 100644 --- a/pkg/api/admin/openshiftcluster_convert.go +++ b/pkg/api/admin/openshiftcluster_convert.go @@ -37,6 +37,7 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac Version: oc.Properties.ClusterProfile.Version, ResourceGroupID: oc.Properties.ClusterProfile.ResourceGroupID, FipsValidatedModules: FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules), + OIDCIssuer: OIDCIssuer(oc.Properties.ClusterProfile.OIDCIssuer), }, FeatureProfile: FeatureProfile{ GatewayEnabled: oc.Properties.FeatureProfile.GatewayEnabled, @@ -172,6 +173,29 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac } } + if oc.Identity != nil { + out.Identity.Type = oc.Identity.Type + out.Identity.UserAssignedIdentities = make(map[string]ClusterUserAssignedIdentity, len(oc.Identity.UserAssignedIdentities)) + for k := range oc.Identity.UserAssignedIdentities { + var temp ClusterUserAssignedIdentity + temp.ClientID = oc.Identity.UserAssignedIdentities[k].ClientID + temp.PrincipalID = oc.Identity.UserAssignedIdentities[k].PrincipalID + out.Identity.UserAssignedIdentities[k] = temp + } + } + + if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { + out.Properties.PlatformWorkloadIdentityProfile = &PlatformWorkloadIdentityProfile{} + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) + + for i := range oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities { + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID + } + } + if oc.Properties.RegistryProfiles != nil { out.Properties.RegistryProfiles = make([]RegistryProfile, len(oc.Properties.RegistryProfiles)) for i, v := range oc.Properties.RegistryProfiles { @@ -221,6 +245,16 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Tags[k] = v } } + if oc.Identity != nil { + out.Identity.Type = oc.Identity.Type + out.Identity.UserAssignedIdentities = make(map[string]api.ClusterUserAssignedIdentity, len(oc.Identity.UserAssignedIdentities)) + for k := range oc.Identity.UserAssignedIdentities { + var temp api.ClusterUserAssignedIdentity + temp.ClientID = oc.Identity.UserAssignedIdentities[k].ClientID + temp.PrincipalID = oc.Identity.UserAssignedIdentities[k].PrincipalID + out.Identity.UserAssignedIdentities[k] = temp + } + } out.Properties.ArchitectureVersion = api.ArchitectureVersion(oc.Properties.ArchitectureVersion) out.Properties.InfraID = oc.Properties.InfraID out.Properties.HiveProfile.Namespace = oc.Properties.HiveProfile.Namespace @@ -243,6 +277,17 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ConsoleProfile.URL = oc.Properties.ConsoleProfile.URL out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID out.Properties.ServicePrincipalProfile.SPObjectID = oc.Properties.ServicePrincipalProfile.SPObjectID + if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { + out.Properties.PlatformWorkloadIdentityProfile = &api.PlatformWorkloadIdentityProfile{} + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]api.PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) + + for i := range oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities { + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID + } + } out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.MTUSize = api.MTUSize(oc.Properties.NetworkProfile.MTUSize) diff --git a/pkg/api/openshiftcluster.go b/pkg/api/openshiftcluster.go index 9113d5eff3a..6095bb9bd06 100644 --- a/pkg/api/openshiftcluster.go +++ b/pkg/api/openshiftcluster.go @@ -21,6 +21,7 @@ type OpenShiftCluster struct { SystemData SystemData `json:"systemData,omitempty"` Tags map[string]string `json:"tags,omitempty"` Properties OpenShiftClusterProperties `json:"properties,omitempty"` + Identity *Identity `json:"identity,omitempty"` //this property is used in the enrichers. Should not be marshalled Lock sync.Mutex `json:"-"` @@ -122,6 +123,8 @@ type OpenShiftClusterProperties struct { ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` + NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` MasterProfile MasterProfile `json:"masterProfile,omitempty"` @@ -248,6 +251,9 @@ const ( FipsValidatedModulesDisabled FipsValidatedModules = "Disabled" ) +// OIDCIssuer represents the URL of the managed OIDC issuer in a workload identity cluster. +type OIDCIssuer string + // ClusterProfile represents a cluster profile. type ClusterProfile struct { MissingFields @@ -257,6 +263,7 @@ type ClusterProfile struct { Version string `json:"version,omitempty"` ResourceGroupID string `json:"resourceGroupId,omitempty"` FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"` + OIDCIssuer OIDCIssuer `json:"oidcIssuer,omitempty"` } // FeatureProfile represents a feature profile. @@ -761,3 +768,39 @@ type HiveProfile struct { // ClusterDeployments. CreatedByHive bool `json:"createdByHive,omitempty"` } + +// PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters. +type PlatformWorkloadIdentityProfile struct { + MissingFields + + PlatformWorkloadIdentities []PlatformWorkloadIdentity `json:"platformWorkloadIdentities,omitempty"` +} + +// PlatformWorkloadIdentity stores information representing a single workload identity. +type PlatformWorkloadIdentity struct { + MissingFields + + OperatorName string `json:"operatorName,omitempty"` + ResourceID string `json:"resourceId,omitempty"` + ClientID string `json:"clientId,omitempty" swagger:"readOnly"` + ObjectID string `json:"objectId,omitempty" swagger:"readOnly"` +} + +// ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team. +type ClusterUserAssignedIdentity struct { + MissingFields + + ClientID string `json:"clientId,omitempty"` + PrincipalID string `json:"principalId,omitempty"` +} + +// UserAssignedIdentities stores a mapping from resource IDs of managed identities to their client/principal IDs. +type UserAssignedIdentities map[string]ClusterUserAssignedIdentity + +// Identity stores information about the cluster MSI(s) in a workload identity cluster. +type Identity struct { + MissingFields + + Type string `json:"type,omitempty"` + UserAssignedIdentities UserAssignedIdentities `json:"userAssignedIdentities,omitempty"` +} diff --git a/pkg/api/v20240812preview/openshiftcluster.go b/pkg/api/v20240812preview/openshiftcluster.go index 1b4b6a29495..519f33425b8 100644 --- a/pkg/api/v20240812preview/openshiftcluster.go +++ b/pkg/api/v20240812preview/openshiftcluster.go @@ -36,6 +36,9 @@ type OpenShiftCluster struct { // The cluster properties. Properties OpenShiftClusterProperties `json:"properties,omitempty"` + + // Identity stores information about the cluster MSI(s) in a workload identity cluster. + Identity *Identity `json:"identity,omitempty"` } // Tags represents an OpenShift cluster's tags. @@ -55,6 +58,9 @@ type OpenShiftClusterProperties struct { // The cluster service principal profile. ServicePrincipalProfile ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + // The workload identity profile. + PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` + // The cluster network profile. NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` @@ -92,6 +98,9 @@ const ( // FipsValidatedModules determines if FIPS is used. type FipsValidatedModules string +// OIDCIssuer represents the URL of the managed OIDC issuer in a workload identity cluster. +type OIDCIssuer string + // FipsValidatedModules constants. const ( FipsValidatedModulesEnabled FipsValidatedModules = "Enabled" @@ -114,6 +123,9 @@ type ClusterProfile struct { // If FIPS validated crypto modules are used FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"` + + // The URL of the managed OIDC issuer in a workload identity cluster. + OIDCIssuer OIDCIssuer `json:"oidcIssuer,omitempty"` } // ConsoleProfile represents a console profile. @@ -276,6 +288,34 @@ type IngressProfile struct { IP string `json:"ip,omitempty" swagger:"readOnly"` } +// PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters. +type PlatformWorkloadIdentityProfile struct { + PlatformWorkloadIdentities []PlatformWorkloadIdentity `json:"platformWorkloadIdentities,omitempty"` +} + +// PlatformWorkloadIdentity stores information representing a single workload identity. +type PlatformWorkloadIdentity struct { + OperatorName string `json:"operatorName,omitempty"` + ResourceID string `json:"resourceId,omitempty"` + ClientID string `json:"clientId,omitempty" swagger:"readOnly"` + ObjectID string `json:"objectId,omitempty" swagger:"readOnly"` +} + +// ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team. +type ClusterUserAssignedIdentity struct { + ClientID string `json:"clientId,omitempty"` + PrincipalID string `json:"principalId,omitempty"` +} + +// UserAssignedIdentities stores a mapping from resource IDs of managed identities to their client/principal IDs. +type UserAssignedIdentities map[string]ClusterUserAssignedIdentity + +// Identity stores information about the cluster MSI(s) in a workload identity cluster. +type Identity struct { + Type string `json:"type,omitempty"` + UserAssignedIdentities UserAssignedIdentities `json:"userAssignedIdentities,omitempty"` +} + // CreatedByType by defines user type, which executed the request type CreatedByType string diff --git a/pkg/api/v20240812preview/openshiftcluster_convert.go b/pkg/api/v20240812preview/openshiftcluster_convert.go index 65f338a84dc..45c82a7bf83 100644 --- a/pkg/api/v20240812preview/openshiftcluster_convert.go +++ b/pkg/api/v20240812preview/openshiftcluster_convert.go @@ -27,6 +27,7 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac Version: oc.Properties.ClusterProfile.Version, ResourceGroupID: oc.Properties.ClusterProfile.ResourceGroupID, FipsValidatedModules: FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules), + OIDCIssuer: OIDCIssuer(oc.Properties.ClusterProfile.OIDCIssuer), }, ConsoleProfile: ConsoleProfile{ URL: oc.Properties.ConsoleProfile.URL, @@ -124,6 +125,29 @@ func (c openShiftClusterConverter) ToExternal(oc *api.OpenShiftCluster) interfac } } + if oc.Identity != nil { + out.Identity.Type = oc.Identity.Type + out.Identity.UserAssignedIdentities = make(map[string]ClusterUserAssignedIdentity, len(oc.Identity.UserAssignedIdentities)) + for k := range oc.Identity.UserAssignedIdentities { + var temp ClusterUserAssignedIdentity + temp.ClientID = oc.Identity.UserAssignedIdentities[k].ClientID + temp.PrincipalID = oc.Identity.UserAssignedIdentities[k].PrincipalID + out.Identity.UserAssignedIdentities[k] = temp + } + } + + if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { + out.Properties.PlatformWorkloadIdentityProfile = &PlatformWorkloadIdentityProfile{} + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) + + for i := range oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities { + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID + } + } + out.SystemData = &SystemData{ CreatedBy: oc.SystemData.CreatedBy, CreatedAt: oc.SystemData.CreatedAt, @@ -169,6 +193,18 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Tags[k] = v } } + + if oc.Identity != nil { + out.Identity.Type = oc.Identity.Type + out.Identity.UserAssignedIdentities = make(map[string]api.ClusterUserAssignedIdentity, len(oc.Identity.UserAssignedIdentities)) + for k := range oc.Identity.UserAssignedIdentities { + var temp api.ClusterUserAssignedIdentity + temp.ClientID = oc.Identity.UserAssignedIdentities[k].ClientID + temp.PrincipalID = oc.Identity.UserAssignedIdentities[k].PrincipalID + out.Identity.UserAssignedIdentities[k] = temp + } + } + out.Properties.ProvisioningState = api.ProvisioningState(oc.Properties.ProvisioningState) out.Properties.ClusterProfile.PullSecret = api.SecureString(oc.Properties.ClusterProfile.PullSecret) out.Properties.ClusterProfile.Domain = oc.Properties.ClusterProfile.Domain @@ -180,6 +216,19 @@ func (c openShiftClusterConverter) ToInternal(_oc interface{}, out *api.OpenShif out.Properties.ClusterProfile.FipsValidatedModules = api.FipsValidatedModules(oc.Properties.ClusterProfile.FipsValidatedModules) out.Properties.ServicePrincipalProfile.ClientID = oc.Properties.ServicePrincipalProfile.ClientID out.Properties.ServicePrincipalProfile.ClientSecret = api.SecureString(oc.Properties.ServicePrincipalProfile.ClientSecret) + + if oc.Properties.PlatformWorkloadIdentityProfile != nil && oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities != nil { + out.Properties.PlatformWorkloadIdentityProfile = &api.PlatformWorkloadIdentityProfile{} + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities = make([]api.PlatformWorkloadIdentity, len(oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities)) + + for i := range oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities { + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].OperatorName + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ResourceID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ClientID + out.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID = oc.Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[i].ObjectID + } + } + out.Properties.NetworkProfile.PodCIDR = oc.Properties.NetworkProfile.PodCIDR out.Properties.NetworkProfile.ServiceCIDR = oc.Properties.NetworkProfile.ServiceCIDR out.Properties.NetworkProfile.OutboundType = api.OutboundType(oc.Properties.NetworkProfile.OutboundType) diff --git a/pkg/api/v20240812preview/openshiftcluster_example.go b/pkg/api/v20240812preview/openshiftcluster_example.go index 52de236d80e..08b5d234ecb 100644 --- a/pkg/api/v20240812preview/openshiftcluster_example.go +++ b/pkg/api/v20240812preview/openshiftcluster_example.go @@ -19,6 +19,17 @@ func ExampleOpenShiftClusterPatchParameter() interface{} { oc.Location = "" oc.SystemData = nil oc.Properties.WorkerProfilesStatus = nil + oc.Properties.PlatformWorkloadIdentityProfile = &PlatformWorkloadIdentityProfile{ + PlatformWorkloadIdentities: []PlatformWorkloadIdentity{ + { + OperatorName: "", + ResourceID: "", + ClientID: "", + ObjectID: "", + }, + }, + } + return oc } @@ -29,6 +40,10 @@ func ExampleOpenShiftClusterPutParameter() interface{} { oc.ID = "" oc.Name = "" oc.Type = "" + oc.Identity = &Identity{ + Type: "", + UserAssignedIdentities: map[string]ClusterUserAssignedIdentity{}, + } oc.Properties.ProvisioningState = "" oc.Properties.ClusterProfile.Version = "" oc.Properties.ClusterProfile.FipsValidatedModules = FipsValidatedModulesEnabled @@ -43,6 +58,16 @@ func ExampleOpenShiftClusterPutParameter() interface{} { Count: 1, }, } + oc.Properties.PlatformWorkloadIdentityProfile = &PlatformWorkloadIdentityProfile{ + PlatformWorkloadIdentities: []PlatformWorkloadIdentity{ + { + OperatorName: "", + ResourceID: "", + ClientID: "", + ObjectID: "", + }, + }, + } oc.SystemData = nil return oc @@ -53,6 +78,7 @@ func ExampleOpenShiftClusterPutParameter() interface{} { func ExampleOpenShiftClusterGetResponse() interface{} { oc := exampleOpenShiftCluster() oc.Properties.ClusterProfile.PullSecret = "" + oc.Properties.ClusterProfile.OIDCIssuer = "" oc.Properties.ServicePrincipalProfile.ClientSecret = "" oc.Properties.NetworkProfile.LoadBalancerProfile = &LoadBalancerProfile{ EffectiveOutboundIPs: []EffectiveOutboundIP{ @@ -64,6 +90,16 @@ func ExampleOpenShiftClusterGetResponse() interface{} { Count: 1, }, } + oc.Properties.PlatformWorkloadIdentityProfile = &PlatformWorkloadIdentityProfile{ + PlatformWorkloadIdentities: []PlatformWorkloadIdentity{ + { + OperatorName: "", + ResourceID: "", + ClientID: "", + ObjectID: "", + }, + }, + } return oc } diff --git a/pkg/client/services/redhatopenshift/mgmt/2024-08-12-preview/redhatopenshift/models.go b/pkg/client/services/redhatopenshift/mgmt/2024-08-12-preview/redhatopenshift/models.go index 7d1bb7a7238..e438d5fc15b 100644 --- a/pkg/client/services/redhatopenshift/mgmt/2024-08-12-preview/redhatopenshift/models.go +++ b/pkg/client/services/redhatopenshift/mgmt/2024-08-12-preview/redhatopenshift/models.go @@ -101,6 +101,15 @@ type ClusterProfile struct { ResourceGroupID *string `json:"resourceGroupId,omitempty"` // FipsValidatedModules - If FIPS validated crypto modules are used. Possible values include: 'FipsValidatedModulesDisabled', 'FipsValidatedModulesEnabled' FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"` + // OidcIssuer - The URL of the managed OIDC issuer in a workload identity cluster. + OidcIssuer *string `json:"oidcIssuer,omitempty"` +} + +// ClusterUserAssignedIdentity clusterUserAssignedIdentity stores information about a user-assigned managed +// identity in a predefined format required by Microsoft's Managed Identity team. +type ClusterUserAssignedIdentity struct { + ClientID *string `json:"clientId,omitempty"` + PrincipalID *string `json:"principalId,omitempty"` } // ConsoleProfile consoleProfile represents a console profile. @@ -134,6 +143,24 @@ type EffectiveOutboundIP struct { ID *string `json:"id,omitempty"` } +// Identity identity stores information about the cluster MSI(s) in a workload identity cluster. +type Identity struct { + Type *string `json:"type,omitempty"` + UserAssignedIdentities map[string]*ClusterUserAssignedIdentity `json:"userAssignedIdentities"` +} + +// MarshalJSON is the custom marshaler for Identity. +func (i Identity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if i.Type != nil { + objectMap["type"] = i.Type + } + if i.UserAssignedIdentities != nil { + objectMap["userAssignedIdentities"] = i.UserAssignedIdentities + } + return json.Marshal(objectMap) +} + // IngressProfile ingressProfile represents an ingress profile. type IngressProfile struct { // Name - The ingress profile name. @@ -802,6 +829,8 @@ type OpenShiftClusterProperties struct { ConsoleProfile *ConsoleProfile `json:"consoleProfile,omitempty"` // ServicePrincipalProfile - The cluster service principal profile. ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"` + // PlatformWorkloadIdentityProfile - The workload identity profile. + PlatformWorkloadIdentityProfile *PlatformWorkloadIdentityProfile `json:"platformWorkloadIdentityProfile,omitempty"` // NetworkProfile - The cluster network profile. NetworkProfile *NetworkProfile `json:"networkProfile,omitempty"` // MasterProfile - The cluster master profile. @@ -831,6 +860,9 @@ func (oscp OpenShiftClusterProperties) MarshalJSON() ([]byte, error) { if oscp.ServicePrincipalProfile != nil { objectMap["servicePrincipalProfile"] = oscp.ServicePrincipalProfile } + if oscp.PlatformWorkloadIdentityProfile != nil { + objectMap["platformWorkloadIdentityProfile"] = oscp.PlatformWorkloadIdentityProfile + } if oscp.NetworkProfile != nil { objectMap["networkProfile"] = oscp.NetworkProfile } @@ -978,6 +1010,8 @@ type OpenShiftClusterUpdate struct { Tags map[string]*string `json:"tags"` // OpenShiftClusterProperties - The cluster properties. *OpenShiftClusterProperties `json:"properties,omitempty"` + // Identity - Identity stores information about the cluster MSI(s) in a workload identity cluster. + Identity *Identity `json:"identity,omitempty"` // SystemData - READ-ONLY; The system meta data relating to this resource. SystemData *SystemData `json:"systemData,omitempty"` } @@ -991,6 +1025,9 @@ func (oscu OpenShiftClusterUpdate) MarshalJSON() ([]byte, error) { if oscu.OpenShiftClusterProperties != nil { objectMap["properties"] = oscu.OpenShiftClusterProperties } + if oscu.Identity != nil { + objectMap["identity"] = oscu.Identity + } return json.Marshal(objectMap) } @@ -1021,6 +1058,15 @@ func (oscu *OpenShiftClusterUpdate) UnmarshalJSON(body []byte) error { } oscu.OpenShiftClusterProperties = &openShiftClusterProperties } + case "identity": + if v != nil { + var identity Identity + err = json.Unmarshal(*v, &identity) + if err != nil { + return err + } + oscu.Identity = &identity + } case "systemData": if v != nil { var systemData SystemData @@ -1453,6 +1499,35 @@ func NewOperationListPage(cur OperationList, getNextPage func(context.Context, O } } +// PlatformWorkloadIdentity platformWorkloadIdentity stores information representing a single workload +// identity. +type PlatformWorkloadIdentity struct { + OperatorName *string `json:"operatorName,omitempty"` + ResourceID *string `json:"resourceId,omitempty"` + // ClientID - READ-ONLY + ClientID *string `json:"clientId,omitempty"` + // ObjectID - READ-ONLY + ObjectID *string `json:"objectId,omitempty"` +} + +// MarshalJSON is the custom marshaler for PlatformWorkloadIdentity. +func (pwi PlatformWorkloadIdentity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if pwi.OperatorName != nil { + objectMap["operatorName"] = pwi.OperatorName + } + if pwi.ResourceID != nil { + objectMap["resourceId"] = pwi.ResourceID + } + return json.Marshal(objectMap) +} + +// PlatformWorkloadIdentityProfile platformWorkloadIdentityProfile encapsulates all information that is +// specific to workload identity clusters. +type PlatformWorkloadIdentityProfile struct { + PlatformWorkloadIdentities *[]PlatformWorkloadIdentity `json:"platformWorkloadIdentities,omitempty"` +} + // ProxyResource the resource model definition for a Azure Resource Manager proxy resource. It will not // have tags and a location type ProxyResource struct { diff --git a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/__init__.py b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/__init__.py index f06920c51cb..f701a8ff322 100644 --- a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/__init__.py +++ b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/__init__.py @@ -18,9 +18,11 @@ from ._models_py3 import APIServerProfile from ._models_py3 import CloudErrorBody from ._models_py3 import ClusterProfile + from ._models_py3 import ClusterUserAssignedIdentity from ._models_py3 import ConsoleProfile from ._models_py3 import Display from ._models_py3 import EffectiveOutboundIP + from ._models_py3 import Identity from ._models_py3 import IngressProfile from ._models_py3 import LoadBalancerProfile from ._models_py3 import MachinePool @@ -38,6 +40,8 @@ from ._models_py3 import OpenShiftVersionList from ._models_py3 import Operation from ._models_py3 import OperationList + from ._models_py3 import PlatformWorkloadIdentity + from ._models_py3 import PlatformWorkloadIdentityProfile from ._models_py3 import ProxyResource from ._models_py3 import Resource from ._models_py3 import Secret @@ -57,9 +61,11 @@ from ._models import APIServerProfile # type: ignore from ._models import CloudErrorBody # type: ignore from ._models import ClusterProfile # type: ignore + from ._models import ClusterUserAssignedIdentity # type: ignore from ._models import ConsoleProfile # type: ignore from ._models import Display # type: ignore from ._models import EffectiveOutboundIP # type: ignore + from ._models import Identity # type: ignore from ._models import IngressProfile # type: ignore from ._models import LoadBalancerProfile # type: ignore from ._models import MachinePool # type: ignore @@ -77,6 +83,8 @@ from ._models import OpenShiftVersionList # type: ignore from ._models import Operation # type: ignore from ._models import OperationList # type: ignore + from ._models import PlatformWorkloadIdentity # type: ignore + from ._models import PlatformWorkloadIdentityProfile # type: ignore from ._models import ProxyResource # type: ignore from ._models import Resource # type: ignore from ._models import Secret # type: ignore @@ -107,9 +115,11 @@ 'APIServerProfile', 'CloudErrorBody', 'ClusterProfile', + 'ClusterUserAssignedIdentity', 'ConsoleProfile', 'Display', 'EffectiveOutboundIP', + 'Identity', 'IngressProfile', 'LoadBalancerProfile', 'MachinePool', @@ -127,6 +137,8 @@ 'OpenShiftVersionList', 'Operation', 'OperationList', + 'PlatformWorkloadIdentity', + 'PlatformWorkloadIdentityProfile', 'ProxyResource', 'Resource', 'Secret', diff --git a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models.py b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models.py index 41f6583dd45..3e77e23023c 100644 --- a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models.py +++ b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models.py @@ -117,6 +117,8 @@ class ClusterProfile(msrest.serialization.Model): include: "Disabled", "Enabled". :vartype fips_validated_modules: str or ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.FipsValidatedModules + :ivar oidc_issuer: The URL of the managed OIDC issuer in a workload identity cluster. + :vartype oidc_issuer: str """ _attribute_map = { @@ -125,6 +127,7 @@ class ClusterProfile(msrest.serialization.Model): 'version': {'key': 'version', 'type': 'str'}, 'resource_group_id': {'key': 'resourceGroupId', 'type': 'str'}, 'fips_validated_modules': {'key': 'fipsValidatedModules', 'type': 'str'}, + 'oidc_issuer': {'key': 'oidcIssuer', 'type': 'str'}, } def __init__( @@ -144,6 +147,8 @@ def __init__( include: "Disabled", "Enabled". :paramtype fips_validated_modules: str or ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.FipsValidatedModules + :keyword oidc_issuer: The URL of the managed OIDC issuer in a workload identity cluster. + :paramtype oidc_issuer: str """ super(ClusterProfile, self).__init__(**kwargs) self.pull_secret = kwargs.get('pull_secret', None) @@ -151,6 +156,36 @@ def __init__( self.version = kwargs.get('version', None) self.resource_group_id = kwargs.get('resource_group_id', None) self.fips_validated_modules = kwargs.get('fips_validated_modules', None) + self.oidc_issuer = kwargs.get('oidc_issuer', None) + + +class ClusterUserAssignedIdentity(msrest.serialization.Model): + """ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team. + + :ivar client_id: + :vartype client_id: str + :ivar principal_id: + :vartype principal_id: str + """ + + _attribute_map = { + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'principal_id': {'key': 'principalId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + """ + :keyword client_id: + :paramtype client_id: str + :keyword principal_id: + :paramtype principal_id: str + """ + super(ClusterUserAssignedIdentity, self).__init__(**kwargs) + self.client_id = kwargs.get('client_id', None) + self.principal_id = kwargs.get('principal_id', None) class ConsoleProfile(msrest.serialization.Model): @@ -244,6 +279,39 @@ def __init__( self.id = kwargs.get('id', None) +class Identity(msrest.serialization.Model): + """Identity stores information about the cluster MSI(s) in a workload identity cluster. + + :ivar type: + :vartype type: str + :ivar user_assigned_identities: UserAssignedIdentities stores a mapping from resource IDs of + managed identities to their client/principal IDs. + :vartype user_assigned_identities: dict[str, + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ClusterUserAssignedIdentity] + """ + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'user_assigned_identities': {'key': 'userAssignedIdentities', 'type': '{ClusterUserAssignedIdentity}'}, + } + + def __init__( + self, + **kwargs + ): + """ + :keyword type: + :paramtype type: str + :keyword user_assigned_identities: UserAssignedIdentities stores a mapping from resource IDs of + managed identities to their client/principal IDs. + :paramtype user_assigned_identities: dict[str, + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ClusterUserAssignedIdentity] + """ + super(Identity, self).__init__(**kwargs) + self.type = kwargs.get('type', None) + self.user_assigned_identities = kwargs.get('user_assigned_identities', None) + + class IngressProfile(msrest.serialization.Model): """IngressProfile represents an ingress profile. @@ -737,6 +805,9 @@ class OpenShiftCluster(TrackedResource): :ivar service_principal_profile: The cluster service principal profile. :vartype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :ivar platform_workload_identity_profile: The workload identity profile. + :vartype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :ivar network_profile: The cluster network profile. :vartype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile :ivar master_profile: The cluster master profile. @@ -775,6 +846,7 @@ class OpenShiftCluster(TrackedResource): 'cluster_profile': {'key': 'properties.clusterProfile', 'type': 'ClusterProfile'}, 'console_profile': {'key': 'properties.consoleProfile', 'type': 'ConsoleProfile'}, 'service_principal_profile': {'key': 'properties.servicePrincipalProfile', 'type': 'ServicePrincipalProfile'}, + 'platform_workload_identity_profile': {'key': 'properties.platformWorkloadIdentityProfile', 'type': 'PlatformWorkloadIdentityProfile'}, 'network_profile': {'key': 'properties.networkProfile', 'type': 'NetworkProfile'}, 'master_profile': {'key': 'properties.masterProfile', 'type': 'MasterProfile'}, 'worker_profiles': {'key': 'properties.workerProfiles', 'type': '[WorkerProfile]'}, @@ -805,6 +877,9 @@ def __init__( :keyword service_principal_profile: The cluster service principal profile. :paramtype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :keyword platform_workload_identity_profile: The workload identity profile. + :paramtype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :keyword network_profile: The cluster network profile. :paramtype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile @@ -825,6 +900,7 @@ def __init__( self.cluster_profile = kwargs.get('cluster_profile', None) self.console_profile = kwargs.get('console_profile', None) self.service_principal_profile = kwargs.get('service_principal_profile', None) + self.platform_workload_identity_profile = kwargs.get('platform_workload_identity_profile', None) self.network_profile = kwargs.get('network_profile', None) self.master_profile = kwargs.get('master_profile', None) self.worker_profiles = kwargs.get('worker_profiles', None) @@ -921,6 +997,9 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): :ivar tags: A set of tags. The resource tags. :vartype tags: dict[str, str] + :ivar identity: Identity stores information about the cluster MSI(s) in a workload identity + cluster. + :vartype identity: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.Identity :ivar system_data: The system meta data relating to this resource. :vartype system_data: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.SystemData :ivar provisioning_state: The cluster provisioning state. Possible values include: @@ -934,6 +1013,9 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): :ivar service_principal_profile: The cluster service principal profile. :vartype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :ivar platform_workload_identity_profile: The workload identity profile. + :vartype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :ivar network_profile: The cluster network profile. :vartype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile :ivar master_profile: The cluster master profile. @@ -959,11 +1041,13 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): _attribute_map = { 'tags': {'key': 'tags', 'type': '{str}'}, + 'identity': {'key': 'identity', 'type': 'Identity'}, 'system_data': {'key': 'systemData', 'type': 'SystemData'}, 'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'}, 'cluster_profile': {'key': 'properties.clusterProfile', 'type': 'ClusterProfile'}, 'console_profile': {'key': 'properties.consoleProfile', 'type': 'ConsoleProfile'}, 'service_principal_profile': {'key': 'properties.servicePrincipalProfile', 'type': 'ServicePrincipalProfile'}, + 'platform_workload_identity_profile': {'key': 'properties.platformWorkloadIdentityProfile', 'type': 'PlatformWorkloadIdentityProfile'}, 'network_profile': {'key': 'properties.networkProfile', 'type': 'NetworkProfile'}, 'master_profile': {'key': 'properties.masterProfile', 'type': 'MasterProfile'}, 'worker_profiles': {'key': 'properties.workerProfiles', 'type': '[WorkerProfile]'}, @@ -979,6 +1063,9 @@ def __init__( """ :keyword tags: A set of tags. The resource tags. :paramtype tags: dict[str, str] + :keyword identity: Identity stores information about the cluster MSI(s) in a workload identity + cluster. + :paramtype identity: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.Identity :keyword provisioning_state: The cluster provisioning state. Possible values include: "AdminUpdating", "Canceled", "Creating", "Deleting", "Failed", "Succeeded", "Updating". :paramtype provisioning_state: str or @@ -992,6 +1079,9 @@ def __init__( :keyword service_principal_profile: The cluster service principal profile. :paramtype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :keyword platform_workload_identity_profile: The workload identity profile. + :paramtype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :keyword network_profile: The cluster network profile. :paramtype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile @@ -1009,11 +1099,13 @@ def __init__( """ super(OpenShiftClusterUpdate, self).__init__(**kwargs) self.tags = kwargs.get('tags', None) + self.identity = kwargs.get('identity', None) self.system_data = None self.provisioning_state = kwargs.get('provisioning_state', None) self.cluster_profile = kwargs.get('cluster_profile', None) self.console_profile = kwargs.get('console_profile', None) self.service_principal_profile = kwargs.get('service_principal_profile', None) + self.platform_workload_identity_profile = kwargs.get('platform_workload_identity_profile', None) self.network_profile = kwargs.get('network_profile', None) self.master_profile = kwargs.get('master_profile', None) self.worker_profiles = kwargs.get('worker_profiles', None) @@ -1164,6 +1256,75 @@ def __init__( self.next_link = kwargs.get('next_link', None) +class PlatformWorkloadIdentity(msrest.serialization.Model): + """PlatformWorkloadIdentity stores information representing a single workload identity. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar operator_name: + :vartype operator_name: str + :ivar resource_id: + :vartype resource_id: str + :ivar client_id: + :vartype client_id: str + :ivar object_id: + :vartype object_id: str + """ + + _validation = { + 'client_id': {'readonly': True}, + 'object_id': {'readonly': True}, + } + + _attribute_map = { + 'operator_name': {'key': 'operatorName', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + """ + :keyword operator_name: + :paramtype operator_name: str + :keyword resource_id: + :paramtype resource_id: str + """ + super(PlatformWorkloadIdentity, self).__init__(**kwargs) + self.operator_name = kwargs.get('operator_name', None) + self.resource_id = kwargs.get('resource_id', None) + self.client_id = None + self.object_id = None + + +class PlatformWorkloadIdentityProfile(msrest.serialization.Model): + """PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters. + + :ivar platform_workload_identities: + :vartype platform_workload_identities: + list[~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentity] + """ + + _attribute_map = { + 'platform_workload_identities': {'key': 'platformWorkloadIdentities', 'type': '[PlatformWorkloadIdentity]'}, + } + + def __init__( + self, + **kwargs + ): + """ + :keyword platform_workload_identities: + :paramtype platform_workload_identities: + list[~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentity] + """ + super(PlatformWorkloadIdentityProfile, self).__init__(**kwargs) + self.platform_workload_identities = kwargs.get('platform_workload_identities', None) + + class Secret(ProxyResource): """Secret represents a secret. diff --git a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models_py3.py b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models_py3.py index 6bc965188d2..9828713ff69 100644 --- a/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models_py3.py +++ b/python/client/azure/mgmt/redhatopenshift/v2024_08_12_preview/models/_models_py3.py @@ -129,6 +129,8 @@ class ClusterProfile(msrest.serialization.Model): include: "Disabled", "Enabled". :vartype fips_validated_modules: str or ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.FipsValidatedModules + :ivar oidc_issuer: The URL of the managed OIDC issuer in a workload identity cluster. + :vartype oidc_issuer: str """ _attribute_map = { @@ -137,6 +139,7 @@ class ClusterProfile(msrest.serialization.Model): 'version': {'key': 'version', 'type': 'str'}, 'resource_group_id': {'key': 'resourceGroupId', 'type': 'str'}, 'fips_validated_modules': {'key': 'fipsValidatedModules', 'type': 'str'}, + 'oidc_issuer': {'key': 'oidcIssuer', 'type': 'str'}, } def __init__( @@ -147,6 +150,7 @@ def __init__( version: Optional[str] = None, resource_group_id: Optional[str] = None, fips_validated_modules: Optional[Union[str, "FipsValidatedModules"]] = None, + oidc_issuer: Optional[str] = None, **kwargs ): """ @@ -162,6 +166,8 @@ def __init__( include: "Disabled", "Enabled". :paramtype fips_validated_modules: str or ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.FipsValidatedModules + :keyword oidc_issuer: The URL of the managed OIDC issuer in a workload identity cluster. + :paramtype oidc_issuer: str """ super(ClusterProfile, self).__init__(**kwargs) self.pull_secret = pull_secret @@ -169,6 +175,39 @@ def __init__( self.version = version self.resource_group_id = resource_group_id self.fips_validated_modules = fips_validated_modules + self.oidc_issuer = oidc_issuer + + +class ClusterUserAssignedIdentity(msrest.serialization.Model): + """ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team. + + :ivar client_id: + :vartype client_id: str + :ivar principal_id: + :vartype principal_id: str + """ + + _attribute_map = { + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'principal_id': {'key': 'principalId', 'type': 'str'}, + } + + def __init__( + self, + *, + client_id: Optional[str] = None, + principal_id: Optional[str] = None, + **kwargs + ): + """ + :keyword client_id: + :paramtype client_id: str + :keyword principal_id: + :paramtype principal_id: str + """ + super(ClusterUserAssignedIdentity, self).__init__(**kwargs) + self.client_id = client_id + self.principal_id = principal_id class ConsoleProfile(msrest.serialization.Model): @@ -269,6 +308,42 @@ def __init__( self.id = id +class Identity(msrest.serialization.Model): + """Identity stores information about the cluster MSI(s) in a workload identity cluster. + + :ivar type: + :vartype type: str + :ivar user_assigned_identities: UserAssignedIdentities stores a mapping from resource IDs of + managed identities to their client/principal IDs. + :vartype user_assigned_identities: dict[str, + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ClusterUserAssignedIdentity] + """ + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'user_assigned_identities': {'key': 'userAssignedIdentities', 'type': '{ClusterUserAssignedIdentity}'}, + } + + def __init__( + self, + *, + type: Optional[str] = None, + user_assigned_identities: Optional[Dict[str, "ClusterUserAssignedIdentity"]] = None, + **kwargs + ): + """ + :keyword type: + :paramtype type: str + :keyword user_assigned_identities: UserAssignedIdentities stores a mapping from resource IDs of + managed identities to their client/principal IDs. + :paramtype user_assigned_identities: dict[str, + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ClusterUserAssignedIdentity] + """ + super(Identity, self).__init__(**kwargs) + self.type = type + self.user_assigned_identities = user_assigned_identities + + class IngressProfile(msrest.serialization.Model): """IngressProfile represents an ingress profile. @@ -790,6 +865,9 @@ class OpenShiftCluster(TrackedResource): :ivar service_principal_profile: The cluster service principal profile. :vartype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :ivar platform_workload_identity_profile: The workload identity profile. + :vartype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :ivar network_profile: The cluster network profile. :vartype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile :ivar master_profile: The cluster master profile. @@ -828,6 +906,7 @@ class OpenShiftCluster(TrackedResource): 'cluster_profile': {'key': 'properties.clusterProfile', 'type': 'ClusterProfile'}, 'console_profile': {'key': 'properties.consoleProfile', 'type': 'ConsoleProfile'}, 'service_principal_profile': {'key': 'properties.servicePrincipalProfile', 'type': 'ServicePrincipalProfile'}, + 'platform_workload_identity_profile': {'key': 'properties.platformWorkloadIdentityProfile', 'type': 'PlatformWorkloadIdentityProfile'}, 'network_profile': {'key': 'properties.networkProfile', 'type': 'NetworkProfile'}, 'master_profile': {'key': 'properties.masterProfile', 'type': 'MasterProfile'}, 'worker_profiles': {'key': 'properties.workerProfiles', 'type': '[WorkerProfile]'}, @@ -845,6 +924,7 @@ def __init__( cluster_profile: Optional["ClusterProfile"] = None, console_profile: Optional["ConsoleProfile"] = None, service_principal_profile: Optional["ServicePrincipalProfile"] = None, + platform_workload_identity_profile: Optional["PlatformWorkloadIdentityProfile"] = None, network_profile: Optional["NetworkProfile"] = None, master_profile: Optional["MasterProfile"] = None, worker_profiles: Optional[List["WorkerProfile"]] = None, @@ -870,6 +950,9 @@ def __init__( :keyword service_principal_profile: The cluster service principal profile. :paramtype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :keyword platform_workload_identity_profile: The workload identity profile. + :paramtype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :keyword network_profile: The cluster network profile. :paramtype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile @@ -890,6 +973,7 @@ def __init__( self.cluster_profile = cluster_profile self.console_profile = console_profile self.service_principal_profile = service_principal_profile + self.platform_workload_identity_profile = platform_workload_identity_profile self.network_profile = network_profile self.master_profile = master_profile self.worker_profiles = worker_profiles @@ -994,6 +1078,9 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): :ivar tags: A set of tags. The resource tags. :vartype tags: dict[str, str] + :ivar identity: Identity stores information about the cluster MSI(s) in a workload identity + cluster. + :vartype identity: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.Identity :ivar system_data: The system meta data relating to this resource. :vartype system_data: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.SystemData :ivar provisioning_state: The cluster provisioning state. Possible values include: @@ -1007,6 +1094,9 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): :ivar service_principal_profile: The cluster service principal profile. :vartype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :ivar platform_workload_identity_profile: The workload identity profile. + :vartype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :ivar network_profile: The cluster network profile. :vartype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile :ivar master_profile: The cluster master profile. @@ -1032,11 +1122,13 @@ class OpenShiftClusterUpdate(msrest.serialization.Model): _attribute_map = { 'tags': {'key': 'tags', 'type': '{str}'}, + 'identity': {'key': 'identity', 'type': 'Identity'}, 'system_data': {'key': 'systemData', 'type': 'SystemData'}, 'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'}, 'cluster_profile': {'key': 'properties.clusterProfile', 'type': 'ClusterProfile'}, 'console_profile': {'key': 'properties.consoleProfile', 'type': 'ConsoleProfile'}, 'service_principal_profile': {'key': 'properties.servicePrincipalProfile', 'type': 'ServicePrincipalProfile'}, + 'platform_workload_identity_profile': {'key': 'properties.platformWorkloadIdentityProfile', 'type': 'PlatformWorkloadIdentityProfile'}, 'network_profile': {'key': 'properties.networkProfile', 'type': 'NetworkProfile'}, 'master_profile': {'key': 'properties.masterProfile', 'type': 'MasterProfile'}, 'worker_profiles': {'key': 'properties.workerProfiles', 'type': '[WorkerProfile]'}, @@ -1049,10 +1141,12 @@ def __init__( self, *, tags: Optional[Dict[str, str]] = None, + identity: Optional["Identity"] = None, provisioning_state: Optional[Union[str, "ProvisioningState"]] = None, cluster_profile: Optional["ClusterProfile"] = None, console_profile: Optional["ConsoleProfile"] = None, service_principal_profile: Optional["ServicePrincipalProfile"] = None, + platform_workload_identity_profile: Optional["PlatformWorkloadIdentityProfile"] = None, network_profile: Optional["NetworkProfile"] = None, master_profile: Optional["MasterProfile"] = None, worker_profiles: Optional[List["WorkerProfile"]] = None, @@ -1063,6 +1157,9 @@ def __init__( """ :keyword tags: A set of tags. The resource tags. :paramtype tags: dict[str, str] + :keyword identity: Identity stores information about the cluster MSI(s) in a workload identity + cluster. + :paramtype identity: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.Identity :keyword provisioning_state: The cluster provisioning state. Possible values include: "AdminUpdating", "Canceled", "Creating", "Deleting", "Failed", "Succeeded", "Updating". :paramtype provisioning_state: str or @@ -1076,6 +1173,9 @@ def __init__( :keyword service_principal_profile: The cluster service principal profile. :paramtype service_principal_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.ServicePrincipalProfile + :keyword platform_workload_identity_profile: The workload identity profile. + :paramtype platform_workload_identity_profile: + ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentityProfile :keyword network_profile: The cluster network profile. :paramtype network_profile: ~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.NetworkProfile @@ -1093,11 +1193,13 @@ def __init__( """ super(OpenShiftClusterUpdate, self).__init__(**kwargs) self.tags = tags + self.identity = identity self.system_data = None self.provisioning_state = provisioning_state self.cluster_profile = cluster_profile self.console_profile = console_profile self.service_principal_profile = service_principal_profile + self.platform_workload_identity_profile = platform_workload_identity_profile self.network_profile = network_profile self.master_profile = master_profile self.worker_profiles = worker_profiles @@ -1260,6 +1362,80 @@ def __init__( self.next_link = next_link +class PlatformWorkloadIdentity(msrest.serialization.Model): + """PlatformWorkloadIdentity stores information representing a single workload identity. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar operator_name: + :vartype operator_name: str + :ivar resource_id: + :vartype resource_id: str + :ivar client_id: + :vartype client_id: str + :ivar object_id: + :vartype object_id: str + """ + + _validation = { + 'client_id': {'readonly': True}, + 'object_id': {'readonly': True}, + } + + _attribute_map = { + 'operator_name': {'key': 'operatorName', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + *, + operator_name: Optional[str] = None, + resource_id: Optional[str] = None, + **kwargs + ): + """ + :keyword operator_name: + :paramtype operator_name: str + :keyword resource_id: + :paramtype resource_id: str + """ + super(PlatformWorkloadIdentity, self).__init__(**kwargs) + self.operator_name = operator_name + self.resource_id = resource_id + self.client_id = None + self.object_id = None + + +class PlatformWorkloadIdentityProfile(msrest.serialization.Model): + """PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters. + + :ivar platform_workload_identities: + :vartype platform_workload_identities: + list[~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentity] + """ + + _attribute_map = { + 'platform_workload_identities': {'key': 'platformWorkloadIdentities', 'type': '[PlatformWorkloadIdentity]'}, + } + + def __init__( + self, + *, + platform_workload_identities: Optional[List["PlatformWorkloadIdentity"]] = None, + **kwargs + ): + """ + :keyword platform_workload_identities: + :paramtype platform_workload_identities: + list[~azure.mgmt.redhatopenshift.v2024_08_12_preview.models.PlatformWorkloadIdentity] + """ + super(PlatformWorkloadIdentityProfile, self).__init__(**kwargs) + self.platform_workload_identities = platform_workload_identities + + class Secret(ProxyResource): """Secret represents a secret. diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_CreateOrUpdate.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_CreateOrUpdate.json index c80c13dd15b..5f902138fe0 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_CreateOrUpdate.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_CreateOrUpdate.json @@ -21,6 +21,11 @@ "clientId": "clientId", "clientSecret": "clientSecret" }, + "platformWorkloadIdentityProfile": { + "platformWorkloadIdentities": [ + {} + ] + }, "networkProfile": { "podCidr": "10.128.0.0/14", "serviceCidr": "172.30.0.0/16", @@ -54,7 +59,8 @@ "visibility": "Public" } ] - } + }, + "identity": {} } }, "responses": { diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Get.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Get.json index 3f48bad96ad..889710dbf01 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Get.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Get.json @@ -36,6 +36,11 @@ "servicePrincipalProfile": { "clientId": "clientId" }, + "platformWorkloadIdentityProfile": { + "platformWorkloadIdentities": [ + {} + ] + }, "networkProfile": { "podCidr": "10.128.0.0/14", "serviceCidr": "172.30.0.0/16", diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_List.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_List.json index 0ec86b13bc1..2c8ad20f1a5 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_List.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_List.json @@ -36,6 +36,11 @@ "servicePrincipalProfile": { "clientId": "clientId" }, + "platformWorkloadIdentityProfile": { + "platformWorkloadIdentities": [ + {} + ] + }, "networkProfile": { "podCidr": "10.128.0.0/14", "serviceCidr": "172.30.0.0/16", diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_ListByResourceGroup.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_ListByResourceGroup.json index 1721ec50a22..284cd6c54a4 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_ListByResourceGroup.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_ListByResourceGroup.json @@ -37,6 +37,11 @@ "servicePrincipalProfile": { "clientId": "clientId" }, + "platformWorkloadIdentityProfile": { + "platformWorkloadIdentities": [ + {} + ] + }, "networkProfile": { "podCidr": "10.128.0.0/14", "serviceCidr": "172.30.0.0/16", diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Update.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Update.json index 097d9f4a91e..5eb24d8a308 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Update.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/examples/OpenShiftClusters_Update.json @@ -20,6 +20,11 @@ "clientId": "clientId", "clientSecret": "clientSecret" }, + "platformWorkloadIdentityProfile": { + "platformWorkloadIdentities": [ + {} + ] + }, "networkProfile": { "podCidr": "10.128.0.0/14", "serviceCidr": "172.30.0.0/16", @@ -53,7 +58,8 @@ "visibility": "Public" } ] - } + }, + "identity": {} } }, "responses": { diff --git a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json index b856b6cd4ff..c65beac000c 100644 --- a/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json +++ b/swagger/redhatopenshift/resource-manager/Microsoft.RedHatOpenShift/preview/2024-08-12-preview/redhatopenshift.json @@ -1813,6 +1813,22 @@ "fipsValidatedModules": { "$ref": "#/definitions/FipsValidatedModules", "description": "If FIPS validated crypto modules are used" + }, + "oidcIssuer": { + "$ref": "#/definitions/OIDCIssuer", + "description": "The URL of the managed OIDC issuer in a workload identity cluster." + } + } + }, + "ClusterUserAssignedIdentity": { + "description": "ClusterUserAssignedIdentity stores information about a user-assigned managed identity in a predefined format required by Microsoft's Managed Identity team.", + "type": "object", + "properties": { + "clientId": { + "type": "string" + }, + "principalId": { + "type": "string" } } }, @@ -1883,6 +1899,18 @@ "modelAsString": true } }, + "Identity": { + "description": "Identity stores information about the cluster MSI(s) in a workload identity cluster.", + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "userAssignedIdentities": { + "$ref": "#/definitions/UserAssignedIdentities" + } + } + }, "IngressProfile": { "description": "IngressProfile represents an ingress profile.", "type": "object", @@ -2044,6 +2072,10 @@ } } }, + "OIDCIssuer": { + "description": "OIDCIssuer represents the URL of the managed OIDC issuer in a workload identity cluster.", + "type": "string" + }, "OpenShiftCluster": { "description": "OpenShiftCluster represents an Azure Red Hat OpenShift cluster.", "type": "object", @@ -2129,6 +2161,10 @@ "$ref": "#/definitions/ServicePrincipalProfile", "description": "The cluster service principal profile." }, + "platformWorkloadIdentityProfile": { + "$ref": "#/definitions/PlatformWorkloadIdentityProfile", + "description": "The workload identity profile." + }, "networkProfile": { "$ref": "#/definitions/NetworkProfile", "description": "The cluster network profile." @@ -2181,6 +2217,10 @@ "description": "The cluster properties.", "x-ms-client-flatten": true }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "Identity stores information about the cluster MSI(s) in a workload identity cluster." + }, "systemData": { "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/systemData", "description": "The system meta data relating to this resource.", @@ -2285,6 +2325,39 @@ "modelAsString": true } }, + "PlatformWorkloadIdentity": { + "description": "PlatformWorkloadIdentity stores information representing a single workload identity.", + "type": "object", + "properties": { + "operatorName": { + "type": "string" + }, + "resourceId": { + "type": "string" + }, + "clientId": { + "type": "string", + "readOnly": true + }, + "objectId": { + "type": "string", + "readOnly": true + } + } + }, + "PlatformWorkloadIdentityProfile": { + "description": "PlatformWorkloadIdentityProfile encapsulates all information that is specific to workload identity clusters.", + "type": "object", + "properties": { + "platformWorkloadIdentities": { + "type": "array", + "items": { + "$ref": "#/definitions/PlatformWorkloadIdentity" + }, + "x-ms-identifiers": [] + } + } + }, "PreconfiguredNSG": { "description": "PreconfiguredNSG represents whether customers want to use their own NSG attached to the subnets", "enum": [ @@ -2530,6 +2603,13 @@ "type": "string" } }, + "UserAssignedIdentities": { + "description": "UserAssignedIdentities stores a mapping from resource IDs of managed identities to their client/principal IDs.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ClusterUserAssignedIdentity" + } + }, "VMSize": { "description": "VM size availability varies by region.\nIf a node contains insufficient compute resources (memory, cpu, etc.), pods might fail to run correctly.\nFor more details on restricted VM sizes, see: https://docs.microsoft.com/en-us/azure/openshift/support-policies-v4#supported-virtual-machine-sizes", "type": "string"