Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate RP from Azure AD Graph to Microsoft Graph #1970

Merged
merged 12 commits into from
Jun 14, 2023
+1,326,042 −12,109
Merged

Migrate RP from Azure AD Graph to Microsoft Graph #1970

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
5125f08
go.mod: Add github.com/microsoftgraph/msgraph-sdk-go
mbarnes Feb 9, 2023
8729401
azureclient: Add NewGraphServiceClient
mbarnes Mar 2, 2023
25fee28
pkg/util/graph: Add GetServicePrincipalIDByAppID
mbarnes Mar 2, 2023
e9765db
armhelper: Use MS Graph to obtain service principal ID
mbarnes Feb 10, 2023
96d3a73
armhelper: Remove unused authorizer parameter
mbarnes Mar 1, 2023
b9e878c
Use MS Graph endpoint to validate service principal
mbarnes Mar 2, 2023
6de830a
pkg/cluster: Use MS Graph to obtain service principal ID
mbarnes Feb 9, 2023
bcb2cb9
pkg/util/cluster: Use MS Graph to create and delete clusters
mbarnes Feb 14, 2023
7257d6c
Pretty-print OData errors from MS Graph
mbarnes Feb 21, 2023
5af68ff
azureclient: Remove ActiveDirectoryGraphScope
mbarnes Apr 4, 2023
dd4f4a6
Remove pkg/util/azureclient/graphrbac
mbarnes Feb 17, 2023
643ff9e
pipelines: Run CodeQL analysis for Go on 1ES Hosted Pool
mbarnes Mar 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
strategy:
fail-fast: false
matrix:
language: ['go', 'javascript', 'python']
language: ['javascript', 'python']
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
Expand Down
2 changes: 0 additions & 2 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,6 @@ linters-settings:
alias: testdynamichelper
- pkg: github.com/Azure/ARO-RP/test/util/log
alias: testlog
- pkg: github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac
alias: azgraphrbac
- pkg: github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault
alias: azkeyvault
- pkg: github.com/Azure/azure-sdk-for-go/storage
Expand Down
27 changes: 27 additions & 0 deletions .pipelines/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,17 @@
# Azure DevOps Pipeline running CI
#
# Note: This pipeline uses a secret variable "github_codeql_upload_token".
# This is a GitHub Personal Access Token (Classic) owned by mbarnes.
# It has no expiration and only has the "security_events" scope for
# the purpose of uploading CodeQL results.
#
# However, for this secret to be available to pull requests from
# forked ARO-RP repositories, the pipeline option "Make secrets
# available to builds of forks" is enabled.
#
# More information:
# https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/github#contributions-from-forks
#
trigger:
branches:
include:
Expand Down Expand Up @@ -31,6 +44,20 @@ variables:
- template: vars.yml

jobs:
- job: Golang_CodeQL
pool:
name: 1es-aro-ci-pool
variables:
HOME: $(Agent.BuildDirectory)
steps:
- template: ./templates/template-checkout.yml
- template: ./templates/template-codeql.yml
parameters:
language: go
target: golang
github_token: $(github_codeql_upload_token)
timeoutInMinutes: 120

- job: Python_Unit_Tests
pool:
name: 1es-aro-ci-pool
Expand Down
36 changes: 36 additions & 0 deletions .pipelines/templates/template-codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
parameters:
- name: language
type: string
values:
# Based on "codeql resolve languages"
- cpp
- csharp
- csv
- go
- html
- java
- javascript
- properties
- python
- ruby
- xml
- name: target
type: string
default: host
- name: github_token
type: string

# Based on "Use CodeQL in CI system" documentation:
# https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
steps:
- script: |
set -xe
sarif_file=codeql-results-${{ parameters.language }}.sarif
wget --quiet --output-document=- https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.gz | tar --extract --gunzip
./codeql/codeql database create ./codeql-db --language=${{ parameters.language }}
./codeql/codeql database analyze ./codeql-db --format=sarif-latest --sarif-category=no --output=${sarif_file}
./codeql/codeql github upload-results --sarif=${sarif_file} --ref=$(Build.SourceBranch)
env:
GITHUB_TOKEN: ${{ parameters.github_token }}
displayName: ⚙️ CodeQL Analysis (${{ parameters.language }})
target: ${{ parameters.target }}
52 changes: 32 additions & 20 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.18

require (
github.com/Azure/azure-sdk-for-go v63.1.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2
github.com/Azure/go-autorest/autorest v0.11.27
github.com/Azure/go-autorest/autorest/adal v0.9.20
Expand All @@ -21,11 +21,12 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/ignition/v2 v2.14.0
github.com/coreos/stream-metadata-go v0.2.0
github.com/davecgh/go-spew v1.1.1
github.com/form3tech-oss/jwt-go v3.2.5+incompatible
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/go-bindata/go-bindata v3.1.2+incompatible
github.com/go-chi/chi/v5 v5.0.8
github.com/go-logr/logr v1.2.3
github.com/go-logr/logr v1.2.4
github.com/go-test/deep v1.0.8
github.com/gofrs/uuid v4.2.0+incompatible
github.com/golang-jwt/jwt/v4 v4.5.0
Expand All @@ -38,6 +39,7 @@ require (
github.com/gorilla/sessions v1.2.1
github.com/jewzaam/go-cosmosdb v0.0.0-20220315232836-282b67c5b234
github.com/jongio/azidext/go/azidext v0.4.0
github.com/microsoftgraph/msgraph-sdk-go v1.4.0
github.com/onsi/ginkgo/v2 v2.3.1
github.com/onsi/gomega v1.22.0
github.com/open-policy-agent/frameworks/constraint v0.0.0-20221109005544-7de84dff5081
Expand All @@ -56,7 +58,7 @@ require (
github.com/prometheus/common v0.37.0
github.com/serge1peshcoff/selenium-go-conditions v0.0.0-20170824121757-5afbdb74596b
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.1
github.com/stretchr/testify v1.8.3
github.com/tebeka/selenium v0.9.9
github.com/ugorji/go/codec v1.2.7
golang.org/x/crypto v0.9.0
Expand All @@ -65,24 +67,24 @@ require (
golang.org/x/sync v0.1.0
golang.org/x/text v0.9.0
golang.org/x/tools v0.6.0
k8s.io/api v0.24.7
k8s.io/apiextensions-apiserver v0.24.7
k8s.io/apimachinery v0.24.7
k8s.io/api v0.25.0
k8s.io/apiextensions-apiserver v0.25.0
k8s.io/apimachinery v0.25.0
k8s.io/cli-runtime v0.24.1
k8s.io/client-go v12.0.0+incompatible
k8s.io/code-generator v0.24.1
k8s.io/kubectl v0.24.1
k8s.io/kubernetes v1.23.5
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
sigs.k8s.io/cluster-api-provider-azure v1.2.1
sigs.k8s.io/controller-runtime v0.12.3
sigs.k8s.io/controller-runtime v0.13.1
sigs.k8s.io/controller-tools v0.9.0
)

require (
cloud.google.com/go/compute v1.5.0 // indirect
github.com/AlecAivazis/survey/v2 v2.3.4 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
Expand Down Expand Up @@ -111,6 +113,7 @@ require (
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
github.com/cjlapao/common-go v0.0.39 // indirect
github.com/clarketm/json v1.17.1 // indirect
github.com/containers/image v3.0.2+incompatible // indirect
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a // indirect
Expand All @@ -119,7 +122,6 @@ require (
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
github.com/coreos/ignition v0.35.0 // indirect
github.com/coreos/vcontext v0.0.0-20220326205524-7fcaf69e7050 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v20.10.24+incompatible // indirect
Expand All @@ -129,9 +131,10 @@ require (
github.com/docker/go-units v0.4.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/fatih/color v1.14.1 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/errors v0.20.2 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.6 // indirect
Expand Down Expand Up @@ -176,14 +179,21 @@ require (
github.com/libvirt/libvirt-go v7.4.0+incompatible // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.17 // indirect
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/metal3-io/baremetal-operator v0.0.0-20220405082045-575f5c90718a // indirect
github.com/metal3-io/baremetal-operator/apis v0.0.0 // indirect
github.com/metal3-io/baremetal-operator/pkg/hardwareutils v0.0.0 // indirect
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
github.com/microsoft/kiota-abstractions-go v1.0.0 // indirect
github.com/microsoft/kiota-authentication-azure-go v1.0.0 // indirect
github.com/microsoft/kiota-http-go v1.0.0 // indirect
github.com/microsoft/kiota-serialization-form-go v1.0.0 // indirect
github.com/microsoft/kiota-serialization-json-go v1.0.1 // indirect
github.com/microsoft/kiota-serialization-text-go v1.0.0 // indirect
github.com/microsoftgraph/msgraph-sdk-go-core v1.0.0 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
Expand Down Expand Up @@ -222,24 +232,26 @@ require (
github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/stretchr/objx v0.3.0 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/vbauerster/mpb/v7 v7.4.1 // indirect
github.com/vincent-petithory/dataurl v1.0.0 // indirect
github.com/vmware/govmomi v0.27.4 // indirect
github.com/xlab/treeprint v1.1.0 // indirect
github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
go.etcd.io/bbolt v1.3.6 // indirect
go.mongodb.org/mongo-driver v1.9.0 // indirect
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
go.opencensus.io v0.23.0 // indirect
go.opentelemetry.io/otel v1.15.1 // indirect
go.opentelemetry.io/otel/trace v1.15.1 // indirect
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
go.uber.org/atomic v1.8.0 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.8.0 // indirect
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/api v0.74.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
Expand All @@ -253,19 +265,19 @@ require (
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiserver v0.24.7 // indirect
k8s.io/component-base v0.24.7 // indirect
k8s.io/component-base v0.25.0 // indirect
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
k8s.io/klog v1.0.0 // indirect
k8s.io/klog/v2 v2.60.1 // indirect
k8s.io/klog/v2 v2.70.1 // indirect
k8s.io/kube-aggregator v0.24.1 // indirect
k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
sigs.k8s.io/cluster-api-provider-aws v1.4.0 // indirect
sigs.k8s.io/cluster-api-provider-openstack v0.5.3 // indirect
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect
sigs.k8s.io/kustomize/api v0.11.4 // indirect
sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

Expand Down
Loading