Merge pull request #950 from Azure/operators-authentication

api: Define OperatorsAuthentication model
Azure · Dec 10, 2024 · e4f974f · e4f974f
2 parents a0f908b + 46acea7
commit e4f974f
Show file tree

Hide file tree

Showing 4 changed files with 199 additions and 1 deletion.
diff --git a/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp b/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp
@@ -323,6 +323,9 @@ model PlatformProfile {
    * Is used the https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
    */
   etcdEncryptionSetId?: string;
+
+  /** The configuration that the operators of the cluster have to authenticate to Azure */
+  operatorsAuthentication: OperatorsAuthenticationProfile;
 }
 
 scalar SubnetResourceId
@@ -338,6 +341,7 @@ scalar NetworkSecurityGroupResourceId
       type: "Microsoft.Network/networkSecurityGroups",
     }
   ]>;
+
 /** The outbound routing strategy used to provide your cluster egress to the internet. */
 union OutboundType {
   string,
@@ -346,6 +350,41 @@ union OutboundType {
   loadBalancer: "loadBalancer",
 }
 
+/** The configuration that the operators of the cluster have to authenticate to Azure. */
+model OperatorsAuthenticationProfile {
+  /** Represents the information related to Azure User-Assigned managed identities needed
+   * to perform Operators authentication based on Azure User-Assigned Managed Identities */
+  userAssignedIdentities: UserAssignedIdentitiesProfile;
+}
+
+/** Represents the information related to Azure User-Assigned managed identities needed
+ * to perform Operators authentication based on Azure User-Assigned Managed Identities */
+model UserAssignedIdentitiesProfile {
+  /** The set of Azure User-Assigned Managed Identities leveraged for the Control Plane
+   * operators of the cluster. The set of required managed identities is dependent on the
+   * Cluster's OpenShift version. */
+  #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "operator name to user assigned identity pairings"
+  controlPlaneOperators: Record<UserAssignedIdentityResourceId>;
+
+  /** The set of Azure User-Assigned Managed Identities leveraged for the Data Plane
+   * operators of the cluster. The set of required managed identities is dependent on the
+   * Cluster's OpenShift version. */
+  #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "operator name to user assigned identity pairings"
+  dataPlaneOperators: Record<UserAssignedIdentityResourceId>;
+
+  /** Represents the information associated to an Azure User-Assigned Managed Identity whose
+   * purpose is to perform service level actions. */
+  @visibility("create", "read")
+  serviceManagedIdentity: UserAssignedIdentityResourceId;
+}
+
+scalar UserAssignedIdentityResourceId
+  extends Azure.Core.armResourceIdentifier<[
+    {
+      type: "Microsoft.ManagedIdentity/userAssignedIdentities",
+    }
+  ]>;
+
 /*
  * =======================================
  *   End HCP cluster core resources

diff --git a/...rce-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json b/...rce-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json
@@ -1914,6 +1914,19 @@
         "platform"
       ]
     },
+    "OperatorsAuthenticationProfile": {
+      "type": "object",
+      "description": "The configuration that the operators of the cluster have to authenticate to Azure.",
+      "properties": {
+        "userAssignedIdentities": {
+          "$ref": "#/definitions/UserAssignedIdentitiesProfile",
+          "description": "Represents the information related to Azure User-Assigned managed identities needed\nto perform Operators authentication based on Azure User-Assigned Managed Identities"
+        }
+      },
+      "required": [
+        "userAssignedIdentities"
+      ]
+    },
     "PlatformProfile": {
       "type": "object",
       "description": "Azure specific configuration",
@@ -1952,10 +1965,15 @@
         "etcdEncryptionSetId": {
           "type": "string",
           "description": "The id of the disk encryption set to be used for etcd.\nConfigure this when `etcdEncryption` is set to true\nIs used the https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview"
+        },
+        "operatorsAuthentication": {
+          "$ref": "#/definitions/OperatorsAuthenticationProfile",
+          "description": "The configuration that the operators of the cluster have to authenticate to Azure"
         }
       },
       "required": [
-        "subnetId"
+        "subnetId",
+        "operatorsAuthentication"
       ]
     },
     "ProvisioningState": {
@@ -2130,6 +2148,51 @@
         "ca"
       ]
     },
+    "UserAssignedIdentitiesProfile": {
+      "type": "object",
+      "description": "Represents the information related to Azure User-Assigned managed identities needed\nto perform Operators authentication based on Azure User-Assigned Managed Identities",
+      "properties": {
+        "controlPlaneOperators": {
+          "type": "object",
+          "description": "The set of Azure User-Assigned Managed Identities leveraged for the Control Plane\noperators of the cluster. The set of required managed identities is dependent on the\nCluster's OpenShift version.",
+          "additionalProperties": {
+            "$ref": "#/definitions/UserAssignedIdentityResourceId"
+          }
+        },
+        "dataPlaneOperators": {
+          "type": "object",
+          "description": "The set of Azure User-Assigned Managed Identities leveraged for the Data Plane\noperators of the cluster. The set of required managed identities is dependent on the\nCluster's OpenShift version.",
+          "additionalProperties": {
+            "$ref": "#/definitions/UserAssignedIdentityResourceId"
+          }
+        },
+        "serviceManagedIdentity": {
+          "$ref": "#/definitions/UserAssignedIdentityResourceId",
+          "description": "Represents the information associated to an Azure User-Assigned Managed Identity whose\npurpose is to perform service level actions.",
+          "x-ms-mutability": [
+            "read",
+            "create"
+          ]
+        }
+      },
+      "required": [
+        "controlPlaneOperators",
+        "dataPlaneOperators",
+        "serviceManagedIdentity"
+      ]
+    },
+    "UserAssignedIdentityResourceId": {
+      "type": "string",
+      "format": "arm-id",
+      "description": "A type definition that refers the id to an Azure Resource Manager resource.",
+      "x-ms-arm-id-details": {
+        "allowedResources": [
+          {
+            "type": "Microsoft.ManagedIdentity/userAssignedIdentities"
+          }
+        ]
+      }
+    },
     "VersionProfile": {
       "type": "object",
       "description": "Versions represents an OpenShift version.",

diff --git a/internal/api/v20240610preview/generated/models.go b/internal/api/v20240610preview/generated/models.go
diff --git a/internal/api/v20240610preview/generated/models_serde.go b/internal/api/v20240610preview/generated/models_serde.go