Update client go

Makefile

@@ -7,6 +7,9 @@ REPO_PATH="$(ORG_PATH)/$(PROJECT_NAME)"
 NMI_BINARY_NAME := nmi
 MIC_BINARY_NAME := mic
 DEMO_BINARY_NAME := demo
+SIMPLE_CMD_BINARY_NAME := simple
+GOOS ?= linux
+TEST_GOOS ?= linux
 IDENTITY_VALIDATOR_BINARY_NAME := identityvalidator
 
 DEFAULT_VERSION := 0.0.0-dev
@@ -62,6 +65,10 @@ clean-demo:
 clean-identity-validator:
 	rm -rf bin/$(PROJECT_NAME)/$(IDENTITY_VALIDATOR_BINARY_NAME)
 
+.PHONY: clean-simple
+clean-simple:
+	rm -rf bin/$(PROJECT_NAME)/$(SIMPLE_CMD_BINARY_NAME)
+
 .PHONY: clean
 clean:
 	rm -rf bin/$(PROJECT_NAME)
@@ -74,13 +81,17 @@ build-nmi: clean-nmi
 build-mic: clean-mic
 	CGO_ENABLED=0 PKG_NAME=github.com/Azure/$(PROJECT_NAME)/cmd/$(MIC_BINARY_NAME) $(MAKE) bin/$(PROJECT_NAME)/$(MIC_BINARY_NAME)
 
+.PHONY: build-simple
+build-simple:
+	CGO_ENABLED=0 PKG_NAME=github.com/Azure/$(PROJECT_NAME)/cmd/$(SIMPLE_CMD_BINARY_NAME) $(MAKE) bin/$(PROJECT_NAME)/$(SIMPLE_CMD_BINARY_NAME)
+
 .PHONY: build-demo
 build-demo: build_tags := netgo osusergo
 build-demo: clean-demo
 	PKG_NAME=github.com/Azure/$(PROJECT_NAME)/cmd/$(DEMO_BINARY_NAME) ${MAKE} bin/$(PROJECT_NAME)/$(DEMO_BINARY_NAME)
 
 bin/%:
-	GOOS=linux GOARCH=amd64 go build $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
+	GOOS=$(GOOS) GOARCH=amd64 go build $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
 
 .PHONY: build-identity-validator
 build-identity-validator: clean-identity-validator
@@ -137,11 +148,11 @@ push: push-nmi push-mic push-demo push-identity-validator
 
 .PHONY: e2e
 e2e:
-	go test github.com/Azure/$(PROJECT_NAME)/test/e2e $(E2E_TEST_OPTIONS)
+	GOOS=$(TEST_GOOS) go test github.com/Azure/$(PROJECT_NAME)/test/e2e $(E2E_TEST_OPTIONS)
 
 .PHONY: unit-test
 unit-test:
-	go test -race -count=1 $(shell go list ./... | grep -v /test/e2e) -v
+	GOOS=$(TEST_GOOS) go test -race -count=1 $(shell go list ./... | grep -v /test/e2e) -v
 
 .PHONY: validate-version
 validate-version: validate-version-NMI validate-version-MIC validate-version-IDENTITY_VALIDATOR validate-version-DEMO

cmd/mic/main.go

@@ -31,9 +31,12 @@ var (
 	clientQPS           float64
 	prometheusPort      string
 	immutableUserMSIs   string
+	cmConfig            mic.CMConfig
+	typeUpgradeConfig   mic.TypeUpgradeConfig
 )
 
 func main() {
+	klog.InitFlags(nil)
 	defer klog.Flush()
 	hostName, err := os.Hostname()
 	if err != nil {
@@ -72,7 +75,20 @@ func main() {
 	//Identities that should be never removed from Azure AD (used defined managed identities)
 	flag.StringVar(&immutableUserMSIs, "immutable-user-msis", "", "prevent deletion of these IDs from the underlying VM/VMSS")
 
+	// Config map for aad-pod-identity
+	flag.StringVar(&cmConfig.Name, "config-map-name", "aad-pod-identity-config", "Configmap name")
+	// Config map details for the type changes in the context of client-go upgrade.
+	flag.StringVar(&typeUpgradeConfig.TypeUpgradeStatusKey, "type-upgrade-status-key", "type-upgrade-status", "Configmap key for type upgrade status")
+	flag.BoolVar(&typeUpgradeConfig.EnableTypeUpgrade, "enable-type-upgrade", true, "Enable type upgrade")
+
 	flag.Parse()
+
+	podns := os.Getenv("MIC_POD_NAMESPACE")
+	if podns == "" {
+		klog.Fatalf("namespace not specified. Please add meta.namespace as env variable MIC_POD_NAMESPACE")
+	}
+	cmConfig.Namespace = podns
+
 	if versionInfo {
 		version.PrintVersionAndExit()
 	}
@@ -113,7 +129,20 @@ func main() {
 		immutableUserMSIsList = strings.Split(immutableUserMSIs, ",")
 	}
 
-	micClient, err := mic.NewMICClient(cloudconfig, config, forceNamespaced, syncRetryDuration, &leaderElectionCfg, enableScaleFeatures, createDeleteBatch, immutableUserMSIsList)
+	micConfig := &mic.Config{
+		CloudCfgPath:          cloudconfig,
+		RestConfig:            config,
+		IsNamespaced:          forceNamespaced,
+		SyncRetryInterval:     syncRetryDuration,
+		LeaderElectionCfg:     &leaderElectionCfg,
+		EnableScaleFeatures:   enableScaleFeatures,
+		CreateDeleteBatch:     createDeleteBatch,
+		ImmutableUserMSIsList: immutableUserMSIsList,
+		CMcfg:                 &cmConfig,
+		TypeUpgradeCfg:        &typeUpgradeConfig,
+	}
+
+	micClient, err := mic.NewMICClient(micConfig)
 	if err != nil {
 		klog.Fatalf("Could not get the MIC client: %+v", err)
 	}

cmd/simple/main.go

@@ -0,0 +1,103 @@
+package main
+
+import (
+	"flag"
+
+	"github.com/Azure/aad-pod-identity/version"
+
+	"encoding/json"
+	"os"
+
+	aadpodid "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity"
+	"github.com/Azure/aad-pod-identity/pkg/crd"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/klog"
+)
+
+var (
+	kubeconfig string
+)
+
+func main() {
+	defer klog.Flush()
+	flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to the kube config")
+
+	flag.Set("logtostderr", "true")
+	flag.Set("v", "10")
+
+	flag.Parse()
+
+	klog.V(2).Infof("Starting simple process. Version: %v. Build date: %v", version.MICVersion, version.BuildDate)
+	if kubeconfig == "" {
+		klog.Warningf("--kubeconfig not passed will use InClusterConfig")
+	}
+
+	klog.V(2).Infof("kubeconfig (%s)", kubeconfig)
+	config, err := buildConfig(kubeconfig)
+	if err != nil {
+		klog.Fatalf("Could not read config properly. Check the k8s config file, %+v", err)
+	}
+
+	eventCh := make(chan aadpodid.EventType, 100)
+	crdClient, err := crd.NewCRDClient(config, eventCh)
+	if err != nil {
+		klog.Fatalf("%+v", err)
+	}
+
+	// Starts the leader election loop
+	var exit <-chan struct{}
+	crdClient.Start(exit)
+	crdClient.SyncCacheAll(exit, true)
+
+	ids, err := crdClient.ListIds()
+	if err != nil {
+		klog.Fatalf("Could not get the identities: %+v", err)
+	}
+	klog.Infof("Identities len: %d", len(*ids))
+	for _, v := range *ids {
+		buf, err := json.MarshalIndent(v, "", "    ")
+		if err != nil {
+			klog.Errorf("Error in marshalling: %+v", err)
+			os.Exit(1)
+		}
+		klog.Infof("\n%s", string(buf))
+	}
+
+	bindings, err := crdClient.ListBindings()
+	if err != nil {
+		klog.Fatalf("Could not get the bindings: %+v", err)
+	}
+	klog.Infof("Bindings len: %d", len(*bindings))
+	for _, v := range *bindings {
+		buf, err := json.MarshalIndent(v, "", "    ")
+		if err != nil {
+			klog.Errorf("Error in marshalling: %+v", err)
+			os.Exit(1)
+		}
+		klog.Infof("\n%s", string(buf))
+	}
+
+	assignedIDs, err := crdClient.ListAssignedIDs()
+	if err != nil {
+		klog.Fatalf("Could not get assigned ID")
+	}
+
+	for _, a := range *assignedIDs {
+		buf, err := json.MarshalIndent(a, "", "    ")
+		if err != nil {
+			klog.Errorf("Error in marshalling: %+v", err)
+			os.Exit(1)
+		}
+		klog.Infof("\n%s", string(buf))
+	}
+	klog.Info("\nDone !")
+}
+
+// Create the client config. Use kubeconfig if given, otherwise assume in-cluster.
+func buildConfig(kubeconfigPath string) (*rest.Config, error) {
+	if kubeconfigPath != "" {
+		return clientcmd.BuildConfigFromFlags("", kubeconfigPath)
+	}
+	return rest.InClusterConfig()
+}

deploy/infra/deployment-rbac.yaml

@@ -179,12 +179,18 @@ rules:
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["create", "patch"]
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "create", "update"]
 - apiGroups: [""]
   resources: ["endpoints"]
   verbs: ["create", "get","update"]
 - apiGroups: ["aadpodidentity.k8s.io"]
   resources: ["azureidentitybindings", "azureidentities"]
-  verbs: ["get", "list", "watch", "post"]
+  verbs: ["get", "list", "watch", "post", "update"]
+- apiGroups: ["aadpodidentity.k8s.io"]
+  resources: ["azurepodidentityexceptions"]
+  verbs: ["list", "update"]
 - apiGroups: ["aadpodidentity.k8s.io"]
   resources: ["azureassignedidentities"]
   verbs: ["*"]
@@ -232,6 +238,11 @@ spec:
         args:
           - "--cloudconfig=/etc/kubernetes/azure.json"
           - "--logtostderr"
+        env:
+        - name: MIC_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace                
         resources:
           limits:
             cpu: 200m