Feature/add pim resources

[knutejoh]

Description of your changes

Fixes #710

Adding azurerm_pim_eligible_role_assignment and azurerm_pim_active_role_assignment objects to the provider.

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Setup kind with the new resources
make run
Added resources with manually entered principalId, scope and roledefinition, using the new definition without lists.
Crossplane successfully created the resources in Azure

knutejoh@home:~/code/provider-upjet-azure$ kubectl get PimEligibleRoleAssignment testpimresource
NAME              SYNCED   READY   EXTERNAL-NAME
                                                                                                                                                                  AGE
testpimresource   True     True    /subscriptions/UUID/resourceGroups/test/providers/Microsoft.Storage/storageAccounts/test|/subscriptions/UUID/providers/Microsoft.Authorization/roleDefinitions/UUID|UUID 41s

knutejoh@home:~/code/provider-upjet-azure$ kubectl get PimactiveRoleAssignment pimactiveroleassignmentest
NAME                         SYNCED   READY   EXTERNAL-NAME
                                                                                                                                                                             AGE
pimactiveroleassignmentest   True     True    /subscriptions/UUID/resourceGroups/test/providers/Microsoft.Storage/storageAccounts/test|/subscriptions/UUID/providers/Microsoft.Authorization/roleDefinitions/UUID|UUID   2m54s

[jeanduplessis]

/test-examples="examples/authorization/pimactiveroleassignment.yaml"

[jeanduplessis]

/test-examples="examples/authorization/pimeligibleroleassignment.yaml"

[knutejoh]

Sorry for the mulitple ammends, had forgotton to sign off the commits. Should be in place now.

[jeanduplessis]

/test-examples="examples/authorization/pimactiveroleassignment.yaml"

[jeanduplessis]

/test-examples="examples/authorization/pimeligibleroleassignment.yaml"

[knutejoh]

The check-diff is failing for the resources that were changed automatically by just running make reviewable. All changes are changing “ to ``, and they are probably changed back when the script is run. Could this be an issue with locale/charset? I see other pull requests have the same issue as well.

[turkenf]

Hi @knutejoh, thank you for your effort in this PR.

Could you please run make generate, and after the process is completed, please try to commit all the changes?

[knutejoh]

@turkenf
Just ran make generate, and no changes were generated

`

make generate
22:24:12 [ .. ] verify go modules dependencies have expected content
all modules verified
22:24:18 [ OK ] go modules dependencies verified
22:24:18 [ .. ] generating provider schema for hashicorp/azurerm 3.95.0
22:24:24 [ OK ] generating provider schema for hashicorp/azurerm 3.95.0
rm -fR ".../provider-upjet-azure/.work/terraform-provider-azurerm"
git clone -c advice.detachedHead=false --depth 1 --filter=blob:none --branch "v3.95.0" --sparse "https://github.com/hashicorp/terraform-provider-azurerm" ".../provider-upjet-azure/.work/terraform-provider-azurerm";
Cloning into '/home/knutejoh/code/provider-upjet-azure/.work/terraform-provider-azurerm'...
remote: Enumerating objects: 2768, done.
remote: Counting objects: 100% (2768/2768), done.
remote: Compressing objects: 100% (2102/2102), done.
remote: Total 2768 (delta 73), reused 1570 (delta 66), pack-reused 0
Receiving objects: 100% (2768/2768), 1.15 MiB | 6.17 MiB/s, done.
Resolving deltas: 100% (73/73), done.
remote: Enumerating objects: 19, done.
remote: Counting objects: 100% (19/19), done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 19 (delta 4), reused 4 (delta 0), pack-reused 0
Receiving objects: 100% (19/19), 235.51 KiB | 2.26 MiB/s, done.
Resolving deltas: 100% (4/4), done.
remote: Enumerating objects: 1071, done.
remote: Counting objects: 100% (1071/1071), done.
remote: Compressing objects: 100% (765/765), done.
remote: Total 1071 (delta 413), reused 506 (delta 306), pack-reused 0
Receiving objects: 100% (1071/1071), 1.37 MiB | 8.02 MiB/s, done.
Resolving deltas: 100% (413/413), done.
Updating files: 100% (1090/1090), done.
22:24:27 [ .. ] go generate linux_amd64

Generated 723 resources!
22:26:05 [ OK ] go generate linux_amd64
22:26:05 [ .. ] go mod tidy
22:26:07 [ OK ] go mod tidy

git status
On branch feature/add-pim-resources
Your branch is up to date with 'origin/feature/add-pim-resources'.

nothing to commit, working tree clean`

[turkenf]

Could this be an issue with locale/charset?

As you mentioned, the issue may be caused by your locale. When I run make generate:

> git status
On branch feature/add-pim-resources
Your branch is up to date with 'knut/feature/add-pim-resources'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   apis/datafactory/v1beta1/zz_datasetsnowflake_types.go
	modified:   apis/web/v1beta1/zz_functionapp_types.go
	modified:   apis/web/v1beta1/zz_linuxfunctionapp_types.go
	modified:   package/crds/datafactory.azure.upbound.io_datasetsnowflakes.yaml
	modified:   package/crds/web.azure.upbound.io_functionapps.yaml
	modified:   package/crds/web.azure.upbound.io_linuxfunctionapps.yaml

[knutejoh]

What is your locale set to when you run the command? I see pull request #725 also has the same issue with the same resources.

[turkenf]

What is your locale set to when you run the command? I see pull request #725 also has the same issue with the same resources.

I encountered this issue the first time and my teammate @sergenyalcin said that he had encountered the same issue before.
Apart from the locale/charset settings we mentioned above, it may be caused by the go version or an old dependency in the go mod.

It works fine in my local with the following settings:

> go version
go version go1.21.0 darwin/arm64
> locale
LANG=""
LC_COLLATE="C"
LC_CTYPE="UTF-8"
LC_MESSAGES="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_ALL=

Please try the above settings and if the issue continues to reoccur, uncommit the changes to the following files:

apis/datafactory/v1beta1/zz_datasetsnowflake_types.go
apis/web/v1beta1/zz_functionapp_types.go
apis/web/v1beta1/zz_linuxfunctionapp_types.go
package/crds/datafactory.azure.upbound.io_datasetsnowflakes.yaml
package/crds/web.azure.upbound.io_functionapps.yaml
package/crds/web.azure.upbound.io_linuxfunctionapps.yaml

[knutejoh]

I removed the changes in the mentioned files as requested :)

[turkenf]

Thank you for your contribution @knutejoh, I left a small comment and explanation about testing below.

Additionally, if newly added resources cannot be tested automatically, we prefer to first test them manually and write the results in the description. The two resources added here have some specific parameters (principalId, roleDefinitionId, scope), so it does not seem possible to test them with uptest at the beginning.

Here we have rough testing steps when adding a new resource. Please put the logs/screenshots in the How has this code been tested section after testing it manually.

[knutejoh]

Finally got it tested, added some comments in the initial comment.

[turkenf]

/test-examples="examples/authorization/roledefinition.yaml"

[turkenf]

Thank you for your tests and comments.

I have defined values for scope, principalId and roleDefinitionId to be used in automatic tests for the data that I recommend to you. I tested it locally and it worked, but I'm not sure if it will work in our test account. If it does not work, we can add a manual intervention and merge this PR.

I also left a comment for you to consider regarding the startDateTime field.

[turkenf]

Hey @knutejoh,

We appreciate your efforts so far to include these resources. If you'd like to proceed with merging this PR into an upcoming release, please review the comments above. If there's anything you don't understand, feel free to ask for clarification.

[knutejoh]

I've implemented the suggested changes, ended up removing the startDateTime field as it's optional.

[turkenf]

/test-examples="examples/authorization/pimactiveroleassignment.yaml"

[turkenf]

Thank you for addressing the last review comments, the ID we defined did not work for the test account, so for now we can add manual intervention to avoid blocking this PR and get these resources for the next release. And can you please solve the conflicts?

[turkenf]

Hi @knutejoh,

Thank you for being so patient here. Things seem a bit confusing here after this change. I see that you have rebased the recent changes and added v1beta2 versions of the examples. I did a few tests with the current version of PR and encountered some issues.

First of all, since we have just added these resources, we want their versions to be v1beta1 and we should not need to add v1beta2 versions for now.

Let me simply explain what we need to do below:

1. Fetch the latest version of the repo and reset your branch to main
2. Add external name configurations of resources
3. Go to config/authorization/config.go and add the following configurations for the two resources:

	p.AddResourceConfigurator("azurerm_pim_active_role_assignment", func(r *config.Resource) {
		r.PreviousVersions = nil
		r.Version = "v1beta1"
		r.Conversions = nil
		r.TerraformConversions = []config.TerraformConversion{
			config.NewTFSingletonConversion(),
		}
	})
	p.AddResourceConfigurator("azurerm_pim_eligible_role_assignment", func(r *config.Resource) {
		r.PreviousVersions = nil
		r.Version = "v1beta1"
		r.Conversions = nil
		r.TerraformConversions = []config.TerraformConversion{
			config.NewTFSingletonConversion(),
		}
	})

With the last changes, we add the above to override the configurations we made here and generate the v1beta1 version of the resource. We will improve and automate this in future versions.
4. Run make generate
5. Copy generated examples under the examples file. Embedded objects appear as a list in generated examples, please pay attention to this. For example, the PimActiveRoleAssignment.authorization resource should be as follows:

apiVersion: authorization.azure.upbound.io/v1beta1
kind: PimActiveRoleAssignment
metadata:
  annotations:
    meta.upbound.io/example-id: authorization/v1beta1/pimactiveroleassignment
    upjet.upbound.io/manual-intervention: "This resource needs a valid roleDefinitionId"
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    justification: Expiration Duration Set
    principalId: ${data.azurerm_client_config.service_principal.object_id}
    roleDefinitionId: ${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id}
    schedule:
      expiration:
        durationHours: 8
    scope: ${data.azurerm_client_config.current.subscription_resource_id}
    ticket:
      number: "1"
      system: example ticket system

6. After all these changes, please run your tests again and update the description section.

[knutejoh]

Hi. I've updated the code and reran the tests using kind, and I'm able to create both types of resources.

[turkenf]

We really appreciate the effort you put into this PR @knutejoh, I left two small comments, we can merge once you add the license statements.