feat: Add support for Azure workload identity for Git and OCI repositories.

[jagpreetstamber]

PR implements Azure workload identity authentication mechanism for authenticating with the Azure Git and OCI repositories

Azure Workload Identity enables the credential free authentication for Azure customers, enabling this feature will remove the credential management overhead from customers using argo on Azure Kubernetes clusters.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes. Support for Azure Entra workload identity  #13334
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔵 /bns:start to start the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[codecov]

Codecov Report

Attention: Patch coverage is 61.42857% with 135 lines in your changes missing coverage. Please review.

Project coverage is 55.24%. Comparing base (8126508) to head (493651e).
Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
util/helm/creds.go	80.51%	22 Missing and 8 partials ⚠️
util/helm/cmd.go	46.15%	21 Missing and 7 partials ⚠️
util/helm/client.go	50.00%	9 Missing and 6 partials ⚠️
pkg/apis/application/v1alpha1/repository_types.go	22.22%	12 Missing and 2 partials ⚠️
util/git/creds.go	65.00%	11 Missing and 3 partials ⚠️
util/util.go	0.00%	8 Missing ⚠️
util/git/client.go	0.00%	7 Missing ⚠️
util/db/repository_secrets.go	57.14%	4 Missing and 2 partials ⚠️
util/helm/helm.go	20.00%	2 Missing and 2 partials ⚠️
util/workloadidentity/workloadidentity.go	73.33%	4 Missing ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #21118      +/-   ##
==========================================
+ Coverage   55.19%   55.24%   +0.04%     
==========================================
  Files         337      339       +2     
  Lines       57058    57352     +294     
==========================================
+ Hits        31496    31685     +189     
- Misses      22863    22948      +85     
- Partials     2699     2719      +20     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[todaywasawesome]

@blakepettersson please review

[todaywasawesome]

@reggie-k @andrii-korotkov-verkada Can you take a look? We're shooting for adding this in 2.15.

[andrii-korotkov-verkada]

Generally LGTM, mostly minor cpomments

[andrii-korotkov-verkada]

Please, fix the DCO (click on the DCO link and follow the instructions from there).

[andrii-korotkov-verkada]

Also, please avoid force push, since it makes it harder to review incrementally and also gets rid of reasons for updates.

[jagpreetstamber]

Also, please avoid force push, since it makes it harder to review incrementally and also gets rid of reasons for updates.

Sure, will take care for future changes

[andrii-korotkov-verkada]

Curious why you are merging from the master branch directly instead of a custom branch, and also why is commit message merge master into master. Maybe this has something to do with test artifacts step failure.

[jagpreetstamber]

Curious why you are merging from the master branch directly instead of a custom branch, and also why is commit message merge master into master. Maybe this has something to do with test artifacts step failure.

It is because the branch from my fork is master branch. Hence it merges from upstream master to master on my fork which results in this message.

[jagpreetstamber]

Had to force push by rebasing as the coverage report was incorrect it was considering the merges from master as the changes in the patch and reducing the code coverage. After rebasing it is now correct.

[reggie-k]

Thanks for the PR! Made some comments/questions.
Generally, LGTM, but I think the test coverage should be improved.