azure AD identity support for AzureAD clusters

Signed-off-by: Erhan Cagirici <erhan@upbound.io>

Makefile

@@ -32,7 +32,7 @@ GO111MODULE = on
 # ====================================================================================
 # Setup Kubernetes tools
 
-UP_VERSION = v0.13.0
+UP_VERSION = v0.21.0
 UP_CHANNEL = stable
 KIND_NODE_IMAGE_TAG ?= v1.24.0
 USE_HELM3 = true

apis/v1beta1/types.go

@@ -50,12 +50,14 @@ type IdentityType string
 // Supported identity types.
 const (
 	IdentityTypeGoogleApplicationCredentials = "GoogleApplicationCredentials"
+
+	IdentityTypeAzurePrincipalCredentials = "AzurePrincipalCredentials"
 )
 
 // Identity used to authenticate.
 type Identity struct {
 	// Type of identity.
-	// +kubebuilder:validation:Enum=GoogleApplicationCredentials
+	// +kubebuilder:validation:Enum=GoogleApplicationCredentials;AzurePrincipalCredentials
 	Type IdentityType `json:"type"`
 
 	ProviderCredentials `json:",inline"`

cmd/provider/main.go

@@ -21,6 +21,8 @@ import (
 	"path/filepath"
 	"time"
 
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+
 	"github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"
 	"github.com/crossplane/crossplane-runtime/pkg/ratelimiter"
@@ -67,7 +69,9 @@ func main() {
 	kingpin.FatalIfError(err, "Cannot get API server rest config")
 
 	mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{
-		SyncPeriod: syncInterval,
+		Cache: cache.Options{
+			SyncPeriod: syncInterval,
+		},
 
 		// controller-runtime uses both ConfigMaps and Leases for leader
 		// election by default. Leases expire after 15 seconds, with a

examples/provider-config/provider-config-with-secret-azure-identity.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.crossplane.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: helm-provider
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      name: cluster-config
+      namespace: crossplane-system
+      key: kubeconfig
+  identity:
+    type: AzurePrincipalCredentials
+    source: Secret
+    secretRef:
+      name: azure-credentials
+      namespace: crossplane-system
+      key: credentials.json

examples/provider-config/provider-config-with-secret-google-identity.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.crossplane.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: helm-provider
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      name: cluster-config
+      namespace: crossplane-system
+      key: kubeconfig
+  identity:
+    type: GoogleApplicationCredentials
+    source: Secret
+    secretRef:
+      name: gcp-credentials
+      namespace: crossplane-system
+      key: credentials.json

examples/provider-config/provider-config-with-secret.yaml

@@ -15,4 +15,4 @@ spec:
 #   secretRef:
 #     name: gcp-credentials
 #     namespace: crossplane-system
-#     key: credentials.json
+#     key: credentials.json