aro: Remove CCO creds from installer

Removing CCO creds from the installer. Keeping a commit
to revert to in case there's trouble on ARO front.

Author: rna-afk

pkg/asset/installconfig/azure/client.go

@@ -17,7 +17,6 @@ import (
 	azstorage "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/Azure/go-autorest/autorest/to"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/utils/ptr"
 )
 
 //go:generate mockgen -source=./client.go -destination=mock/azureclient_generated.go -package=mock
@@ -44,12 +43,8 @@ type API interface {
 	GetAvailabilityZones(ctx context.Context, region string, instanceType string) ([]string, error)
 	GetLocationInfo(ctx context.Context, region string, instanceType string) (*azenc.ResourceSkuLocationInfo, error)
 	CheckIfExistsStorageAccount(ctx context.Context, resourceGroup, storageAccountName, region string) error
-	CheckIfARO(ctx context.Context, groupName string) (bool, error)
 }
 
-var aro *bool
-var aroTag = "installer-aro"
-
 // Client makes calls to the Azure API.
 type Client struct {
 	ssn *Session
@@ -248,30 +243,6 @@ func (c *Client) GetGroup(ctx context.Context, groupName string) (*azres.Group,
 	return &res, nil
 }
 
-// CheckIfARO checks the existing resource group provided for specific tag
-// to see if the value set is to ARO. If set, the installer will ignore multiple
-// checks/validations and perform ARO specific tasks.
-func (c *Client) CheckIfARO(ctx context.Context, groupName string) (bool, error) {
-	if aro != nil {
-		return *aro, nil
-	}
-	if groupName == "" {
-		return false, nil
-	}
-	group, err := c.GetGroup(ctx, groupName)
-	if err != nil {
-		return false, err
-	}
-	rgTags := group.Tags
-	aro = ptr.To(false)
-	if value, ok := rgTags[aroTag]; ok {
-		if value != nil && *value == "owned" {
-			aro = ptr.To(true)
-		}
-	}
-	return *aro, nil
-}
-
 // ListResourceIDsByGroup returns a list of resource IDs for resource group groupName.
 func (c *Client) ListResourceIDsByGroup(ctx context.Context, groupName string) ([]string, error) {
 	client := azres.NewClientWithBaseURI(c.ssn.Environment.ResourceManagerEndpoint, c.ssn.Credentials.SubscriptionID)

pkg/asset/installconfig/azure/validation_test.go

@@ -635,10 +635,6 @@ func TestAzureInstallConfigValidation(t *testing.T) {
 
 	azureClient.EXPECT().CheckIfExistsStorageAccount(gomock.Any(), validBootDiagnosticsResourceGroup, validBootDiagnosticsStorageAccount, validRegion).Return(nil)
 
-	// ARO specific code
-	azureClient.EXPECT().CheckIfARO(gomock.Any(), gomock.Not("valid-resource-group-with-resources-aro")).Return(false, nil).AnyTimes()
-	azureClient.EXPECT().CheckIfARO(gomock.Any(), "valid-resource-group-with-resources-aro").Return(true, nil).AnyTimes()
-
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			editedInstallConfig := validInstallConfig()

pkg/asset/manifests/openshift.go

@@ -279,46 +279,6 @@ func (o *Openshift) Generate(ctx context.Context, dependencies asset.Parents) er
 		}
 		assetData["99_baremetal-provisioning-config.yaml"] = applyTemplateData(baremetalConfig.Files()[0].Data, bmTemplateData)
 	}
-	if platform == azuretypes.Name {
-		var aro bool
-		client, err := installConfig.Azure.Client()
-		if err == nil {
-			isAro, err := client.CheckIfARO(context.TODO(), installConfig.Config.Azure.ResourceGroupName)
-			if err == nil {
-				aro = isAro
-			}
-		}
-		if aro && installConfig.Config.CredentialsMode != types.ManualCredentialsMode {
-			// config is used to created compatible secret to trigger azure cloud
-			// controller config merge behaviour
-			// https://github.com/openshift/origin/blob/90c050f5afb4c52ace82b15e126efe98fa798d88/vendor/k8s.io/legacy-cloud-providers/azure/azure_config.go#L83
-			session, err := installConfig.Azure.Session()
-			if err != nil {
-				return err
-			}
-			config := struct {
-				AADClientID     string `json:"aadClientId" yaml:"aadClientId"`
-				AADClientSecret string `json:"aadClientSecret" yaml:"aadClientSecret"`
-			}{
-				AADClientID:     session.Credentials.ClientID,
-				AADClientSecret: session.Credentials.ClientSecret,
-			}
-
-			b, err := yaml.Marshal(config)
-			if err != nil {
-				return err
-			}
-
-			azureCloudProviderSecret := &openshift.AzureCloudProviderSecret{}
-			dependencies.Get(azureCloudProviderSecret)
-			for _, f := range azureCloudProviderSecret.Files() {
-				name := strings.TrimSuffix(filepath.Base(f.Filename), ".template")
-				assetData[name] = applyTemplateData(f.Data, map[string]string{
-					"CloudConfig": string(b),
-				})
-			}
-		}
-	}
 
 	o.FileList = []*asset.File{}
 	for name, data := range assetData {