Add support for MySQL AAD Users (#1315)

* Add support for MySQL AAD Users
* Fix strangeness with "user" CRDs RBAC location
* Pass pod namespace to operator via env variable
* Change to enforce tls=true in MySQL DB connection
* Improve managed identity documentation
* Attempt to read clientID when ManagedIdentity is enabled
  - This will allow us to differentiate between different
    identities when we support multi-tenancy.

This also includes updates to the Managed Identity documentation to help improve clarity of the feature. As part of this I deleted the tool createMi.go as all it really did was run 3 az cli commands to create a managed identity and assign it permissions. It made assumptions about what permissions you wanted the identity to have. Additionally it suggested to install aad-pod-identity, but this guidance is not appropriate for installations via Helm because Helm already installs that dependency as part of the chart. Rather than having a script try to be one-size fits all it makes more sense to give customers the instructions they need to create the managed identity and allow them to choose what permissions they want to give it.

README.md

@@ -60,6 +60,7 @@ Ready to quickly deploy the latest version of Azure Service Operator on your Kub
     helm repo add azureserviceoperator https://raw.githubusercontent.com/Azure/azure-service-operator/master/charts
     ```
 3. Create an Azure Service Principal. You'll need this to grant Azure Service Operator permissions to create resources in your subscription.
+   For more information about other forms of authentication supported by ASO, see [the authentication section of the deployment documentation](./docs/howto/deploy.md#Authentication). 
 
     First, set the following environment variables to your Azure Tenant ID and Subscription ID with your values:
     ```yaml

api/v1alpha1/mysqlaaduser_types.go

@@ -0,0 +1,76 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// MySQLAADUserSpec defines the desired state of MySQLAADUser
+type MySQLAADUserSpec struct {
+	// +kubebuilder:validation:MinLength:1
+	// +kubebuilder:validation:Required
+	Server string `json:"server"`
+
+	// +kubebuilder:validation:MinLength:1
+	// +kubebuilder:validation:Required
+	DBName string `json:"dbName"`
+
+	// +kubebuilder:validation:Pattern=^[-\w\._\(\)]+$
+	// +kubebuilder:validation:MinLength:1
+	// +kubebuilder:validation:Required
+	ResourceGroup string `json:"resourceGroup"`
+
+	// The roles assigned to the user. A user must have at least one role.
+	// +kubebuilder:validation:MinLength:1
+	// +kubebuilder:validation:Required
+	Roles []string `json:"roles"`
+
+	// Note: We current do not support arbitrary AAD users (although the MySQL API does).
+
+	// ClientID is the client ID of the identity backing the user.
+	// +kubebuilder:validation:Required
+	ClientID string `json:"clientId,omitempty"`
+
+	// optional
+	Username string `json:"username,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// MySQLAADUser is the Schema for an AAD user for MySQL
+// +kubebuilder:printcolumn:name="Provisioned",type="string",JSONPath=".status.provisioned"
+// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.message"
+type MySQLAADUser struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   MySQLAADUserSpec `json:"spec,omitempty"`
+	Status ASOStatus        `json:"status,omitempty"`
+}
+
+func (u MySQLAADUser) Username() string {
+	username := u.Name
+	if u.Spec.Username != "" {
+		username = u.Spec.Username
+	}
+
+	return username
+}
+
+// +kubebuilder:object:root=true
+
+// MySQLAADUserList contains a list of MySQLAADUser
+type MySQLAADUserList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []MySQLAADUser `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&MySQLAADUser{}, &MySQLAADUserList{})
+}