Merge branch 'master' into fix-typo

azure-pipelines.yml

@@ -2,6 +2,10 @@ trigger:
   branches:
     include:
     - master
+  paths:
+    exclude:
+    - docs/*
+    - README.md
 
 resources:
 - repo: self
@@ -311,4 +315,4 @@ steps:
     condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
     inputs:
       pathtoPublish: $(Build.ArtifactStagingDirectory)
-      artifactName: drop
+      artifactName: drop

main.go

@@ -14,7 +14,6 @@ import (
 	kscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	ctrl "sigs.k8s.io/controller-runtime"
-	healthz "sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	"github.com/Azure/azure-service-operator/api/v1alpha1"
@@ -35,7 +34,6 @@ import (
 	resourcemanagerconfig "github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
 	resourcemanagercosmosdb "github.com/Azure/azure-service-operator/pkg/resourcemanager/cosmosdbs"
 	resourcemanagereventhub "github.com/Azure/azure-service-operator/pkg/resourcemanager/eventhubs"
-	"github.com/Azure/azure-service-operator/pkg/resourcemanager/iam"
 	resourcemanagerkeyvault "github.com/Azure/azure-service-operator/pkg/resourcemanager/keyvaults"
 	loadbalancer "github.com/Azure/azure-service-operator/pkg/resourcemanager/loadbalancer"
 	mysqldatabase "github.com/Azure/azure-service-operator/pkg/resourcemanager/mysql/database"
@@ -64,9 +62,7 @@ import (
 	keyvaultSecrets "github.com/Azure/azure-service-operator/pkg/secrets/keyvault"
 	k8sSecrets "github.com/Azure/azure-service-operator/pkg/secrets/kube"
 	telemetry "github.com/Azure/azure-service-operator/pkg/telemetry"
-
 	// +kubebuilder:scaffold:imports
-	"net/http"
 )
 
 var (
@@ -101,11 +97,9 @@ func init() {
 
 func main() {
 	var metricsAddr string
-	var healthAddr string
 	var enableLeaderElection bool
 	var secretClient secrets.SecretClient
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.StringVar(&healthAddr, "health-addr", ":8081", "The address the health endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
 		"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
 
@@ -114,11 +108,10 @@ func main() {
 	ctrl.SetLogger(zap.Logger(true))
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:                 scheme,
-		MetricsBindAddress:     metricsAddr,
-		HealthProbeBindAddress: healthAddr,
-		LeaderElection:         enableLeaderElection,
-		LivenessEndpointName:   "/healthz",
+		Scheme:               scheme,
+		MetricsBindAddress:   metricsAddr,
+		LeaderElection:       enableLeaderElection,
+		LivenessEndpointName: "/healthz",
 	})
 
 	if err != nil {
@@ -199,18 +192,6 @@ func main() {
 	)
 	sqlActionManager := resourcemanagersqlaction.NewAzureSqlActionManager(secretClient, scheme)
 
-	var AzureHealthCheck healthz.Checker = func(_ *http.Request) error {
-		_, err := iam.GetResourceManagementAuthorizer()
-		if err != nil {
-			return err
-		}
-		return nil
-	}
-
-	if err := mgr.AddHealthzCheck("azurehealthz", AzureHealthCheck); err != nil {
-		setupLog.Error(err, "problem running health check to azure autorizer")
-	}
-
 	err = (&controllers.StorageAccountReconciler{
 		Reconciler: &controllers.AsyncReconciler{
 			Client:      mgr.GetClient(),

pkg/resourcemanager/keyvaults/keyops.go

@@ -109,7 +109,8 @@ func (k *KeyvaultKeyClient) Ensure(ctx context.Context, obj runtime.Object, opts
 
 		// this generally means the operator doesn't have access to the keyvault
 		// this can be resolved elsewhere so we should keep trying
-		if req.Response.StatusCode == http.StatusForbidden {
+		// See https://github.com/Azure/azure-sdk-for-go/issues/10975 for more details
+		if req.Response.Response != nil && req.Response.StatusCode == http.StatusForbidden {
 			return false, nil
 		}