provisioner: Add method to update patchesStrategicMerge

- This commit adds a method that allows updating the list of the
`patchesStrategicMerge` list with additional patch files.

- Add a patch file that will add the workload identity to the
  cloud-api-adaptor-daemonset and the service account cloud-api-adaptor.

- Add code to provisioner that will update the patch file with the
  client id of the managed identity.

Fixes confidential-containers#974

Signed-off-by: Suraj Deshmukh <suraj.deshmukh@microsoft.com>

install/overlays/azure/workload-identity.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cloud-api-adaptor-daemonset
+  namespace: confidential-containers-system
+spec:
+  template:
+    metadata:
+      labels:
+        azure.workload.identity/use: "true"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-api-adaptor
+  namespace: confidential-containers-system
+  labels:
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: "00000000-0000-0000-0000-000000000000"

test/provisioner/kustomize.go

@@ -4,17 +4,19 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"golang.org/x/exp/slices"
 	"os"
+	"strings"
+
+	"golang.org/x/exp/slices"
 	"sigs.k8s.io/e2e-framework/klient/decoder"
 	"sigs.k8s.io/e2e-framework/pkg/envconf"
 	"sigs.k8s.io/kustomize/api/krusty"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
 	"sigs.k8s.io/kustomize/pkg/commands/kustfile"
 	"sigs.k8s.io/kustomize/pkg/fs"
 	"sigs.k8s.io/kustomize/pkg/image"
+	"sigs.k8s.io/kustomize/pkg/patch"
 	ktypes "sigs.k8s.io/kustomize/pkg/types"
-	"strings"
 )
 
 type KustomizeOverlay struct {
@@ -213,6 +215,33 @@ func (kh *KustomizeOverlay) SetKustomizeSecretGeneratorFile(sgName string, file
 	return nil
 }
 
+func (kh *KustomizeOverlay) AddToPatchesStrategicMerge(fileName string) error {
+	oldwd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+	if err = os.Chdir(kh.configDir); err != nil {
+		return err
+	}
+	defer func() {
+		err = os.Chdir(oldwd)
+	}()
+
+	kf, err := kustfile.NewKustomizationFile(fs.MakeRealFS())
+	if err != nil {
+		return err
+	}
+
+	m, err := kf.Read()
+	if err != nil {
+		return err
+	}
+
+	m.PatchesStrategicMerge = append(m.PatchesStrategicMerge, patch.StrategicMerge(fileName))
+
+	return kf.Write(m)
+}
+
 // SetKustomizeImage updates the kustomization YAML by setting `value` to `key` on the
 // `Image`. If `key` does not exist then a new entry is added.
 func (kh *KustomizeOverlay) SetKustomizeImage(imageName string, key string, value string) (err error) {

test/provisioner/provision_azure.go

@@ -7,13 +7,13 @@ package provisioner
 
 import (
 	"context"
-	"path/filepath"
-
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"path"
+	"path/filepath"
+	"strings"
 	"time"
 
 	"sigs.k8s.io/e2e-framework/pkg/envconf"
@@ -462,9 +462,38 @@ func (lio *AzureInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config, p
 		}
 	}
 
+	// Replace the contents of the `workload-identity.yaml` with the client id
+	workloadIdentity := filepath.Join(lio.overlay.configDir, "workload-identity.yaml")
+	if err = replaceTextInFile(workloadIdentity, "00000000-0000-0000-0000-000000000000", AzureProps.ClientID); err != nil {
+		return fmt.Errorf("replacing client id in workload-identity.yaml: %w", err)
+	}
+
+	if err = lio.overlay.AddToPatchesStrategicMerge("workload-identity.yaml"); err != nil {
+		return err
+	}
+
 	if err = lio.overlay.YamlReload(); err != nil {
 		return err
 	}
 
 	return nil
 }
+
+func replaceTextInFile(filePath, oldText, newText string) error {
+	// Read the file content
+	content, err := os.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+
+	// Replace the old text with the new text
+	newContent := strings.ReplaceAll(string(content), oldText, newText)
+
+	// Write the modified content back to the file
+	err = os.WriteFile(filePath, []byte(newContent), 0)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}