From a0ebee18eaa78481bbcab90da9a0a498d9eb0346 Mon Sep 17 00:00:00 2001
From: Bryan Cox <brcox@redhat.com>
Date: Fri, 11 Oct 2024 13:27:14 -0400
Subject: [PATCH 1/2] Reconcile SecretProvider for the CSO on ARO HCP

Reconcile the SecretProviderClass for the cluster storage operator (CSO)
 for ARO HCP deployments. The SecretProviderClass is used by the Secrets
Store CSI driver to mount a certificate to a volume in the
azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Signed-off-by: Bryan Cox <brcox@redhat.com>
---
 .../hostedcontrolplane/storage/operator.go    | 19 +++++++++++++++++++
 .../hostedcontrolplane/storage/params.go      |  8 ++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go b/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
index 03f559846de..45a3275226b 100644
--- a/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
+++ b/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
@@ -6,6 +6,7 @@ import (
 	"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/kas"
 	"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/storage/assets"
 	assets2 "github.com/openshift/hypershift/support/assets"
+	"github.com/openshift/hypershift/support/azureutil"
 	"github.com/openshift/hypershift/support/util"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -31,6 +32,24 @@ func ReconcileOperatorDeployment(
 		case "cluster-storage-operator":
 			deployment.Spec.Template.Spec.Containers[i].Image = params.StorageOperatorImage
 			params.ImageReplacer.replaceEnvVars(deployment.Spec.Template.Spec.Containers[i].Env)
+
+			// For managed Azure, we need to supply a couple of environment variables for CSO to pass on to the CSI controllers for disk and file.
+			// CSO passes those on to the CSI deployment here - https://github.com/openshift/cluster-storage-operator/pull/517/files.
+			// CSI then mounts the Secrets Provider Class here - https://github.com/openshift/csi-operator/pull/309/files.
+			if azureutil.IsAroHCP() {
+				if deployment.Spec.Template.Spec.Containers[i].Env == nil {
+					deployment.Spec.Template.Spec.Containers[i].Env = make([]corev1.EnvVar, 0)
+				}
+				deployment.Spec.Template.Spec.Containers[i].Env = append(deployment.Spec.Template.Spec.Containers[i].Env,
+					corev1.EnvVar{
+						Name:  "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_DISK",
+						Value: params.AzureDiskSecretProviderClassName,
+					},
+					corev1.EnvVar{
+						Name:  "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE",
+						Value: params.AzureFileSecretProviderClassName,
+					})
+			}
 		}
 	}
 
diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/params.go b/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
index 94b53d154e6..2cbfa37f3bd 100644
--- a/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
+++ b/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
@@ -33,10 +33,10 @@ func NewParams(
 	ir.setOperatorImageReferences(releaseImageProvider, userReleaseImageProvider)
 
 	params := Params{
-		OwnerRef:                config.OwnerRefFrom(hcp),
-		StorageOperatorImage:    releaseImageProvider.GetImage(storageOperatorImageName),
-		AvailabilityProberImage: releaseImageProvider.GetImage(util.AvailabilityProberImageName),
-		ImageReplacer:           ir,
+		OwnerRef:                         config.OwnerRefFrom(hcp),
+		StorageOperatorImage:             releaseImageProvider.GetImage(storageOperatorImageName),
+		AvailabilityProberImage:          releaseImageProvider.GetImage(util.AvailabilityProberImageName),
+		ImageReplacer:                    ir,
 	}
 	params.DeploymentConfig = config.DeploymentConfig{
 		AdditionalLabels: map[string]string{

From d97de540978ce6fa4e6a165f3d5ceb4b6d2d3d89 Mon Sep 17 00:00:00 2001
From: Bryan Cox <brcox@redhat.com>
Date: Fri, 11 Oct 2024 13:58:56 -0400
Subject: [PATCH 2/2] Reconcile Secret Data for Azure Disk and File CSI

Reconcile the secret data needed for the azure-disk and azure-file CSI
controllers. The format is the same as the Cloud Provider. More info on
the configuration can be found here:

https://cloud-provider-azure.sigs.k8s.io/install/configs/
Signed-off-by: Bryan Cox <brcox@redhat.com>
---
 .../controllers/hostedcontrolplane/storage/operator.go    | 5 +++--
 .../controllers/hostedcontrolplane/storage/params.go      | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go b/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
index 45a3275226b..8b7d04a0175 100644
--- a/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
+++ b/control-plane-operator/controllers/hostedcontrolplane/storage/operator.go
@@ -7,6 +7,7 @@ import (
 	"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/storage/assets"
 	assets2 "github.com/openshift/hypershift/support/assets"
 	"github.com/openshift/hypershift/support/azureutil"
+	"github.com/openshift/hypershift/support/config"
 	"github.com/openshift/hypershift/support/util"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -43,11 +44,11 @@ func ReconcileOperatorDeployment(
 				deployment.Spec.Template.Spec.Containers[i].Env = append(deployment.Spec.Template.Spec.Containers[i].Env,
 					corev1.EnvVar{
 						Name:  "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_DISK",
-						Value: params.AzureDiskSecretProviderClassName,
+						Value: config.ManagedAzureDiskCSISecretStoreProviderClassName,
 					},
 					corev1.EnvVar{
 						Name:  "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_FILE",
-						Value: params.AzureFileSecretProviderClassName,
+						Value: config.ManagedAzureFileCSISecretStoreProviderClassName,
 					})
 			}
 		}
diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/params.go b/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
index 2cbfa37f3bd..94b53d154e6 100644
--- a/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
+++ b/control-plane-operator/controllers/hostedcontrolplane/storage/params.go
@@ -33,10 +33,10 @@ func NewParams(
 	ir.setOperatorImageReferences(releaseImageProvider, userReleaseImageProvider)
 
 	params := Params{
-		OwnerRef:                         config.OwnerRefFrom(hcp),
-		StorageOperatorImage:             releaseImageProvider.GetImage(storageOperatorImageName),
-		AvailabilityProberImage:          releaseImageProvider.GetImage(util.AvailabilityProberImageName),
-		ImageReplacer:                    ir,
+		OwnerRef:                config.OwnerRefFrom(hcp),
+		StorageOperatorImage:    releaseImageProvider.GetImage(storageOperatorImageName),
+		AvailabilityProberImage: releaseImageProvider.GetImage(util.AvailabilityProberImageName),
+		ImageReplacer:           ir,
 	}
 	params.DeploymentConfig = config.DeploymentConfig{
 		AdditionalLabels: map[string]string{