Add support for RoleDefinition resource

This fixes Azure#2570.

docs/hugo/content/reference/_index.md

@@ -81,6 +81,14 @@ These resource(s) are available for use in the current release of ASO. Different
 
 To install the CRDs for these resources, your ASO configuration must include `authorization.azure.com/*` as a one of the configured CRD patterns. See [CRD Management in ASO](https://azure.github.io/azure-service-operator/guide/crd-management/) for details on doing this for both [Helm](https://azure.github.io/azure-service-operator/guide/crd-management/#helm) and [YAML](https://azure.github.io/azure-service-operator/guide/crd-management/#yaml) based installations.
 
+### Next Release
+
+Development of these new resources is complete and they will be available in the next release of ASO.
+
+| Resource                                                                                                                                                     | ARM Version | CRD Version   | Supported From | Sample                                                                                                                                     |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|---------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| [RoleDefinition](https://azure.github.io/azure-service-operator/reference/authorization/v1api20220401/#authorization.azure.com/v1api20220401.RoleDefinition) | 2022-04-01  | v1api20220401 | v2.8.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/authorization/v1api20220401/v1api20220401_roledefinition.yaml) |
+
 ### Released
 
 These resource(s) are available for use in the current release of ASO. Different versions of a given resource reflect different versions of the Azure ARM API.

docs/hugo/content/reference/authorization/_index.md

@@ -5,6 +5,14 @@ no_list: true
 ---
 To install the CRDs for these resources, your ASO configuration must include `authorization.azure.com/*` as a one of the configured CRD patterns. See [CRD Management in ASO](https://azure.github.io/azure-service-operator/guide/crd-management/) for details on doing this for both [Helm](https://azure.github.io/azure-service-operator/guide/crd-management/#helm) and [YAML](https://azure.github.io/azure-service-operator/guide/crd-management/#yaml) based installations.
 
+### Next Release
+
+Development of these new resources is complete and they will be available in the next release of ASO.
+
+| Resource                                                                                                                                                     | ARM Version | CRD Version   | Supported From | Sample                                                                                                                                     |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|---------------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| [RoleDefinition](https://azure.github.io/azure-service-operator/reference/authorization/v1api20220401/#authorization.azure.com/v1api20220401.RoleDefinition) | 2022-04-01  | v1api20220401 | v2.8.0         | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/authorization/v1api20220401/v1api20220401_roledefinition.yaml) |
+
 ### Released
 
 These resource(s) are available for use in the current release of ASO. Different versions of a given resource reflect different versions of the Azure ARM API.

v2/api/authorization/customizations/structure.txt

@@ -1,3 +1,4 @@
 // Code generated by azure-service-operator-codegen. DO NOT EDIT.
 github.com/Azure/azure-service-operator/v2/api/authorization/customizations
-└── RoleAssignmentExtension: Object (0 properties)
+├── RoleAssignmentExtension: Object (0 properties)
+└── RoleDefinitionExtension: Object (0 properties)

v2/api/authorization/v1api20200801preview/role_assignment_defaults.go

@@ -46,10 +46,12 @@ func (assignment *RoleAssignment) defaultAzureName() {
 		ownerGK := assignment.Owner().GroupKind()
 		gk := assignment.GroupVersionKind().GroupKind()
 		assignment.Spec.AzureName = randextensions.MakeUUIDName(
-			ownerGK,
-			assignment.Spec.Owner.Name,
-			gk,
-			assignment.Namespace,
-			assignment.Name)
+			assignment.Name,
+			randextensions.MakeUniqueOwnerScopedString(
+				ownerGK,
+				assignment.Spec.Owner.Name,
+				gk,
+				assignment.Namespace,
+				assignment.Name))
 	}
 }

v2/api/authorization/v1api20220401/role_assignment_defaults.go

@@ -46,10 +46,12 @@ func (assignment *RoleAssignment) defaultAzureName() {
 		ownerGK := assignment.Owner().GroupKind()
 		gk := assignment.GroupVersionKind().GroupKind()
 		assignment.Spec.AzureName = randextensions.MakeUUIDName(
-			ownerGK,
-			assignment.Spec.Owner.Name,
-			gk,
-			assignment.Namespace,
-			assignment.Name)
+			assignment.Name,
+			randextensions.MakeUniqueOwnerScopedString(
+				ownerGK,
+				assignment.Spec.Owner.Name,
+				gk,
+				assignment.Namespace,
+				assignment.Name))
 	}
 }

v2/api/authorization/v1api20220401/role_definition_defaults.go

@@ -0,0 +1,47 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+package v1api20220401
+
+import (
+	"github.com/Azure/azure-service-operator/v2/internal/util/randextensions"
+	"github.com/Azure/azure-service-operator/v2/pkg/genruntime"
+)
+
+var _ genruntime.Defaulter = &RoleDefinition{}
+
+func (definition *RoleDefinition) CustomDefault() {
+	definition.defaultAzureName()
+}
+
+// defaultAzureName performs special AzureName defaulting for RoleDefinition by generating a stable GUID
+// based on the Role name.
+// We generate the UUID using UUIDv5 with a seed string based on the group+kind of the RoleDefinition and the
+// namespace+name it's deployed into.
+// We include the namespace and name to ensure no two RoleDefinitions in the same cluster can end up
+// with the same UUID.
+// We include the group and kind to ensure that different kinds of resources get different UUIDs. This isn't
+// entirely required by Azure, but it makes sense to avoid collisions between two resources of different types
+// even if they have the same namespace and name.
+// In the rare case users have multiple ASO instances with resources in the same namespace in each cluster
+// having the same name but not actually pointing to the same Azure resource (maybe in a different subscription?)
+// they can avoid name conflicts by explicitly specifying AzureName for their RoleDefinition.
+func (definition *RoleDefinition) defaultAzureName() {
+	// If owner is not set we can't default AzureName, but the request will be rejected anyway for lack of owner.
+	if definition.Spec.Owner == nil {
+		return
+	}
+
+	if definition.AzureName() == "" {
+		gk := definition.GroupVersionKind().GroupKind()
+		definition.Spec.AzureName = randextensions.MakeUUIDName(
+			definition.Name,
+			randextensions.MakeUniqueOwnerScopedString(
+				definition.Owner(),
+				gk,
+				definition.Namespace,
+				definition.Name))
+	}
+}