Azure · aramase · Aug 24, 2021 · Aug 23, 2021
@@ -3,7 +3,7 @@ style: github
 template: CHANGELOG.tpl.md
 info:
   title: CHANGELOG
-  repository_url: https://github.com/Azure/aad-pod-managed-identity
+  repository_url: https://github.com/Azure/azure-workload-identity
 options:
   commits:
     filters:

@@ -3,12 +3,12 @@
 
 <!--
 **Is this a deployment yaml update?**
-If yes, please update the yamls in the [manifest_staging/](https://github.com/Azure/aad-pod-managed-identity/tree/main/manifest_staging/) folder, where we host the staging charts and deployment yamls. All the yaml changes will then be promoted into the released charts folder with the next release.
+If yes, please update the yamls in the [manifest_staging/](https://github.com/Azure/azure-workload-identity/tree/main/manifest_staging/) folder, where we host the staging charts and deployment yamls. All the yaml changes will then be promoted into the released charts folder with the next release.
 -->
 
 <!--
 **Are you making changes to the Helm chart?**
-Helm chart is auto-generated in AAD Pod Managed Identity. If you have any changes in `charts` directory, they will get clobbered when we do a new release. Please see https://github.com/Azure/aad-pod-managed-identity/blob/main/third_party/open-policy-agent/gatekeeper/helmify/static/README.md#contributing-changes for modifying the Helm chart.
+Helm chart is auto-generated in AAD Pod Managed Identity. If you have any changes in `charts` directory, they will get clobbered when we do a new release. Please see https://github.com/Azure/azure-workload-identity/blob/main/third_party/open-policy-agent/gatekeeper/helmify/static/README.md#contributing-changes for modifying the Helm chart.
 -->
 
 **Requirements**

@@ -41,12 +41,12 @@ jobs:
           SERVICE_ACCOUNT_ISSUER: $(SERVICE_ACCOUNT_ISSUER)
       - script: |
           set -o errexit
-          sed -i "s/AZURE_TENANT_ID: .*/AZURE_TENANT_ID: ${AZURE_TENANT_ID}/" manifest_staging/deploy/aad-pi-webhook.yaml
-          sed -i "s/AZURE_ENVIRONMENT: .*/AZURE_ENVIRONMENT: AzurePublicCloud/" manifest_staging/deploy/aad-pi-webhook.yaml
+          sed -i "s/AZURE_TENANT_ID: .*/AZURE_TENANT_ID: ${AZURE_TENANT_ID}/" manifest_staging/deploy/azure-wi-webhook.yaml
+          sed -i "s/AZURE_ENVIRONMENT: .*/AZURE_ENVIRONMENT: AzurePublicCloud/" manifest_staging/deploy/azure-wi-webhook.yaml
           KUBECTL=$(pwd)/hack/tools/bin/kubectl
-          ${KUBECTL} apply -f manifest_staging/deploy/aad-pi-webhook.yaml
-          ${KUBECTL} wait --for=condition=Available --timeout=5m -n aad-pi-webhook-system deployment/aad-pi-webhook-controller-manager
-          ${KUBECTL} delete -f manifest_staging/deploy/aad-pi-webhook.yaml --wait --timeout=5m
+          ${KUBECTL} apply -f manifest_staging/deploy/azure-wi-webhook.yaml
+          ${KUBECTL} wait --for=condition=Available --timeout=5m -n azure-workload-identity-system deployment/azure-wi-webhook-controller-manager
+          ${KUBECTL} delete -f manifest_staging/deploy/azure-wi-webhook.yaml --wait --timeout=5m
         displayName: Verify deployment YAML in manifest_staging/
         env:
           AZURE_TENANT_ID: $(AZURE_TENANT_ID)
@@ -63,7 +63,7 @@ jobs:
     variables:
       # we can enable actual tenant id for functional e2e
       AZURE_TENANT_ID: "fake tenant id"
-      REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+      REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
       SOAK_CLUSTER: "true"
       GINKGO_SKIP: \[KindOnly\]
     strategy:

@@ -66,19 +66,19 @@ jobs:
     strategy:
       matrix:
         aks_windows_dockershim:
-          REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+          REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
           WINDOWS_CLUSTER: "true"
           GINKGO_SKIP: \[KindOnly\]
         aks_windows_containerd:
-          REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+          REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
           WINDOWS_CLUSTER: "true"
           WINDOWS_CONTAINERD: "true"
           GINKGO_SKIP: \[KindOnly\]
         aks_linux:
-          REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+          REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
           GINKGO_SKIP: \[KindOnly\]
         arc:
-          REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+          REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
           ARC_CLUSTER: "true"
           GINKGO_SKIP: \[KindOnly\]
         kind_v1_19_11:

@@ -4,7 +4,7 @@ parameters:
     default: true
   - name: registry
     type: string
-    default: docker.pkg.github.com/azure/aad-pod-managed-identity
+    default: docker.pkg.github.com/azure/azure-workload-identity
   - name: image_version
     type: string
     default: latest

@@ -13,7 +13,7 @@ jobs:
     variables:
       # we can enable actual tenant id for functional e2e
       AZURE_TENANT_ID: "fake tenant id"
-      REGISTRY: upstreamk8sci.azurecr.io/aad-pod-managed-identity
+      REGISTRY: upstreamk8sci.azurecr.io/azure-workload-identity
       GINKGO_SKIP: \[KindOnly\]
     strategy:
       matrix: ${{ parameters.matrix }}

@@ -1,11 +1,11 @@
-REGISTRY ?= mcr.microsoft.com/oss/azure/aad-pod-managed-identity
+REGISTRY ?= mcr.microsoft.com/oss/azure/workload-identity
 PROXY_IMAGE_NAME := proxy
 INIT_IMAGE_NAME := proxy-init
 WEBHOOK_IMAGE_NAME := webhook
 IMAGE_VERSION ?= v0.3.0
 
 ORG_PATH := github.com/Azure
-PROJECT_NAME := aad-pod-managed-identity
+PROJECT_NAME := azure-workload-identity
 BUILD_COMMIT := $(shell git rev-parse --short HEAD)
 REPO_PATH := "$(ORG_PATH)/$(PROJECT_NAME)"
 
@@ -139,7 +139,7 @@ deploy: $(KUBECTL) $(KUSTOMIZE) $(ENVSUBST)
 	$(MAKE) manifests
 	cd config/manager && $(KUSTOMIZE) edit set image manager=$(WEBHOOK_IMAGE)
 	$(KUSTOMIZE) build config/default | $(ENVSUBST) | $(KUBECTL) apply -f -
-	$(KUBECTL) wait --for=condition=Available --timeout=5m -n aad-pi-webhook-system deployment/aad-pi-webhook-controller-manager
+	$(KUBECTL) wait --for=condition=Available --timeout=5m -n azure-workload-identity-system deployment/azure-wi-webhook-controller-manager
 
 .PHONY: uninstall-deploy
 uninstall-deploy: $(KUBECTL) $(KUSTOMIZE) $(ENVSUBST)
@@ -156,14 +156,14 @@ manifests: $(CONTROLLER_GEN) $(KUSTOMIZE)
 
 	rm -rf manifest_staging
 	mkdir -p manifest_staging/deploy
-	mkdir -p manifest_staging/charts/pod-identity-webhook
+	mkdir -p manifest_staging/charts/workload-identity-webhook
 
-	$(KUSTOMIZE) build config/default -o manifest_staging/deploy/aad-pi-webhook.yaml
+	$(KUSTOMIZE) build config/default -o manifest_staging/deploy/azure-wi-webhook.yaml
 	$(KUSTOMIZE) build third_party/open-policy-agent/gatekeeper/helmify | go run third_party/open-policy-agent/gatekeeper/helmify/*.go
 
-	@sed -i -e "s/AZURE_TENANT_ID: .*/AZURE_TENANT_ID: <replace with Azure Tenant ID>/" manifest_staging/deploy/aad-pi-webhook.yaml
-	@sed -i -e "s/AZURE_ENVIRONMENT: .*/AZURE_ENVIRONMENT: <replace with Azure Environment Name>/" manifest_staging/deploy/aad-pi-webhook.yaml
-	@sed -i -e "s/-arc-cluster=.*/-arc-cluster=false/" manifest_staging/deploy/aad-pi-webhook.yaml
+	@sed -i -e "s/AZURE_TENANT_ID: .*/AZURE_TENANT_ID: <replace with Azure Tenant ID>/" manifest_staging/deploy/azure-wi-webhook.yaml
+	@sed -i -e "s/AZURE_ENVIRONMENT: .*/AZURE_ENVIRONMENT: <replace with Azure Environment Name>/" manifest_staging/deploy/azure-wi-webhook.yaml
+	@sed -i -e "s/-arc-cluster=.*/-arc-cluster=false/" manifest_staging/deploy/azure-wi-webhook.yaml
 
 # Generate code
 .PHONY: generate
@@ -280,7 +280,7 @@ test-e2e: $(KUBECTL) $(HELM)
 ## Kind
 ## --------------------------------------
 
-KIND_CLUSTER_NAME ?= aad-pod-managed-identity
+KIND_CLUSTER_NAME ?= azure-workload-identity
 
 .PHONY: kind-create
 kind-create: $(KIND) $(KUBECTL)
@@ -315,7 +315,7 @@ lint: $(GOLANGCI_LINT)
 
 .PHONY: helm-lint
 helm-lint: $(HELM)
-	$(HELM) lint manifest_staging/charts/pod-identity-webhook
+	$(HELM) lint manifest_staging/charts/workload-identity-webhook
 
 .PHONY: lint-full
 lint-full: $(GOLANGCI_LINT) ## Run slower linters to detect possible issues
@@ -343,5 +343,5 @@ release-manifest: $(KUSTOMIZE)
 promote-staging-manifest: #promote staging manifests to release dir
 	@rm -rf deploy
 	@cp -r manifest_staging/deploy .
-	@rm -rf charts/pod-identity-webhook
+	@rm -rf charts/workload-identity-webhook
 	@cp -r manifest_staging/charts .
@@ -1,3 +1,3 @@
-domain: mpod.aad-pod-identity.io
-repo: github.com/Azure/aad-pod-managed-identity
+domain: azure-workload-identity.io
+repo: github.com/Azure/azure-workload-identity
 version: "2"
@@ -6,5 +6,5 @@ metadata:
     chart: '{{ template "pod-identity-webhook.name" . }}'
     mpod.aad-pod-identity.io/system: "true"
     release: '{{ .Release.Name }}'
-  name: aad-pi-webhook-admin
+  name: azure-wi-webhook-admin
   namespace: '{{ .Release.Namespace }}'
@@ -3,7 +3,7 @@ package main
 import (
 	"flag"
 
-	"github.com/Azure/aad-pod-managed-identity/pkg/proxy"
+	"github.com/Azure/azure-workload-identity/pkg/proxy"
 
 	"k8s.io/klog/v2"
 )

@@ -20,23 +20,23 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
-	"github.com/Azure/aad-pod-managed-identity/pkg/util"
-	"github.com/Azure/aad-pod-managed-identity/pkg/version"
-	wh "github.com/Azure/aad-pod-managed-identity/pkg/webhook"
+	"github.com/Azure/azure-workload-identity/pkg/util"
+	"github.com/Azure/azure-workload-identity/pkg/version"
+	wh "github.com/Azure/azure-workload-identity/pkg/webhook"
 )
 
 var webhooks = []rotator.WebhookInfo{
 	{
-		Name: "aad-pi-webhook-mutating-webhook-configuration",
+		Name: "azure-wi-webhook-mutating-webhook-configuration",
 		Type: rotator.Mutating,
 	},
 }
 
 const (
-	secretName     = "aad-pi-webhook-server-cert" // #nosec
-	serviceName    = "aad-pi-webhook-webhook-service"
-	caName         = "aad-pod-managed-identity-ca"
-	caOrganization = "aad-pod-managed-identity"
+	secretName     = "azure-wi-webhook-server-cert" // #nosec
+	serviceName    = "azure-wi-webhook-webhook-service"
+	caName         = "azure-workload-identity-ca"
+	caOrganization = "azure-workload-identity"
 )
 
 var (

@@ -1,16 +1,16 @@
 # Adds namespace to all resources.
-namespace: aad-pi-webhook-system
+namespace: azure-workload-identity-system
 
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: aad-pi-webhook-
+namePrefix: azure-wi-webhook-
 
 # Labels to add to all resources and selectors.
 commonLabels:
-  mpod.aad-pod-identity.io/system: "true"
+  azure-workload-identity.io/system: "true"
 
 bases:
 # - ../crd

@@ -20,4 +20,4 @@ spec:
       - name: cert
         secret:
           defaultMode: 420
-          secretName: aad-pi-webhook-server-cert
+          secretName: azure-wi-webhook-server-cert
@@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: manager
-  newName: mcr.microsoft.com/oss/azure/aad-pod-managed-identity/webhook
+  newName: mcr.microsoft.com/oss/azure/workload-identity/webhook
   newTag: v0.3.0
 configMapGenerator:
 - literals:

@@ -54,6 +54,6 @@ spec:
                 fieldPath: metadata.namespace
         envFrom:
           - configMapRef:
-              name: aad-pi-webhook-config
+              name: azure-wi-webhook-config
       nodeSelector:
         kubernetes.io/os: linux
@@ -36,7 +36,7 @@ kind: Role
 metadata:
   creationTimestamp: null
   name: manager-role
-  namespace: aad-pi-webhook-system
+  namespace: azure-workload-identity-system
 rules:
 - apiGroups:
   - ""

@@ -16,7 +16,7 @@ webhooks:
       path: /mutate-v1-pod
   failurePolicy: Ignore
   matchPolicy: Equivalent
-  name: mpod.aad-pod-identity.io
+  name: mutation.azure-workload-identity.io
   rules:
   - apiGroups:
     - ""

@@ -15,7 +15,7 @@ COPY cmd/proxy/main.go main.go
 COPY pkg/ pkg/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/aad-pod-managed-identity/pkg/version.BuildVersion=latest}" -o proxy main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/azure-workload-identity/pkg/version.BuildVersion=latest}" -o proxy main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

@@ -16,7 +16,7 @@ COPY cmd/webhook/main.go main.go
 COPY pkg/ pkg/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/aad-pod-managed-identity/pkg/version.BuildVersion=latest}" -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/azure-workload-identity/pkg/version.BuildVersion=latest}" -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

@@ -7,7 +7,7 @@ title = "AAD Pod Managed Identity"
 
 [output.html]
 curly-quotes = true
-git-repository-url = "https://github.com/Azure/aad-pod-managed-identity"
+git-repository-url = "https://github.com/Azure/azure-workload-identity"
 
 [preprocessor.toc]
 command = "bin/mdbook-toc"
@@ -1,4 +1,4 @@
-module github.com/Azure/aad-pod-managed-identity/example/msal-go
+module github.com/Azure/azure-workload-identity/example/msal-go
 
 go 1.16
 

@@ -25,7 +25,7 @@ func clientAssertionBearerAuthorizerCallback(tenantID, resource string) (*autore
 	// AAD Pod Identity webhook will inject the following env vars
 	// 	AZURE_CLIENT_ID with the clientID set in the service account annotation
 	// 	AZURE_TENANT_ID with the tenantID set in the service account annotation. If not defined, then
-	// 	the tenantID provided via aad-pi-webhook-config for the webhook will be used.
+	// 	the tenantID provided via azure-wi-webhook-config for the webhook will be used.
 	// 	AZURE_FEDERATED_TOKEN_FILE is the service account token path
 	// 	AZURE_AUTHORITY_HOST is the AAD authority hostname
 	clientID := os.Getenv("AZURE_CLIENT_ID")
@@ -34,7 +34,7 @@ func clientAssertionBearerAuthorizerCallback(tenantID, resource string) (*autore
 
 	// generate a token using the msal confidential client
 	// this will always generate a new token request to AAD
-	// TODO (aramase) consider using acquire token silent (https://github.com/Azure/aad-pod-managed-identity/issues/76)
+	// TODO (aramase) consider using acquire token silent (https://github.com/Azure/azure-workload-identity/issues/76)
 
 	// read the service account token from the filesystem
 	signedAssertion, err := readJWTFromFS(tokenFilePath)

@@ -16,7 +16,7 @@ public MyClientAssertionCredential()
         // AAD Pod Identity webhook will inject the following env vars
         // 	AZURE_CLIENT_ID with the clientID set in the service account annotation
         // 	AZURE_TENANT_ID with the tenantID set in the service account annotation. If not defined, then
-        // 		the tenantID provided via aad-pi-webhook-config for the webhook will be used.
+        // 		the tenantID provided via azure-wi-webhook-config for the webhook will be used.
         // 	AZURE_FEDERATED_TOKEN_FILE is the service account token path
         var clientID = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
         var tokenPath = Environment.GetEnvironmentVariable("AZURE_FEDERATED_TOKEN_FILE");

@@ -1,4 +1,4 @@
-module github.com/Azure/aad-pod-managed-identity
+module github.com/Azure/azure-workload-identity
 
 go 1.16
 

@@ -1,4 +1,4 @@
-module github.com/Azure/aad-pod-managed-identity/hack/generate-jwks
+module github.com/Azure/azure-workload-identity/hack/generate-jwks
 
 go 1.16