When moving to new sub, the name of the keyvault changed

[jsturtevant]

This updates to use the new keyvault name capz-ci-gmsa-community

/assign @ritikaguptams

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsturtevant

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jsturtevant]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jsturtevant]

Looks like we missed a few things when moving to the new sub, will be getting those into the new terraform scripts and will re-run this here

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension-gmsa

[jsturtevant]

made it further, looks like we need another permission:

INFO: Getting the gmsa gmsaSpecFile gmsa-cred-spec-gmsa-e2e-22305 from https://capz-ci-gmsa-community.vault.azure.net
INFO: error when retrieving gmsaSpecFile GET https://capz-ci-gmsa-community.vault.azure.net/secrets/gmsa-cred-spec-gmsa-e2e-22305/
--------------------------------------------------------------------------------
RESPONSE 403: 403 Forbidden
ERROR CODE: Forbidden
--------------------------------------------------------------------------------
{
  "error": {
    "code": "Forbidden",
    "message": "The user, group or application 'appid=34d8e06d-d198-477e-b166-6936e58d90ae;oid=8eb97873-17bb-46a5-aed9-1967d83ca7ca;iss=https://sts.windows.net/d1aa7522-0959-442e-80ee-8c4f7fb4c184/' does not have secrets get permission on key vault 'capz-ci-gmsa-community;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287",
    "innererror": {
      "code": "AccessDenied"
    }
  }
}
-------

[jsturtevant]

I think we are missing the permissions from

windows-testing/capz/gmsa/setup-gmsa.sh

Lines 113 to 114 in ccb4060

	ciSP=$(az ad sp show --id "$CI_CLIENT_ID" --query id -o tsv)
	az keyvault set-policy --name "${GMSA_KEYVAULT}" --object-id "$ciSP" --secret-permissions get delete list purge

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

gMSA tests pass!
Infra PR to have the right role assignments wired up: kubernetes/k8s.io#7101

[jsturtevant]

gMSA tests pass! Infra PR to have the right role assignments wired up: kubernetes/k8s.io#7101

thanks! Somewhere in the scripts we are getting the wrong subscription context, debugging that then this will be ready.

[jsturtevant]

/test pull-e2e-capz-windows-2022-extension

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension

[jsturtevant]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

/test pull-e2e-capz-windows-2022-extension

[jsturtevant]

/test pull-e2e-capz-windows-2022-extension-gmsa

[jsturtevant]

/test pull-e2e-capz-windows-2022-extension-gmsa

[jsturtevant]

/test pull-e2e-capz-windows-2022-extension-gmsa

[ritikaguptams]

/lgtm