Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci/auth: Add support for Azure China and US Gov regions #631

Merged
merged 1 commit into from
Aug 21, 2023
Merged

oci/auth: Add support for Azure China and US Gov regions #631

merged 1 commit into from
Aug 21, 2023

Conversation

mihaiandreiratoiu
Copy link
Contributor

Description

When using the OCI authentication in azure with managed identity in usgovernment environment, the source-controller cannot get the permissions for the cloud because it defaults to the public azure cloud.

Error

error logging into ACR error exchanging token: unexpected status code 401 from exchange request,
 response body: {\"errors\":[{\"code\":\"UNAUTHORIZED\", \"message\":\"retrieving permissions failed: 
https://management.usgovcloudapi.net/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.ContainerRegistry/registries/xxx/providers/Microsoft.Authorization/permissions/?api-version=xxx\"}]}"

Fix

The fix proposes a map for each azure cloud environment that is automatically detected by the suffix of the ACR.

@stefanprodan stefanprodan requested a review from darkowlzz August 18, 2023 09:44
@stefanprodan stefanprodan added the area/oci OCI related issues and pull requests label Aug 18, 2023
@stefanprodan stefanprodan changed the title Ops: Update azure cloud token auth oci/auth: Update azure cloud token auth Aug 18, 2023
darkowlzz
darkowlzz reviewed Aug 18, 2023
View reviewed changes
oci/auth/azure/auth.go Outdated Show resolved Hide resolved
@mihaiandreiratoiu mihaiandreiratoiu force-pushed the feature/gov-arm branch 2 times, most recently from 514db0d to 8611884 Compare August 21, 2023 08:18
@mihaiandreiratoiu
Ops: Update azure cloud token auth
174a5e9 
Signed-off-by: mihaiandreiratoiu <mihai.ratoiu@uipath.com>
darkowlzz
darkowlzz approved these changes Aug 21, 2023
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good to me.
But since our azure account used in CI isn't available at the moment, I'll check for a manual run of the e2e tests. Will merge after we get test results.

Thanks.

oci/auth/azure/auth_test.go Show resolved Hide resolved
@stefanprodan stefanprodan changed the title oci/auth: Update azure cloud token auth oci/auth: Add support for Azure China and US Gov regions Aug 21, 2023
somtochiama
somtochiama approved these changes Aug 21, 2023
View reviewed changes
Copy link
Member

@somtochiama somtochiama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the oci integration tests for Azure locally and they passed 🥳

LGTM! Thanks @mihaiandreiratoiu 🏅

@stefanprodan stefanprodan merged commit 540f61e into fluxcd:main Aug 21, 2023
@stefanprodan
Copy link
Member

This will be included in Flux 2.1.0 release, thanks @mihaiandreiratoiu

PS. Could you please add UiPath to Flux adopters page https://fluxcd.io/adopters/

This was referenced Aug 21, 2023
Closed
Merged
@darkowlzz darkowlzz mentioned this pull request Aug 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aryan9600 aryan9600 aryan9600 left review comments

@somtochiama somtochiama somtochiama approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees
No one assigned
Labels
area/oci OCI related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mihaiandreiratoiu @stefanprodan @darkowlzz @somtochiama @aryan9600