Skip to content

OCPCLOUD-2013: Move Azure Credentials Request to custom role #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Aug 15, 2023
Merged

OCPCLOUD-2013: Move Azure Credentials Request to custom role #274

openshift-merge-robot merged 1 commit into from
Aug 15, 2023

Conversation

@JoelSpeed
Copy link
Contributor

@JoelSpeed JoelSpeed commented Aug 10, 2023
edited
Loading

This PR moves the Azure credentials request to use fine grained permissions rather than a generic role.

i've manually tested this and can bring up an Azure workload identity cluster with this manually. CI is covering our existing cluster bring up.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Aug 10, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 10, 2023
edited by openshift-ci bot
Loading

@JoelSpeed: This pull request references OCPCLOUD-2013 which is a valid jira issue.

In response to this:

This PR moves the Azure credentials request to use fine grained permissions rather than a generic role.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 10, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 10, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@JoelSpeed
Copy link
Contributor Author

JoelSpeed commented Aug 10, 2023

/test ?

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 10, 2023

@JoelSpeed: The following commands are available to trigger required jobs:

  • /test e2e-aws-ovn
  • /test e2e-aws-ovn-upgrade
  • /test fmt
  • /test images
  • /test lint
  • /test unit
  • /test vendor
  • /test vet

The following commands are available to trigger optional jobs:

  • /test e2e-azure-manual-oidc
  • /test e2e-azure-ovn
  • /test e2e-azure-ovn-upgrade
  • /test e2e-gcp-ovn-ccm
  • /test e2e-gcp-ovn-techpreview
  • /test e2e-nutanix-ovn
  • /test e2e-openstack-ovn
  • /test e2e-vsphere-ovn

Use /test all to run the following jobs that were automatically triggered:

  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-aws-ovn
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-aws-ovn-upgrade
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-azure-ovn
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-azure-ovn-upgrade
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-gcp-ovn-ccm
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-gcp-ovn-techpreview
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-openstack-ovn
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-e2e-vsphere-ovn
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-fmt
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-images
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-lint
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-unit
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-vendor
  • pull-ci-openshift-cluster-cloud-controller-manager-operator-master-vet

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JoelSpeed
Copy link
Contributor Author

JoelSpeed commented Aug 10, 2023

/test e2e-azure-ovn

@JoelSpeed JoelSpeed force-pushed the azure-fine-grained-role branch from 9918417 to a7d6b5e Compare August 10, 2023 11:37
@JoelSpeed
Copy link
Contributor Author

JoelSpeed commented Aug 10, 2023

/test e2e-azure-ovn

@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 10, 2023
edited by openshift-ci bot
Loading

@JoelSpeed: This pull request references OCPCLOUD-2013 which is a valid jira issue.

In response to this:

This PR moves the Azure credentials request to use fine grained permissions rather than a generic role.

i've manually tested this and can bring up an Azure workload identity cluster with this manually. CI is covering our existing cluster bring up.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JoelSpeed JoelSpeed marked this pull request as ready for review August 10, 2023 13:52
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 10, 2023
@openshift-ci openshift-ci bot requested review from damdo and odvarkadaniel August 10, 2023 13:53
@abutcher
Copy link
Member

abutcher commented Aug 10, 2023

/test e2e-azure-manual-oidc

@abutcher
Copy link
Member

abutcher commented Aug 10, 2023

Ah, merge conflict. The CR now has serviceAccountNames which will be required in rebase for the test to work.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 10, 2023
@JoelSpeed JoelSpeed force-pushed the azure-fine-grained-role branch from a7d6b5e to 53dbc5a Compare August 11, 2023 09:26
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 11, 2023
@JoelSpeed
Copy link
Contributor Author

JoelSpeed commented Aug 11, 2023

/test e2e-azure-manual-oidc

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 11, 2023

@JoelSpeed: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-openstack-ovn 53dbc5a link false /test e2e-openstack-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@sunzhaohua2
Copy link
Contributor

sunzhaohua2 commented Aug 14, 2023

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Aug 14, 2023
@JoelSpeed
Copy link
Contributor Author

JoelSpeed commented Aug 14, 2023

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 14, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 14, 2023
@RadekManak
Copy link
Contributor

RadekManak commented Aug 15, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 15, 2023
@openshift-merge-robot openshift-merge-robot merged commit 786dda4 into openshift:master Aug 15, 2023
@JoelSpeed JoelSpeed deleted the azure-fine-grained-role branch August 15, 2023 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damdo damdo Awaiting requested review from damdo

@odvarkadaniel odvarkadaniel Awaiting requested review from odvarkadaniel

Assignees

@RadekManak RadekManak

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@JoelSpeed @openshift-ci-robot @abutcher @sunzhaohua2 @RadekManak @openshift-merge-robot