Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add IRSA credential type #7708

Merged
merged 9 commits into from
Jul 3, 2024
Merged

add IRSA credential type #7708

merged 9 commits into from
Jul 3, 2024

Conversation

nithyatsu
Copy link
Contributor

@nithyatsu nithyatsu commented Jun 21, 2024
edited
Loading

Description

Add model changes for supporting AWS IRSA credential

Type of change

  • This pull request adds or changes features of Radius and has an approved issue (issue link required).

#7618

Partially Fixes: #7618

@codecov Codecov
Copy link

codecov bot commented Jun 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 61.01%. Comparing base (13d50f7) to head (c496df9).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7708      +/-   ##
==========================================
+ Coverage   60.99%   61.01%   +0.01%     
==========================================
  Files         520      520              
  Lines       27010    27010              
==========================================
+ Hits        16476    16480       +4     
+ Misses       9081     9079       -2     
+ Partials     1453     1451       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nithyatsu nithyatsu force-pushed the irsa_model_changes branch from 39d22b7 to 12103b0 Compare June 24, 2024 22:31
@nithyatsu nithyatsu temporarily deployed to functional-tests June 24, 2024 22:40 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jun 24, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 98be80a
Unique ID func84dde17eac
Image tag pr-func84dde17eac
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func84dde17eac
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func84dde17eac
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func84dde17eac
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func84dde17eac
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting shared functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting samples functional tests...
⌛ Starting datastoresrp functional tests...
⌛ Starting ucp functional tests...
⌛ Starting kubernetes functional tests...
⌛ Starting cli functional tests...
✅ msgrp functional tests succeeded
✅ samples functional tests succeeded
✅ ucp functional tests succeeded
✅ kubernetes functional tests succeeded
✅ daprrp functional tests succeeded
✅ datastoresrp functional tests succeeded
❌ shared functional test cancelled. Please check the logs for more details
❌ cli functional test cancelled. Please check the logs for more details

@nithyatsu nithyatsu marked this pull request as ready for review June 24, 2024 23:18
@nithyatsu nithyatsu requested review from a team as code owners June 24, 2024 23:18
@nithyatsu nithyatsu force-pushed the irsa_model_changes branch 2 times, most recently from 4bc8155 to a476b98 Compare June 24, 2024 23:47
@nithyatsu nithyatsu temporarily deployed to functional-tests June 25, 2024 17:33 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jun 25, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 10af540
Unique ID func48b12084e9
Image tag pr-func48b12084e9
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func48b12084e9
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func48b12084e9
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func48b12084e9
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func48b12084e9
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting cli functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting kubernetes functional tests...
⌛ Starting ucp functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting shared functional tests...
⌛ Starting datastoresrp functional tests...
⌛ Starting samples functional tests...
✅ msgrp functional tests succeeded
✅ kubernetes functional tests succeeded
✅ ucp functional tests succeeded
✅ samples functional tests succeeded
✅ cli functional tests succeeded
✅ daprrp functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ shared functional tests succeeded

willdavsmith
willdavsmith requested changes Jun 26, 2024
View reviewed changes
typespec/UCP/aws-credentials.tsp Outdated
@@ -93,6 +96,18 @@ model AwsAccessKeyCredentialProperties extends AwsCredentialProperties {
storage: CredentialStorageProperties;
}

@doc("AWS credential storage properties")
model AwsIRSACredentialProperties extends AwsCredentialProperties {
@doc("Access Key kind")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@doc("Access Key kind")
@doc("IRSA credential kind")

@nithyatsu nithyatsu requested a review from willdavsmith June 26, 2024 23:58
willdavsmith
willdavsmith previously approved these changes Jun 27, 2024
View reviewed changes
@nithyatsu nithyatsu temporarily deployed to functional-tests June 27, 2024 19:13 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jun 27, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 7797f38
Unique ID func06043a3bef
Image tag pr-func06043a3bef
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func06043a3bef
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func06043a3bef
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func06043a3bef
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func06043a3bef
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting shared functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting kubernetes functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting cli functional tests...
⌛ Starting samples functional tests...
⌛ Starting ucp functional tests...
⌛ Starting datastoresrp functional tests...
✅ msgrp functional tests succeeded
✅ kubernetes functional tests succeeded
✅ samples functional tests succeeded
✅ ucp functional tests succeeded
✅ daprrp functional tests succeeded
✅ cli functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ shared functional tests succeeded

@nithyatsu
Copy link
Contributor Author

addressed all review comments + added convertors and controllers in #7723
closing this PR.

@nithyatsu nithyatsu closed this Jul 1, 2024
@kachawla
Copy link
Contributor

kachawla commented Jul 2, 2024
edited
Loading

addressed all review comments + added convertors and controllers in #7723 closing this PR.

@nithyatsu can typespec changes be merged on its own or do they need to go in with converter/controller changes? If they are not dependent, then let's keep them in separate PRs and re-open this PR. Keeping PRs small makes them easier to review and copying changes over from one PR to another adds duplicated effort in PR reviews.

@kachawla kachawla mentioned this pull request Jul 2, 2024
Closed
@nithyatsu nithyatsu reopened this Jul 3, 2024
@nithyatsu nithyatsu force-pushed the irsa_model_changes branch from 9c51945 to 2fd184e Compare July 3, 2024 18:08
@nithyatsu nithyatsu temporarily deployed to functional-tests July 3, 2024 18:09 — with GitHub Actions Inactive
@nithyatsu nithyatsu requested a review from kachawla July 3, 2024 18:09
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jul 3, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 2fd184e
Unique ID func199d772165
Image tag pr-func199d772165
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func199d772165
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func199d772165
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func199d772165
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func199d772165
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting cli functional tests...
⌛ Starting samples functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting kubernetes functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting datastoresrp functional tests...
⌛ Starting shared functional tests...
⌛ Starting ucp functional tests...
✅ samples functional tests succeeded
✅ msgrp functional tests succeeded
✅ kubernetes functional tests succeeded
✅ daprrp functional tests succeeded
✅ cli functional tests succeeded
✅ ucp functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ shared functional tests succeeded

@nithyatsu nithyatsu force-pushed the irsa_model_changes branch from 2fd184e to 5f24766 Compare July 3, 2024 20:32
@nithyatsu nithyatsu temporarily deployed to functional-tests July 3, 2024 20:41 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jul 3, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 5f24766
Unique ID funcf71ecbce85
Image tag pr-funcf71ecbce85
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-funcf71ecbce85
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-funcf71ecbce85
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-funcf71ecbce85
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-funcf71ecbce85
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting shared functional tests...
⌛ Starting samples functional tests...
⌛ Starting kubernetes functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting ucp functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting cli functional tests...
⌛ Starting datastoresrp functional tests...
✅ kubernetes functional tests succeeded
✅ ucp functional tests succeeded
✅ msgrp functional tests succeeded
✅ samples functional tests succeeded
✅ daprrp functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ cli functional tests succeeded
✅ shared functional tests succeeded

@nithyatsu nithyatsu force-pushed the irsa_model_changes branch from 5f24766 to 39737c7 Compare July 3, 2024 20:52
@nithyatsu nithyatsu temporarily deployed to functional-tests July 3, 2024 21:07 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jul 3, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref 39737c7
Unique ID funca8a8720635
Image tag pr-funca8a8720635
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-funca8a8720635
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-funca8a8720635
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-funca8a8720635
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-funca8a8720635
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting cli functional tests...
⌛ Starting ucp functional tests...
⌛ Starting datastoresrp functional tests...
⌛ Starting msgrp functional tests...
⌛ Starting shared functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting kubernetes functional tests...
✅ samples functional tests succeeded
✅ ucp functional tests succeeded
✅ msgrp functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ cli functional tests succeeded
✅ daprrp functional tests succeeded
✅ shared functional tests succeeded
❌ Test tool installation for kubernetes failed. Please check the logs for more details
❌ Failed to install Radius for kubernetes functional test. Please check the logs for more details
❌ kubernetes functional test failed. Please check the logs for more details

nithyatsu added 9 commits July 3, 2024 15:34
@nithyatsu
irsa credential model
57e31de 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
update attribute
b754a97 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
model changes for aws irsa
e658bae 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
format
d2b5133 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
fix format
aeb7a57 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
nit
b22efbb 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
update examples
259d384 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>

wip

Signed-off-by: nithyatsu <nithyasu@microsoft.com>

update description

Signed-off-by: nithyatsu <nithyasu@microsoft.com>

nit

Signed-off-by: nithyatsu <nithyasu@microsoft.com>

wip

Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
wip
8c4c7b2 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu
nit
c496df9 
Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu nithyatsu force-pushed the irsa_model_changes branch from bf39671 to c496df9 Compare July 3, 2024 22:34
@nithyatsu nithyatsu temporarily deployed to functional-tests July 3, 2024 22:50 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Jul 3, 2024
edited
Loading

Radius functional test overview

🔍 Go to test action run

Name Value
Repository nithyatsu/radius
Commit ref c496df9
Unique ID func519de57d70
Image tag pr-func519de57d70
Click here to see the list of tools in the current test run
  • gotestsum 1.10.0
  • KinD: v0.20.0
  • Dapr: 1.12.0
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.1.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func519de57d70
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func519de57d70
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func519de57d70
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func519de57d70
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting kubernetes functional tests...
⌛ Starting daprrp functional tests...
⌛ Starting datastoresrp functional tests...
⌛ Starting ucp functional tests...
⌛ Starting samples functional tests...
⌛ Starting shared functional tests...
⌛ Starting cli functional tests...
⌛ Starting msgrp functional tests...
✅ kubernetes functional tests succeeded
✅ msgrp functional tests succeeded
✅ samples functional tests succeeded
✅ ucp functional tests succeeded
✅ daprrp functional tests succeeded
✅ datastoresrp functional tests succeeded
✅ cli functional tests succeeded
✅ shared functional tests succeeded

kachawla
kachawla approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@kachawla kachawla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding examples for both new and existing stuff.

typespec/UCP/examples/2023-10-01-preview/AWSCredential_AccessKey_Delete.json
"api-version": "2023-10-01-preview",
"planeType": "aws",
"planeName": "awscloud",
"credentialName": "default"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't realize we don't require credential kind for delete and get.. so the uniqueness is based on name and not name + type?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes. For now its based on just name, since we support only one credential that works. But we would have to revisit this as part of supporting multiple credentials in future.

@kachawla kachawla merged commit a8371ee into radius-project:main Jul 3, 2024
16 checks passed
sk593 pushed a commit that referenced this pull request Jul 10, 2024
@nithyatsu @sk593
add IRSA credential type (#7708)
e476578 
# Description

Add model changes for supporting AWS IRSA credential

## Type of change

- This pull request adds or changes features of Radius and has an
approved issue (issue link required).

#7618

#

Partially Fixes: #7618

---------

Signed-off-by: nithyatsu <nithyasu@microsoft.com>
@nithyatsu nithyatsu mentioned this pull request Jul 16, 2024
Merged
sk593 pushed a commit that referenced this pull request Jul 22, 2024
@nithyatsu @sk593
add IRSA credential type (#7708)
c4c4ef3 
# Description

Add model changes for supporting AWS IRSA credential

## Type of change

- This pull request adds or changes features of Radius and has an
approved issue (issue link required).

#7618

#

Partially Fixes: #7618

---------

Signed-off-by: nithyatsu <nithyasu@microsoft.com>
Reshrahim pushed a commit to Reshrahim/radius that referenced this pull request Aug 27, 2024
@nithyatsu @Reshrahim
add IRSA credential type (radius-project#7708)
576b7f1 
# Description

Add model changes for supporting AWS IRSA credential

## Type of change

- This pull request adds or changes features of Radius and has an
approved issue (issue link required).

radius-project#7618

#

Partially Fixes: radius-project#7618

---------

Signed-off-by: nithyatsu <nithyasu@microsoft.com>
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kachawla kachawla kachawla approved these changes

@willdavsmith willdavsmith willdavsmith left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add IRSA (workload identity) support for AWS cloud provider
3 participants
@nithyatsu @kachawla @willdavsmith