-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Azure RedhatOpenshift Clusters #4152
base: main
Are you sure you want to change the base?
Conversation
Looks like an APIManagement test flake possibly? May need to re-run test-generator. |
|
||
| Resource | ARM Version | CRD Version | Supported From | Sample | | ||
|------------------|-------------|---------------|----------------|----------------------------------------------------------------------------------------------------------------------------------------| | ||
| OpenShiftCluster | 2023-11-22 | v1api20231122 | v2.8.0 | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/redhatopenshift/v1api/v1api20231122_openshiftcluster.yaml) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be from 2.9.0 now, right?
v2/azure-arm.yaml
Outdated
2023-11-22: | ||
OpenShiftCluster: | ||
$export: true | ||
$supportedFrom: v2.8.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2.9.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, I had this from pre 2.8.0. Thanks for pointing out, will update.
// TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" | ||
clientId := "5b7a18b9-8aec-4456-a4c3-0865cbfa1512" | ||
clientSecret := "your-client-secret-here" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably better to have the code read this from an env variable that's documented at the top of the test?
Putting credentials in source is a checkin-risk
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and if we're gonna move these to env variables we probably ought to just move clientId/principalId too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice idea for the clientSecret, although the ClientId and PrincipalId don't get redacted in the tests hence I've left them here. Maybe we need another matcher to match guids and replace them?
"github.com/Azure/azure-service-operator/v2/internal/util/to" | ||
) | ||
|
||
// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: Clarify that it's ARO that requires an SP, so there is no workaround.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe by saying something like:
// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. | |
// TODO: To re-record this test, create a new service principal and save its details into the | |
// TODO: ARO_CLIENT_ID, ARO_CLIENT_SECRET, and ARO_PRINCIPAL_ID variables. | |
// TODO: This is required because the ARO resource requires a service principal for input currently. Hopefully | |
// TODO: we can revisit this in the future when they support other options. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Show resolved
Hide resolved
v2/samples/redhatopenshift/v1api/refs/v1api20220401_roleassignment_from_sp_to_vnet.yaml
Show resolved
Hide resolved
v2/internal/testcommon/vcr/redact.go
Outdated
@@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
} | |||
|
|||
var ( | |||
secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure this doesn't match other fields that aren't secrets and don't need to be redacted? Should we be looking specifically for clientSecret
?
Also did the keyMatcher
not work for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keyMatcher does not work for this. I've added a comment and and updated the regex to match ([A-Za-z]+)[Ss]ecret":".*
. Let me know wdyt about that?
v2/internal/testcommon/vcr/redact.go
Outdated
@@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
} | |||
|
|||
var ( | |||
secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do need this, consider leaving a comment describing what it does and why we need it in addition to the other matchers. See for example the matchers here: toolkit/testhttprecorder/recorder.go
In fact yours maybe should go there too?
secretName := "aro-secret" | ||
secretKey := "client-secret" | ||
// TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these should be env variables too, or hardcoded to 00000's GUIDs?
Is the issue with changing these that the test recordings don't pass then?
Closes #2802
What this PR does / why we need it:
This PR adds support for 2023-11-22 Azure RedhatOpenshift Clusters.
Special notes for your reviewer:
Have excluded samples testing and controller tests from running in live mode since we require Service Principal credentials to run them.
If applicable: