Add support for Azure RedhatOpenshift Clusters #4152
Conversation
super-harsh
requested review from
davefellows,
theunrepentantgeek,
matthchr and
babbageclunk
as code owners
|
Looks like an APIManagement test flake possibly? May need to re-run test-generator. |
|
|
||
| | Resource | ARM Version | CRD Version | Supported From | Sample | | ||
| |------------------|-------------|---------------|----------------|----------------------------------------------------------------------------------------------------------------------------------------| | ||
| | OpenShiftCluster | 2023-11-22 | v1api20231122 | v2.8.0 | [View](https://github.com/Azure/azure-service-operator/tree/main/v2/samples/redhatopenshift/v1api/v1api20231122_openshiftcluster.yaml) | |
There was a problem hiding this comment.
Should be from 2.9.0 now, right?
v2/azure-arm.yaml
Outdated
| 2023-11-22: | ||
| OpenShiftCluster: | ||
| $export: true | ||
| $supportedFrom: v2.8.0 |
There was a problem hiding this comment.
True, I had this from pre 2.8.0. Thanks for pointing out, will update.
| // TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
| principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" | ||
| clientId := "5b7a18b9-8aec-4456-a4c3-0865cbfa1512" | ||
| clientSecret := "your-client-secret-here" |
There was a problem hiding this comment.
Probably better to have the code read this from an env variable that's documented at the top of the test?
Putting credentials in source is a checkin-risk
There was a problem hiding this comment.
and if we're gonna move these to env variables we probably ought to just move clientId/principalId too.
There was a problem hiding this comment.
Nice idea for the clientSecret, although the ClientId and PrincipalId don't get redacted in the tests hence I've left them here. Maybe we need another matcher to match guids and replace them?
| "github.com/Azure/azure-service-operator/v2/internal/util/to" | ||
| ) | ||
|
|
||
| // TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. |
There was a problem hiding this comment.
minor: Clarify that it's ARO that requires an SP, so there is no workaround.
There was a problem hiding this comment.
Maybe by saying something like:
| // TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. | |
| // TODO: To re-record this test, create a new service principal and save its details into the | |
| // TODO: ARO_CLIENT_ID, ARO_CLIENT_SECRET, and ARO_PRINCIPAL_ID variables. | |
| // TODO: This is required because the ARO resource requires a service principal for input currently. Hopefully | |
| // TODO: we can revisit this in the future when they support other options. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Show resolved
Hide resolved
v2/samples/redhatopenshift/v1api/refs/v1api20220401_roleassignment_from_sp_to_vnet.yaml
Show resolved
Hide resolved
v2/internal/testcommon/vcr/redact.go
Outdated
| @@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
| return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
| } | |||
|
|
|||
| var ( | |||
| secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) | |||
There was a problem hiding this comment.
Are we sure this doesn't match other fields that aren't secrets and don't need to be redacted? Should we be looking specifically for clientSecret?
Also did the keyMatcher not work for this?
There was a problem hiding this comment.
keyMatcher does not work for this. I've added a comment and and updated the regex to match ([A-Za-z]+)[Ss]ecret":".*. Let me know wdyt about that?
v2/internal/testcommon/vcr/redact.go
Outdated
| @@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
| return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
| } | |||
|
|
|||
| var ( | |||
| secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) | |||
There was a problem hiding this comment.
If we do need this, consider leaving a comment describing what it does and why we need it in addition to the other matchers. See for example the matchers here: toolkit/testhttprecorder/recorder.go
In fact yours maybe should go there too?
| secretName := "aro-secret" | ||
| secretKey := "client-secret" | ||
| // TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
| principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" |
There was a problem hiding this comment.
I think these should be env variables too, or hardcoded to 00000's GUIDs?
Is the issue with changing these that the test recordings don't pass then?
Closes #2802
What this PR does / why we need it:
This PR adds support for 2023-11-22 Azure RedhatOpenshift Clusters.
Special notes for your reviewer:
Have excluded samples testing and controller tests from running in live mode since we require Service Principal credentials to run them.
If applicable: