Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix unexpected workload identity update in workload identity clusters #3973

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Fix unexpected workload identity update in workload identity clusters #3973

wants to merge 7 commits into from

Conversation

rajdeepc2792
Copy link
Collaborator

@rajdeepc2792 rajdeepc2792 commented Nov 22, 2024
edited
Loading

Which issue this PR addresses:

Fixes ARO-12514

What this PR does / why we need it:

  • Moves the expected platform workload identity check to the frontend so that all the invalid platform workload identities are never persisted to cluster doc during create and update flow.
  • Also, added the validation for the deployment preflight check.

Test plan for issue:

[x] Unit tests added/updated for the above implementation
[x] Create/Update MIWI cluster in local
[x] CI
[x] e2e

Is there any documentation that needs to be updated for this PR?

Not yet.

How do you know this will function as expected in production?

Feature is not in production yet.

@rajdeepc2792 rajdeepc2792 self-assigned this Nov 22, 2024
@rajdeepc2792 rajdeepc2792 added bug Something isn't working hold Hold work-in-progress chainsaw Pull requests or issues owned by Team Chainsaw labels Nov 22, 2024
@rajdeepc2792 rajdeepc2792 force-pushed the rajdeepc2792/ARO-12514 branch 2 times, most recently from 6ebcba3 to 00903b2 Compare November 26, 2024 13:08
@rajdeepc2792 rajdeepc2792 force-pushed the rajdeepc2792/ARO-12514 branch from 00903b2 to 88b34b0 Compare December 5, 2024 15:42
@rajdeepc2792
Copy link
Collaborator Author

/azp run ci

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@github-actions github-actions bot added needs-rebase branch needs a rebase and removed ready-for-review labels Dec 16, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@rajdeepc2792 rajdeepc2792 force-pushed the rajdeepc2792/ARO-12514 branch from 88b34b0 to 3d66fea Compare December 17, 2024 13:31
@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Dec 17, 2024
@rajdeepc2792 rajdeepc2792 marked this pull request as ready for review December 17, 2024 13:31
edisonLcardenas
edisonLcardenas reviewed Dec 19, 2024
View reviewed changes
pkg/frontend/openshiftcluster_preflightvalidation.go
Comment on lines +153 to +163
if oc.UsesWorkloadIdentity() {
if err := f.validatePlatformWorkloadIdentities(oc); err != nil {
return api.ValidationResult{
Status: api.ValidationStatusFailed,
Error: &api.CloudErrorBody{
Code: api.CloudErrorCodeInvalidParameter,
Message: err.Error(),
},
}
}
}
Copy link
Collaborator

@edisonLcardenas edisonLcardenas Dec 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a nice to have, since we only expect one return here, is it not possible to simplify to just one "if" condition or create a guard clause instead of nesting another "if" condition?

e.g. if oc.UsesWorkloadIdentity() && f.validatePlatformWorkloadIdentities(oc) != nil

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edisonLcardenas edisonLcardenas edisonLcardenas left review comments

@tsatam tsatam tsatam left review comments

@jewzaam jewzaam Awaiting requested review from jewzaam jewzaam is a code owner

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas is a code owner

@petrkotas petrkotas Awaiting requested review from petrkotas petrkotas is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@cblecker cblecker Awaiting requested review from cblecker cblecker is a code owner

@cadenmarchese cadenmarchese Awaiting requested review from cadenmarchese cadenmarchese is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@SudoBrendan SudoBrendan Awaiting requested review from SudoBrendan SudoBrendan is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 is a code owner

@jaitaiwan jaitaiwan Awaiting requested review from jaitaiwan jaitaiwan is a code owner

@anshulvermapatel anshulvermapatel Awaiting requested review from anshulvermapatel anshulvermapatel is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu is a code owner

@mociarain mociarain Awaiting requested review from mociarain mociarain is a code owner

@kimorris27 kimorris27 Awaiting requested review from kimorris27 kimorris27 is a code owner

@bitoku bitoku Awaiting requested review from bitoku bitoku is a code owner

@fahlmant fahlmant Awaiting requested review from fahlmant fahlmant is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@rajdeepc2792 rajdeepc2792

Labels
bug Something isn't working chainsaw Pull requests or issues owned by Team Chainsaw ready-for-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rajdeepc2792 @tsatam @edisonLcardenas