-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Azure RedhatOpenshift Clusters #4152
Conversation
Looks like an APIManagement test flake possibly? May need to re-run test-generator. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
"github.com/Azure/azure-service-operator/v2/internal/util/to" | ||
) | ||
|
||
// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: Clarify that it's ARO that requires an SP, so there is no workaround.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe by saying something like:
// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. | |
// TODO: To re-record this test, create a new service principal and save its details into the | |
// TODO: ARO_CLIENT_ID, ARO_CLIENT_SECRET, and ARO_PRINCIPAL_ID variables. | |
// TODO: This is required because the ARO resource requires a service principal for input currently. Hopefully | |
// TODO: we can revisit this in the future when they support other options. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Show resolved
Hide resolved
v2/samples/redhatopenshift/v1api/refs/v1api20220401_roleassignment_from_sp_to_vnet.yaml
Show resolved
Hide resolved
v2/internal/testcommon/vcr/redact.go
Outdated
@@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
} | |||
|
|||
var ( | |||
secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do need this, consider leaving a comment describing what it does and why we need it in addition to the other matchers. See for example the matchers here: toolkit/testhttprecorder/recorder.go
In fact yours maybe should go there too?
secretName := "aro-secret" | ||
secretKey := "client-secret" | ||
// TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these should be env variables too, or hardcoded to 00000's GUIDs?
Is the issue with changing these that the test recordings don't pass then?
│ │ │ └── "Enabled" | ||
│ │ └── ServiceCidr: *string | ||
│ ├── Owner: *genruntime.KnownResourceReference | ||
│ ├── ProvisioningState: *Enum (7 values) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you should be able to mark this field as ReadOnly because it's not really supposed to be an input?
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
|
||
clientSecretRef := tc.CreateSecret(secretName, secretKey, details.clientSecret) | ||
|
||
tc.WithLiteralRedaction(details.objectId, "{REDACTED}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: Consider leaving a comment here around "ensure we redact the secret/clientid details of the SP we're using in the recordings"
If you think that's obvious though, feel free to ignore this.
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
clientSecret = secret | ||
} | ||
|
||
tc.WithLiteralRedaction(clientId, nilUUID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't you already do this above?
Remove the duplicate code, either above or here?
} | ||
|
||
vnet := newVNet(tc, testcommon.AsOwner(rg), []string{"10.100.0.0/15"}) | ||
masterSubnet := newSubnet(tc, vnet, "10.100.76.0/24") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a bunch of vnet addressspaces here... how did you pick them all?
If it was from a specific example, maybe include the link in a comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I picked them randomly
@@ -495,6 +495,33 @@ func (tc *KubePerTestContext) PatchResourceAndWaitForState( | |||
tc.Eventually(new).Should(tc.Match.BeInState(status, severity, gen)) | |||
} | |||
|
|||
func (tc *KubePerTestContext) CreateSecret( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if this should be called CreateSimpleSecret
, and should have method comments explaining that if data isn't specified it'll be autogenerated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though TBH I think you could maybe just drop this bit:
if secretData == "" {
secretData = tc.Namer.GeneratePasswordOfLength(40)
}
because even with this the usage is
tc.CreateSecret("mysecret", "mykey", "")
which I am not sure is clearer than tc.CreateSecret("mysecret", "mykey", tc.GeneratePasswordOfLength(40)
and even though the second is a bit longer it's also (IMO) clearer about what's happening compared to the first one.
Closes #2802
What this PR does / why we need it:
This PR adds support for 2023-11-22 Azure RedhatOpenshift Clusters.
Special notes for your reviewer:
Have excluded samples testing and controller tests from running in live mode since we require Service Principal credentials to run them.
If applicable: