Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Azure RedhatOpenshift Clusters #4152

Merged
merged 17 commits into from
Aug 19, 2024
Merged

Conversation

super-harsh
Copy link
Collaborator

@super-harsh super-harsh commented Jul 8, 2024

Closes #2802

What this PR does / why we need it:

This PR adds support for 2023-11-22 Azure RedhatOpenshift Clusters.

Special notes for your reviewer:

Have excluded samples testing and controller tests from running in live mode since we require Service Principal credentials to run them.

If applicable:

  • this PR contains documentation
  • this PR contains tests
  • this PR contains YAML Samples

@matthchr
Copy link
Member

Looks like an APIManagement test flake possibly? May need to re-run test-generator.

docs/hugo/content/reference/_index.md Outdated Show resolved Hide resolved
v2/azure-arm.yaml Outdated Show resolved Hide resolved
"github.com/Azure/azure-service-operator/v2/internal/util/to"
)

// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: Clarify that it's ARO that requires an SP, so there is no workaround.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe by saying something like:

Suggested change
// TODO: TO re-record this test, create a new service principal and follow the todos below in the test code.
// TODO: To re-record this test, create a new service principal and save its details into the
// TODO: ARO_CLIENT_ID, ARO_CLIENT_SECRET, and ARO_PRINCIPAL_ID variables.
// TODO: This is required because the ARO resource requires a service principal for input currently. Hopefully
// TODO: we can revisit this in the future when they support other options.

v2/internal/testcommon/vcr/redact.go Outdated Show resolved Hide resolved
@@ -131,6 +132,18 @@ func hidePasswords(s string) string {
return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"")
}

var (
secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we do need this, consider leaving a comment describing what it does and why we need it in addition to the other matchers. See for example the matchers here: toolkit/testhttprecorder/recorder.go

In fact yours maybe should go there too?

secretName := "aro-secret"
secretKey := "client-secret"
// TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP
principalId := "5c6be76c-5fc4-4817-992d-22027b44c402"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these should be env variables too, or hardcoded to 00000's GUIDs?

Is the issue with changing these that the test recordings don't pass then?

@super-harsh super-harsh self-assigned this Aug 9, 2024
│ │ │ └── "Enabled"
│ │ └── ServiceCidr: *string
│ ├── Owner: *genruntime.KnownResourceReference
│ ├── ProvisioningState: *Enum (7 values)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should be able to mark this field as ReadOnly because it's not really supposed to be an input?


clientSecretRef := tc.CreateSecret(secretName, secretKey, details.clientSecret)

tc.WithLiteralRedaction(details.objectId, "{REDACTED}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: Consider leaving a comment here around "ensure we redact the secret/clientid details of the SP we're using in the recordings"

If you think that's obvious though, feel free to ignore this.

clientSecret = secret
}

tc.WithLiteralRedaction(clientId, nilUUID)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you already do this above?

Remove the duplicate code, either above or here?

}

vnet := newVNet(tc, testcommon.AsOwner(rg), []string{"10.100.0.0/15"})
masterSubnet := newSubnet(tc, vnet, "10.100.76.0/24")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a bunch of vnet addressspaces here... how did you pick them all?
If it was from a specific example, maybe include the link in a comment?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I picked them randomly

v2/internal/testcommon/resource_namer.go Show resolved Hide resolved
@@ -495,6 +495,33 @@ func (tc *KubePerTestContext) PatchResourceAndWaitForState(
tc.Eventually(new).Should(tc.Match.BeInState(status, severity, gen))
}

func (tc *KubePerTestContext) CreateSecret(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if this should be called CreateSimpleSecret, and should have method comments explaining that if data isn't specified it'll be autogenerated?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though TBH I think you could maybe just drop this bit:

	if secretData == "" {
		secretData = tc.Namer.GeneratePasswordOfLength(40)
	}

because even with this the usage is

tc.CreateSecret("mysecret", "mykey", "") which I am not sure is clearer than tc.CreateSecret("mysecret", "mykey", tc.GeneratePasswordOfLength(40) and even though the second is a bit longer it's also (IMO) clearer about what's happening compared to the first one.

@super-harsh super-harsh added this pull request to the merge queue Aug 19, 2024
Merged via the queue into main with commit b91d01b Aug 19, 2024
8 checks passed
@super-harsh super-harsh deleted the feature/aro-openshift branch August 19, 2024 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

Successfully merging this pull request may close these issues.

Feature: Support Azure RedHat OpenShift cluster creation through ASO
2 participants