Add support for Azure RedhatOpenshift Clusters #4152
Conversation
super-harsh
requested review from
davefellows,
theunrepentantgeek,
matthchr and
babbageclunk
as code owners
|
Looks like an APIManagement test flake possibly? May need to re-run test-generator. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
| "github.com/Azure/azure-service-operator/v2/internal/util/to" | ||
| ) | ||
|
|
||
| // TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. |
There was a problem hiding this comment.
minor: Clarify that it's ARO that requires an SP, so there is no workaround.
There was a problem hiding this comment.
Maybe by saying something like:
| // TODO: TO re-record this test, create a new service principal and follow the todos below in the test code. | |
| // TODO: To re-record this test, create a new service principal and save its details into the | |
| // TODO: ARO_CLIENT_ID, ARO_CLIENT_SECRET, and ARO_PRINCIPAL_ID variables. | |
| // TODO: This is required because the ARO resource requires a service principal for input currently. Hopefully | |
| // TODO: we can revisit this in the future when they support other options. |
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Show resolved
Hide resolved
v2/samples/redhatopenshift/v1api/refs/v1api20220401_roleassignment_from_sp_to_vnet.yaml
Show resolved
Hide resolved
v2/internal/testcommon/vcr/redact.go
Outdated
| @@ -131,6 +132,18 @@ func hidePasswords(s string) string { | |||
| return passwordMatcher.ReplaceAllLiteralString(s, "\"{PASSWORD}\"") | |||
| } | |||
|
|
|||
| var ( | |||
| secretMatcher = regexp.MustCompile(`"([A-Za-z]+)?[Ss]ecret":".*"`) | |||
There was a problem hiding this comment.
If we do need this, consider leaving a comment describing what it does and why we need it in addition to the other matchers. See for example the matchers here: toolkit/testhttprecorder/recorder.go
In fact yours maybe should go there too?
| secretName := "aro-secret" | ||
| secretKey := "client-secret" | ||
| // TODO: Replace the principalID, clientSecret and clientId vars below with principalId, clientSecret and clientId of your SP | ||
| principalId := "5c6be76c-5fc4-4817-992d-22027b44c402" |
There was a problem hiding this comment.
I think these should be env variables too, or hardcoded to 00000's GUIDs?
Is the issue with changing these that the test recordings don't pass then?
| │ │ │ └── "Enabled" | ||
| │ │ └── ServiceCidr: *string | ||
| │ ├── Owner: *genruntime.KnownResourceReference | ||
| │ ├── ProvisioningState: *Enum (7 values) |
There was a problem hiding this comment.
I think you should be able to mark this field as ReadOnly because it's not really supposed to be an input?
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
|
|
||
| clientSecretRef := tc.CreateSecret(secretName, secretKey, details.clientSecret) | ||
|
|
||
| tc.WithLiteralRedaction(details.objectId, "{REDACTED}") |
There was a problem hiding this comment.
minor: Consider leaving a comment here around "ensure we redact the secret/clientid details of the SP we're using in the recordings"
If you think that's obvious though, feel free to ignore this.
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
| clientSecret = secret | ||
| } | ||
|
|
||
| tc.WithLiteralRedaction(clientId, nilUUID) |
There was a problem hiding this comment.
Don't you already do this above?
Remove the duplicate code, either above or here?
| } | ||
|
|
||
| vnet := newVNet(tc, testcommon.AsOwner(rg), []string{"10.100.0.0/15"}) | ||
| masterSubnet := newSubnet(tc, vnet, "10.100.76.0/24") |
There was a problem hiding this comment.
There's a bunch of vnet addressspaces here... how did you pick them all?
If it was from a specific example, maybe include the link in a comment?
There was a problem hiding this comment.
I picked them randomly
| @@ -495,6 +495,33 @@ func (tc *KubePerTestContext) PatchResourceAndWaitForState( | |||
| tc.Eventually(new).Should(tc.Match.BeInState(status, severity, gen)) | |||
| } | |||
|
|
|||
| func (tc *KubePerTestContext) CreateSecret( | |||
There was a problem hiding this comment.
Wondering if this should be called CreateSimpleSecret, and should have method comments explaining that if data isn't specified it'll be autogenerated?
There was a problem hiding this comment.
Though TBH I think you could maybe just drop this bit:
if secretData == "" {
secretData = tc.Namer.GeneratePasswordOfLength(40)
}
because even with this the usage is
tc.CreateSecret("mysecret", "mykey", "") which I am not sure is clearer than tc.CreateSecret("mysecret", "mykey", tc.GeneratePasswordOfLength(40) and even though the second is a bit longer it's also (IMO) clearer about what's happening compared to the first one.
v2/internal/controllers/crd_redhatopenshift_openshiftcluster_20230401_test.go
Outdated
Show resolved
Hide resolved
Closes #2802
What this PR does / why we need it:
This PR adds support for 2023-11-22 Azure RedhatOpenshift Clusters.
Special notes for your reviewer:
Have excluded samples testing and controller tests from running in live mode since we require Service Principal credentials to run them.
If applicable: