Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Fall back to cluster identityRef in absence of machine identityRef #1768

Merged
merged 1 commit into from
Jan 10, 2024
Merged

🐛 Fall back to cluster identityRef in absence of machine identityRef #1768

merged 1 commit into from
Jan 10, 2024

Conversation

stephenfin
Copy link
Contributor

@stephenfin stephenfin commented Dec 4, 2023
edited

What this PR does / why we need it:

The identityRef attribute is marked as optional but without it we have no ability to talk to the cloud. In a future API version, we may wish to make this a required attribute but for now, provide the ability to retrieve credentials from the cluster in the absence of the machine.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes #1759

Special notes for your reviewer:

I'm not sure if we can do this. As things stand, this will cause a change in behavior (you can create a Machine without specifying an identityRef) between two different CAPO deployments regardless of API version selected. It might be better to instead explode early (rather than exploding later) and make this field required in API v1alpha8/v1beta1? Open to input here.

(We discussed the above 👆 on Slack and agreed it wasn't an issue)

TODOs:

  • squashed commits
  • if necessary:
    • includes documentation
    • adds unit tests

/hold

@stephenfin
Fall back to cluster identityRef in absence of machine
08a1ecd 
The 'identityRef' attribute is marked as optional but without it we have
no ability to talk to the cloud. In a future API version, we may wish to
make this a required attribute but for now, provide the ability to
retrieve credentials from the cluster in the absence of the machine.

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 4, 2023
@netlify Netlify
Copy link

netlify bot commented Dec 4, 2023
edited

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit 08a1ecd
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/656dc7266fd1c30008215b24
😎 Deploy Preview https://deploy-preview-1768--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 4, 2023
@EmilienM
Copy link
Contributor

EmilienM commented Dec 4, 2023

/test pull-cluster-api-provider-openstack-e2e-test

@jichenjc
Copy link
Contributor

jichenjc commented Dec 11, 2023
edited

I'm not sure if we can do this. As things stand, this will cause a change in behavior (you can create a Machine without specifying an identityRef) between two different CAPO deployments regardless of API version selected. It might be better to instead explode early (rather than exploding later) and make this field required in API v1alpha8/v1beta1? Open to input here

maybe we can talk at original issue, but I think it's better to work as you proposed (fall back to cluster identityRef)
but this won't need a API change to v1alpha8/v1beta1 as it's optional anyway per your proposal above?

@stephenfin
Copy link
Contributor Author

stephenfin commented Dec 12, 2023
edited

I'm not sure if we can do this. As things stand, this will cause a change in behavior (you can create a Machine without specifying an identityRef) between two different CAPO deployments regardless of API version selected. It might be better to instead explode early (rather than exploding later) and make this field required in API v1alpha8/v1beta1? Open to input here

maybe we can talk at original issue, but I think it's better to work as you proposed (fall back to cluster identityRef) but this won't need a API change to v1alpha8/v1beta1 as it's optional anyway per your proposal above?

Yeah, I discussed this with @mdbooth on Slack and it sounds like an non-issue. We can probably proceed with this as-is, assuming there are no other issues?

EDIT: I updated the PR summary to reflect this.

@dulek
Copy link
Contributor

dulek commented Dec 13, 2023

Makes sense to me!

mdbooth
mdbooth reviewed Jan 10, 2024
View reviewed changes
Copy link
Contributor

@mdbooth mdbooth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an easy win. Lets get it out of the way.

/approve
/lgtm
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 10, 2024
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 10, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mdbooth, stephenfin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 10, 2024
@k8s-ci-robot k8s-ci-robot merged commit a44323c into kubernetes-sigs:main Jan 10, 2024
9 checks passed
@mdbooth mdbooth deleted the issue-1759 branch January 11, 2024 10:48
@mdbooth
Copy link
Contributor

mdbooth commented Mar 5, 2024

/cherry-pick release-0.9

@k8s-infra-cherrypick-robot
Copy link

@mdbooth: new pull request created: #1926

In response to this:

/cherry-pick release-0.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Mar 5, 2024
Closed
@mdbooth
Copy link
Contributor

mdbooth commented May 17, 2024

/cherry-pick release-0.9

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request May 17, 2024
Merged
@k8s-infra-cherrypick-robot
Copy link

@mdbooth: new pull request created: #2093

In response to this:

/cherry-pick release-0.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdbooth mdbooth mdbooth left review comments

@dulek dulek Awaiting requested review from dulek

Assignees

@mdbooth mdbooth

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No obvious failure if identityRef is omitted from OpenStackMachineTemplate
7 participants
@stephenfin @EmilienM @jichenjc @dulek @k8s-ci-robot @mdbooth @k8s-infra-cherrypick-robot