Bug 1743728: pkg/azure: also provide operators access to the resource group containing public DNS zone #105
Conversation
…ning public DNS zone cluster-ingress-operator updates the records in the public DNS zone that is used by the cluster, hence separate from the resource group created for the cluster. The DNS or dnses.config.openshift.io/v1 object's `.spec.publicZone` is optional, and when set the, resource-group from the ID will be used. The current api doesn't allow scoping permissions to a single resource, therefore, the permissions are provided to the entire resource group. Also adds a resourceid helper to find the resource group for the public zone ID.
openshift-ci-robot
added
the
size/L
|
/test e2e-azure |
abhinavdahiya
changed the title
openshift-ci-robot
added
the
bugzilla/valid-bug
|
@abhinavdahiya: This pull request references Bugzilla bug 1743728, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lgtm |
| } | ||
|
|
||
| if pzone := dns.Spec.PublicZone; pzone != nil { | ||
| id, err := parseAzureResourceID(pzone.ID) |
There was a problem hiding this comment.
+1 for implementing parseAzureResourceID.
| logger.Error("failed to parse ID for public zone") | ||
| return nil, err | ||
| } | ||
| resourceGroups = append(resourceGroups, id.ResourceGroup) |
There was a problem hiding this comment.
Only ResourceGroup field of resourceID is actually accessed. Though, there are few other places in the code where parseAzureResourceID might be used as well. Not just to access high level keys. E.g. to parse RoleDefinitionID.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, ingvagabund, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@abhinavdahiya: All pull requests linked via external trackers have merged. Bugzilla bug 1743728 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
cluster-ingress-operator updates the records in the public DNS zone that is used by the cluster, hence separate from the resource group created for the cluster.
The DNS or dnses.config.openshift.io/v1 object's
.spec.publicZoneis optional, and when set the, resource-group from the ID will be used.The current api doesn't allow scoping permissions to a single resource, therefore, the permissions are provided to the entire resource group.
Also adds a resourceid helper to find the resource group for the public zone ID.