New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1743728: pkg/azure: also provide operators access to the resource group containing public DNS zone #105
Bug 1743728: pkg/azure: also provide operators access to the resource group containing public DNS zone #105
Conversation
…ning public DNS zone cluster-ingress-operator updates the records in the public DNS zone that is used by the cluster, hence separate from the resource group created for the cluster. The DNS or dnses.config.openshift.io/v1 object's `.spec.publicZone` is optional, and when set the, resource-group from the ID will be used. The current api doesn't allow scoping permissions to a single resource, therefore, the permissions are provided to the entire resource group. Also adds a resourceid helper to find the resource group for the public zone ID.
|
/test e2e-azure |
|
@abhinavdahiya: This pull request references Bugzilla bug 1743728, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lgtm |
| } | ||
|
|
||
| if pzone := dns.Spec.PublicZone; pzone != nil { | ||
| id, err := parseAzureResourceID(pzone.ID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for implementing parseAzureResourceID.
| logger.Error("failed to parse ID for public zone") | ||
| return nil, err | ||
| } | ||
| resourceGroups = append(resourceGroups, id.ResourceGroup) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only ResourceGroup field of resourceID is actually accessed. Though, there are few other places in the code where parseAzureResourceID might be used as well. Not just to access high level keys. E.g. to parse RoleDefinitionID.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, ingvagabund, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@abhinavdahiya: All pull requests linked via external trackers have merged. Bugzilla bug 1743728 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
cluster-ingress-operator updates the records in the public DNS zone that is used by the cluster, hence separate from the resource group created for the cluster.
The DNS or dnses.config.openshift.io/v1 object's
.spec.publicZoneis optional, and when set the, resource-group from the ID will be used.The current api doesn't allow scoping permissions to a single resource, therefore, the permissions are provided to the entire resource group.
Also adds a resourceid helper to find the resource group for the public zone ID.