IR-207: Get endpoints for Azure Stack Cloud #710
Conversation
openshift-ci
bot
added
the
approved
| kind := storage.StorageV2 | ||
| params := &storage.AccountPropertiesCreateParameters{ | ||
| AllowBlobPublicAccess: to.BoolPtr(false), | ||
| MinimumTLSVersion: storage.TLS12, | ||
| } | ||
|
|
||
| if strings.EqualFold(cloudName, "AZURESTACKCLOUD") { | ||
| // It seems Azure Stack Hub does not support new API. | ||
| kind = storage.Storage | ||
| params = &storage.AccountPropertiesCreateParameters{} | ||
| } |
There was a problem hiding this comment.
@patrickdillon does it make sense?
There was a problem hiding this comment.
Well, I'm not sure. It seems like ASH supports 2019-06-01, and therefore should support AllowBlobPublicAccess and MinimumTLSVersion. (I don't know about storage.StorageV2 vs storage.Storage. )
Are you basing the removal of these two fields on the fact that the hybrid profile does not have these fields or have you tested and get an error when those fields are included? I would expect that if this code works, you should be able to include those two fields with ASH.
Hopefully this comment is not too unclear.
There was a problem hiding this comment.
I tried and it didn't work. It returned
storage.AccountsClient#Create: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="Parameters are not valid in the request" Target="" Details=[{"code":"AccountPropertyCannotBeUpdated","message":"Property storageAccount.properties.allowBlobPublicAccess that cannot be updated for the storage account was specified in the request.","target":"storageAccount.properties.allowBlobPublicAccess"},{"code":"AccountPropertyCannotBeUpdated","message":"Property storageAccount.properties.minimumTlsVersion that cannot be updated for the storage account was specified in the request.","target":"storageAccount.properties.minimumTlsVersion"}]
There was a problem hiding this comment.
Ok. I think this explains why the hybrid profile uses 2017-10-01, which doesn't have these fields.
Yeah, with your explanation, this code makes sense to me.
|
test platfrom flake |
|
/retest |
|
@jsafrane could you check this to see if this would be affected by openshift/installer#5138 when we remove credentials from the cloud config? |
| @@ -292,7 +301,7 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env | |||
| storageAccountsClient.Authorizer = d.authorizer | |||
| } else { | |||
| clientCredentialsConfig := auth.NewClientCredentialsConfig(cfg.ClientID, cfg.ClientSecret, cfg.TenantID) | |||
There was a problem hiding this comment.
@jsafrane to my untrained eye it looks like this is reading the creds from the config which would be a problem with openshift/installer#5138. can you confirm?
There was a problem hiding this comment.
these creds are from cloud-credential-operator, the operator requests them via https://github.com/openshift/cluster-image-registry-operator/blob/master/manifests/01-registry-credentials-request-azure.yaml
|
/retest |
|
/assign @ricardomaraschini @xiuwang @bmcelvee @sferich888 Please review this PR and tag appropriately, we really want to have it in 4.9. |
|
/label docs-approved |
openshift-ci
bot
added
the
docs-approved
|
/label qe-approved Test this pr an ASH, no issue found. |
openshift-ci
bot
added
the
qe-approved
| @@ -37,6 +37,8 @@ spec: | |||
| value: docker.io/openshift/origin-docker-registry:latest | |||
| - name: IMAGE_PRUNER | |||
| value: quay.io/openshift/origin-cli:v4.0 | |||
| - name: AZURE_ENVIRONMENT_FILEPATH | |||
| value: /tmp/azurestackcloud.json | |||
There was a problem hiding this comment.
Is this some kinda default location for this? I could not see where this file is used, IIUC the endpoints are copied into it but I could not find where it is used.
There was a problem hiding this comment.
azure sdk uses AZURE_ENVIRONMENT_FILEPATH to find its config
There was a problem hiding this comment.
Oh yes, of course. Shame on me.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dmage, ricardomaraschini The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
4 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
6 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@dmage Is there an ETA on when this PR would be merged so that QE can be unblocked with functional testing on Azure Stack Hub? cc: @mgahagan73 @xiuwang |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
12 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/label px-approved |
openshift-ci
bot
added
the
px-approved
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
|
https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/710/pull-ci-openshift-cluster-image-registry-operator-master-e2e-azure-operator/1428355090690871296 /override ci/prow/e2e-azure-operator |
|
@dmage: Overrode contexts on behalf of dmage: ci/prow/e2e-aws-operator In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When the registry operator is installed on Azure Stack Hub, it should be able to use its endpoints.
As Azure Stack Hub does not support the latest storage API, we should downgrade
github.com/Azure/azure-storage-blob-go(which uses 2018-11-09) and use Microsoft.Storage 2019-06-01.