New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IR-207: Get endpoints for Azure Stack Cloud #710
Conversation
kind := storage.StorageV2 | ||
params := &storage.AccountPropertiesCreateParameters{ | ||
AllowBlobPublicAccess: to.BoolPtr(false), | ||
MinimumTLSVersion: storage.TLS12, | ||
} | ||
|
||
if strings.EqualFold(cloudName, "AZURESTACKCLOUD") { | ||
// It seems Azure Stack Hub does not support new API. | ||
kind = storage.Storage | ||
params = &storage.AccountPropertiesCreateParameters{} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@patrickdillon does it make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I'm not sure. It seems like ASH supports 2019-06-01, and therefore should support AllowBlobPublicAccess
and MinimumTLSVersion
. (I don't know about storage.StorageV2
vs storage.Storage
. )
Are you basing the removal of these two fields on the fact that the hybrid profile does not have these fields or have you tested and get an error when those fields are included? I would expect that if this code works, you should be able to include those two fields with ASH.
Hopefully this comment is not too unclear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried and it didn't work. It returned
storage.AccountsClient#Create: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="Parameters are not valid in the request" Target="" Details=[{"code":"AccountPropertyCannotBeUpdated","message":"Property storageAccount.properties.allowBlobPublicAccess that cannot be updated for the storage account was specified in the request.","target":"storageAccount.properties.allowBlobPublicAccess"},{"code":"AccountPropertyCannotBeUpdated","message":"Property storageAccount.properties.minimumTlsVersion that cannot be updated for the storage account was specified in the request.","target":"storageAccount.properties.minimumTlsVersion"}]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. I think this explains why the hybrid profile uses 2017-10-01
, which doesn't have these fields.
Yeah, with your explanation, this code makes sense to me.
test platfrom flake |
/retest |
@jsafrane could you check this to see if this would be affected by openshift/installer#5138 when we remove credentials from the cloud config? |
@@ -292,7 +301,7 @@ func (d *driver) storageAccountsClient(cfg *Azure, environment autorestazure.Env | |||
storageAccountsClient.Authorizer = d.authorizer | |||
} else { | |||
clientCredentialsConfig := auth.NewClientCredentialsConfig(cfg.ClientID, cfg.ClientSecret, cfg.TenantID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jsafrane to my untrained eye it looks like this is reading the creds from the config which would be a problem with openshift/installer#5138. can you confirm?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these creds are from cloud-credential-operator, the operator requests them via https://github.com/openshift/cluster-image-registry-operator/blob/master/manifests/01-registry-credentials-request-azure.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect. Thank you.
/retest |
/assign @ricardomaraschini @xiuwang @bmcelvee @sferich888 Please review this PR and tag appropriately, we really want to have it in 4.9. |
/label docs-approved |
/label qe-approved Test this pr an ASH, no issue found. |
@@ -37,6 +37,8 @@ spec: | |||
value: docker.io/openshift/origin-docker-registry:latest | |||
- name: IMAGE_PRUNER | |||
value: quay.io/openshift/origin-cli:v4.0 | |||
- name: AZURE_ENVIRONMENT_FILEPATH | |||
value: /tmp/azurestackcloud.json |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this some kinda default location for this? I could not see where this file is used, IIUC the endpoints are copied into it but I could not find where it is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
azure sdk uses AZURE_ENVIRONMENT_FILEPATH to find its config
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yes, of course. Shame on me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dmage, ricardomaraschini The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
4 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
6 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@dmage Is there an ETA on when this PR would be merged so that QE can be unblocked with functional testing on Azure Stack Hub? cc: @mgahagan73 @xiuwang |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
12 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/label px-approved |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest |
https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/710/pull-ci-openshift-cluster-image-registry-operator-master-e2e-azure-operator/1428355090690871296 /override ci/prow/e2e-azure-operator |
@dmage: Overrode contexts on behalf of dmage: ci/prow/e2e-aws-operator In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When the registry operator is installed on Azure Stack Hub, it should be able to use its endpoints.
As Azure Stack Hub does not support the latest storage API, we should downgrade
github.com/Azure/azure-storage-blob-go
(which uses 2018-11-09) and use Microsoft.Storage 2019-06-01.