Skip to content

OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP#5085

Closed
bryan-cox wants to merge 2 commits into
openshift:mainfrom
bryan-cox:aro-hcp-capz-cert
Closed

OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP#5085
bryan-cox wants to merge 2 commits into
openshift:mainfrom
bryan-cox:aro-hcp-capz-cert

Conversation

@bryan-cox
Copy link
Copy Markdown
Member

@bryan-cox bryan-cox commented Nov 7, 2024

What this PR does / why we need it:
This PR authenticates CAPZ with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the capi-provider pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@bryan-cox
Update go.mod to include cert changes for CAPZ
2233783 
Update the go.mod to include the specific commit that includes the
changes to allow service principal with certificate to use a certificate
.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 7, 2024
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels Nov 7, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 7, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Nov 7, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Nov 7, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42434, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.18.0) matches configured target version for branch (4.18.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @fxierh

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
This PR authenticates CAPZ with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the capi-provider pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested a review from fxierh November 7, 2024 21:07
@openshift-ci openshift-ci Bot added do-not-merge/needs-area area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI labels Nov 7, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 7, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/needs-area labels Nov 7, 2024
@bryan-cox
Authenticate CAPZ with cert authentication
a65a586 
This commit authenticates CAPZ with certificate authentication in order
to communicate with Azure Cloud API. The certificate is stored in an
Azure key vault and mounted into the capi-provider pod through a Secrets
 Store CSI driver SecretProviderClass.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@bryan-cox bryan-cox changed the title OCPBUGS-42434: Authenticate CAPZ with cert authentication OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP Nov 7, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2024
@openshift-merge-robot
Copy link
Copy Markdown
Contributor

openshift-merge-robot commented Nov 17, 2024

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Nov 20, 2024

/close

in favor of #5160

@openshift-ci openshift-ci Bot closed this Nov 20, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 20, 2024

@bryan-cox: Closed this PR.

Details

In response to this:

/close

in favor of #5160

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Nov 20, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42434. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
This PR authenticates CAPZ with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the capi-provider pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fxierh fxierh Awaiting requested review from fxierh

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bryan-cox @openshift-ci-robot @openshift-merge-robot