OCPBUGS-74498: Add UserAgent telemetry to CPO Azure SDK clients #7620

hypershift-jira-solve-ci · 2026-02-02T12:47:39Z

What this PR does / why we need it:

This PR adds the TelemetryOptions.ApplicationID to Azure SDK client options when the Control Plane Operator (CPO) creates Azure ARM SDK clients. This ensures Azure API requests from the CPO include proper application identification ("hypershift-cpo") in the User-Agent header for request tracing and telemetry purposes.

Changes:

support/azureutil/azureutil.go:
- Added CPOUserAgent constant for application identification
- Added NewARMClientOptions helper function that creates Azure ARM client options with proper cloud configuration and telemetry settings
- Updated GetVnetInfoFromVnetID, GetNetworkSecurityGroupInfo, and GetResourceGroupInfo functions to accept a cloudName parameter and use proper telemetry options
control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go:
- Updated validateAzureKMSConfig to include telemetry options when creating the Azure Key Vault keys client
- Updated verifyResourceGroupLocationsMatch to pass the cloud name to the updated azureutil functions
support/azureutil/azureutil_test.go:
- Added unit tests for the new NewARMClientOptions function

Which issue(s) this PR fixes:

Fixes OCPBUGS-74498

Special notes for your reviewer:

The ApplicationID has a 24-character limit in the Azure SDK, so "hypershift-cpo" (14 chars) was chosen to be concise yet descriptive
The telemetry options include both the cloud configuration (for proper endpoint selection) and the ApplicationID (for request attribution)
This change is backward compatible - existing behavior is preserved, just with added telemetry

Checklist:

Subject and description added to both, commit and PR.
Relevant issues have been referenced.
This change includes docs.
This change includes unit tests.

🤖 Generated with Claude Code via /jira-solve OCPBUGS-74498 origin --ci

Always review AI generated responses prior to use.

openshift-ci-robot · 2026-02-02T12:47:47Z

@hypershift-jira-solve-ci[bot]: This pull request references Jira Issue OCPBUGS-74498, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wewang58

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:

This PR adds the TelemetryOptions.ApplicationID to Azure SDK client options when the Control Plane Operator (CPO) creates Azure ARM SDK clients. This ensures Azure API requests from the CPO include proper application identification ("hypershift-cpo") in the User-Agent header for request tracing and telemetry purposes.

Changes:

support/azureutil/azureutil.go:

Added CPOUserAgent constant for application identification

Added NewARMClientOptions helper function that creates Azure ARM client options with proper cloud configuration and telemetry settings

Updated GetVnetInfoFromVnetID, GetNetworkSecurityGroupInfo, and GetResourceGroupInfo functions to accept a cloudName parameter and use proper telemetry options

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go:

Updated validateAzureKMSConfig to include telemetry options when creating the Azure Key Vault keys client

Updated verifyResourceGroupLocationsMatch to pass the cloud name to the updated azureutil functions

support/azureutil/azureutil_test.go:

Added unit tests for the new NewARMClientOptions function

Which issue(s) this PR fixes:

Fixes OCPBUGS-74498

Special notes for your reviewer:

The ApplicationID has a 24-character limit in the Azure SDK, so "hypershift-cpo" (14 chars) was chosen to be concise yet descriptive

The telemetry options include both the cloud configuration (for proper endpoint selection) and the ApplicationID (for request attribution)

This change is backward compatible - existing behavior is preserved, just with added telemetry

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

🤖 Generated with Claude Code via /jira-solve OCPBUGS-74498 origin --ci

Always review AI generated responses prior to use.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-02-02T12:47:49Z

Walkthrough

Added cloud-aware Azure ARM client options and telemetry to Key Vault KMS client construction and resource validation. Extended Azure utility functions to accept a cloudName and create ARM clients with cloud-specific options. Added a unit test for the new ARM client options behavior.

Changes

Cohort / File(s)	Summary
Controller: KMS & validation `control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go`	Passes cloud-aware `arm.ClientOptions` (including `TelemetryOptions`) when creating the Azure Key Vault keys client; threads cloudName and cached credentials into resource-group/location verification logic and passes cloudName to resource lookups.
Azure utilities `support/azureutil/azureutil.go`	Introduces `NewARMClientOptions(cloud.Configuration) *arm.ClientOptions` and `CPOUserAgent` constant. Updates client-creation sites to use `NewARMClientOptions` and changes signatures to accept `cloudName` for: `GetVnetInfoFromVnetID`, `getFullVnetInfo`, `GetNetworkSecurityGroupInfo`, and `GetResourceGroupInfo`.
Tests `support/azureutil/azureutil_test.go`	Adds `TestNewARMClientOptions` verifying `NewARMClientOptions` sets cloud host and telemetry `ApplicationID` for AzurePublic, AzureGovernment, and AzureChina configurations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

hypershift-jira-solve-ci · 2026-02-02T12:47:52Z

/auto-cc

openshift-ci · 2026-02-02T12:48:56Z

Hi @hypershift-jira-solve-ci[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

bryan-cox · 2026-02-02T12:59:47Z

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go

 	vaultURL := fmt.Sprintf("https://%s.%s", azureKmsSpec.ActiveKey.KeyVaultName, azureKeyVaultDNSSuffix)
-	keysClient, err := azkeys.NewClient(vaultURL, cred, nil)
+	keysClient, err := azkeys.NewClient(vaultURL, cred, &azkeys.ClientOptions{


Why not use NewARMClientOptions here for the clientOptions?

Good question! The NewARMClientOptions function returns *arm.ClientOptions, which is specifically designed for Azure Resource Manager (ARM) clients like armnetwork, armresources, etc.

However, azkeys.NewClient expects *azkeys.ClientOptions, which is a different type - it's for Key Vault clients rather than ARM clients. While both types embed azcore.ClientOptions, they are distinct and not interchangeable:

arm.ClientOptions → for ARM SDK clients (armnetwork.NewVirtualNetworksClient, etc.)

azkeys.ClientOptions → for Key Vault SDK clients (azkeys.NewClient)

The common configuration (cloud config and telemetry) is the same between them, but the container types differ.

I could create a similar helper function like NewKeyVaultClientOptions(cloudConfig) in the azureutil package to provide the same consistent pattern - would that be preferred? Alternatively, we could create a lower-level helper that returns azcore.ClientOptions which both ARM and KeyVault client options could embed.

AI-assisted response via Claude Code

Oh no that's ok. I missed that part. No changes requested.

Great, thanks for confirming! 👍

AI-assisted response via Claude Code

bryan-cox · 2026-02-02T13:00:28Z

/assign @bryan-cox

bryan-cox · 2026-02-02T14:25:46Z

/ok-to-test
/test verify
/test unit

celebdor · 2026-02-02T16:32:53Z

/cherry-pick release-4.21
/cherry-pick release-4.20

openshift-cherrypick-robot · 2026-02-02T16:32:57Z

@celebdor: once the present PR merges, I will cherry-pick it on top of release-4.20, release-4.21 in new PRs and assign them to you.

Details

In response to this:

/cherry-pick release-4.21
/cherry-pick release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

bryan-cox · 2026-02-02T16:49:45Z

/approve

openshift-ci · 2026-02-02T16:50:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, hypershift-jira-solve-ci[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

bryan-cox · 2026-02-03T14:09:37Z

/retest

bryan-cox · 2026-02-04T12:21:27Z

/retest

bryan-cox · 2026-02-06T18:23:24Z

hypershift-jira-solve-ci - rebase the PR to fix the konflux issues

The Control Plane Operator (CPO) was not setting the UserAgent in the Azure SDK TelemetryOptions when creating Azure ARM SDK clients. This meant Azure API requests from CPO did not include proper application identification for request tracing and telemetry purposes. This commit adds: - CPOUserAgent constant ("hypershift-cpo") for application identification - NewARMClientOptions helper function that creates Azure ARM client options with proper cloud configuration and TelemetryOptions.ApplicationID set - Updated GetVnetInfoFromVnetID, GetNetworkSecurityGroupInfo, and GetResourceGroupInfo functions to accept a cloudName parameter and use the new helper function for proper telemetry configuration - Unit tests for the new NewARMClientOptions function The ApplicationID is added to the User-Agent header of all Azure API requests, enabling proper attribution of CPO requests in Azure telemetry and monitoring. Co-Authored-By: Claude (claude-opus-4-5) <noreply@anthropic.com>

Update the validateAzureKMSConfig function to include TelemetryOptions with CPOUserAgent when creating the Azure Key Vault keys client. This ensures that requests to Azure Key Vault from the CPO include the "hypershift-cpo" application identifier in the User-Agent header. Also updates calls to GetVnetInfoFromVnetID, GetNetworkSecurityGroupInfo, and GetResourceGroupInfo in verifyResourceGroupLocationsMatch to pass the cloud name parameter as required by the updated function signatures. Co-Authored-By: Claude (claude-opus-4-5) <noreply@anthropic.com>

hypershift-jira-solve-ci · 2026-02-06T20:04:50Z

@bryan-cox Done. Rebased the PR onto the latest main (was 199 commits behind). The branch is now up to date — both commits (fd6dcef07 and c279efc41) replay cleanly with no conflicts. Konflux CI should pick up the updated base.

AI-assisted response via Claude Code

hypershift-jira-solve-ci · 2026-02-06T20:06:07Z

Done. Rebased onto the latest main (now at 12a6c6ca4) to pick up the latest Konflux pipeline changes. No conflicts.

AI-assisted response via Claude Code

bryan-cox · 2026-02-09T12:53:48Z

hypershift-jira-solve-ci - the unit tests are failing. You need to fix this.

bryan-cox · 2026-02-09T12:54:03Z

/test review-agent-single-pr

hypershift-jira-solve-ci · 2026-02-09T13:06:41Z

@bryan-cox I investigated the unit test failure. The failing test is TestSeekOverride/if_registry_override_partial_coincidence_is_found,_and_using_ID in support/util/imagemetadata_test.go — this is not related to the changes in this PR.

This test connects to external registries (quay.io) to verify image reference overrides and fails intermittently due to network conditions in CI. It passes locally and is a pre-existing flaky test.

The files changed by this PR (support/azureutil/azureutil.go, support/azureutil/azureutil_test.go, and control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go) all compile and pass their unit tests successfully.

A /retest should resolve the CI failure.

AI-assisted response via Claude Code

bryan-cox · 2026-02-09T13:40:38Z

/test unit

jparrill

/lgtm

bryan-cox · 2026-02-09T14:36:22Z

/verified later @wewang58

openshift-ci-robot · 2026-02-09T14:36:41Z

@bryan-cox: This PR has been marked to be verified later by @wewang58.

Details

In response to this:

/verified later @wewang58

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

bryan-cox · 2026-02-09T17:33:35Z

/test verify-deps

bryan-cox · 2026-02-09T18:04:41Z

/test all

jparrill · 2026-02-09T20:15:39Z

/lgtm

openshift-ci-robot · 2026-02-09T20:16:23Z

Scheduling required tests:
/test verify-deps

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws

openshift-ci · 2026-02-09T22:26:33Z

@hypershift-jira-solve-ci[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-02-09T22:28:32Z

@hypershift-jira-solve-ci[bot]: Jira Issue OCPBUGS-74498: All pull requests linked via external trackers have merged:

openshift/hypershift#7620

This pull request has the verified-later tag and will need to be manually moved to VERIFIED after testing. Jira Issue OCPBUGS-74498 has been moved to the MODIFIED state.

Details

In response to this:

What this PR does / why we need it:

This PR adds the TelemetryOptions.ApplicationID to Azure SDK client options when the Control Plane Operator (CPO) creates Azure ARM SDK clients. This ensures Azure API requests from the CPO include proper application identification ("hypershift-cpo") in the User-Agent header for request tracing and telemetry purposes.

Changes:

support/azureutil/azureutil.go:

Added CPOUserAgent constant for application identification

Added NewARMClientOptions helper function that creates Azure ARM client options with proper cloud configuration and telemetry settings

Updated GetVnetInfoFromVnetID, GetNetworkSecurityGroupInfo, and GetResourceGroupInfo functions to accept a cloudName parameter and use proper telemetry options

control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go:

Updated validateAzureKMSConfig to include telemetry options when creating the Azure Key Vault keys client

Updated verifyResourceGroupLocationsMatch to pass the cloud name to the updated azureutil functions

support/azureutil/azureutil_test.go:

Added unit tests for the new NewARMClientOptions function

Which issue(s) this PR fixes:

Fixes OCPBUGS-74498

Special notes for your reviewer:

The ApplicationID has a 24-character limit in the Azure SDK, so "hypershift-cpo" (14 chars) was chosen to be concise yet descriptive

The telemetry options include both the cloud configuration (for proper endpoint selection) and the ApplicationID (for request attribution)

This change is backward compatible - existing behavior is preserved, just with added telemetry

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

🤖 Generated with Claude Code via /jira-solve OCPBUGS-74498 origin --ci

Always review AI generated responses prior to use.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-cherrypick-robot · 2026-02-09T22:29:40Z

@celebdor: new pull request created: #7685

Details

In response to this:

/cherry-pick release-4.21
/cherry-pick release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-cherrypick-robot · 2026-02-09T22:30:26Z

@celebdor: #7620 failed to apply on top of branch "release-4.20":

Applying: feat(support/azureutil): Add UserAgent telemetry for Azure ARM clients
Using index info to reconstruct a base tree...
M	support/azureutil/azureutil.go
M	support/azureutil/azureutil_test.go
Falling back to patching base and 3-way merge...
Auto-merging support/azureutil/azureutil_test.go
CONFLICT (content): Merge conflict in support/azureutil/azureutil_test.go
Auto-merging support/azureutil/azureutil.go
CONFLICT (content): Merge conflict in support/azureutil/azureutil.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 feat(support/azureutil): Add UserAgent telemetry for Azure ARM clients

Details

In response to this:

/cherry-pick release-4.21
/cherry-pick release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 2, 2026

openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Feb 2, 2026

openshift-ci bot added the do-not-merge/needs-area label Feb 2, 2026

openshift-ci bot requested a review from wewang58 February 2, 2026 12:47

openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Feb 2, 2026

openshift-ci bot added the area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release label Feb 2, 2026

openshift-ci bot requested review from enxebre and sjenning February 2, 2026 12:49

openshift-ci bot added area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release and removed do-not-merge/needs-area labels Feb 2, 2026

bryan-cox reviewed Feb 2, 2026

View reviewed changes

openshift-ci bot assigned bryan-cox Feb 2, 2026

openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 2, 2026

celebdor marked this pull request as ready for review February 2, 2026 16:31

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 2, 2026

openshift-ci bot requested review from jparrill and muraee February 2, 2026 16:35

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 2, 2026

hypershift-jira-solve-ci bot force-pushed the fix-OCPBUGS-74498 branch from dbbaf31 to 4ef664b Compare February 3, 2026 11:07

OpenShift CI Bot and others added 2 commits February 6, 2026 20:04

hypershift-jira-solve-ci bot force-pushed the fix-OCPBUGS-74498 branch from 4ef664b to c279efc Compare February 6, 2026 20:04

jparrill reviewed Feb 9, 2026

View reviewed changes

openshift-ci-robot added verified-later verified Signifies that the PR passed pre-merge verification criteria labels Feb 9, 2026

openshift-ci bot assigned jparrill Feb 9, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 9, 2026

openshift-merge-bot bot merged commit 10c5108 into openshift:main Feb 9, 2026
14 checks passed

openshift-cherrypick-robot mentioned this pull request Feb 9, 2026

[release-4.21] OCPBUGS-76447: Add UserAgent telemetry to CPO Azure SDK clients #7685

Open

OCPBUGS-74498: Add UserAgent telemetry to CPO Azure SDK clients #7620

OCPBUGS-74498: Add UserAgent telemetry to CPO Azure SDK clients #7620

Conversation

hypershift-jira-solve-ci bot commented Feb 2, 2026

What this PR does / why we need it:

Changes:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Uh oh!

openshift-ci-robot commented Feb 2, 2026

What this PR does / why we need it:

Changes:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Uh oh!

coderabbitai bot commented Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Uh oh!

hypershift-jira-solve-ci bot commented Feb 2, 2026

Uh oh!

openshift-ci bot commented Feb 2, 2026

Uh oh!

bryan-cox Feb 2, 2026

Choose a reason for hiding this comment

Uh oh!

hypershift-jira-solve-ci bot Feb 2, 2026

Choose a reason for hiding this comment

Uh oh!

bryan-cox Feb 2, 2026

Choose a reason for hiding this comment

Uh oh!

hypershift-jira-solve-ci bot Feb 3, 2026

Choose a reason for hiding this comment

Uh oh!

bryan-cox commented Feb 2, 2026

Uh oh!

bryan-cox commented Feb 2, 2026

Uh oh!

celebdor commented Feb 2, 2026

Uh oh!

openshift-cherrypick-robot commented Feb 2, 2026

Uh oh!

bryan-cox commented Feb 2, 2026

Uh oh!

openshift-ci bot commented Feb 2, 2026

Uh oh!

bryan-cox commented Feb 3, 2026

Uh oh!

bryan-cox commented Feb 4, 2026

Uh oh!

bryan-cox commented Feb 6, 2026

Uh oh!

hypershift-jira-solve-ci bot commented Feb 6, 2026

Uh oh!

hypershift-jira-solve-ci bot commented Feb 6, 2026

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

hypershift-jira-solve-ci bot commented Feb 9, 2026

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

jparrill left a comment

Choose a reason for hiding this comment

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

openshift-ci-robot commented Feb 9, 2026

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

bryan-cox commented Feb 9, 2026

Uh oh!

coderabbitai bot commented Feb 2, 2026 •

edited

Loading