Bug 1945467: aws: allow use of unknown regions in known partitions #4807
Conversation
Allow the user to specify a region that is not known to the instatller but does match the regex of a known partition without requiring the user to specify custom service endpoints. This is needed to support new regions that are added to known partitions. Without this, it is not possible to use an unknown region is the standard partition. Terraform will not create the IAM roles correctly when specifying custom endpoints for a region in the standard partition because the request will try to create the role in the cluster's region rather than in us-east-1. This seems like the behavior that was desired when the check for whether custom service endpoints are needed was added in openshift@cf79a75. In addition to relaxing the service endpoint validation, the validation around whether an AMI must be specified has been tightened. The user must specify an AMI when the RHCOS stream does not contain an AMI for the region, rather than when the ASK SDK knows about the region. https://bugzilla.redhat.com/show_bug.cgi?id=1944268
openshift-ci-robot
added
bugzilla/severity-high
|
@staebler: This pull request references Bugzilla bug 1945467, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.6 |
|
@staebler: once the present PR merges, I will cherry-pick it on top of release-4.6 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
lgtm
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 1945467, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
5 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
Improve the validation around whether a custom AMI has been provided by the user in the regions where one is required. The install config is valid if any of the following are satisifed. * The RHCOS stream metadata has an AMI for the region. * The region is in the standard AWS partition. In this caes, the AMI can be copied from us-east-1. * The custom AMI has been specified at the platform level. * The custom AMI has been specified in the default machine platform. * A custom AMI has been specified for each machine pool that has replicas. https://bugzilla.redhat.com/show_bug.cgi?id=1948923
|
Cherry-picked the commit from #4846. |
|
/bugzilla refresh |
|
@staebler: This pull request references Bugzilla bug 1945467, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@staebler: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
mfojtik
added
the
cherry-pick-approved
|
[patch-manager] 🚀 Approved for z-stream by score: 1.00 approved |
|
@staebler: All pull requests linked via external trackers have merged: Bugzilla bug 1945467 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@staebler: #4807 failed to apply on top of branch "release-4.6": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is a manual cherry-pick of #4801.
Allow the user to specify a region that is not known to the instatller but does match the regex of a known partition without requiring the user to specify custom service endpoints. This is needed to support new regions that are added to known partitions.
Without this, it is not possible to use an unknown region is the standard partition. Terraform will not create the IAM roles correctly when specifying custom endpoints for a region in the standard partition because the request will try to create the role in the cluster's region rather than in us-east-1.
This seems like the behavior that was desired when the check for whether custom service endpoints are needed was added in cf79a75.
In addition to relaxing the service endpoint validation, the validation around whether an AMI must be specified has been tightened. The user must specify an AMI when the RHCOS stream does not contain an AMI for the region, rather than when the ASK SDK knows about the region.
https://bugzilla.redhat.com/show_bug.cgi?id=1944268