Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.12] OCPBUGS-4542: Azure: use azidentity with an adapter #6671

Closed
wants to merge 2 commits into from
Closed

[release-4.12] OCPBUGS-4542: Azure: use azidentity with an adapter #6671

wants to merge 2 commits into from

Conversation

r4f4
Copy link
Contributor

@r4f4 r4f4 commented Dec 6, 2022

This is a manual cherry-pick of #6003

@r4f4
azure: use azidentity with adapter
c16de5b 
Microsoft is in the process of upgrading the Azure SDK for Go from V1 to
V2. Our clients and authentication are on V1. The V1 authentication
utilizes ADAL which will be deprecated June 30, 2022. All V2 clients,
except the V2 auth client azidentity, are in beta (azidentity is
scheduled to be stable in Q2 2022). [0]

These changes remove the dependency on the ADAL API, replace the
authentication with azidentity, and use an adapter so the auth will work
with V1 clients.

[0] https://azure.github.io/azure-sdk/releases/latest/index.html#go

https://issues.redhat.com/browse/CORS-1910
@r4f4
azure: azidentity: update go.mod and vendor
a348c80 
Notice that azblob also had to be upgraded to 0.4.1, otherwise we hit
the following build issue:

vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zc_blob_lease_client.go:25:16: undefined: to.StringPtr
vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zc_block_blob_client.go:145:20: undefined: to.StringPtr
vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zc_container_lease_client.go:25:16: undefined: to.StringPtr
vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zc_shared_policy_shared_key_credential.go:190:17: undefined: log.EventResponse
vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zm_lease_request_options.go:63:16: undefined: to.StringPtr
vendor/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/zm_lease_request_options.go:142:16: undefined: to.StringPtr

and newer versions cause

pkg/gather/azure/azure.go:224:29: undefined: azblob.NewBlobClientWithSharedKey
pkg/gather/azure/azure.go:235:48: unknown field 'MaxRetryRequests' in struct literal of type blob.RetryReaderOptions
@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Dec 6, 2022
@openshift-ci-robot
Copy link
Contributor

@r4f4: This pull request references Jira Issue OCPBUGS-4542, which is invalid:

  • expected the bug to target the "4.12.0" version, but it targets "4.12.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is a manual cherry-pick of #6003

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 6, 2022

@r4f4: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

[release-4.12] OCPBUGS-4542: Azure azid release 4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@r4f4 r4f4 changed the title [release-4.12] OCPBUGS-4542: Azure azid release 4.12 [release-4.12] OCPBUGS-4542: Azure: use azidentity with an adapter Dec 6, 2022
@r4f4
Copy link
Contributor Author

r4f4 commented Dec 6, 2022

/jira refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 6, 2022

@r4f4: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

[release-4.12] OCPBUGS-4542: Azure: use azidentity with an adapter

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Dec 6, 2022
@openshift-ci-robot
Copy link
Contributor

@r4f4: This pull request references Jira Issue OCPBUGS-4542, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.12.0) matches configured target version for branch (4.12.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-4541 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-4541 targets the "4.13.0" version, which is one of the valid target versions: 4.13.0
  • bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (gpei@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Dec 6, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 6, 2022

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from r4f4 by writing /assign @r4f4 in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

barbacbd
barbacbd reviewed Dec 6, 2022
View reviewed changes
Copy link
Contributor

@barbacbd barbacbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but I thought we try to not go through with major version updates

github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.1

@r4f4
Copy link
Contributor Author

r4f4 commented Dec 6, 2022

This looks good, but I thought we try to not go through with major version updates

github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.1

In this case we have to since Stack and GovCloud support are present in the official release (v1.0). azure-sdk-for-go/sdk is where the new SDK V2 clients live and we're not yet using any of them. However that's about to change when we backport #6614 to replace graphrbac (also being deprecated) with the new msgraphsdk API.

@r4f4
Copy link
Contributor Author

r4f4 commented Dec 6, 2022

/hold
Not sure yet if we want this sooner or later

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 6, 2022
@patrickdillon
Copy link
Contributor

Given that usptream kubernetes still depends on ADAL in 4.12, I don't think we should backport this. Contrary to the messaging regarding ADAL EOL at the end of this month, it seems like we should begin to think about this as future proofing instead.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 10, 2023

@r4f4: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn a348c80 link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn a348c80 link true /test e2e-aws-ovn
ci/prow/e2e-aws-ovn-disruptive a348c80 link false /test e2e-aws-ovn-disruptive
ci/prow/e2e-aws-ovn-workers-rhel8 a348c80 link false /test e2e-aws-ovn-workers-rhel8
ci/prow/e2e-libvirt a348c80 link false /test e2e-libvirt
ci/prow/e2e-openstack a348c80 link false /test e2e-openstack
ci/prow/e2e-azurestack a348c80 link false /test e2e-azurestack
ci/prow/okd-scos-e2e-aws-upgrade a348c80 link false /test okd-scos-e2e-aws-upgrade
ci/prow/e2e-metal-ipi-sdn a348c80 link false /test e2e-metal-ipi-sdn
ci/prow/okd-e2e-aws-ovn-upgrade a348c80 link false /test okd-e2e-aws-ovn-upgrade
ci/prow/e2e-crc a348c80 link false /test e2e-crc
ci/prow/e2e-vsphere-ovn a348c80 link true /test e2e-vsphere-ovn
ci/prow/e2e-gcp-ovn a348c80 link true /test e2e-gcp-ovn
ci/prow/e2e-openstack-ovn a348c80 link true /test e2e-openstack-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 11, 2023
@openshift-merge-robot
Copy link
Contributor

@r4f4: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 11, 2023
@openshift-bot
Copy link
Contributor

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

@openshift-ci openshift-ci bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 12, 2023
@openshift-bot
Copy link
Contributor

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

@openshift-ci openshift-ci bot closed this Jun 11, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 11, 2023

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

@r4f4: An error was encountered removing this pull request from the external tracker bugs for bug OCPBUGS-4542 on the Jira server at https://issues.redhat.com/. No known errors were detected, please see the full error message for details.

Full error message. request failed. Please analyze the request body for more details. Status code: 403: {"errorMessages":["No Link Issue Permission for issue 'OCPBUGS-4542'."],"errors":{}}

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

In response to this:

This is a manual cherry-pick of #6003

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barbacbd barbacbd barbacbd left review comments

@jhixson74 jhixson74 Awaiting requested review from jhixson74

Assignees
No one assigned
Labels
bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@r4f4 @openshift-ci-robot @patrickdillon @openshift-merge-robot @openshift-bot @barbacbd