Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS-2845: azure: Enable storage account encryption #7520

Merged
merged 2 commits into from Nov 30, 2023
Merged

CORS-2845: azure: Enable storage account encryption #7520

merged 2 commits into from Nov 30, 2023

Conversation

rna-afk
Copy link
Contributor

@rna-afk rna-afk commented Sep 21, 2023

Added a field to accept the customer managed key vault id and
user assigned identity required for the encryption of storage
account.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 21, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Sep 21, 2023
edited by openshift-ci bot

@rna-afk: This pull request references CORS-2845 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

In response to this:

Added a field to accept the customer managed key vault id and
user assigned identity required for the encryption of storage
account.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rna-afk rna-afk changed the title CORS-2845: azure: Enable storage account encryption WIP: CORS-2845: azure: Enable storage account encryption Sep 21, 2023
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 21, 2023
@jhixson74
Copy link
Member

It looks like there is an issue with generating the terraform variables. Other than that, this looks straight forward and good.

@rna-afk rna-afk force-pushed the azure_storage_encryption branch 4 times, most recently from 276d06f to ce453f0 Compare September 26, 2023 12:19
@rna-afk
Copy link
Contributor Author

rna-afk commented Oct 20, 2023

@gpei can someone from the QE team test this? I'm having some permission problems for creating certs.

@gpei
Copy link
Contributor

gpei commented Oct 20, 2023

@rna-afk Sure, @jinyunma could you please take a look at this?

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2023
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2023
@rna-afk rna-afk force-pushed the azure_storage_encryption branch 2 times, most recently from de7869c to 22dd607 Compare November 17, 2023 23:30
jhixson74
jhixson74 approved these changes Nov 18, 2023
View reviewed changes
Copy link
Member

@jhixson74 jhixson74 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

pkg/asset/cluster/tfvars.go Show resolved Hide resolved
pkg/tfvars/tfvars.go Show resolved Hide resolved
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 18, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhixson74

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 18, 2023
@rna-afk rna-afk force-pushed the azure_storage_encryption branch 4 times, most recently from a7d57e8 to 03bb78e Compare November 20, 2023 15:57
@jhixson74
Copy link
Member

/lgtm

@jhixson74
Copy link
Member

/hold looks like the azure job is failing

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 20, 2023
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 21, 2023
r4f4
r4f4 reviewed Nov 22, 2023
View reviewed changes
Copy link
Contributor

@r4f4 r4f4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I have not tested it.

@jhixson74
Copy link
Member

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 22, 2023
@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 22f89da and 2 for PR HEAD 46185c5 in total

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD e80d50a and 1 for PR HEAD 46185c5 in total

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 08e2e52 and 0 for PR HEAD 46185c5 in total

@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 28, 2023
@rna-afk
Copy link
Contributor Author

rna-afk commented Nov 28, 2023

/retest

@rna-afk
azure: Enable storage account encryption
10ebbf0 
Added a field to accept the customer managed key vault id and
user assigned identity required for the encryption of storage
account.

This would require a few changes to the storage account as azure
requires[1] the account tier to be Premium and kind to be StorageV2
which is default and we do not set it.

[1] - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#customer_managed_key
@rna-afk
test: Added test cases
6077dd1 
Added test cases for new field customerManagedKey
@jhixson74
Copy link
Member

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 29, 2023
@jhixson74
Copy link
Member

/jira refresh

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Nov 29, 2023
edited by openshift-ci bot

@jhixson74: This pull request references CORS-2845 which is a valid jira issue.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 8ee36b7 and 2 for PR HEAD 6077dd1 in total

@jhixson74
Copy link
Member

/retest-required

@rna-afk
Copy link
Contributor Author

rna-afk commented Nov 29, 2023

/retest

1 similar comment
@rna-afk
Copy link
Contributor Author

rna-afk commented Nov 30, 2023

/retest

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 30, 2023
edited

@rna-afk: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn 3716647 link false /test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 1c0d4dc and 1 for PR HEAD 6077dd1 in total

@openshift-merge-bot openshift-merge-bot bot merged commit 5744fea into openshift:master Nov 30, 2023
24 of 25 checks passed
@rna-afk rna-afk mentioned this pull request Nov 30, 2023
Merged
jhixson74 pushed a commit to jhixson74/installer that referenced this pull request Nov 30, 2023
@openshift-merge-bot @jhixson74
Merge pull request openshift#7520 from rna-afk/azure_storage_encryption
1958c04 
CORS-2845: azure: Enable storage account encryption
jhixson74 added a commit to jhixson74/installer that referenced this pull request Nov 30, 2023
@jhixson74
Merge pull request openshift#7520 from rna-afk/azure_storage_encryption
26d96e5 
CORS-2845: azure: Enable storage account encryption
@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-installer-altinfra-container-v4.15.0-202311302048.p0.g5744fea.assembly.stream for distgit ose-installer-altinfra.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r4f4 r4f4 r4f4 left review comments

@jhixson74 jhixson74 jhixson74 approved these changes

@mtulio mtulio Awaiting requested review from mtulio

Assignees

@jhixson74 jhixson74

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@rna-afk @openshift-ci-robot @jhixson74 @gpei @openshift-bot @r4f4 @openshift-merge-robot