Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP #5085

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP #5085

wants to merge 2 commits into from

Conversation

bryan-cox
Copy link
Member

What this PR does / why we need it:
This PR authenticates CAPZ with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the capi-provider pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@bryan-cox
Update go.mod to include cert changes for CAPZ
2233783 
Update the go.mod to include the specific commit that includes the
changes to allow service principal with certificate to use a certificate
.

Signed-off-by: Bryan Cox <[email protected]>
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 7, 2024
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels Nov 7, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 7, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Nov 7, 2024
@openshift-ci-robot
Copy link

@bryan-cox: This pull request references Jira Issue OCPBUGS-42434, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.18.0) matches configured target version for branch (4.18.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @fxierh

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

What this PR does / why we need it:
This PR authenticates CAPZ with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the capi-provider pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from fxierh November 7, 2024 21:07
@openshift-ci openshift-ci bot added do-not-merge/needs-area area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI labels Nov 7, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 7, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/needs-area labels Nov 7, 2024
@bryan-cox
Authenticate CAPZ with cert authentication
a65a586 
This commit authenticates CAPZ with certificate authentication in order
to communicate with Azure Cloud API. The certificate is stored in an
Azure key vault and mounted into the capi-provider pod through a Secrets
 Store CSI driver SecretProviderClass.

Signed-off-by: Bryan Cox <[email protected]>
@bryan-cox bryan-cox changed the title OCPBUGS-42434: Authenticate CAPZ with cert authentication OCPBUGS-42434: Authenticate CAPZ with cert authentication on ARO HCP Nov 7, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2024
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fxierh fxierh Awaiting requested review from fxierh

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bryan-cox @openshift-ci-robot @openshift-merge-robot