Populate ClientID and ObjectID of cluster and platform workload identities #3860
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tsatam
added
chainsaw
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
from
00eb7a3 to
5036d2e
Compare
tsatam
changed the base branch from
master
to
kimorris27/ARO-4360-cluster-msi-changes
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
4 times, most recently
from
67dad10 to
950f87a
Compare
tsatam
changed the base branch from
kimorris27/ARO-4360-cluster-msi-changes
to
master
|
Please rebase pull request. |
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
from
950f87a to
06701b2
Compare
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
tsatam
requested review from
jewzaam,
bennerv,
hawkowl,
rogbas,
petrkotas,
jharrington22,
cblecker,
cadenmarchese,
UlrichSchlueter,
SudoBrendan,
yjst2012 and
jaitaiwan
as code owners
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
2 times, most recently
from
77281c7 to
a612338
Compare
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
from
a612338 to
7744d31
Compare
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
lranjbar
reviewed
Oct 1, 2024
cadenmarchese
previously approved these changes
Oct 2, 2024
rajdeepc2792
reviewed
Oct 2, 2024
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
2 times, most recently
from
2565389 to
0001da4
Compare
Adds a comment and unit tests indicating its usage
tsatam
force-pushed
the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
from
0001da4 to
1ece0d9
Compare
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
cadenmarchese
approved these changes
Oct 3, 2024
tsatam
deleted the
tsatam/ARO-8609-populate-clientid-objectid-of-cluster-identities
branch
slawande2
pushed a commit
that referenced
this pull request
Oct 7, 2024
…ities (#3860) * Add new clusterIdentityIDs manager function * Add clusterIdentityIDs step to install for WI clusters * Add new client wrapper for armmsi UserAssignedIdentitiesClient * Add userAssignedIdentities client to cluster manager * Add new platformWorkloadIdentityIDs manager function * Add platformWorkloadIdentityIDs step to install for WI clusters * Do not allow clusterIdentityIDs to be called for a CSP cluster * Perform all clientID/objectID enrichment before dynamic validation * Return UserAssignedIdentitiesClient implementation instead of interface in constructor * Use cluster MSI credentials for userAssignedIdentities client This requires moving client instantiation from the cluster manager constructor to the initializeClusterMsiClients install step. * Extract ExplicitIdentity access/handling in clustermsi to common function * Preserve passed-in casing on cluster identity resource IDs * Actually use extracted identity from getSingleExpectedIdentity * Clarify purpose of getSingleExplicitIdentity function Adds a comment and unit tests indicating its usage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue this PR addresses:
Fixes ARO-8609
What this PR does / why we need it:
Updates the cluster install process for workload identity clusters:
Identity.UserAssignedIdentities[${CLUSTER_MSI_RESOURCE_ID}]Properties.PlatformWorkloadIdentityProfile.PlatformWorkloadIdentities[*]Test plan for issue:
Is there any documentation that needs to be updated for this PR?
No
How do you know this will function as expected in production?
E2E tests will be added as part of the wider MIWI effort, as well as extensive manual functional testing, before this feature is available to users in production.