Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARO-9382 prevent updating existing platform identities #3786

Merged
merged 5 commits into from
Sep 18, 2024
Merged

ARO-9382 prevent updating existing platform identities #3786

merged 5 commits into from
Sep 18, 2024

Conversation

yithian
Copy link
Collaborator

@yithian yithian commented Aug 21, 2024

Which issue this PR addresses:

Fixes ARO-9382

What this PR does / why we need it:

This adds a check to v20240812preview static validation that raises an error if either the name or resource ID of an existing platform identity

Test plan for issue:

Unit tests

Is there any documentation that needs to be updated for this PR?

This is part of the general managed identity / workload identity feature development and this change should be reflected in the final documentation

How do you know this will function as expected in production?

Unit tests for now

@yithian yithian force-pushed the yithian/ARO-9382 branch 2 times, most recently from 98d15ab to db93126 Compare August 21, 2024 20:39
tsatam
tsatam requested changes Aug 21, 2024
View reviewed changes
Copy link
Collaborator

@tsatam tsatam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one suggestion to support updates that change the order of platform workload identities in the array but otherwise preserve the same name -> resource ID mappings.

pkg/api/v20240812preview/openshiftcluster_validatestatic.go Outdated Show resolved Hide resolved
kimorris27
kimorris27 requested changes Aug 22, 2024
View reviewed changes
Copy link
Contributor

@kimorris27 kimorris27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommended a change to the validation to make sure we account for all possible scenarios.

@yithian
prevent updating existing platform identities
1dcabb4 
This adds a check to v20240812preview static validation that raises an
error if either the name or resource ID of an existing platform identity
@yithian
allow changing operator identity order
a51e1e5 
This allows changing the order of platform identities while still
preventing the resource ID and operator name from being changed
@yithian
additional platform identity update validation
4258dd1 
This prevents removal of a platform identity or changing the identity's
OperatorName and ResourceID at the same time
@yithian yithian requested a review from bitoku as a code owner September 3, 2024 20:25
rajdeepc2792
rajdeepc2792 requested changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@rajdeepc2792 rajdeepc2792 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from functional and unit tests pov, added a comment to use a different data structure for duplication check.

@cadenmarchese cadenmarchese added the chainsaw Pull requests or issues owned by Team Chainsaw label Sep 17, 2024
@SudoBrendan
Copy link
Collaborator

/azp run ci,e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@rajdeepc2792
Copy link
Collaborator

/azp run ci,e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

rajdeepc2792
rajdeepc2792 approved these changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@rajdeepc2792 rajdeepc2792 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@cadenmarchese
Copy link
Collaborator

/azp run e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

slawande2
slawande2 reviewed Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@slawande2 slawande2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just seeking clarification for my understanding- why is UsesWorkloadIdentity moved from pkg/api/openshiftcluster.go to pkg/api/v20240812preview/openshiftcluster.go ?

@tsatam
Copy link
Collaborator

tsatam commented Sep 17, 2024

Just seeking clarification for my understanding- why is UsesWorkloadIdentity moved from pkg/api/openshiftcluster.go to pkg/api/v20240812preview/openshiftcluster.go ?

It was copied, not moved. We maintain separate OpenShiftCluster struct definitions for each individual APIversion we support, so we'd need to maintain duplicate functions for each struct as well.

@cadenmarchese cadenmarchese merged commit 1a2096d into master Sep 18, 2024
24 checks passed
@yithian yithian deleted the yithian/ARO-9382 branch September 19, 2024 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slawande2 slawande2 slawande2 left review comments

@rajdeepc2792 rajdeepc2792 rajdeepc2792 approved these changes

@tsatam tsatam tsatam approved these changes

@kimorris27 kimorris27 kimorris27 approved these changes

@jewzaam jewzaam Awaiting requested review from jewzaam jewzaam is a code owner

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas is a code owner

@petrkotas petrkotas Awaiting requested review from petrkotas petrkotas is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@cblecker cblecker Awaiting requested review from cblecker cblecker is a code owner

@cadenmarchese cadenmarchese Awaiting requested review from cadenmarchese cadenmarchese is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@SudoBrendan SudoBrendan Awaiting requested review from SudoBrendan SudoBrendan is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 is a code owner

@jaitaiwan jaitaiwan Awaiting requested review from jaitaiwan jaitaiwan is a code owner

@anshulvermapatel anshulvermapatel Awaiting requested review from anshulvermapatel anshulvermapatel is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu is a code owner

@SrinivasAtmakuri SrinivasAtmakuri Awaiting requested review from SrinivasAtmakuri SrinivasAtmakuri is a code owner

@mociarain mociarain Awaiting requested review from mociarain mociarain is a code owner

@bitoku bitoku Awaiting requested review from bitoku bitoku is a code owner

Assignees
No one assigned
Labels
chainsaw Pull requests or issues owned by Team Chainsaw
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@yithian @SudoBrendan @rajdeepc2792 @cadenmarchese @tsatam @kimorris27 @slawande2