-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARO-9382 prevent updating existing platform identities #3786
Conversation
98d15ab
to
db93126
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just one suggestion to support updates that change the order of platform workload identities in the array but otherwise preserve the same name -> resource ID mappings.
db93126
to
0607a3a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I recommended a change to the validation to make sure we account for all possible scenarios.
This adds a check to v20240812preview static validation that raises an error if either the name or resource ID of an existing platform identity
This allows changing the order of platform identities while still preventing the resource ID and operator name from being changed
This prevents removal of a platform identity or changing the identity's OperatorName and ResourceID at the same time
0607a3a
to
4258dd1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from functional and unit tests pov, added a comment to use a different data structure for duplication check.
a5d9aa4
to
b9e4123
Compare
/azp run ci,e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
b9e4123
to
5ed140e
Compare
/azp run ci,e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!!
/azp run e2e |
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just seeking clarification for my understanding- why is UsesWorkloadIdentity moved from pkg/api/openshiftcluster.go to pkg/api/v20240812preview/openshiftcluster.go ?
It was copied, not moved. We maintain separate OpenShiftCluster struct definitions for each individual APIversion we support, so we'd need to maintain duplicate functions for each struct as well. |
Which issue this PR addresses:
Fixes ARO-9382
What this PR does / why we need it:
This adds a check to v20240812preview static validation that raises an error if either the name or resource ID of an existing platform identity
Test plan for issue:
Unit tests
Is there any documentation that needs to be updated for this PR?
This is part of the general managed identity / workload identity feature development and this change should be reflected in the final documentation
How do you know this will function as expected in production?
Unit tests for now