CORS-2467: dns: azure: use azidentity with an adapter

[r4f4]

Similar work to what I've been doing for the openshift-installer openshift/installer#6003

Marking as WIP while I figure out why it's not working with AzureStack.

[r4f4]

/retitle dns: azure: use azidentity with an adapter

[r4f4]

Fixed a typo s/HasPrefix/HasSuffix/

[r4f4]

Context for this change: https://issues.redhat.com/browse/CORS-2467
@frobware @rfredette What is missing to get this reviewed and merged?

[candita]

/retitle CORS-2467: dns: azure: use azidentity with an adapter

[rfredette]

Thanks @r4f4, I'll give this a review soon.

/assign
/assign @gcs278

[frobware]

Do we have any CI jobs that still expect the GermanCloud region/zone to be present?

[r4f4]

I didn't find anything in openshift/release.

[r4f4]

But I can un-comment it if you think it's safer.

[frobware]

Can we create a unit test case at all -- something that would have caught this change up front?

[r4f4]

A unit test for getAuthorizerForResource or do you mean to extract this part out into a function and write some unit tests for that?

[frobware]

A bit of both; if we had a test (or had written a test) would we have discovered the need to use HasSuffix (over HasPrefix) because the test would have failed upfront.

[r4f4]

Done

[gcs278]

Is there a reason this logic flow differs from https://github.com/r4f4/installer/blob/897b6226e87ec5c9e25c0c952b7f6a301204fe67/pkg/asset/installconfig/azure/session.go#L73-L89? The default here is AzureStackCloud, but the default in openshift/installer is AzurePublic.

[r4f4]

No particular reason other than I was changing the Installer code a lot during my testing of AzureStack and figuring out how to get it to work. I can change this to make it like the Installer's if you prefer.

[gcs278]

I have no preference, just wanted to make sure there it isn't supposed to be exactly the same. As long as it works as expected.

[r4f4]

Hmm, sorry. I've done quite a few of these so I'm getting them mixed up. In this case there was a simple reason for the swap of Public <-> Stack: autorest doesn't define azure.StackCloud [1]. In the installer, we have our own definition for the cloud environments [2]. So to get around that, I've left StackCloud as the last branch.

[1] https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L34-L41
[2] https://github.com/openshift/installer/blob/master/pkg/types/azure/platform.go#L95-L110

[gcs278]

Okay seems reasonable, thanks.

[r4f4]

/hold
while I get some feedback and then squash the commits.

[gcs278]

/lgtm
We can wait for @frobware to review recent changes before approval.

[gcs278]

my lgtm didn't get applied
/lgtm

[gcs278]

@r4f4 I think we need a bug like https://issues.redhat.com/browse/OCPBUGS-4541 for this. Would you mind making it?

[r4f4]

/retitle OCPBUGS-6863: dns: azure: use azidentity with an adapter

[openshift-ci-robot]

@r4f4: This pull request references Jira Issue OCPBUGS-6863, which is invalid:

• expected the bug to target the "4.13.0" version, but it targets "4.13" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Similar work to what I've been doing for the openshift-installer openshift/installer#6003

Marking as WIP while I figure out why it's not working with AzureStack.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[r4f4]

/jira refresh

[Miciah]

@r4f4, can you rebase this PR again?

[r4f4]

Rebased to fix merge conflicts.

[CFields651]

/label px-approved

[lihongan]

/label qe-approved
launch cluster with the PR and do some regression test, no issue found

$ oc -n openshift-ingress get svc
NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                      AGE
router-default            LoadBalancer   172.30.89.178    20.96.134.116   80:31311/TCP,443:32033/TCP   102m
router-extlb              LoadBalancer   172.30.254.31    20.75.60.76     80:32131/TCP,443:32581/TCP   4m19s

$ dig any.extlb.ci-ln-hif9n2k-1d09d.ci.azure.devcluster.openshift.com +short
20.75.60.76

$ oc get co/ingress
NAME      VERSION                                                   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
ingress   4.13.0-0.ci.test-2023-02-22-074341-ci-ln-hif9n2k-latest   True        False         False      97m     

[openshift-ci]

@lihongan: The label(s) /label qe-aaproved cannot be applied. These labels are supported: platform/aws, platform/azure, platform/baremetal, platform/google, platform/libvirt, platform/openstack, ga, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, px-approved, docs-approved, qe-approved, downstream-change-needed, approved, backport-risk-assessed, bugzilla/valid-bug, cherry-pick-approved, jira/valid-bug, staff-eng-approved. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?

Details

In response to this:

/label qe-aaproved
launch cluster with the PR and do some regression test, no issue found

$ oc -n openshift-ingress get svc
NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                      AGE
router-default            LoadBalancer   172.30.89.178    20.96.134.116   80:31311/TCP,443:32033/TCP   102m
router-extlb              LoadBalancer   172.30.254.31    20.75.60.76     80:32131/TCP,443:32581/TCP   4m19s

$ dig any.extlb.ci-ln-hif9n2k-1d09d.ci.azure.devcluster.openshift.com +short
20.75.60.76

$ oc get co/ingress
NAME      VERSION                                                   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
ingress   4.13.0-0.ci.test-2023-02-22-074341-ci-ln-hif9n2k-latest   True        False         False      97m     

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[lihongan]

/label qe-approved

[Miciah]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Miciah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Miciah]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gcs278]

Looks good to me, but we are going to wait on #890 to get merged, which will most likely cause a rebase, and we can proceed from there.

[DCChadwick]

/label docs-approved

[r4f4]

/retest-required

[openshift-ci]

@r4f4: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-ovn-serial	843892e	link	true	/test e2e-gcp-ovn-serial
ci/prow/e2e-azure-ovn	82c6757	link	false	/test e2e-azure-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Miciah]

/lgtm