Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assign TenantID to managed cluster identity #144

Merged
merged 1 commit into from
Aug 4, 2023
Merged

Assign TenantID to managed cluster identity #144

merged 1 commit into from
Aug 4, 2023

Conversation

MAXxATTAXx
Copy link

This is helpful when the Service Principal and the Resource group do not belong in the same Tenant.

Before this change trying to do so would give error showing that the ClientID was not found under TenantID of the Resource group.

@kkaempf kkaempf requested review from a-blender and mjura March 6, 2023 08:22
@mjura
Copy link
Contributor

mjura commented Mar 7, 2023

@MAXxATTAXx could you provide us instruction, how can we reproduce your scenario? We would like to test it as well.

Thank you so much for opening this PR

mjura
mjura requested changes Mar 7, 2023
View reviewed changes
Copy link
Contributor

@mjura mjura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't merge, we have to reproduce this problem first

@MAXxATTAXx
Copy link
Author

In our scenario, we have new environments spawned in exernal Azure tenats to our system. They allow us access on a particular resource_group to deploy and manage an aks cluster. The Service Principal or ClientID belongs to us so the tenantID of the ClientID is different than the tenantID of the resource_group. In azure world it is called Managed Resource Group or Managed Applications.

@a-blender a-blender removed their request for review March 20, 2023 20:47
furkatgofurov7
furkatgofurov7 requested changes Apr 14, 2023
View reviewed changes
pkg/aks/create.go Show resolved Hide resolved
@MAXxATTAXx MAXxATTAXx requested a review from a team as a code owner April 20, 2023 18:40
mjura
mjura requested changes Apr 24, 2023
View reviewed changes
pkg/aks/create.go Show resolved Hide resolved
@furkatgofurov7
Copy link
Contributor

@MAXxATTAXx can you take a look at #144 (comment) and address the comment?

@kkaempf kkaempf added the kind/bug Something isn't working label May 9, 2023
furkatgofurov7
furkatgofurov7 requested changes May 9, 2023
View reviewed changes
pkg/aks/create.go Outdated Show resolved Hide resolved
@furkatgofurov7
Copy link
Contributor

This looks good to me, @MAXxATTAXx can we add some simple tests as well?

@MAXxATTAXx
Copy link
Author

@furkatgofurov7
Test were added for TenantID to be empty string and when TenantID is provided.

@furkatgofurov7
Copy link
Contributor

@furkatgofurov7 Test were added for TenantID to be empty string and when TenantID is provided.

@MAXxATTAXx thanks, lgtm, can you please squash your commits?

@mjura PTAL once again

@MAXxATTAXx
Copy link
Author

@furkatgofurov7 Commits squashed and rebased to master

@MAXxATTAXx MAXxATTAXx marked this pull request as draft July 10, 2023 16:38
mjura
mjura reviewed Jul 13, 2023
View reviewed changes
Copy link
Contributor

@mjura mjura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks OK

Could you please add explanation to commit message why this change is needed? Thank you

TenantID for external Tenant cloudCredentials
15f8830 
This allows for cloudCredentials to be provisioned in a different tenant
than the cluster. This is useful for scenarios where the cluster is
provisioned in a tenant that is not the same as the tenant that the
credentials are provisioned in.
@MAXxATTAXx MAXxATTAXx marked this pull request as ready for review July 17, 2023 16:46
@MAXxATTAXx
Copy link
Author

@mjura I updated the commit message

mjura
mjura approved these changes Aug 4, 2023
View reviewed changes
Copy link
Contributor

@mjura mjura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mjura mjura merged commit f712444 into rancher:master Aug 4, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@furkatgofurov7 furkatgofurov7 furkatgofurov7 approved these changes

@alexander-demicev alexander-demicev alexander-demicev approved these changes

@mjura mjura mjura approved these changes

Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
CAPI & Hosted Kubernetes providers (EKS/AKS/GKE)
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@MAXxATTAXx @mjura @furkatgofurov7 @alexander-demicev @kkaempf @mattfarina @colstrom @Jono-SUSE-Rancher