-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARO-4518 pass custom manifests(MIWI) to hive cluster deployment as secret #3841
ARO-4518 pass custom manifests(MIWI) to hive cluster deployment as secret #3841
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just a quick pass on the draft PR. thank you!
return secret, nil | ||
} | ||
|
||
func clusterManifestsSecret(namespace string, customManifests map[string]kruntime.Object) (*corev1.Secret, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit - if this makes sense to you, I suggest a rename of this function to avoid confusion with the clusterManifestsSecret var:
func clusterManifestsSecret(namespace string, customManifests map[string]kruntime.Object) (*corev1.Secret, error) { | |
func generateClusterManifestsSecret(namespace string, customManifests map[string]kruntime.Object) (*corev1.Secret, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of changing the function name, changed the var name:- https://github.com/Azure/ARO-RP/pull/3841/files#diff-f83dd6c00cfc7b417ce96e6f7bfbe58ce118101ea90630f21d658abf3e96b129R60
generateClusterManifestsSecret
name is similar to https://github.com/Azure/ARO-RP/pull/3841/files#diff-71a1dd610bf07a9e4ece9f782af2bad11e6f2d0e03df442019088f8c47265497R281
where the actual generation is taking place and keeping it similar to similar type of secret creations in the file.
d2406a2
to
43bbf18
Compare
be2d1f6
to
6b916b5
Compare
/azp run ci,e2e |
No pipelines are associated with this pull request. |
Azure Pipelines successfully started running 2 pipeline(s). |
r, _ := clusterAzureSecret("testNamespace", tt.oc, &subDoc) | ||
|
||
_, ok := r.Data["osServicePrincipal.json"] | ||
if tt.wantSP != ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: You can use assert pkg.
ARO-RP/pkg/cluster/networkprofile_test.go
Lines 294 to 295 in 5370de9
assert.Equal(t, tt.expectedErr, err, "Unexpected error exception") | |
assert.Equal(t, tt.expectedMTU, tt.m.doc.OpenShiftCluster.Properties.NetworkProfile.MTUSize, "MTUSize was not updated as expected exception") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I'm personally in favor of using the assert pkg here, I don't think we have a consistent pattern for these assertions across our codebase's test cases, so I'm fine either way with changing this or letting it merge as-is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - excited to see this working!
Which issue this PR addresses:
Fixes (https://issues.redhat.com/browse/ARO-4518)
What this PR does / why we need it:
Call generatePlatformWorkloadIdentitySecrets() for generating the Platform Identity Secret for a MIWI cluster.
Pass all the Secrets as a hive cluster secret and pass it the name of hive secret to cluster deployment's
Spec.Provisioning.ManifestsSecretRef
These secrets will be managed in ARO-Installer-Wrapper
Additional Handling of CredentialsSecretRef is required as it is only used for the Non-MIWI clusters, but since it is used to pass the cluster and subscription doc to wrapper it is still neded.
Test plan for issue:
Is there any documentation that needs to be updated for this PR?
No
How do you know this will function as expected in production?