Skip to content

OCPBUGS-42434: Authenticate Azure KMS with cert authentication#5074

Closed
bryan-cox wants to merge 1 commit into
openshift:mainfrom
bryan-cox:aro-hcp-kms
Closed

OCPBUGS-42434: Authenticate Azure KMS with cert authentication#5074
bryan-cox wants to merge 1 commit into
openshift:mainfrom
bryan-cox:aro-hcp-kms

Conversation

@bryan-cox
Copy link
Copy Markdown
Member

@bryan-cox bryan-cox commented Nov 6, 2024

What this PR does / why we need it:
This commit authenticates Azure KMS with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the KAS pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42434:

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 6, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 6, 2024
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels Nov 6, 2024
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Nov 6, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42434, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.18.0) matches configured target version for branch (4.18.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @fxierh

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
This commit authenticates Azure KMS with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the KAS pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42434:

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Nov 6, 2024
@openshift-ci openshift-ci Bot requested a review from fxierh November 6, 2024 20:37
@openshift-ci openshift-ci Bot added do-not-merge/needs-area area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release labels Nov 6, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 6, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/needs-area labels Nov 6, 2024
@bryan-cox
Authenticate Azure KMS with cert authentication
0e47832 
This commit authenticates Azure KMS with certificate authentication in
order to communicate with Azure Cloud API. The certificate is stored in
an Azure key vault and mounted into the KAS pod through a Secrets Store
CSI driver SecretProviderClass.

Signed-off-by: Bryan Cox <brcox@redhat.com>
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2024
@openshift-merge-robot
Copy link
Copy Markdown
Contributor

openshift-merge-robot commented Nov 17, 2024

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bryan-cox
Copy link
Copy Markdown
Member Author

bryan-cox commented Nov 20, 2024

/close

in favor of #5160

@openshift-ci openshift-ci Bot closed this Nov 20, 2024
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Nov 20, 2024

@bryan-cox: Closed this PR.

Details

In response to this:

/close

in favor of #5160

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Nov 20, 2024

@bryan-cox: This pull request references Jira Issue OCPBUGS-42434. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
This commit authenticates Azure KMS with certificate authentication in order to communicate with Azure Cloud API. The certificate is stored in an Azure key vault and mounted into the KAS pod through a Secrets Store CSI driver SecretProviderClass.

Which issue(s) this PR fixes:
Fixes OCPBUGS-42434:

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fxierh fxierh Awaiting requested review from fxierh

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bryan-cox @openshift-ci-robot @openshift-merge-robot