diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml index 37c2e9c4021..92e434967ed 100644 --- a/data/data/install.openshift.io_installconfigs.yaml +++ b/data/data/install.openshift.io_installconfigs.yaml @@ -5483,8 +5483,8 @@ spec: allowSharedKeyAccess: description: |- AllowSharedKeyAccess specifies if shared access key should be enabled for the storage account. - Default value is true. - Disabling this will require a new permission "Storage Blob Data Contributor" in azure. + Default value is false. + Needs the permission "Storage Blob Data Contributor" in azure. type: boolean armEndpoint: description: ARMEndpoint is the endpoint for the Azure API when diff --git a/pkg/explain/printer_test.go b/pkg/explain/printer_test.go index 6333877a5ed..3333e13a599 100644 --- a/pkg/explain/printer_test.go +++ b/pkg/explain/printer_test.go @@ -317,8 +317,8 @@ cluster itself may not include these tags. desc: `FIELDS: allowSharedKeyAccess AllowSharedKeyAccess specifies if shared access key should be enabled for the storage account. -Default value is true. -Disabling this will require a new permission "Storage Blob Data Contributor" in azure. +Default value is false. +Needs the permission "Storage Blob Data Contributor" in azure. armEndpoint ARMEndpoint is the endpoint for the Azure API when installing on Azure Stack. diff --git a/pkg/infrastructure/azure/azure.go b/pkg/infrastructure/azure/azure.go index 23e0db9775c..a28b85f04a3 100644 --- a/pkg/infrastructure/azure/azure.go +++ b/pkg/infrastructure/azure/azure.go @@ -232,7 +232,7 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput var storageClientFactory *armstorage.ClientFactory var storageAccountKeys []armstorage.AccountKey - sharedKey := true + sharedKey := false if in.InstallConfig.Config.Azure.AllowSharedKeyAccess != nil { sharedKey = *in.InstallConfig.Config.Azure.AllowSharedKeyAccess } @@ -850,7 +850,7 @@ func (p Provider) Ignition(ctx context.Context, in clusterapi.IgnitionInput) ([] return nil, fmt.Errorf("failed to create service client: %w", err) } - sharedKey := true + sharedKey := false if in.InstallConfig.Config.Azure.AllowSharedKeyAccess != nil { sharedKey = *in.InstallConfig.Config.Azure.AllowSharedKeyAccess } @@ -905,7 +905,7 @@ func (p Provider) Ignition(ctx context.Context, in clusterapi.IgnitionInput) ([] } } if sasURL == "" && !sharedKey { - udc, err := serviceClient.GetUserDelegationCredential(context.Background(), info, nil) + udc, err := serviceClient.GetUserDelegationCredential(ctx, info, nil) if err != nil { return nil, fmt.Errorf("failed to create user delegation credentials: %w", err) } diff --git a/pkg/types/azure/platform.go b/pkg/types/azure/platform.go index deb2921b122..6fe68029c84 100644 --- a/pkg/types/azure/platform.go +++ b/pkg/types/azure/platform.go @@ -52,8 +52,9 @@ type Platform struct { BaseDomainResourceGroupName string `json:"baseDomainResourceGroupName,omitempty"` // AllowSharedKeyAccess specifies if shared access key should be enabled for the storage account. - // Default value is true. - // Disabling this will require a new permission "Storage Blob Data Contributor" in azure. + // Default value is false. + // Needs the permission "Storage Blob Data Contributor" in azure. + // // // +optional AllowSharedKeyAccess *bool `json:"allowSharedKeyAccess,omitempty"`