Skip to content

Add support for aks managed identities#359

Merged
gshaw-pivotal merged 3 commits intomainfrom
add-support-for-aks-managed-identities
Jan 16, 2024
Merged

Add support for aks managed identities#359
gshaw-pivotal merged 3 commits intomainfrom
add-support-for-aks-managed-identities

Conversation

@gshaw-pivotal
Copy link
Copy Markdown
Contributor

@gshaw-pivotal gshaw-pivotal commented Dec 20, 2023

  1. What this PR does / why we need it:

Support managed identities specification when creating and updating AKS clusters

  1. Which issue(s) this PR fixes

N/A

  1. Additional information

When using terraform apply a user can provide a identity_config section within the cluster config section of the terraform plan file. Here they can specify whether a system or user assigned managed identity is to be used for the cluster.

The default if an identity_config is not provide will be use a system assigned managed identity.

  1. Special notes for your reviewer

Changes were tested by creating and modifying clusters on Olympus dev stack. Scenarios tested are summarized below:

  • No identity_config struct specified: SUCCESS -> Cluster with system assigned MI
  • Empty identity_config struct: SUCCESS -> Cluster with system assigned MI -> Defaults to system assigned MI in terraform plan
  • identity_config struct with type IDENTITY_TYPE_SYSTEM_ASSIGNED: SUCCESS -> Cluster with system assigned MI
  • identity_config struct with type IDENTITY_TYPE_USER_ASSIGNED and no userAssigned struct: ERROR -> No cluster -> Expected behavior, see Terraform test - User assigned identity with no userAssigned struct attachment
  • identity_config struct with type IDENTITY_TYPE_USER_ASSIGNED and empty userAssigned struct: ERROR -> No cluster -> Expected behavior, see Terraform test - User assigned identity with empty struct attachment
  • identity_config struct with type IDENTITY_TYPE_USER_ASSIGNED and populated userAssigned struct, invalid identity: ERROR -> No cluster -> Expected behavior, see Terraform test - User assigned identity with invalid identity attachment
  • identity_config struct with type IDENTITY_TYPE_USER_ASSIGNED and populated userAssigned struct, valid identity: SUCCESS -> Cluster with user assigned MI
  • Create cluster with system assigned MI: SUCCESS
  • Create cluster with user assigned MI: SUCCESS
  • Create cluster with system assigned MI, then change to a user assigned MI: SUCCESS -> List aks clusters now shows user assigned identity for cluster
  • Create cluster with system assigned MI, then change to a user assigned MI, then change back to a system assigned MI: SUCCESS -> List aks cluster shows system assigned identity again for cluster; SYSTEM -> USER -> SYSTEM
  • Create cluster with user assigned MI, then change to a system assigned MI: SUCCESS -> List aks clusters now shows system assigned identity for cluster
  • Create cluster with user assigned MI, then change to a system assigned MI, then change back to user assigned MI: SUCCESS -> List aks cluster shows user assigned identity again for cluster; USER -> SYSTEM -> USER

Terraform test - User assigned identity with no userAssigned struct:
Terraform test - User assigned identity with no userAssigned struct

Terraform test - User assigned identity with empty struct
Terraform test - User assigned identity with empty struct

Terraform test - User assigned identity with invalid identity
Terraform test - User assigned identity with invalid identity

@vmwclabot
Copy link
Copy Markdown

vmwclabot commented Dec 20, 2023

@gshaw-pivotal, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@vmwclabot vmwclabot added the dco-required DCO Required label Dec 20, 2023
@gshaw-pivotal gshaw-pivotal force-pushed the add-support-for-aks-managed-identities branch from 45e5d8f to d683671 Compare December 20, 2023 16:32
@vmwclabot vmwclabot removed the dco-required DCO Required label Dec 20, 2023
@gshaw-pivotal gshaw-pivotal force-pushed the add-support-for-aks-managed-identities branch from d683671 to da2e7ea Compare January 3, 2024 15:10
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jan 3, 2024
edited
Loading

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (8c08715) 25.09% compared to head (92c4692) 25.24%.

Files Patch % Lines
internal/resources/akscluster/akscluster_mapper.go 75.51% 8 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #359      +/-   ##
==========================================
+ Coverage   25.09%   25.24%   +0.14%     
==========================================
  Files         191      191              
  Lines       16480    16529      +49     
==========================================
+ Hits         4135     4172      +37     
- Misses      12131    12139       +8     
- Partials      214      218       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@gshaw-pivotal gshaw-pivotal force-pushed the add-support-for-aks-managed-identities branch from da2e7ea to 8edf559 Compare January 4, 2024 16:05
@gshaw-pivotal
Add support for managed identity to be specified during terraform app…
5bb3f97 
…ly for aks clusters

Signed-off-by: Gavin Shaw <gshaw+github@pivotal.io>
@gshaw-pivotal
Update aks cluster docs
79e4449 
Signed-off-by: Gavin Shaw <gshaw+github@pivotal.io>
@gshaw-pivotal gshaw-pivotal force-pushed the add-support-for-aks-managed-identities branch from 8edf559 to 131aeee Compare January 4, 2024 19:43
@vmwclabot
Copy link
Copy Markdown

vmwclabot commented Jan 4, 2024

@gshaw-pivotal, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@vmwclabot vmwclabot added the dco-required DCO Required label Jan 4, 2024
@gshaw-pivotal
Improve test coverage of managed identities
92c4692 
Signed-off-by: Gavin Shaw <gshaw+github@pivotal.io>
@gshaw-pivotal gshaw-pivotal force-pushed the add-support-for-aks-managed-identities branch from 131aeee to 92c4692 Compare January 4, 2024 19:45
@vmwclabot vmwclabot removed the dco-required DCO Required label Jan 4, 2024
ramya-bangera
ramya-bangera reviewed Jan 9, 2024
View reviewed changes
@gshaw-pivotal gshaw-pivotal merged commit d0d6414 into main Jan 16, 2024
@tenthirtyam tenthirtyam deleted the add-support-for-aks-managed-identities branch November 13, 2024 06:29
@github-actions
Copy link
Copy Markdown

github-actions bot commented Dec 17, 2024

I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@asutoshpalai asutoshpalai asutoshpalai approved these changes

@ramya-bangera ramya-bangera ramya-bangera approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gshaw-pivotal @vmwclabot @codecov-commenter @asutoshpalai @ramya-bangera