Merge pull request #1183 from prestist/add-kola-argument-azure-managed

prestist · web-flow · commit 6746d2d2c23c · 2025-08-18T16:54:58.000-04:00
kola-azure: add azure_managed_identity to jenkins
diff --git a/HACKING.md b/HACKING.md
@@ -212,6 +212,19 @@ oc annotate secret/azure-kola-tests-config \
     jenkins.io/credentials-description="Azure kola tests credentials config"
 ```
 
+If you want to establish an authorized identity to pre-emptively grant access
+to other Azure resources, enabling the startup process to leverage Azure's default
+credentials, use the azure-kola-managed-identity:
+
+```
+oc create secret generic azure-kola-managed-identity \
+    --from-file=text="${MANAGED_IDENTITY_ID}"
+oc label secret/azure-kola-managed-identity \
+    jenkins.io/credentials-type=secretText
+oc annotate secret/azure-kola-managed-identity \
+    jenkins.io/credentials-description="Azure managed identity credentials"
+```
+
 NOTE: For the prod pipeline these secrets can be found in BitWarden
 
 ### [OPTIONAL] Creating OpenStack credentials configs
diff --git a/jobs/kola-azure.Jenkinsfile b/jobs/kola-azure.Jenkinsfile
@@ -88,8 +88,10 @@ cosaPod(memory: "${cosa_memory_request_mb}Mi", kvm: false,
             }
         }
 
-        withCredentials([file(variable: 'AZURE_KOLA_TESTS_CONFIG',
-                              credentialsId: 'azure-kola-tests-config')]) {
+        withCredentials([
+                file(variable: 'AZURE_KOLA_TESTS_CONFIG', credentialsId: 'azure-kola-tests-config'),
+                string(variable: 'AZURE_KOLA_MANAGED_IDENTITY', credentialsId: 'azure-kola-managed-identity')
+            ]) {
 
             def azure_testing_resource_group = pipecfg.clouds?.azure?.test_resource_group
             def azure_testing_storage_account = pipecfg.clouds?.azure?.test_storage_account
@@ -149,6 +151,7 @@ cosaPod(memory: "${cosa_memory_request_mb}Mi", kvm: false,
                      platformArgs: """-p=azure                               \
                          --azure-credentials \${AZURE_KOLA_TESTS_CONFIG}     \
                          --azure-location $region                            \
+                         --azure-managed-identity \${AZURE_KOLA_MANAGED_IDENTITY}   \
                          --azure-disk-uri /subscriptions/${azure_subscription}/resourceGroups/${azure_testing_resource_group}/providers/Microsoft.Compute/galleries/${azure_testing_gallery}/images/${azure_image_name}/versions/1.0.0""")
             } finally {
                 parallel "Delete Image": {
