fix(controllers): only warn about SP credentials when actually using Service Principal #5990
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/L
|
/test pull-cluster-api-provider-azure-e2e-aks |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #5990 +/- ##
==========================================
+ Coverage 44.54% 44.59% +0.05%
==========================================
Files 279 279
Lines 25140 25166 +26
==========================================
+ Hits 11199 11224 +25
- Misses 13128 13129 +1
Partials 813 813 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…Service Principal The VMIdentityNone warning was incorrectly shown for clusters using WorkloadIdentity, UserAssignedMSI, or other non-SP authentication methods. This caused confusing warnings about "Service Principal credentials being written to disk" when no such credentials exist. Add isUsingSPCredentials helper to check the AzureClusterIdentity type before emitting the warning. Only ServicePrincipal, ManualServicePrincipal, and ServicePrincipalCertificate identity types now trigger the warning. Signed-off-by: Bryan Cox <[email protected]>
bryan-cox
force-pushed
the
update-sp-err-msg
branch
from
bcffb38 to
51f5ec4
Compare
|
/test pull-cluster-api-provider-azure-e2e-aks |
|
/test ls |
|
@jackfrancis: The specified target(s) for The following commands are available to trigger optional jobs: Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test pull-cluster-api-provider-azure-e2e-optional |
k8s-ci-robot
added
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 0db8059d8dd0ef5fab0758be3ab93521c9bc2dea
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jackfrancis The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/test pull-cluster-api-provider-azure-e2e-optional |
|
@bryan-cox: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/hold cancel test flakes are unrelated |
k8s-ci-robot
removed
the
do-not-merge/hold
3 participants
What type of PR is this?
/kind bug
What this PR does / why we need it:
The
VMIdentityNonewarning was incorrectly shown for clusters using WorkloadIdentity, UserAssignedMSI, or other non-Service Principal authentication methods. This caused confusing warnings about "Service Principal credentials being written to disk" when no such credentials exist.This PR adds an
isUsingSPCredentialshelper to check theAzureClusterIdentitytype before emitting the warning. OnlyServicePrincipal,ManualServicePrincipal, andServicePrincipalCertificateidentity types now trigger the warning.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
The fix applies to all three azurejson controllers:
azurejson_machine_controller.goazurejson_machinepool_controller.goazurejson_machinetemplate_controller.goTODOs:
Release note: