From 0295accbbff7de9bc7dc01f1108ededd52e2d315 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Tue, 26 Nov 2024 14:57:03 +0100 Subject: [PATCH 1/9] Fixing missing kubeconfig Variable was overwritten in inside scope, removing kubeconfig method and reliying on executiontarget code. --- tooling/templatize/pkg/pipeline/arm.go | 18 +++---- .../pkg/pipeline/executiontarget.go | 50 ++++++++++++----- tooling/templatize/pkg/pipeline/run.go | 54 ++++++------------- tooling/templatize/pkg/pipeline/run_test.go | 16 ++++++ 4 files changed, 79 insertions(+), 59 deletions(-) create mode 100644 tooling/templatize/pkg/pipeline/run_test.go diff --git a/tooling/templatize/pkg/pipeline/arm.go b/tooling/templatize/pkg/pipeline/arm.go index dc7a196e7..888bce862 100644 --- a/tooling/templatize/pkg/pipeline/arm.go +++ b/tooling/templatize/pkg/pipeline/arm.go @@ -10,7 +10,7 @@ import ( "github.com/go-logr/logr" ) -func (s *Step) runArmStep(ctx context.Context, executionTarget *ExecutionTarget, options *PipelineRunOptions) error { +func (s *Step) runArmStep(ctx context.Context, executionTarget ExecutionTarget, options *PipelineRunOptions) error { logger := logr.FromContextOrDiscard(ctx) // Transform Bicep to ARM @@ -39,12 +39,12 @@ func (s *Step) runArmStep(ctx context.Context, executionTarget *ExecutionTarget, return fmt.Errorf("failed to obtain a credential: %w", err) } - client, err := armresources.NewDeploymentsClient(executionTarget.SubscriptionID, cred, nil) + client, err := armresources.NewDeploymentsClient(executionTarget.GetSubscriptionID(), cred, nil) if err != nil { return fmt.Errorf("failed to create deployments client: %w", err) } - poller, err := client.BeginCreateOrUpdate(ctx, executionTarget.ResourceGroup, deploymentName, deployment, nil) + poller, err := client.BeginCreateOrUpdate(ctx, executionTarget.GetResourceGroup(), deploymentName, deployment, nil) if err != nil { return fmt.Errorf("failed to create deployment: %w", err) } @@ -59,7 +59,7 @@ func (s *Step) runArmStep(ctx context.Context, executionTarget *ExecutionTarget, return nil } -func (s *Step) ensureResourceGroupExists(ctx context.Context, executionTarget *ExecutionTarget) error { +func (s *Step) ensureResourceGroupExists(ctx context.Context, executionTarget ExecutionTarget) error { // Create a new Azure identity client cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -67,7 +67,7 @@ func (s *Step) ensureResourceGroupExists(ctx context.Context, executionTarget *E } // Create a new ARM client - client, err := armresources.NewResourceGroupsClient(executionTarget.SubscriptionID, cred, nil) + client, err := armresources.NewResourceGroupsClient(executionTarget.GetSubscriptionID(), cred, nil) if err != nil { return fmt.Errorf("failed to create ARM client: %w", err) } @@ -77,14 +77,14 @@ func (s *Step) ensureResourceGroupExists(ctx context.Context, executionTarget *E tags := map[string]*string{ "persist": to.Ptr("true"), } - _, err = client.Get(ctx, executionTarget.ResourceGroup, nil) + _, err = client.Get(ctx, executionTarget.GetResourceGroup(), nil) if err != nil { // Create the resource group resourceGroup := armresources.ResourceGroup{ - Location: to.Ptr(executionTarget.Region), + Location: to.Ptr(executionTarget.GetRegion()), Tags: tags, } - _, err = client.CreateOrUpdate(ctx, executionTarget.ResourceGroup, resourceGroup, nil) + _, err = client.CreateOrUpdate(ctx, executionTarget.GetResourceGroup(), resourceGroup, nil) if err != nil { return fmt.Errorf("failed to create resource group: %w", err) } @@ -92,7 +92,7 @@ func (s *Step) ensureResourceGroupExists(ctx context.Context, executionTarget *E patchResourceGroup := armresources.ResourceGroupPatchable{ Tags: tags, } - _, err = client.Update(ctx, executionTarget.ResourceGroup, patchResourceGroup, nil) + _, err = client.Update(ctx, executionTarget.GetResourceGroup(), patchResourceGroup, nil) if err != nil { return fmt.Errorf("failed to update resource group: %w", err) } diff --git a/tooling/templatize/pkg/pipeline/executiontarget.go b/tooling/templatize/pkg/pipeline/executiontarget.go index a74ffac06..7d264484a 100644 --- a/tooling/templatize/pkg/pipeline/executiontarget.go +++ b/tooling/templatize/pkg/pipeline/executiontarget.go @@ -40,33 +40,57 @@ func lookupSubscriptionID(ctx context.Context, subscriptionName string) (string, return "", fmt.Errorf("subscription with name %q not found", subscriptionName) } -type ExecutionTarget struct { - SubscriptionName string - SubscriptionID string - ResourceGroup string - Region string - AKSClusterName string +type ExecutionTarget interface { + KubeConfig(ctx context.Context) (string, error) + GetSubscriptionID() string + GetAkSClusterName() string + GetResourceGroup() string + GetRegion() string } -func (target *ExecutionTarget) KubeConfig(ctx context.Context) (string, error) { - if target.AKSClusterName == "" { - return "", fmt.Errorf("AKS cluster name is required to build a kubeconfig") +type executionTargetImpl struct { + subscriptionName string + subscriptionID string + resourceGroup string + region string + aksClusterName string +} + +func (target *executionTargetImpl) KubeConfig(ctx context.Context) (string, error) { + if target.GetAkSClusterName() == "" { + return "", nil } // Get Kubeconfig - kubeconfigPath, err := aks.GetKubeConfig(ctx, target.SubscriptionID, target.ResourceGroup, target.AKSClusterName) + kubeconfigPath, err := aks.GetKubeConfig(ctx, target.GetSubscriptionID(), target.GetResourceGroup(), target.GetAkSClusterName()) if err != nil { return "", fmt.Errorf("failed to get kubeconfig: %w", err) } // Make sure we have cluster admin - err = aks.EnsureClusterAdmin(ctx, kubeconfigPath, target.SubscriptionID, target.ResourceGroup, target.AKSClusterName, nil) + err = aks.EnsureClusterAdmin(ctx, kubeconfigPath, target.GetSubscriptionID(), target.GetResourceGroup(), target.GetAkSClusterName(), nil) if err != nil { return "", fmt.Errorf("failed to ensure cluster admin role: %w", err) } return kubeconfigPath, nil } -func (target *ExecutionTarget) aksID() string { - return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerService/managedClusters/%s", target.SubscriptionID, target.ResourceGroup, target.AKSClusterName) +func (target *executionTargetImpl) aksID() string { + return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerService/managedClusters/%s", target.GetSubscriptionID(), target.GetResourceGroup(), target.GetAkSClusterName()) +} + +func (target *executionTargetImpl) GetSubscriptionID() string { + return target.subscriptionID +} + +func (target *executionTargetImpl) GetAkSClusterName() string { + return target.aksClusterName +} + +func (target *executionTargetImpl) GetResourceGroup() string { + return target.resourceGroup +} + +func (target *executionTargetImpl) GetRegion() string { + return target.region } diff --git a/tooling/templatize/pkg/pipeline/run.go b/tooling/templatize/pkg/pipeline/run.go index f1c38abb5..a8e58fbd9 100644 --- a/tooling/templatize/pkg/pipeline/run.go +++ b/tooling/templatize/pkg/pipeline/run.go @@ -84,46 +84,41 @@ func (rg *ResourceGroup) run(ctx context.Context, options *PipelineRunOptions) e if err != nil { return err } - executionTarget := &ExecutionTarget{ - SubscriptionName: rg.Subscription, - SubscriptionID: subscriptionID, - Region: options.Region, - ResourceGroup: rg.Name, - AKSClusterName: rg.AKSCluster, + executionTarget := executionTargetImpl{ + subscriptionName: rg.Subscription, + subscriptionID: subscriptionID, + region: options.Region, + resourceGroup: rg.Name, + aksClusterName: rg.AKSCluster, } logger := logr.FromContextOrDiscard(ctx) - kubeconfigFile, err := prepareKubeConfig(ctx, executionTarget) + kubeconfigFile, err := executionTarget.KubeConfig(ctx) if kubeconfigFile != "" { defer func() { if err := os.Remove(kubeconfigFile); err != nil { logger.V(5).Error(err, "failed to delete kubeconfig file", "kubeconfig", kubeconfigFile) } }() - } - if err != nil { + } else if err != nil || kubeconfigFile == "" && executionTarget.GetAkSClusterName() != "" { return fmt.Errorf("failed to prepare kubeconfig: %w", err) } for _, step := range rg.Steps { - if options.Step != "" && step.Name != options.Step { - // skip steps that don't match the specified step name - continue - } // execute err := step.run( logr.NewContext( ctx, logger.WithValues( "step", step.Name, - "subscription", executionTarget.SubscriptionName, - "resourceGroup", executionTarget.ResourceGroup, - "aksCluster", executionTarget.AKSClusterName, + "subscription", executionTarget.GetSubscriptionID(), + "resourceGroup", executionTarget.GetResourceGroup(), + "aksCluster", executionTarget.GetAkSClusterName(), ), ), kubeconfigFile, - executionTarget, options, + &executionTarget, options, ) if err != nil { return err @@ -132,7 +127,11 @@ func (rg *ResourceGroup) run(ctx context.Context, options *PipelineRunOptions) e return nil } -func (s *Step) run(ctx context.Context, kubeconfigFile string, executionTarget *ExecutionTarget, options *PipelineRunOptions) error { +func (s *Step) run(ctx context.Context, kubeconfigFile string, executionTarget ExecutionTarget, options *PipelineRunOptions) error { + if options.Step != "" && s.Name != options.Step { + // skip steps that don't match the specified step name + return nil + } fmt.Println("\n---------------------") if options.DryRun { fmt.Println("This is a dry run!") @@ -150,25 +149,6 @@ func (s *Step) run(ctx context.Context, kubeconfigFile string, executionTarget * } } -func prepareKubeConfig(ctx context.Context, executionTarget *ExecutionTarget) (string, error) { - logger := logr.FromContextOrDiscard(ctx) - kubeconfigFile := "" - if executionTarget.AKSClusterName != "" { - logger.V(5).Info("Building kubeconfig for AKS cluster") - kubeconfigFile, err := executionTarget.KubeConfig(ctx) - if err != nil { - return "", fmt.Errorf("failed to build kubeconfig for %s: %w", executionTarget.aksID(), err) - } - defer func() { - if err := os.Remove(kubeconfigFile); err != nil { - logger.V(5).Error(err, "failed to delete kubeconfig file", "kubeconfig", kubeconfigFile) - } - }() - logger.V(5).Info("kubeconfig set to shell execution environment", "kubeconfig", kubeconfigFile) - } - return kubeconfigFile, nil -} - func (s *Step) description() string { var details []string switch s.Action { diff --git a/tooling/templatize/pkg/pipeline/run_test.go b/tooling/templatize/pkg/pipeline/run_test.go new file mode 100644 index 000000000..78b053e70 --- /dev/null +++ b/tooling/templatize/pkg/pipeline/run_test.go @@ -0,0 +1,16 @@ +package pipeline + +import ( + "context" + "testing" +) + +func TestResourceGroupRun(t *testing.T) { + + rg := ResourceGroup{ + Name: "test-rg", + Steps: []*Step{}, + } + + rg.run(context.Background(), &PipelineRunOptions{}) +} From d8d62082a145e3af0ba1b2bf2651032d6feb13c8 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Tue, 26 Nov 2024 14:57:31 +0100 Subject: [PATCH 2/9] Add dry run flag to frontend configuration --- config/config.msft.yaml | 2 ++ config/config.schema.json | 4 ++++ config/config.yaml | 2 ++ config/public-cloud-cs-pr.json | 1 + config/public-cloud-dev.json | 1 + config/public-cloud-msft-int.json | 1 + config/public-cloud-personal-dev.json | 1 + frontend/Makefile | 2 +- frontend/pipeline.yaml | 4 ++++ 9 files changed, 17 insertions(+), 1 deletion(-) diff --git a/config/config.msft.yaml b/config/config.msft.yaml index 6ca8c9b0d..1d67e72b8 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -1,5 +1,7 @@ $schema: config.schema.json defaults: + helmDryRun: "--dry-run=server --debug" + region: {{ .ctx.region }} # Resourcegroups globalRG: global-shared-resources diff --git a/config/config.schema.json b/config/config.schema.json index a12598003..8301402d7 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -139,6 +139,9 @@ "globalRG": { "type": "string" }, + "helmDryRun": { + "type": "string" + }, "hypershift": { "type": "object", "properties": { @@ -605,6 +608,7 @@ "firstPartyAppClientId", "frontend", "globalRG", + "helmDryRun", "hypershift", "hypershiftOperator", "imageSync", diff --git a/config/config.yaml b/config/config.yaml index 356f04416..7dacbe8cf 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -1,5 +1,7 @@ $schema: config.schema.json defaults: + helmDryRun: "--dry-run=server --debug" + region: {{ .ctx.region }} # Resourcegroups globalRG: global diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index 00a90eab5..ffb747188 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -34,6 +34,7 @@ } }, "globalRG": "global", + "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index ccffefeaf..276a8c712 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -34,6 +34,7 @@ } }, "globalRG": "global", + "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index e49ea3bed..702b6819f 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -34,6 +34,7 @@ } }, "globalRG": "global-shared-resources", + "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 62a703a5c..a328ad76d 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -34,6 +34,7 @@ } }, "globalRG": "global", + "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/frontend/Makefile b/frontend/Makefile index 6889cb908..6046c69bd 100644 --- a/frontend/Makefile +++ b/frontend/Makefile @@ -39,7 +39,7 @@ deploy: DB_URL=$$(az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \ kubectl create namespace aro-hcp --dry-run=client -o json | kubectl apply -f - && \ kubectl label namespace aro-hcp "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \ - helm upgrade --install aro-hcp-frontend-dev \ + helm upgrade --install ${HELM_DRY_RUN} aro-hcp-frontend-dev \ deploy/helm/frontend/ \ --set configMap.databaseName=${DB_NAME} \ --set configMap.databaseUrl="$${DB_URL}" \ diff --git a/frontend/pipeline.yaml b/frontend/pipeline.yaml index a4b47de75..f7de4a14b 100644 --- a/frontend/pipeline.yaml +++ b/frontend/pipeline.yaml @@ -8,6 +8,10 @@ resourceGroups: - name: deploy action: Shell command: ["make", "deploy"] + dryRun: + envVars: + - name: HELM_DRY_RUN + value: "--dry-run=server --debug" env: - name: ARO_HCP_IMAGE_ACR configRef: svcAcrName From 0290526106a72108d34f3ae0371451e35bb412ed Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Wed, 27 Nov 2024 11:18:57 +0100 Subject: [PATCH 3/9] Fix yamllinting errors --- config/config.msft.yaml | 2 -- config/config.schema.json | 4 ---- config/config.yaml | 2 -- config/public-cloud-cs-pr.json | 1 - config/public-cloud-dev.json | 1 - config/public-cloud-msft-int.json | 1 - config/public-cloud-personal-dev.json | 1 - frontend/pipeline.yaml | 2 +- 8 files changed, 1 insertion(+), 13 deletions(-) diff --git a/config/config.msft.yaml b/config/config.msft.yaml index 1d67e72b8..6ca8c9b0d 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -1,7 +1,5 @@ $schema: config.schema.json defaults: - helmDryRun: "--dry-run=server --debug" - region: {{ .ctx.region }} # Resourcegroups globalRG: global-shared-resources diff --git a/config/config.schema.json b/config/config.schema.json index 8301402d7..a12598003 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -139,9 +139,6 @@ "globalRG": { "type": "string" }, - "helmDryRun": { - "type": "string" - }, "hypershift": { "type": "object", "properties": { @@ -608,7 +605,6 @@ "firstPartyAppClientId", "frontend", "globalRG", - "helmDryRun", "hypershift", "hypershiftOperator", "imageSync", diff --git a/config/config.yaml b/config/config.yaml index 7dacbe8cf..356f04416 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -1,7 +1,5 @@ $schema: config.schema.json defaults: - helmDryRun: "--dry-run=server --debug" - region: {{ .ctx.region }} # Resourcegroups globalRG: global diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index ffb747188..00a90eab5 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -34,7 +34,6 @@ } }, "globalRG": "global", - "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index 276a8c712..ccffefeaf 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -34,7 +34,6 @@ } }, "globalRG": "global", - "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index 702b6819f..e49ea3bed 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -34,7 +34,6 @@ } }, "globalRG": "global-shared-resources", - "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index a328ad76d..62a703a5c 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -34,7 +34,6 @@ } }, "globalRG": "global", - "helmDryRun": "--dry-run=server --debug", "hypershift": { "additionalInstallArg": "--tech-preview-no-upgrade", "externalDNSManagedIdentityName": "external-dns", diff --git a/frontend/pipeline.yaml b/frontend/pipeline.yaml index f7de4a14b..6cf246fc9 100644 --- a/frontend/pipeline.yaml +++ b/frontend/pipeline.yaml @@ -8,7 +8,7 @@ resourceGroups: - name: deploy action: Shell command: ["make", "deploy"] - dryRun: + dryRun: envVars: - name: HELM_DRY_RUN value: "--dry-run=server --debug" From c39a306196ea8f72b249e06b345ca7a7a36813a2 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Wed, 27 Nov 2024 11:32:18 +0100 Subject: [PATCH 4/9] remove tests, will be added in additional pr --- tooling/templatize/pkg/pipeline/run_test.go | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 tooling/templatize/pkg/pipeline/run_test.go diff --git a/tooling/templatize/pkg/pipeline/run_test.go b/tooling/templatize/pkg/pipeline/run_test.go deleted file mode 100644 index 78b053e70..000000000 --- a/tooling/templatize/pkg/pipeline/run_test.go +++ /dev/null @@ -1,16 +0,0 @@ -package pipeline - -import ( - "context" - "testing" -) - -func TestResourceGroupRun(t *testing.T) { - - rg := ResourceGroup{ - Name: "test-rg", - Steps: []*Step{}, - } - - rg.run(context.Background(), &PipelineRunOptions{}) -} From 4f243af6102ae84388423a45894fe9295e4e1862 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Wed, 27 Nov 2024 11:36:14 +0100 Subject: [PATCH 5/9] Fix liniting, remove not used method --- tooling/templatize/pkg/pipeline/executiontarget.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tooling/templatize/pkg/pipeline/executiontarget.go b/tooling/templatize/pkg/pipeline/executiontarget.go index 7d264484a..9116193cc 100644 --- a/tooling/templatize/pkg/pipeline/executiontarget.go +++ b/tooling/templatize/pkg/pipeline/executiontarget.go @@ -75,10 +75,6 @@ func (target *executionTargetImpl) KubeConfig(ctx context.Context) (string, erro return kubeconfigPath, nil } -func (target *executionTargetImpl) aksID() string { - return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerService/managedClusters/%s", target.GetSubscriptionID(), target.GetResourceGroup(), target.GetAkSClusterName()) -} - func (target *executionTargetImpl) GetSubscriptionID() string { return target.subscriptionID } From 9009bc8a49eb5be2aa85e03d98a0fb0e2762d26c Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Wed, 27 Nov 2024 08:20:51 +0100 Subject: [PATCH 6/9] don't uppercase scope binding replacement vars Signed-off-by: Gerd Oberlechner --- tooling/templatize/pkg/ev2/mapping.go | 2 +- tooling/templatize/pkg/ev2/mapping_test.go | 20 ++++++++-------- tooling/templatize/pkg/ev2/utils_test.go | 24 +++++++++---------- ...reprocessFileForEV2ScopeBinding.bicepparam | 4 ++-- ...elineForEV2ev2-precompiled-test.bicepparam | 2 +- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tooling/templatize/pkg/ev2/mapping.go b/tooling/templatize/pkg/ev2/mapping.go index 8b06532e9..0fe3c3df6 100644 --- a/tooling/templatize/pkg/ev2/mapping.go +++ b/tooling/templatize/pkg/ev2/mapping.go @@ -21,7 +21,7 @@ func EV2Mapping(input config.Variables, prefix []string) (map[string]string, map } replaced[key] = replacement } else { - placeholder := fmt.Sprintf("__%s__", strings.ToUpper(strings.Join(nestedKey, "_"))) + placeholder := fmt.Sprintf("__%s__", strings.Join(nestedKey, "_")) output[placeholder] = strings.Join(nestedKey, ".") replaced[key] = placeholder } diff --git a/tooling/templatize/pkg/ev2/mapping_test.go b/tooling/templatize/pkg/ev2/mapping_test.go index de7240431..e1d9912ae 100644 --- a/tooling/templatize/pkg/ev2/mapping_test.go +++ b/tooling/templatize/pkg/ev2/mapping_test.go @@ -21,19 +21,19 @@ func TestMapping(t *testing.T) { }, } expectedFlattened := map[string]string{ - "__KEY1__": "key1", - "__KEY2__": "key2", - "__KEY3__": "key3", - "__PARENT_NESTED__": "parent.nested", - "__PARENT_DEEPER_DEEPEST__": "parent.deeper.deepest", + "__key1__": "key1", + "__key2__": "key2", + "__key3__": "key3", + "__parent_nested__": "parent.nested", + "__parent_deeper_deepest__": "parent.deeper.deepest", } expectedReplace := map[string]interface{}{ - "key1": "__KEY1__", - "key2": "__KEY2__", - "key3": "__KEY3__", + "key1": "__key1__", + "key2": "__key2__", + "key3": "__key3__", "parent": map[string]interface{}{ - "nested": "__PARENT_NESTED__", - "deeper": map[string]interface{}{"deepest": "__PARENT_DEEPER_DEEPEST__"}, + "nested": "__parent_nested__", + "deeper": map[string]interface{}{"deepest": "__parent_deeper_deepest__"}, }, } flattened, replace := EV2Mapping(testData, []string{}) diff --git a/tooling/templatize/pkg/ev2/utils_test.go b/tooling/templatize/pkg/ev2/utils_test.go index 51fce778a..0a5b15ee6 100644 --- a/tooling/templatize/pkg/ev2/utils_test.go +++ b/tooling/templatize/pkg/ev2/utils_test.go @@ -16,18 +16,18 @@ func TestScopeBindingVariables(t *testing.T) { t.Fatalf("ScopeBindingVariables failed: %v", err) } expectedVars := map[string]string{ - "__AKSNAME__": "$config(aksName)", - "__GLOBALRG__": "$config(globalRG)", - "__IMAGESYNCRG__": "$config(imageSyncRG)", - "__MAESTRO_HELM_CHART__": "$config(maestro_helm_chart)", - "__MAESTRO_IMAGE__": "$config(maestro_image)", - "__MANAGEMENTCLUSTERRG__": "$config(managementClusterRG)", - "__MANAGEMENTCLUSTERSUBSCRIPTION__": "$config(managementClusterSubscription)", - "__REGION__": "$config(region)", - "__REGIONRG__": "$config(regionRG)", - "__SERVICECLUSTERRG__": "$config(serviceClusterRG)", - "__SERVICECLUSTERSUBSCRIPTION__": "$config(serviceClusterSubscription)", - "__CLUSTERSERVICE_IMAGETAG__": "$config(clusterService.imageTag)", + "__aksName__": "$config(aksName)", + "__globalRG__": "$config(globalRG)", + "__imageSyncRG__": "$config(imageSyncRG)", + "__maestro_helm_chart__": "$config(maestro_helm_chart)", + "__maestro_image__": "$config(maestro_image)", + "__managementClusterRG__": "$config(managementClusterRG)", + "__managementClusterSubscription__": "$config(managementClusterSubscription)", + "__region__": "$config(region)", + "__regionRG__": "$config(regionRG)", + "__serviceClusterRG__": "$config(serviceClusterRG)", + "__serviceClusterSubscription__": "$config(serviceClusterSubscription)", + "__clusterService_imageTag__": "$config(clusterService.imageTag)", } if diff := cmp.Diff(expectedVars, vars); diff != "" { diff --git a/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2ScopeBinding.bicepparam b/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2ScopeBinding.bicepparam index c00e59d52..932498049 100644 --- a/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2ScopeBinding.bicepparam +++ b/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2ScopeBinding.bicepparam @@ -6,5 +6,5 @@ param baseDNSZoneName = 'hcp.osadev.cloud' param baseDNSZoneResourceGroup = 'global' // CS -param csImage = '__CLUSTERSERVICE_IMAGETAG__' -param regionRG = '__REGIONRG__' +param csImage = '__clusterService_imageTag__' +param regionRG = '__regionRG__' diff --git a/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2ev2-precompiled-test.bicepparam b/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2ev2-precompiled-test.bicepparam index feb7facf9..a56162b50 100644 --- a/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2ev2-precompiled-test.bicepparam +++ b/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2ev2-precompiled-test.bicepparam @@ -1 +1 @@ -param regionRG = '__REGIONRG__' \ No newline at end of file +param regionRG = '__regionRG__' \ No newline at end of file From 270bf1e7b0f5fa9a9965183e865e21e8c396b30e Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Wed, 27 Nov 2024 08:23:18 +0100 Subject: [PATCH 7/9] use systemvar replacement for pipeline files Signed-off-by: Gerd Oberlechner --- tooling/templatize/pkg/ev2/pipeline_test.go | 2 +- tooling/templatize/pkg/ev2/utils.go | 22 +++++++++++++------ ...re_TestPreprocessFileForEV2SystemVars.yaml | 2 +- ...ure_TestProcessPipelineForEV2pipeline.yaml | 2 +- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/tooling/templatize/pkg/ev2/pipeline_test.go b/tooling/templatize/pkg/ev2/pipeline_test.go index 48c4264d6..54c4235ce 100644 --- a/tooling/templatize/pkg/ev2/pipeline_test.go +++ b/tooling/templatize/pkg/ev2/pipeline_test.go @@ -12,7 +12,7 @@ import ( func TestProcessPipelineForEV2(t *testing.T) { configProvider := config.NewConfigProvider("../../testdata/config.yaml") - vars, err := configProvider.GetVariables("public", "int", "", NewEv2ConfigReplacements()) + vars, err := configProvider.GetVariables("public", "int", "", NewEv2SystemVariableReplacements()) if err != nil { t.Errorf("failed to get variables: %v", err) } diff --git a/tooling/templatize/pkg/ev2/utils.go b/tooling/templatize/pkg/ev2/utils.go index b59d613b1..b0ab2477f 100644 --- a/tooling/templatize/pkg/ev2/utils.go +++ b/tooling/templatize/pkg/ev2/utils.go @@ -10,10 +10,18 @@ import ( // This package contains helper functions to extract EV2 conformant data from a config.yaml file. // -func NewEv2ConfigReplacements() *config.ConfigReplacements { +func NewEv2ServiceConfigReplacements() *config.ConfigReplacements { return config.NewConfigReplacements( - "$location()", + "$(regionName)", "$(regionShortName)", + "", + ) +} + +func NewEv2SystemVariableReplacements() *config.ConfigReplacements { + return config.NewConfigReplacements( + "$location()", + "$config(regionShortName)", "$stamp()", ) } @@ -23,7 +31,7 @@ func NewEv2ConfigReplacements() *config.ConfigReplacements { // The variable values are formatted to contain EV2 $location(), $stamp() and $(serviceConfigVar) variables. // This function is useful to get the variables to fill the `Settings` section of an EV2 `ServiceConfig.json“ func GetNonRegionalServiceConfigVariables(configProvider config.ConfigProvider, cloud, deployEnv string) (config.Variables, error) { - return configProvider.GetVariables(cloud, deployEnv, "", NewEv2ConfigReplacements()) + return configProvider.GetVariables(cloud, deployEnv, "", NewEv2ServiceConfigReplacements()) } // GetRegionalServiceConfigVariableOverrides returns the regional overrides of a config.yaml file. @@ -36,7 +44,7 @@ func GetRegionalServiceConfigVariableOverrides(configProvider config.ConfigProvi } overrides := make(map[string]config.Variables) for _, region := range regions { - regionOverrides, err := configProvider.GetRegionOverrides(cloud, deployEnv, region, NewEv2ConfigReplacements()) + regionOverrides, err := configProvider.GetRegionOverrides(cloud, deployEnv, region, NewEv2ServiceConfigReplacements()) if err != nil { return nil, err } @@ -49,7 +57,7 @@ func GetRegionalServiceConfigVariableOverrides(configProvider config.ConfigProvi // It uses the provided configProvider to fetch the variables, flattens them into a __VAR__ = $config(var) formatted map. // This function is useful to get the find/replace pairs for an EV2 `ScopeBinding.json` func ScopeBindingVariables(configProvider config.ConfigProvider, cloud, deployEnv string) (map[string]string, error) { - vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2ConfigReplacements()) + vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2SystemVariableReplacements()) if err != nil { return nil, err } @@ -65,7 +73,7 @@ func ScopeBindingVariables(configProvider config.ConfigProvider, cloud, deployEn // while maintaining EV2 conformant system variables. // This function is useful to process a pipeline.yaml file so that it contains EV2 system variables. func PreprocessFileForEV2SystemVars(configProvider config.ConfigProvider, cloud, deployEnv string, templateFile string) ([]byte, error) { - vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2ConfigReplacements()) + vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2SystemVariableReplacements()) if err != nil { return nil, err } @@ -77,7 +85,7 @@ func PreprocessFileForEV2SystemVars(configProvider config.ConfigProvider, cloud, // This function is useful to process bicepparam files so that they can be used within EV2 together // with scopebinding. func PreprocessFileForEV2ScopeBinding(configProvider config.ConfigProvider, cloud, deployEnv string, templateFile string) ([]byte, error) { - vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2ConfigReplacements()) + vars, err := configProvider.GetVariables(cloud, deployEnv, "", NewEv2SystemVariableReplacements()) if err != nil { return nil, err } diff --git a/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2SystemVars.yaml b/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2SystemVars.yaml index b243c236c..083ce8a57 100644 --- a/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2SystemVars.yaml +++ b/tooling/templatize/testdata/zz_fixture_TestPreprocessFileForEV2SystemVars.yaml @@ -1,7 +1,7 @@ serviceGroup: Microsoft.Azure.ARO.Test rolloutName: Test Rollout resourceGroups: -- name: hcp-underlay-$(regionShortName) +- name: hcp-underlay-$config(regionShortName) subscription: hcp-$location() aksCluster: aro-hcp-aks steps: diff --git a/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2pipeline.yaml b/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2pipeline.yaml index f405fa1b0..693c8d870 100644 --- a/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2pipeline.yaml +++ b/tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2pipeline.yaml @@ -1,7 +1,7 @@ serviceGroup: Microsoft.Azure.ARO.Test rolloutName: Test Rollout resourceGroups: - - name: hcp-underlay-$(regionShortName) + - name: hcp-underlay-$config(regionShortName) subscription: hcp-$location() aksCluster: aro-hcp-aks steps: From 563c7a77eb6a3adc475b75120dbcee78350bab59 Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Wed, 27 Nov 2024 08:35:13 +0100 Subject: [PATCH 8/9] varous fixes Signed-off-by: Gerd Oberlechner --- config/config.msft.yaml | 12 +++---- config/config.schema.json | 4 +-- config/config.yaml | 6 ++-- config/public-cloud-cs-pr.json | 6 ++-- config/public-cloud-dev.json | 6 ++-- config/public-cloud-msft-int.json | 12 +++---- config/public-cloud-personal-dev.json | 6 ++-- .../svc-cluster.tmpl.bicepparam | 32 +++++++++---------- dev-infrastructure/svc-pipeline.yaml | 2 +- 9 files changed, 43 insertions(+), 43 deletions(-) diff --git a/config/config.msft.yaml b/config/config.msft.yaml index 6ca8c9b0d..77bce8759 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -51,13 +51,13 @@ defaults: maestro: eventGrid: name: arohcp-maestro-{{ .ctx.regionShort }} - maxClientSessionsPerAuthName: '4' + maxClientSessionsPerAuthName: 4 private: false certDomain: 'selfsigned.maestro.keyvault.azure.com' postgres: name: arohcp-maestro-{{ .ctx.regionShort }} serverVersion: '15' - serverStorageSizeGB: '32' + serverStorageSizeGB: 32 deploy: false private: false minTLSVersion: 'TLSV1.2' @@ -89,7 +89,7 @@ defaults: serviceKeyVault: name: arohcp-svc-{{ .ctx.regionShort }} - rg: hcp-underlay-{{ .ctx.regionShort }} + rg: hcp-underlay-{{ .ctx.region }}-svc region: {{ .ctx.region }} softDelete: false private: false @@ -162,7 +162,7 @@ clouds: osDiskSizeGB: 100 azCount: 3 # DNS - baseDnsZoneName: aro-hcp.azure-test.net' + baseDnsZoneName: aro-hcp.azure-test.net regionalDNSSubdomain: '{{ .ctx.region }}' # ACR @@ -191,9 +191,9 @@ clouds: # Grafana monitoring: - grafanaAdminGroupPrincipalId: '??? the one to be used as Grafana Admin in grafana.bicep ???' + grafanaAdminGroupPrincipalId: '2fdb57d4-3fd3-415d-b604-1d0e37a188fe' # Azure Red Hat OpenShift MSFT Engineering # DEVOPS MSI # lets create this MSI manually for the time being and automate soon # but we should use the MSI name as an input and not the resource ID of the MSI - aroDevopsMsiId: '??? the one for OIDC deployment script / lives in the global RG / needs to be created first thing on regional buildout ???' + aroDevopsMsiId: '/subscriptions/5299e6b7-b23b-46c8-8277-dc1147807117/resourcegroups/global-shared-resources/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aroint-int-public-oidc' diff --git a/config/config.schema.json b/config/config.schema.json index a12598003..926ece73d 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -229,7 +229,7 @@ "type": "object", "properties": { "maxClientSessionsPerAuthName": { - "type": "string" + "type": "integer" }, "name": { "type": "string" @@ -264,7 +264,7 @@ "type": "boolean" }, "serverStorageSizeGB": { - "type": "string" + "type": "integer" }, "serverVersion": { "type": "string" diff --git a/config/config.yaml b/config/config.yaml index 356f04416..bb9f2685f 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -7,7 +7,7 @@ defaults: # General AKS config kubernetesVersion: 1.30.5 - istioVersion: "['asm-1-22']" + istioVersion: "asm-1-22" vnetAddressPrefix: "10.128.0.0/14" subnetPrefix: "10.128.8.0/21" podSubnetPrefix: "10.128.64.0/18" @@ -51,13 +51,13 @@ defaults: maestro: eventGrid: name: arohcp-maestro-{{ .ctx.regionShort }} - maxClientSessionsPerAuthName: '4' + maxClientSessionsPerAuthName: 4 private: false certDomain: 'selfsigned.maestro.keyvault.azure.com' postgres: name: arohcp-maestro-{{ .ctx.regionShort }} serverVersion: '15' - serverStorageSizeGB: '32' + serverStorageSizeGB: 32 deploy: true private: false minTLSVersion: 'TLSV1.2' diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index 00a90eab5..5bd4fe422 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -51,13 +51,13 @@ "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, - "istioVersion": "['asm-1-22']", + "istioVersion": "asm-1-22", "kubernetesVersion": "1.30.5", "maestro": { "certDomain": "selfsigned.maestro.keyvault.azure.com", "consumerName": "hcp-underlay-cspr-mgmt-1", "eventGrid": { - "maxClientSessionsPerAuthName": "4", + "maxClientSessionsPerAuthName": 4, "name": "arohcp-maestro-cspr", "private": false }, @@ -68,7 +68,7 @@ "minTLSVersion": "TLSV1.2", "name": "arohcp-maestro-cspr", "private": false, - "serverStorageSizeGB": "32", + "serverStorageSizeGB": 32, "serverVersion": "15" }, "restrictIstioIngress": false, diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index ccffefeaf..0dca3ad2f 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -51,13 +51,13 @@ "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, - "istioVersion": "['asm-1-22']", + "istioVersion": "asm-1-22", "kubernetesVersion": "1.30.5", "maestro": { "certDomain": "selfsigned.maestro.keyvault.azure.com", "consumerName": "hcp-underlay-dev-mgmt-1", "eventGrid": { - "maxClientSessionsPerAuthName": "4", + "maxClientSessionsPerAuthName": 4, "name": "arohcp-maestro-dev", "private": false }, @@ -68,7 +68,7 @@ "minTLSVersion": "TLSV1.2", "name": "arohcp-maestro-dev", "private": false, - "serverStorageSizeGB": "32", + "serverStorageSizeGB": 32, "serverVersion": "15" }, "restrictIstioIngress": true, diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index e49ea3bed..ac9cc5d43 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -1,8 +1,8 @@ { "acrName": "arohcpint", "aksName": "aro-hcp-aks", - "aroDevopsMsiId": "??? the one for OIDC deployment script / lives in the global RG / needs to be created first thing on regional buildout ???", - "baseDnsZoneName": "aro-hcp.azure-test.net'", + "aroDevopsMsiId": "/subscriptions/5299e6b7-b23b-46c8-8277-dc1147807117/resourcegroups/global-shared-resources/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aroint-int-public-oidc", + "baseDnsZoneName": "aro-hcp.azure-test.net", "baseDnsZoneRG": "westus3-shared-resources", "clusterService": { "acrRG": "westus3-shared-resources", @@ -57,7 +57,7 @@ "certDomain": "selfsigned.maestro.keyvault.azure.com", "consumerName": "hcp-underlay-int-mgmt-1", "eventGrid": { - "maxClientSessionsPerAuthName": "4", + "maxClientSessionsPerAuthName": 4, "name": "arohcp-maestro-int", "private": false }, @@ -68,7 +68,7 @@ "minTLSVersion": "TLSV1.2", "name": "arohcp-maestro-int", "private": false, - "serverStorageSizeGB": "32", + "serverStorageSizeGB": 32, "serverVersion": "15" }, "restrictIstioIngress": true, @@ -102,7 +102,7 @@ "softDelete": false }, "monitoring": { - "grafanaAdminGroupPrincipalId": "??? the one to be used as Grafana Admin in grafana.bicep ???", + "grafanaAdminGroupPrincipalId": "2fdb57d4-3fd3-415d-b604-1d0e37a188fe", "grafanaName": "arohcp-int", "msiName": "aro-hcp-metrics-msi-int", "workspaceName": "arohcp-int" @@ -127,7 +127,7 @@ "name": "arohcp-svc-int", "private": false, "region": "westus3", - "rg": "hcp-underlay-int", + "rg": "hcp-underlay-westus3-svc", "softDelete": false }, "subnetPrefix": "10.128.8.0/21", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 62a703a5c..0c75aac7c 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -51,13 +51,13 @@ "repositories": "registry.k8s.io/external-dns/external-dns,quay.io/acm-d/rhtap-hypershift-operator,quay.io/app-sre/uhc-clusters-service,quay.io/package-operator/package-operator-package", "rg": "hcp-underlay-westus3-imagesync-dev" }, - "istioVersion": "['asm-1-22']", + "istioVersion": "asm-1-22", "kubernetesVersion": "1.30.5", "maestro": { "certDomain": "selfsigned.maestro.keyvault.azure.com", "consumerName": "hcp-underlay-usw3tst-mgmt-1", "eventGrid": { - "maxClientSessionsPerAuthName": "4", + "maxClientSessionsPerAuthName": 4, "name": "arohcp-maestro-usw3tst", "private": false }, @@ -68,7 +68,7 @@ "minTLSVersion": "TLSV1.2", "name": "arohcp-maestro-usw3tst", "private": false, - "serverStorageSizeGB": "32", + "serverStorageSizeGB": 32, "serverVersion": "15" }, "restrictIstioIngress": true, diff --git a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam index d89f00e9d..834450625 100644 --- a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam +++ b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam @@ -1,24 +1,24 @@ using '../templates/svc-cluster.bicep' param kubernetesVersion = '{{ .kubernetesVersion }}' -param istioVersion = {{ .istioVersion }} +param istioVersion = ['{{ .istioVersion }}'] param vnetAddressPrefix = '{{ .vnetAddressPrefix }}' param subnetPrefix = '{{ .subnetPrefix }}' param podSubnetPrefix = '{{ .podSubnetPrefix }}' param aksClusterName = '{{ .aksName }}' param aksKeyVaultName = '{{ .svc.etcd.kvName }}' -param aksEtcdKVEnableSoftDelete = {{ .svc.etcd.kvSoftDelete }} +param aksEtcdKVEnableSoftDelete = any('{{ .svc.etcd.kvSoftDelete }}') -param userAgentMinCount = {{ .svc.userAgentPool.minCount }} -param userAgentMaxCount = {{ .svc.userAgentPool.maxCount }} +param userAgentMinCount = any('{{ .svc.userAgentPool.minCount }}') +param userAgentMaxCount = any('{{ .svc.userAgentPool.maxCount }}') param userAgentVMSize = '{{ .svc.userAgentPool.vmSize }}' -param aksUserOsDiskSizeGB = {{ .svc.userAgentPool.osDiskSizeGB }} -param userAgentPoolAZCount = {{ .svc.userAgentPool.azCount }} +param aksUserOsDiskSizeGB = any({{ .svc.userAgentPool.osDiskSizeGB }}) +param userAgentPoolAZCount = any('{{ .svc.userAgentPool.azCount }}') -param disableLocalAuth = {{ .frontend.cosmosDB.disableLocalAuth }} -param deployFrontendCosmos = {{ .frontend.cosmosDB.deploy }} +param disableLocalAuth = any('{{ .frontend.cosmosDB.disableLocalAuth }}') +param deployFrontendCosmos = any('{{ .frontend.cosmosDB.deploy }}') param rpCosmosDbName = '{{ .frontend.cosmosDB.name }}' -param rpCosmosDbPrivate = {{ .frontend.cosmosDB.private }} +param rpCosmosDbPrivate = any('{{ .frontend.cosmosDB.private }}') param maestroEventGridNamespacesName = '{{ .maestro.eventGrid.name }}' param maestroServerMqttClientName = '{{ .maestro.serverMqttClientName }}' @@ -26,20 +26,20 @@ param maestroCertDomain = '{{ .maestro.certDomain}}' param maestroPostgresServerName = '{{ .maestro.postgres.name }}' param maestroPostgresServerMinTLSVersion = '{{ .maestro.postgres.minTLSVersion }}' param maestroPostgresServerVersion = '{{ .maestro.postgres.serverVersion }}' -param maestroPostgresServerStorageSizeGB = {{ .maestro.postgres.serverStorageSizeGB }} -param deployMaestroPostgres = {{ .maestro.postgres.deploy }} -param maestroPostgresPrivate = {{ .maestro.postgres.private }} +param maestroPostgresServerStorageSizeGB = any('{{ .maestro.postgres.serverStorageSizeGB }}') +param deployMaestroPostgres = any('{{ .maestro.postgres.deploy }}') +param maestroPostgresPrivate = any('{{ .maestro.postgres.private }}') -param deployCsInfra = {{ .clusterService.postgres.deploy }} +param deployCsInfra = any('{{ .clusterService.postgres.deploy }}') param csPostgresServerName = '{{ .clusterService.postgres.name }}' param csPostgresServerMinTLSVersion = '{{ .clusterService.postgres.minTLSVersion }}' -param clusterServicePostgresPrivate = {{ .clusterService.postgres.private }} +param clusterServicePostgresPrivate = any('{{ .clusterService.postgres.private }}') param serviceKeyVaultName = '{{ .serviceKeyVault.name }}' param serviceKeyVaultResourceGroup = '{{ .serviceKeyVault.rg }}' param serviceKeyVaultLocation = '{{ .serviceKeyVault.region }}' -param serviceKeyVaultSoftDelete = {{ .serviceKeyVault.softDelete }} -param serviceKeyVaultPrivate = {{ .serviceKeyVault.private }} +param serviceKeyVaultSoftDelete = any('{{ .serviceKeyVault.softDelete }}') +param serviceKeyVaultPrivate = any('{{ .serviceKeyVault.private }}') param acrPullResourceGroups = ['{{ .serviceComponentAcrResourceGroups }}'] param clustersServiceAcrResourceGroupNames = ['{{ .clusterService.acrRG }}'] diff --git a/dev-infrastructure/svc-pipeline.yaml b/dev-infrastructure/svc-pipeline.yaml index 743b0415a..cee2de6ef 100644 --- a/dev-infrastructure/svc-pipeline.yaml +++ b/dev-infrastructure/svc-pipeline.yaml @@ -1,4 +1,4 @@ -serviceGroup: Microsoft.Azure.ARO.Test +serviceGroup: Microsoft.Azure.ARO.HCP.Service.Infra rolloutName: Service Cluster Rollout resourceGroups: - name: {{ .svc.rg }} From 42475fc7fb0c8a39056356a6e343ce87da0cf8be Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Wed, 27 Nov 2024 09:18:43 +0100 Subject: [PATCH 9/9] disable token creation role assignment for the time being Signed-off-by: Gerd Oberlechner --- dev-infrastructure/templates/svc-cluster.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep index 112d76097..9a6f36459 100644 --- a/dev-infrastructure/templates/svc-cluster.bicep +++ b/dev-infrastructure/templates/svc-cluster.bicep @@ -345,7 +345,7 @@ module csDnsZoneContributor '../modules/dns/zone-contributor.bicep' = { } } -resource clustersServiceAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [ +/*resource clustersServiceAcrResourceGroups 'Microsoft.Resources/resourceGroups@2023-07-01' existing = [ for rg in clustersServiceAcrResourceGroupNames: { name: rg scope: subscription() @@ -362,7 +362,7 @@ module acrManageTokenRole '../modules/acr-permissions.bicep' = [ acrResourceGroupid: clustersServiceAcrResourceGroups[i].id } } -] +]*/ // oidc