ARO-6756 Remove usecheckaccess feature and environment variables #3643
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rajdeepc2792
added
work-in-progress
chainsaw
rajdeepc2792
requested review from
jewzaam,
bennerv,
hawkowl,
rogbas,
petrkotas,
jharrington22,
cblecker,
cadenmarchese,
UlrichSchlueter,
SudoBrendan,
yjst2012,
jaitaiwan,
anshulvermapatel,
hlipsig and
tiguelu
as code owners
|
/azp run ci,e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
cadenmarchese
previously approved these changes
Jun 26, 2024
|
/azp run e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run e2e,ci |
rajdeepc2792
force-pushed
the
rajdeepc2792/ARO-6756-feature-removal
branch
from
1effa8f
to
faa09e6
Compare
|
/azp run ci, e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
kimorris27
previously approved these changes
Jul 18, 2024
|
Please rebase pull request. |
rajdeepc2792
force-pushed
the
rajdeepc2792/ARO-6756-feature-removal
branch
from
faa09e6
to
cbe8fa6
Compare
|
/azp run ci, e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
cadenmarchese
approved these changes
Jul 23, 2024
kimorris27
approved these changes
Jul 23, 2024
s-fairchild
added a commit
that referenced
this pull request
Aug 7, 2024
Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. Update gateway vmss OS image to cbl-mariner-2-gen2-fips
s-fairchild
added a commit
that referenced
this pull request
Aug 9, 2024
Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Update gateway vmss OS image to cbl-mariner-2-gen2-fips. Add firewalld configuration back, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
s-fairchild
added a commit
that referenced
this pull request
Aug 12, 2024
Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Update gateway vmss OS image to cbl-mariner-2-gen2-fips. Add firewalld configuration back, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
s-fairchild
added a commit
that referenced
this pull request
Aug 13, 2024
Restructure VMSS bootstrap bash scripts for increased reliability, and easier debugging Move all shared code into a commonly shared file to be sourced by all bootstrapping scripts. This allows for code reuse, minimal duplication. Fix mdm mdsd certificate download script Increase rpm retry time to 30 minutes total, every 30 seconds. Install Azure Security Monitor via VMSS Extension Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Add firewalld configuration, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
s-fairchild
added a commit
that referenced
this pull request
Aug 19, 2024
Restructure VMSS bootstrap bash scripts for increased reliability, and easier debugging Move all shared code into a commonly shared file to be sourced by all bootstrapping scripts. This allows for code reuse, minimal duplication. Fix mdm mdsd certificate download script Increase rpm retry time to 30 minutes total, every 30 seconds. Install Azure Security Monitor via VMSS Extension Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Add firewalld configuration, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
s-fairchild
added a commit
that referenced
this pull request
Aug 20, 2024
Restructure VMSS bootstrap bash scripts for increased reliability, and easier debugging Move all shared code into a commonly shared file to be sourced by all bootstrapping scripts. This allows for code reuse, minimal duplication. Fix mdm mdsd certificate download script Increase rpm retry time to 30 minutes total, every 30 seconds. Install Azure Security Monitor via VMSS Extension Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Add firewalld configuration, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
s-fairchild
added a commit
that referenced
this pull request
Aug 21, 2024
Restructure VMSS bootstrap bash scripts for increased reliability, and easier debugging Move all shared code into a commonly shared file to be sourced by all bootstrapping scripts. This allows for code reuse, minimal duplication. Fix mdm mdsd certificate download script Increase rpm retry time to 30 minutes total, every 30 seconds. Install Azure Security Monitor via VMSS Extension Remove RHUI and Microsoft repo configuration, add Mariner Extended repo config Remove lvm disk resize Mariner does not use lvm, the disk is automatically grown to the full size specified. Firewalld configuration has been removed, as Mariner does not have the requirements to support the nftables backend. Firewall rules will be configured at the vnet level in Azure. Remove semanage Mariner Linux does not have selinux configured. Add changes to remove CHECKACCESS Merged in PR #3643 Remove gateway log rotation config Log rotation for the podman level driver log was not the correct approach. The podman log driver is now journald, so all logs will be shipped to journald rather than a ctr.log file. During mdm and mdsd setup, I've added wait steps for the download scripts to complete getting certificates. Without this, the download scripts run in a subshell and fixing up the certificates fails. Add firewalld configuration, required for podman networking Add podman aro network creation to isolate RP containers from possible interaction on the default podman network.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue this PR addresses:
Additional changes for
https://issues.redhat.com/browse/ARO-6756
Additional PRs:-
https://msazure.visualstudio.com/AzureRedHatOpenShift/_git/ARO-Pipelines/pullrequest/10341885
https://msazure.visualstudio.com/AzureRedHatOpenShift/_git/RP-Config/pullrequest/10341820
It just removes the feature and related environment variables, doesn't change the implementation as the checkAccessV2 is used for all the environments after #3524
What this PR does / why we need it:
Since CheckAccessV2 is now available and running in all the environments, no feature variable is needed for CheckAccessV2
Test plan for issue:
-> Updated Unit Tests where checkaccessv2 variable was used.
-> Pass all the unit test cases
-> Pass e2e
Is there any documentation that needs to be updated for this PR?
Document already exists for CheckAccessV2 in ADO:- https://msazure.visualstudio.com/AzureRedHatOpenShift/_wiki/wikis/AzureRedHatOpenShift.wiki/409184/CheckAccess-API-migration
The document will be updated with the getAccess marked as deprecated once the changes are merged and available in production.
How do you know this will function as expected in production?
Currently, the production/Local Dev/Full RP already relies on CheckAccessV2, so no functionality change from that point of view.