-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add identityURL to internal apis for CMSI usage #3514
base: master
Are you sure you want to change the base?
Conversation
Left a few comments, all other changes seems good for identityURL. |
I'm adding |
9b77750
to
13aaefc
Compare
/azp run ci, e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nits, nothing critical. lgtm
/azp run ci,e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commented the doubts, rather than any change request.
Other than the concerns, changes LGTM.
38b747c
to
aaccab3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Requesting one more small change for readability's sake.
/azp run ci, e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
Which issue this PR addresses:
Fixes ARO-6086
What this PR does / why we need it:
The cluster doc needs to persist identityURL in order for Cluster MSI (CUAMSI) token refreshing to work. The identityURL is a header that is provided by ARM to the RP and is used for token refreshing purposes. For more info, see the design doc: https://docs.google.com/document/d/1dtgp6B-VYyXUmPsMX9f9MdlAE9sON4OuH1Cw9Ij0mmg/edit that @rajdeep wrote.
Test plan for issue:
API calls should succeed in persisting identityURL header when a put or patch call to RP is made.
Is there any documentation that needs to be updated for this PR?
How do you know this will function as expected in production?