search

kubernetes-sigs / windows-testing

Containers, scripts and documentation for running Kubernetes tests with Windows nodes
Apache License 2.0
40 stars 54 forks source link

When moving to new sub, the name of the keyvault changed #459

Closed jsturtevant closed 1 month ago

jsturtevant commented 1 month ago

This updates to use the new keyvault name capz-ci-gmsa-community

/assign @ritikaguptams

k8s-ci-robot commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsturtevant

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/windows-testing/blob/master/OWNERS)~~ [jsturtevant] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
jsturtevant commented 1 month ago

Looks like we missed a few things when moving to the new sub, will be getting those into the new terraform scripts and will re-run this here

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

jsturtevant commented 1 month ago

made it further, looks like we need another permission:

INFO: Getting the gmsa gmsaSpecFile gmsa-cred-spec-gmsa-e2e-22305 from https://capz-ci-gmsa-community.vault.azure.net
INFO: error when retrieving gmsaSpecFile GET https://capz-ci-gmsa-community.vault.azure.net/secrets/gmsa-cred-spec-gmsa-e2e-22305/
--------------------------------------------------------------------------------
RESPONSE 403: 403 Forbidden
ERROR CODE: Forbidden
--------------------------------------------------------------------------------
{
  "error": {
    "code": "Forbidden",
    "message": "The user, group or application 'appid=34d8e06d-d198-477e-b166-6936e58d90ae;oid=8eb97873-17bb-46a5-aed9-1967d83ca7ca;iss=https://sts.windows.net/d1aa7522-0959-442e-80ee-8c4f7fb4c184/' does not have secrets get permission on key vault 'capz-ci-gmsa-community;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287",
    "innererror": {
      "code": "AccessDenied"
    }
  }
}
-------
jsturtevant commented 1 month ago

I think we are missing the permissions from https://github.com/kubernetes-sigs/windows-testing/blob/ccb406007bfdebf384e8171592bcafb10a64ed11/capz/gmsa/setup-gmsa.sh#L113-L114

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

gMSA tests pass! Infra PR to have the right role assignments wired up: https://github.com/kubernetes/k8s.io/pull/7101

jsturtevant commented 1 month ago

gMSA tests pass! Infra PR to have the right role assignments wired up: https://github.com/kubernetes/k8s.io/pull/7101

thanks! Somewhere in the scripts we are getting the wrong subscription context, debugging that then this will be ready.

jsturtevant commented 1 month ago

/test pull-e2e-capz-windows-2022-extension

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension

jsturtevant commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

/test pull-e2e-capz-windows-2022-extension

jsturtevant commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

jsturtevant commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

jsturtevant commented 1 month ago

/test pull-e2e-capz-windows-2022-extension-gmsa

ritikaguptams commented 1 month ago

/lgtm