Closed jsturtevant closed 1 month ago
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: jsturtevant
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Looks like we missed a few things when moving to the new sub, will be getting those into the new terraform scripts and will re-run this here
/test pull-e2e-capz-windows-2022-extension-gmsa
made it further, looks like we need another permission:
INFO: Getting the gmsa gmsaSpecFile gmsa-cred-spec-gmsa-e2e-22305 from https://capz-ci-gmsa-community.vault.azure.net
INFO: error when retrieving gmsaSpecFile GET https://capz-ci-gmsa-community.vault.azure.net/secrets/gmsa-cred-spec-gmsa-e2e-22305/
--------------------------------------------------------------------------------
RESPONSE 403: 403 Forbidden
ERROR CODE: Forbidden
--------------------------------------------------------------------------------
{
"error": {
"code": "Forbidden",
"message": "The user, group or application 'appid=34d8e06d-d198-477e-b166-6936e58d90ae;oid=8eb97873-17bb-46a5-aed9-1967d83ca7ca;iss=https://sts.windows.net/d1aa7522-0959-442e-80ee-8c4f7fb4c184/' does not have secrets get permission on key vault 'capz-ci-gmsa-community;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287",
"innererror": {
"code": "AccessDenied"
}
}
}
-------
I think we are missing the permissions from https://github.com/kubernetes-sigs/windows-testing/blob/ccb406007bfdebf384e8171592bcafb10a64ed11/capz/gmsa/setup-gmsa.sh#L113-L114
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension-gmsa
gMSA tests pass! Infra PR to have the right role assignments wired up: https://github.com/kubernetes/k8s.io/pull/7101
gMSA tests pass! Infra PR to have the right role assignments wired up: https://github.com/kubernetes/k8s.io/pull/7101
thanks! Somewhere in the scripts we are getting the wrong subscription context, debugging that then this will be ready.
/test pull-e2e-capz-windows-2022-extension
/test pull-e2e-capz-windows-2022-extension
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension-gmsa
/test pull-e2e-capz-windows-2022-extension-gmsa
/lgtm
This updates to use the new keyvault name
capz-ci-gmsa-community
/assign @ritikaguptams