-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(SURE-5437) AzureGov Cloud Credentials fail to create/provisioning broken #98
Comments
It seems that it is related to #62 PR needs rebase and more refactoring from our site, currently I am working on this |
Fixes: rancher#98 (cherry picked from commit 41a68e8)
Fixes: rancher#98 (cherry picked from commit 41a68e8)
Fix #136 |
Fixes: rancher#98 (cherry picked from commit 41a68e8)
Fix was submitted, there is also need to adjust Rancher part for it |
Which part of Rancher ?! |
|
Waiting for access to AzureGov Cloud |
@atoy3731 Can you please help us with testing this change once again ? |
Testing this against v2.8.0-alpha1. I'm seeing progress, still looks to be an issue on the backend:
|
@atoy3731 Hi, can you please test for us following procedure.
|
Just had to mod the
|
I have developed new aks-client to test Azure Gov communication |
Testing using @mjura 's client and think I found the root of the authentication issue. This line I think needs to be update to (maybe conditionally?) use NewSubscriptionsClientWithBaseURI instead. when I update the code to use that and pass in the baseURL as an argument, it works for GovCloud to find the subscription. My updated function:
And my implementation:
Let me know if that helps. Thanks! |
Issue: rancher/aks-operator#98 Signed-off-by: Michal Jura <mjura@suse.com>
I have created fix for it rancher/rancher#43009 |
Tested the fix and it works! One note, if the secret coming from the UI starts with a ".", there looks like a parsing error (I unfortunately don't have the error message). If the password doesn't have the "." at the beginning, the flow works as expected to create a credential secret. There are other issues in the Create Cluster screen, but I think that would deserve a new issue for tracking since I think it is in the UI. |
It is blocked by rancher/rancher#43024 |
Related UI ticket: rancher/dashboard#9858 @kkaempf is this for 2.8.0? I'm being pinged on other fronts that this can wait to Q1 but I don't know the full scope of impact since there are now multiple tickets floating around. cc @nwmac |
UI ticket now Q1, which is noted elsewhere outside of Github. |
Issue: rancher/aks-operator#98 Signed-off-by: Michal Jura <mjura@suse.com>
Issue: rancher/aks-operator#98 Signed-off-by: Michal Jura <mjura@suse.com>
UI ticket is still in progress |
Moving to "to test" as UI ticket got closed with a v2.8.0 milestone 🤞🏻 |
confirmed fixed per UI qa |
Describe the bug
When creating a cloud-credential for Azure using the AzureUSGovernmentCloud environment option, the creation will fail. When inspecting the logs in the browser, there is an error referencing 'SubscriptionId not found'. The subscription id has been validated to work as the service principal being used in the credential was created using it.
This error is not present when using standard Azure. It is suspected that AzureGov endpoints are not correctly set internally on a dependent tool.
To Reproduce
Create Service Principal in AzureGov using
Select AzureUSGovernmentCloud for the environment
Plug in generated appId into Client-Id field
Plug in generated password into Client-Secret field
Plug in subscription id into Subscription Id field
Click Create, see non-descriptive error
Open Console and inspect Network and fire command again
Inspect Response to see RESTful error describing the unknown subscription Id
Expected Result
Credential Created Successfully
Additional context
When bypassing the cloud credential creation using Terraform, the credential itself will fail to work when creating a cluster and repeat the same 'subscription id not found' error.
The text was updated successfully, but these errors were encountered: