From d5c6efbf4ebfc9c5f43131ec6a4ac1491d67251a Mon Sep 17 00:00:00 2001 From: gniranjan Date: Mon, 7 Oct 2024 15:21:49 -0500 Subject: [PATCH] ensure the case folding of cluster MSI resourceID --- pkg/cluster/deploybaseresources.go | 8 ++------ pkg/cluster/deploybaseresources_additional.go | 11 ++++++++++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/pkg/cluster/deploybaseresources.go b/pkg/cluster/deploybaseresources.go index bf948e975eb..155c44cac67 100644 --- a/pkg/cluster/deploybaseresources.go +++ b/pkg/cluster/deploybaseresources.go @@ -197,6 +197,8 @@ func (m *manager) deployBaseResourceTemplate(ctx context.Context) error { m.storageAccount(m.doc.OpenShiftCluster.Properties.ImageRegistryStorageAccountName, azureRegion, ocpSubnets, true), m.storageAccountBlobContainer(m.doc.OpenShiftCluster.Properties.ImageRegistryStorageAccountName, "image-registry"), m.clusterNSG(infraID, azureRegion), + m.networkPrivateLinkService(azureRegion), + m.networkInternalLoadBalancer(azureRegion), } if m.doc.OpenShiftCluster.UsesWorkloadIdentity() { @@ -210,12 +212,6 @@ func (m *manager) deployBaseResourceTemplate(ctx context.Context) error { resources = append(resources, m.clusterServicePrincipalRBAC()) } - resources = append( - resources, - m.networkPrivateLinkService(azureRegion), - m.networkInternalLoadBalancer(azureRegion), - ) - // Create a public load balancer routing if needed if m.doc.OpenShiftCluster.Properties.NetworkProfile.OutboundType == api.OutboundTypeLoadbalancer { m.newPublicLoadBalancer(ctx, &resources) diff --git a/pkg/cluster/deploybaseresources_additional.go b/pkg/cluster/deploybaseresources_additional.go index 8e6f8feb2f9..201a654f7d1 100644 --- a/pkg/cluster/deploybaseresources_additional.go +++ b/pkg/cluster/deploybaseresources_additional.go @@ -101,7 +101,16 @@ func (m *manager) ensureWorkloadIdentityRBAC() ([]*arm.Resource, error) { if err != nil { return nil, err } - clusterMSI := m.doc.OpenShiftCluster.Identity.UserAssignedIdentities[clusterMSIResourceId.String()] + + var clusterMSI api.ClusterUserAssignedIdentity + // we iterate through the existing identities to find the identity matching + // the expected resourceID with casefolding + for k, _ := range m.doc.OpenShiftCluster.Identity.UserAssignedIdentities { + if strings.EqualFold(k, clusterMSIResourceId.String()) { + clusterMSI = m.doc.OpenShiftCluster.Identity.UserAssignedIdentities[k] + } + } + if strings.TrimSpace(clusterMSI.PrincipalID) == "" { return nil, fmt.Errorf("cluster MSI principal ID '%s' is invalid for clusterMSIResourceId %s", clusterMSI.PrincipalID, clusterMSIResourceId.String()) }