Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

userAssignedIdentities providerID value format unexpectedly changed in CAPZ v1.9.0 #3597

Closed
dthorsen opened this issue May 30, 2023 · 2 comments · Fixed by #3616
Closed

userAssignedIdentities providerID value format unexpectedly changed in CAPZ v1.9.0 #3597

dthorsen opened this issue May 30, 2023 · 2 comments · Fixed by #3616
Assignees
@mboersma
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone
v1.10

Comments

@dthorsen
Copy link
Contributor

dthorsen commented May 30, 2023
edited
Loading

/kind bug

What steps did you take and what happened:
Tried to bootstrap a new cluster with an AzureMachineTemplate that worked in CAPZ v1.7.0. The azurejson_machinetemplate_controller failed to create a secret for the azure json. The following error was emitted in the logs:

E0530 20:42:02.758002       1 controller.go:329]  "msg"="Reconciler error" "error"="failed to get user-assigned identity ClientID: invalid resource ID: resource id 'azure:///subscriptions/<snip>/resourcegroups/<snip>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<snip>' must start with '/'" "AzureMachineTemplate"={"name":"<snip>","namespace":"<snip>"} "controller"="azuremachinetemplate" "controllerGroup"="infrastructure.cluster.x-k8s.io" "controllerKind"="AzureMachineTemplate" "name"="<snip>" "namespace"="<snip>" "reconcileID"="<snip>"

If I use an AzureMachineTemplate that has a userAssignedIdentity providerID value that starts with /subscriptions instead of azure:///subscriptions the error goes away and things work as expected. However this is not how the field is documented to be used here.

It looks like this bug was introduced because the behavior of the new ParseResourceID function from the new arm package is not fully compatible with the ParseResourceID function from the autorest package that was used previously.
Old function: https://github.com/Azure/go-autorest/blob/autorest/v0.11.29/autorest/azure/azure.go#L215-L217
New function: https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.6.0/sdk/azcore/arm/internal/resource/resource_identifier.go#L64C6-L71

What did you expect to happen:
Existing, working AzureMachineTemplate yaml should work when upgrading CAPZ from v1.7.0 to v1.9.2.

Anything else you would like to add:
It looks like the breaking change was introduced in #3337.

Environment:

  • cluster-api-provider-azure version: v1.9.2
  • Kubernetes version: (use kubectl version): v1.21.14
  • OS (e.g. from /etc/os-release): Ubuntu 20.04
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label May 30, 2023
@CecileRobertMichon
Copy link
Contributor

cc @mboersma

@jackfrancis
Copy link
Contributor

/assign @mboersma

@jackfrancis jackfrancis added this to the v1.10 milestone Jun 8, 2023
This was referenced Jun 8, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboersma mboersma

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
CAPZ Planning
Archived in project
Milestone
v1.10
Development

Successfully merging a pull request may close this issue.

Allow azure:// prefix when parsing resource IDs mboersma/cluster-api-provider-azure
5 participants
@mboersma @jackfrancis @CecileRobertMichon @dthorsen @k8s-ci-robot