Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 322 коммитов 234 Ветки 197 Теги 232 MiB
Граф коммитов

301 Коммитов

Автор SHA1 Сообщение Дата
Mangirdas Judeikis 4bdb4e1a3e
Add expired client workaround 2021-05-11 08:08:38 +01:00
Jim Minter 7add113018
use localFPKVAuthorizer for cluster key vault 2021-05-05 16:26:20 -05:00
Jim Minter e61efa5666
add cmd/dbtoken 2021-04-26 15:22:21 -05:00
Jim Minter a0bc3474da
add armClientId config 2021-04-23 10:25:45 -05:00
Jim Minter 299309817d
add rpVmssCapacity parameter 2021-04-23 10:25:45 -05:00
Jim Minter f37198a7be
add parent DNS zones into deploy ARM templates 2021-04-23 10:25:45 -05:00
Jim Minter 45d726e348
add EnableDevelopmentAuthorizer feature 2021-04-22 10:27:11 -05:00
Jim Minter a563426654
rename parameter mdsdConfigVersion -> rpMdsdConfigVersion 2021-04-22 10:27:11 -05:00
Jim Minter 0de48ee913
enable empty billingServicePrincipalId in deploy 2021-04-22 10:27:10 -05:00
Jim Minter 81c2ec9143
add acrLocationOverride config to handle misdeployed INT ACR for now 2021-04-12 15:12:52 -05:00
Naveen Malik 758b5533eb Bump 4.{5,6}.z, drop 4.3 2021-04-09 10:10:47 -04:00
Jim Minter 9cacea7b3c
remove rpMode from ARM templates 2021-04-08 09:12:14 -05:00
Jim Minter c1e0ef99a5
add DisableDenyAssignments feature 2021-04-08 09:12:13 -05:00
Jim Minter 1d2384d768
move billingE2EStorageAccountId to RP configuration 2021-04-08 09:12:12 -05:00
Jim Minter 0e01c6cb3b
move fpClientID to RP config for INT/PROD 2021-04-08 09:12:08 -05:00
Jim Minter 51a1d80455
move clusterGenevaLoggingEnvironment, clusterGenevaLoggingConfigVersion to RP config for INT/PROD 2021-04-07 13:07:39 -05:00
Leszek Jakubowski 82db406c15 Manual location override for INT env 2021-03-16 09:05:51 +01:00
Mangirdas Judeikis e410ab9d09
Merge pull request #1372 from jim-minter/deployacr 
Deploy ACR in ARM templates
 2021-03-11 08:53:39 +00:00
bennerv c4221e8cf6 Remove not needed dev dependencies from builds 2021-03-09 23:28:48 -05:00
bennerv 31dc570041 Add ubi7/rhel7 based multi-stage container build 2021-03-09 16:44:23 -05:00
Jim Minter 7b863abc50
deploy ACR 2021-03-08 15:12:10 -06:00
Jim Minter 3bd3a33b63
bump containerregistry API from 2019-06-01-preview to 2020-11-01-preview 2021-03-08 15:11:40 -06:00
Jim Minter a0cabd7ae2
make billingServicePrincipalId an RP config parameter 2021-03-04 15:40:21 -06:00
Mangirdas Judeikis 010a87263e
Add missing .net pkg 2021-03-02 10:31:19 +00:00
Jim Minter 859963a61f
for clarity, rename fullDeploy -> ci for hack/cluster 2021-02-23 19:34:28 -06:00
Jim Minter 5c5c0d2dc5
remove fullDeploy 2021-02-23 19:34:27 -06:00
bennerv 8b11c9c918 Revert docker to podman migration changes 2021-02-23 20:03:36 -05:00
bennerv aaaf431da8 Fix az acr login after podman migration 2021-02-23 18:08:46 -05:00
bennerv 4a8dcd1ead fix point where setting selinux boolean value 2021-02-23 16:34:49 -05:00
bennerv 3cffdfdf8e Change podman back to docker but install podman-dockerr 2021-02-22 09:56:40 -05:00
bennerv c49fbac350 Change references from docker -> podman 2021-02-22 09:54:17 -05:00
Jim Minter 962e8b8398
remove vpn in CI environment 2021-02-18 12:16:12 -06:00
Jim Minter 44f6d0461b
noop formatting 2021-02-18 12:16:01 -06:00
Amber Brown 92ebbdae1d Randomise the subnets of clusters created by util/cluster (affecting dev and in E2E) 2021-02-17 14:36:04 +11:00
Jim Minter 01d568d23e
add missing Match * stanza 2021-02-15 17:37:39 -06:00
Jim Minter 80139ba534
re-enable ifx audit 2021-02-10 09:33:49 -06:00
Leszek Jakubowski 9c7e890bed unpinning RHEL7 version (RHUI issues) 2021-02-10 15:03:50 +01:00
Leszek Jakubowski 6a6c212b4c unpinning azure-cli, the underlying issue has been fixed 2021-02-10 13:26:43 +01:00
Jim Minter 18bc7fab39
disable ifx audit logging for now (#1301) 
* don't audit /healthz/ready

* disable ifx audit logging for now.

the collector is not yet configured server side; the fluent bit version we're
on (1.3.11) is ancient and doesn't support rewrite_tag; hence we're spamming
our logs with ifxaudit lines
 2021-02-09 07:31:55 +00:00
Jim Minter 0bfe2a9e15
bump geneva images (#1290) 2021-02-08 17:07:10 +00:00
Mangirdas Judeikis 8a1ff8d511
update vsts agent 2021-02-08 12:28:05 +00:00
Ivan Sim a6ef29638f
Collect Audit Logs From RP Frontend (#1243) 
* Update RP frontend to collect audit logs

1. Add a new middleware to audit inbound requests
2. Requests to the Azure 'operationsstatus' endpoints are skipped
3. Remove the embedded 'env' from the audit log hook to decouple the
   dependency. The 'env' is passed in to the Audit middleware
4. Replace unnecessary custom string types with basic string types
5. Update the testutil 'AssertLoggingOutput' method to skip asserting
   audit logs to reduce flakiness in tests. Audit logs assertion is done
   in a new 'audit.AssertAuditingOutput()' testutil method

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Troy's feedback

Signed-off-by: Ivan Sim <isim@redhat.com>

* Update fluent-bit config with rewrite_tag filter

This filter rewrites the input tag of journald logs that have the field
LOGKIND=ifxaudit, to ifxaudit. Using a different tag for ifxaudit logs
allows us to separate them from non-audit logs in the mdsd
configuration.

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Jim's feedback

Signed-off-by: Ivan Sim <isim@redhat.com>

* New changes per discussion with Jim

1. Merge the 'audit' middleware with the 'log' middleware
to avoid type assertions
3. Update security_test.go with audit test
4. Remove pointer reference to audit constructor
5. Add new audit log entry to testinfra struct

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address MJ's feedback

1. Add unit test to test supported URL patterns

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Jim's feedback

1. Move adminOp 'if' conditional to log middleware
2. Extract out the 'if' conditional check into a helper function
3. Add start and end symbols to new regex expressions

Signed-off-by: Ivan Sim <isim@redhat.com>
 2021-02-04 11:09:06 +00:00
Jim Minter 0f3125bff2
enable encryption at host on RP 2021-01-21 19:21:26 -06:00
Jim Minter 68db0de021
bump compute API to 2020-06-01 2021-01-21 19:21:15 -06:00
Jim Minter 7bc0255106
setting MONITORING_GCS_AUTH_ID_TYPE=AuthKeyVault seems to have caused mdsd not to honour SSL_CERT_FILE any more, heaven only knows why. 2021-01-21 15:12:16 -06:00
Olga Mirensky fa2c54e60e use temp dir for temp cert locations and bug fixes 2021-01-19 12:44:24 +11:00
Olga Mirensky d8d1b23a6f Simplify parameters handling and add AZURE_CONFIG_DIR to avoid race 2021-01-19 12:40:54 +11:00
Olga Mirensky 6502928036 use openssl to extract mdsd SAN; minor fixes 2021-01-19 12:40:54 +11:00
Olga Mirensky 02749169e4 Add systemd timers for periodic refresh of mdm and mdsd certificates 2021-01-19 12:40:54 +11:00
Jim Minter ec5108d30c
add missing pip dependency 2021-01-18 18:37:42 -06:00