Skip to content

Add AzureKeyBasedAuthenticationNotPermitted to Hive error handling #4539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kimorris27 merged 1 commit into from
Jan 7, 2026
Merged

Add AzureKeyBasedAuthenticationNotPermitted to Hive error handling #4539

kimorris27 merged 1 commit into from
Jan 7, 2026
+60 −0

Conversation

@kimorris27
Copy link
Contributor

@kimorris27 kimorris27 commented Jan 6, 2026

Which issue this PR addresses:

https://issues.redhat.com/browse/ARO-23318

What this PR does / why we need it:

There have been more and more of these Hive cluster install failures in the queue recently for some reason. The issue is always customer-inflicted by an Azure Policy that modifies a CSP cluster's storage account to disable key based authentication, so we should be returning the failure cause directly to the customer rather than responding to alerts and sending AzComms.

To get this going in prod, there are two more things I'll need to follow up with once this PR merges:

  • Update the Hive release pipeline with the new install log regex; it will get released during the next Hive release
  • Update our IcM automation's "non_alerting_reasons" to include this new reason

Test plan for issue:

Pushed additional install log regexes to eastus shared dev Hive and tested with a local dev cluster where I set up a policy just like a customer would; my local dev RP returned the KeyBasedAuthenticationNotPermitted issue back to me.

Is there any documentation that needs to be updated for this PR?

No

How do you know this will function as expected in production?

Tested thoroughly in local dev, which is close enough to prod in this case

@kimorris27 kimorris27 self-assigned this Jan 6, 2026
@kimorris27 kimorris27 added the chainsaw Pull requests or issues owned by Team Chainsaw label Jan 6, 2026
@kimorris27 kimorris27 merged commit d5000d7 into master Jan 7, 2026
22 checks passed
@kimorris27 kimorris27 deleted the kimorris27/ARO-23318-propagate-hive-error-to-cx branch January 7, 2026 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tsatam tsatam tsatam approved these changes

@shubhadapaithankar shubhadapaithankar shubhadapaithankar approved these changes

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas is a code owner

@mrWinston mrWinston Awaiting requested review from mrWinston mrWinston is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@cadenmarchese cadenmarchese Awaiting requested review from cadenmarchese cadenmarchese is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu is a code owner

@mociarain mociarain Awaiting requested review from mociarain

@sankur-codes sankur-codes Awaiting requested review from sankur-codes sankur-codes is a code owner

@wanghaoran1988 wanghaoran1988 Awaiting requested review from wanghaoran1988 wanghaoran1988 is a code owner

@pepedocs pepedocs Awaiting requested review from pepedocs pepedocs is a code owner

Assignees

@kimorris27 kimorris27

Labels

chainsaw Pull requests or issues owned by Team Chainsaw

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kimorris27 @tsatam @shubhadapaithankar