THIS REPO IS FOR PR JOB TESTING ONLY#3
Closed
smarterclayton wants to merge 1 commit intoopenshift:masterfrom
smarterclayton:dockerfile
Closed
THIS REPO IS FOR PR JOB TESTING ONLY#3smarterclayton wants to merge 1 commit intoopenshift:masterfrom smarterclayton:dockerfile
smarterclayton wants to merge 1 commit intoopenshift:masterfrom
smarterclayton:dockerfile
Conversation
openshift-ci-robot
added
the
size/XS
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
1 similar comment
Contributor
Author
|
/retest |
|
/retest
…On Mon, Jun 25, 2018 at 11:04 AM, OpenShift CI Robot < ***@***.***> wrote:
@smarterclayton <https://github.com/smarterclayton>: The following test
*failed*, say /retest to rerun them all:
Test name Commit Details Rerun command
ci/prow/e2e-aws 9275010
<9275010>
link
<https://openshift-gce-devel.appspot.com/build/origin-ci-test/pr-logs/pull/openshift_installer/3/pull-ci-origin-installer-e2e-aws/36/> /test
e2e-aws
Instructions for interacting with me using PR comments are available here
<https://git.k8s.io/community/contributors/guide/pull-requests.md>. If
you have questions or suggestions related to my behavior, please file an
issue against the kubernetes/test-infra
<https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:>
repository. I understand the commands that are listed here
<https://go.k8s.io/bot-commands>.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#3 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AG7fCjXLJkpa9DM4w6MujWXj0g42syFnks5uAPv2gaJpZM4UyXaa>
.
|
Contributor
Author
|
/retest |
1 similar comment
Contributor
Author
|
/retest |
Contributor
Author
|
/test e2e-aws |
Contributor
Author
|
/retest |
Contributor
Author
|
/test e2e-aws |
Contributor
|
It looks like this can be closed. I'd close it for you, @smarterclayton but I don't have permissions anymore. |
Contributor
Author
|
I need to set up a team for this group, will make someone an admin |
Contributor
Author
|
Made you an owner of the installer team which has write to this repo, you
can add others.
…On Fri, Jul 6, 2018 at 5:15 PM, Alex Crawford ***@***.***> wrote:
It looks like this can be closed. I'd close it for you, @smarterclayton
<https://github.com/smarterclayton> but I don't have permissions anymore.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_pyvnHe8EMXa4Yg24NrPlAPqFu2-Bks5uD9N_gaJpZM4UyXaa>
.
|
Contributor
Author
|
Also, you can always use the bot
/close
…On Fri, Jul 6, 2018 at 5:55 PM, Clayton Coleman ***@***.***> wrote:
Made you an owner of the installer team which has write to this repo, you
can add others.
On Fri, Jul 6, 2018 at 5:15 PM, Alex Crawford ***@***.***>
wrote:
> It looks like this can be closed. I'd close it for you, @smarterclayton
> <https://github.com/smarterclayton> but I don't have permissions anymore.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#3 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ABG_pyvnHe8EMXa4Yg24NrPlAPqFu2-Bks5uD9N_gaJpZM4UyXaa>
> .
>
|
This was referenced Feb 28, 2019
mandre
pushed a commit
to mandre/installer
that referenced
this pull request
Aug 19, 2019
Corrections by Abhivnav
stbenjam
pushed a commit
to stbenjam/installer
that referenced
this pull request
Feb 10, 2021
adjustments to fix CI jobs
bpradipt
added a commit
to bpradipt/installer
that referenced
this pull request
Jun 3, 2021
Patch Series to add loadbalancer TF resources
bennerv
pushed a commit
to bennerv/installer
that referenced
this pull request
Jun 4, 2021
Use Ignition v2 Spec for Backwards Compatibility
zaneb
pushed a commit
to zaneb/openshift-installer
that referenced
this pull request
Apr 29, 2022
Add lint checks
rvanderp3
referenced
this pull request
in openshift-splat-team/installer
Apr 14, 2026
This commit implements Story #3: Install Config Schema Extension for vSphere Multi-Account Credentials. It extends the install-config.yaml schema to support per-component credentials while maintaining backward compatibility with legacy single-account mode. Changes: - Add ComponentCredentials struct with fields for installer, machineAPI, csiDriver, cloudController, and diagnostics components - Add AccountCredentials struct supporting multi-vCenter topologies - Add platform field for optional ComponentCredentials - Create test stubs for schema validation (6 test scenarios) - Create test stubs for install-config integration tests Test Plan: - Unit tests in pkg/types/vsphere/validation_test.go - Default/fallback tests in pkg/types/vsphere/defaults_test.go - Integration tests in pkg/asset/installconfig/vsphere/validation_test.go All tests are currently stub implementations marked with t.Skip() and will be fully implemented in subsequent iterations. Related: openshift-splat-team/splat-team#3 Parent: openshift-splat-team/splat-team#2 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
rvanderp3
referenced
this pull request
in openshift-splat-team/installer
Apr 14, 2026
Add vSphere privilege validation logic using component-specific privilege lists. Validates that each OpenShift component account (installer, machine-api, csi-driver, cloud-controller, diagnostics) has required vCenter permissions before installation proceeds. Implementation: - PrivilegeValidator struct with ValidateComponentPrivileges method - ValidationResult struct with Valid, MissingPrivileges, Scope fields - GetRequiredPrivileges() function with comprehensive privilege lists - Installer: ~45 privileges for infrastructure deployment - Machine API: ~35 privileges for VM lifecycle - CSI Driver: ~12 privileges for storage provisioning - Cloud Controller: ~10 read-only privileges for node discovery - Diagnostics: ~5 read-only privileges for troubleshooting Test coverage: - 9 test scenarios covering all acceptance criteria - Missing privilege detection (machine-api, csi-driver) - Successful validation for all components - Component-specific privilege sets - Error handling Foundation for Story #4: Privilege Validation Parent Epic: #2 - vSphere Multi-Account Credentials Depends on: Story #3 (schema extension) Related: openshift-splat-team/splat-team#4 Related: openshift-splat-team/splat-team#2 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
rvanderp3
referenced
this pull request
in openshift-splat-team/installer
Apr 14, 2026
This commit implements the greenfield installation flow for per-component vSphere credentials (Story #6), enabling distinct vCenter accounts for each OpenShift component to improve security posture through principle of least privilege. Implementation: - percomponent.go: Integration logic for credential validation and selection - ValidatePerComponentCredentials: Validates all 5 component credentials - GetInstallerCredentials: Returns installer credentials for infrastructure - IsPerComponentMode: Detects per-component vs legacy mode - Helper functions for vCenter/credential resolution - integration_test.go: 8 integration test scenarios - Happy path: All 5 accounts configured and validated - Validation failures: Missing privileges for installer, machine-api, csi-driver - Component secret isolation: RBAC verification - Runtime credential usage: Machine API, CSI, CCM, Diagnostics - vsphere_percomponent_test.go: 2 E2E test scenarios - Full installation flow with all components - vCenter audit log verification for distinct usernames Test Coverage: - 10 test scenarios covering all acceptance criteria - Integration with Stories #3 (schema), #4 (validation), #5 (CCO) - All tests compile successfully - Tests skip with "Implementation pending" (TDD approach) Acceptance Criteria: - AC1: Installer validates component credentials have required privileges - AC2: Installer uses installer account for infrastructure provisioning - AC3: CCO creates component-specific secrets - AC4-AC7: Components use their specific credentials at runtime - AC8: vCenter audit logs show distinct usernames Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Before creating your PR, please make sure to add the appropriate GitHub labels
like e.g.
run-smoke-tests+platform/<xxx>. For more details seetests/README.md.
(In case you don't have permissions to add labels, please ask a
Maintainer.)