Skip to content

Azure AuthZ/Single Resource Group Work - EXE #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 8, 2022
Merged

Azure AuthZ/Single Resource Group Work - EXE #68

merged 4 commits into from
Feb 8, 2022

Conversation

@cmperro
Copy link
Contributor

@cmperro cmperro commented Nov 17, 2021
edited
Loading

This PR includes AuthZ cleanup for Azure. From a high level, you can expect this PR to cover

  • Reworking the AD App / Credential to optionally use a custom role OR the built in Contributor role
  • Reworking the AD App / Credential to optionally be scoped to a single resource group or the subscription
  • Remove the layering of IAM for the AD App (was originally Owner at the subscription and then had the custom role applied at the rg level)
  • Add defaults for the custom role / built in selection - defaults to built in role
  • Add defaults for scoping of single resource group or subscription - defaults to subcription
  • Add functionality to remove credential from CDP (Azure)
  • Add functionality to remove AD App from Azure
  • Add functionality to remove custom role for AD App

This PR also includes adding the ability to create a CDP environment in a single resource group. This defaults to False / not creating an environment in a single resource group.

NB: If you scope the credential to a single resource group, we will automatically create the CDP environment in a single resource group (regardless of what the parameter is set to).

This PR should be done in conjunction with a CLOUD PR: cloudera.cloud/43

@cmperro cmperro mentioned this pull request Nov 17, 2021
Merged
@cmperro cmperro changed the title Azure AuthZ Work - EXE Azure AuthZ/Single Resource Group Work - EXE Nov 17, 2021
@cmperro cmperro requested review from Chaffelson and wmudge November 17, 2021 20:55
@wmudge wmudge added the enhancement MINOR - New feature or enhancement in the CHANGELOG label Nov 17, 2021
Chaffelson
Chaffelson approved these changes Feb 4, 2022
View reviewed changes
Copy link
Contributor

@Chaffelson Chaffelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested default deployment and single resource group. LGTM

wmudge
wmudge requested changes Feb 4, 2022
View reviewed changes
Copy link
Member

@wmudge wmudge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a rebase onto devel

@cmperro
Remove Cred/AD App during teardown. Rework Cred/AD App AuthZ
688bac1 
Signed-off-by: Chris Perro <[email protected]>
@cmperro
Updates to authz setup and teardown for deleting custom role, and sco…
2c107c4 
…ping ad app down to the rg

Signed-off-by: Chris Perro <[email protected]>
@cmperro
Update configuration.yml in docs for new azure params
212ebe9 
Signed-off-by: Chris Perro <[email protected]>
@cmperro
Update role assignment names to be unique per run, cause Azure likes …
0fd29e1 
…that. And catch error in role assignment if the role has already been assigned, because that module still isn't idempotent. And good things are idempotent

Signed-off-by: Chris Perro <[email protected]>
@cmperro cmperro requested a review from wmudge February 8, 2022 15:14
@cmperro cmperro force-pushed the az-authz-work branch 2 times, most recently from 8c045df to 0fd29e1 Compare February 8, 2022 17:22
@wmudge wmudge merged commit d12b031 into cloudera-labs:devel Feb 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wmudge wmudge wmudge approved these changes

+1 more reviewer

@Chaffelson Chaffelson Chaffelson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement MINOR - New feature or enhancement in the CHANGELOG

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cmperro @wmudge @Chaffelson