Merge pull request #5311 from bryan-cox/OCPBUGS-46483

OCPBUGS-46483: Correctly Reconcile CSO CSI Secrets for Managed Azure Deployments
openshift · Dec 18, 2024 · 21fa1e5 · 21fa1e5
2 parents 3fddc32 + b175cdc
commit 21fa1e5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 29 deletions.
diff --git a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
@@ -5114,39 +5114,13 @@ func (r *HostedControlPlaneReconciler) reconcileClusterStorageOperator(ctx conte
 		// Reconcile the secret needed for azure-disk-csi-controller
 		// This is related to https://github.com/openshift/csi-operator/pull/290.
 		azureFileCSISecret := manifests.AzureFileConfigWithCredentials(hcp.Namespace)
-		if _, err := createOrUpdate(ctx, r, azureDiskCSISecret, func() error {
+		if _, err := createOrUpdate(ctx, r, azureFileCSISecret, func() error {
 			return storage.ReconcileAzureFileCSISecret(azureFileCSISecret, hcp, tenantID)
 		}); err != nil {
 			return fmt.Errorf("failed to reconcile Azure File CSI config: %w", err)
 		}
 	}
 
-	if hcp.Spec.Platform.Type == hyperv1.AzurePlatform {
-		credentialsSecret := manifests.AzureCredentialInformation(hcp.Namespace)
-		if err := r.Client.Get(ctx, client.ObjectKeyFromObject(credentialsSecret), credentialsSecret); err != nil {
-			return fmt.Errorf("failed to get Azure credentials secret: %w", err)
-		}
-
-		// Reconcile the Azure Disk configuration secret
-		// TODO this just copies the cloud provider secret at the moment. There will be a follow-on PR to provide
-		// different credentials for Azure Disk and Azure File (right below).
-		// This is related to https://github.com/openshift/csi-operator/pull/290.
-		azureDiskConfigSecret := manifests.AzureDiskConfigWithCredentials(hcp.Namespace)
-		if _, err := createOrUpdate(ctx, r, azureDiskConfigSecret, func() error {
-			return azure.ReconcileCloudConfigWithCredentials(azureDiskConfigSecret, hcp, credentialsSecret)
-		}); err != nil {
-			return fmt.Errorf("failed to reconcile Azure disk config: %w", err)
-		}
-
-		// Reconcile the Azure File configuration secret
-		azureFileConfigSecret := manifests.AzureFileConfigWithCredentials(hcp.Namespace)
-		if _, err := createOrUpdate(ctx, r, azureFileConfigSecret, func() error {
-			return azure.ReconcileCloudConfigWithCredentials(azureFileConfigSecret, hcp, credentialsSecret)
-		}); err != nil {
-			return fmt.Errorf("failed to reconcile Azure disk config: %w", err)
-		}
-	}
-
 	deployment := manifests.ClusterStorageOperatorDeployment(hcp.Namespace)
 	if _, err := createOrUpdate(ctx, r, deployment, func() error {
 		return storage.ReconcileOperatorDeployment(deployment, params, hcp.Spec.Platform.Type)

diff --git a/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go b/control-plane-operator/controllers/hostedcontrolplane/storage/azure.go
@@ -3,9 +3,11 @@ package storage
 import (
 	"encoding/json"
 	"fmt"
+	"path"
 
 	hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1"
 	"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/cloud/azure"
+	hypershiftconfig "github.com/openshift/hypershift/support/config"
 
 	corev1 "k8s.io/api/core/v1"
 )
@@ -28,7 +30,7 @@ func initializeAzureCSIControllerConfig(hcp *hyperv1.HostedControlPlane, tenantI
 func ReconcileAzureDiskCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedControlPlane, tenantID string) error {
 	config := initializeAzureCSIControllerConfig(hcp, tenantID)
 	config.AADClientID = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.ClientID
-	config.AADClientCertPath = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.CertificateName
+	config.AADClientCertPath = path.Join(hypershiftconfig.ManagedAzureCertificatePath, hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.Disk.CertificateName)
 
 	serializedConfig, err := json.MarshalIndent(config, "", "  ")
 	if err != nil {
@@ -46,7 +48,7 @@ func ReconcileAzureDiskCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedContr
 func ReconcileAzureFileCSISecret(secret *corev1.Secret, hcp *hyperv1.HostedControlPlane, tenantID string) error {
 	config := initializeAzureCSIControllerConfig(hcp, tenantID)
 	config.AADClientID = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.ClientID
-	config.AADClientCertPath = hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.CertificateName
+	config.AADClientCertPath = path.Join(hypershiftconfig.ManagedAzureCertificatePath, hcp.Spec.Platform.Azure.ManagedIdentities.ControlPlane.File.CertificateName)
 
 	serializedConfig, err := json.MarshalIndent(config, "", "  ")
 	if err != nil {