Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-3340

Support the standardized Azure Identity configuration flow via OLM and CCO for OADP in OCP 4.15

XMLWordPrintable

    • 0
    • Very Likely
    • 0
    • 0
    • None
    • Unset
    • Unknown
    • No

      ReReview on  04/25 - CloudStorage API for 1.5.0

      1. Current status 
          2. AWS supported
          3. GCP not
          4. Azure not
      5. Cloud credential operator
          6. CCO does support WIF and Azure for standardized flow as of 4/2025

      High Level Breakdown of required work:

        1.  work  - Part: CCO 
             1. get credentials for azure, we have gcp wif, we have creds for aws.
             2.   put the current [AWS cco code](https://github.com/openshift/oadp-operator/blob/338e8d5e9382d19be8b0debbe0ea454d73b4c26e/cmd/main.go#L139) in an aws if statement 
             3.   add GCP WIF if statement
             4.   add azure sts if statement
             5.  Validate w/ QE/Wes helping cco install from operator webui...  verify that secrets exists and backup works.
        1. work - Part: Cloud Storage API
            1.  aws bucket creation code is [here](https://github.com/openshift/oadp-operator/blob/master/pkg/bucket/aws.go#L55)
            2.  create code for gcp bucket creation
            3.  create code for azure bucket creation
        1. work - Part: BSL Creation
             1. Update BSL [code](https://github.com/openshift/oadp-operator/blob/0ff661cae03822fc278e9715af5515c7e89f680d/internal/controller/bsl.go#L160-L174) to support azure and gcp
        1.  Uncouple CloudStorageAPI from CCO/standard workflow?
          https://github.com/openshift/oadp-operator/blob/338e8d5e9382d19be8b0debbe0ea454d73b4c26e/internal/controller/cloudstorage_controller.go#L126-L135

      4. Test test test  

      CONTEXT
      1.  The cloud storage api main purpose to simply auto create a bucket if no buckets exists.
      1.  STS - auto create bucket
      2.  Uncouple from STS (maybe)

       

      WORKFLOW from Customer:
      STS enabled or no STS
      1. user creates secret for cloud auth
      2.  user creates cloudstorage
      3.  bucket auto created for user
      4. user creates a dpa with CloudStorage ref - bucket key/value

      <wes> needs to think about encryption types, does that need to be added to:

       

      Dev Notes:

       

          1.
          		 Ensure QE Coverage Sub-task New Undefined Sachin Singla

              tkaovila@redhat.com Tiger Kaovilai
              wnstb Wes Hayutin
              Sachin Singla Sachin Singla
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: