[OCPBUGS-44130] Azure CredentialsRequest for Machine API Operator may be missing some permissions

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.14, 4.15, 4.16, 4.17, 4.18.0
Component/s: Cloud Compute / Machine API Providers
Labels:
None

Regression:
None
Sprint:
CLOUD Sprint 263, CLOUD Sprint 264, CLOUD Sprint 262, CLOUD Sprint 265
sprint_count:
4
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.19.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

During review of ARO MiWi permissions, some permissions in the MAPI CredentialsRequest for Azure having other permissions identified through a linked action that are missing.

A linked access check is an action performed by Azure Resource Manager during a incoming request. For example, when you issue a create operation to a network interface ( Microsoft.Network/networkInterfaces/write ) you specify a subnet in the payload. ARM parses the payload, sees you're setting a subnet property, and as a result requires the linked access check Microsoft.Network/virtualNetworks/subnets/join/action to the subnet resource specified in the network interface. If you update a resource but don't include the property in the payload, it will not perform the permission check.

The following permissions were identified as possibly needed in MAPI CredsRequest as they are specified as linked action of one of MAPI's existing permissions

Microsoft.Compute/disks/beginGetAccess/action
Microsoft.KeyVault/vaults/deploy/action
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
Microsoft.Network/applicationGateways/backendAddressPools/join/action
Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action
Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action
Microsoft.Network/ddosProtectionPlans/join/action
Microsoft.Network/gatewayLoadBalancerAliases/join/action
Microsoft.Network/loadBalancers/backendAddressPools/join/action
Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action
Microsoft.Network/loadBalancers/inboundNatPools/join/action
Microsoft.Network/loadBalancers/inboundNatRules/join/action
Microsoft.Network/networkInterfaces/join/action
Microsoft.Network/networkSecurityGroups/join/action
Microsoft.Network/publicIPAddresses/join/action
Microsoft.Network/publicIPPrefixes/join/action
Microsoft.Network/virtualNetworks/subnets/join/action

Each permission needs to be validated as to whether it is needed by MAPI through any of its code paths.

links to

openshift/machine-api-operator#1309: OCPBUGS-44130: Add Azure permissions based on linked actions

RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update

Zhaohua Sun added a comment - 2025/01/10 8:27 AM - edited

Run regression on azure, no issues for machine api cases, move this to verified. The failed one rerun pass. clusterversion 4.19.0-0.nightly-2025-01-08-165032. cc mbukatov@redhat.com to check if need any verification from aro side.

https://jenkins-csb-openshift-qe-mastern.dno.corp.redhat.com/job/ocp-common/job/ginkgo-test/284171/console

01-09 20:19:18.025  error: 1 fail, 32 pass, 40 skip (3h51m49s)

01-09 20:19:18.025   The Case Execution Summary:
01-09 20:19:18.025   PASS OCP-24721 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add support for machine tags [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-25436 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Scale up/scale down the cluster by changing the replicas of the machineSet [Disruptive] [Serial][Slow]
01-09 20:19:18.025   PASS OCP-25615 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine metrics should be collected [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-29147 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Check that all the baremetalhosts are up and running
01-09 20:19:18.025   PASS OCP-29351 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Use oc explain to see detailed documentation of the resources
01-09 20:19:18.025   SKIP OCP-30379 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI New machine can join cluster when VPC has custom DHCP option set [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-32198 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Verify all master bmh are provisioned
01-09 20:19:18.025   SKIP OCP-32269 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement validation/defaulting for AWS [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-33040 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Required configuration should be added to the ProviderSpec to enable spot instances - azure [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-33058 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement defaulting machineset values for azure [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-34718 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Node labels and Affinity definition in PV should match
01-09 20:19:18.025   SKIP OCP-35513 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Windows machine should successfully provision for aws [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-36489 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machineset creation when publicIP:true in disconnected or normal (stratergy private or public) azure,aws,gcp enviroment [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-36989 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI mapi_instance_create_failed metrics should work [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-37264 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine metrics should be collected [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-37384 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine API components should honour cluster wide proxy settings
01-09 20:19:18.025   SKIP OCP-37497 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI ClusterInfrastructure Dedicated Spot Instances could be created [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-37915 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Creating machines using KMS keys from AWS [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-39639 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI host-based disk encryption at VM on azure platform [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-43764 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI MachineHealthCheckUnterminatedShortCircuit alert should be fired when a MHC has been in a short circuit state [Serial][Slow][Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-44977 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine with GPU is supported on gcp [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-45343 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MHC MAPI nodeStartupTimeout in MachineHealthCheck should revert back to default [Flaky]
01-09 20:19:18.025   PASS OCP-45377 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable accelerated network via MachineSets on azure [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-45499 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI mapi_current_pending_csr should reflect real pending CSR count
01-09 20:19:18.025   PASS OCP-45772 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI MachineSet selector is immutable
01-09 20:19:18.025   SKIP OCP-46078 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Signal when mao no-op in the clusterOperator status conditions
01-09 20:19:18.025   SKIP OCP-46303 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Availability sets could be created when needed for azure [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-46966 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Validation webhook check for gpus on GCP [Disruptive] [Serial]
01-09 20:19:18.025   SKIP OCP-46967 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement Ephemeral OS Disks - OS cache placement on azure [Disruptive] [Serial]
01-09 20:19:18.025   PASS OCP-47177 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Machine Deletion Hooks appropriately block lifecycle phases [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-47201 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Machine Deletion Hooks appropriately block lifecycle phases [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-47230 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Negative lifecycle hook validation [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-48012 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Change AWS EBS GP3 IOPS in MachineSet should take affect on aws [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-48363 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine providerID should be consistent with node providerID
01-09 20:19:18.026   SKIP OCP-48464 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Dedicated tenancy should be exposed on aws providerspec [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-48594 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS EFA network interfaces should be supported via machine api [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-48595 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Negative validation for AWS NetworkInterfaceType [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-49827 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Ensure pd-balanced disk is supported on GCP via machine api [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-50731 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable IMDSv2 on existing worker machines via machine set [Disruptive] [Serial][Slow]
01-09 20:19:18.026   SKIP OCP-51013 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI machine api should issue client cert when AWS DNS suffix missing [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-52471 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable configuration of boot diagnostics when creating VMs on azure [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-52473 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Webhook validations for azure boot diagnostics [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-52587 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Webhook validations for CPMS resource [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-52602 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Drain operation should be asynchronous from the other machine operations [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-53081 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Finalizer should be added to control plan machineset [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-53320 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Owner reference could be added/removed to control plan machines [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-53323 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy update instance type [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-53328 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI It doesnt rearrange the availability zones if the order of the zones isnt matching in the CPMS and the Control Plane [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-53610 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Operator control-plane-machine-set should be in Available state and report version information
01-09 20:19:18.026   SKIP OCP-54005 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - update some field [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-54053 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement tag categories cache for MAPI vsphere provider [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-54895 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI CPMS generator controller will create a new CPMS if a CPMS is removed from cluster [Disruptive] [Serial]
01-09 20:19:18.026   FAIL OCP-55485 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy - Delete/Add a failureDomain [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-55631 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy - Delete a master machine [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-55724 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - Delete/Add a failureDomain [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-55725 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - Delete a master machine [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-56086 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Controlplanemachineset should be created by default
01-09 20:19:18.026   SKIP OCP-57438 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add support to Shielded VMs on GCP [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-59718 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [Nutanix] Support bootType categories and project fields of NutanixMachineProviderConfig [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-59760 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Create confidential compute VMs on GCP [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-60147 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [clusterInfra] check machineapi and clusterautoscaler as optional operator
01-09 20:19:18.026   SKIP OCP-64909 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS Placement group support for MAPI [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-66866 Author:dtobolik [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS machineset support for multiple AWS security groups [Disruptive] [Serial][Slow]
01-09 20:19:18.026   SKIP OCP-70442 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI A warning should be shown when removing the target pools from cpms [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-73668 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Create machineset with Reserved Capacity [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-73669 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Webhook validation for Reserved Capacity [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-73762 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI New machine can join cluster when VPC has custom DHCP option set containing multiple domain names [Disruptive] [Serial]
01-09 20:19:18.026   PASS OCP-73851 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Node shouldnt have uninitialized taint [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-74603 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Support AWS Placement Group Partition Number [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-75037 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Webhook validation for AWS Placement Group Partition Number [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-76187 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add Paused condition to Machine and MachineSet resources
01-09 20:19:18.026   SKIP OCP-76366 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Allow creating Nutanix VMs with multiple disks [Disruptive] [Serial]
01-09 20:19:18.026   SKIP OCP-76367 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Allow creating Nutanix worker VMs with GPUs [Disruptive] [Serial]

Zhaohua Sun added a comment - 2025/01/10 8:27 AM - edited Run regression on azure, no issues for machine api cases, move this to verified. The failed one rerun pass. clusterversion 4.19.0-0.nightly-2025-01-08-165032. cc mbukatov@redhat.com to check if need any verification from aro side. https://jenkins-csb-openshift-qe-mastern.dno.corp.redhat.com/job/ocp-common/job/ginkgo-test/284171/console 01-09 20:19:18.025 error: 1 fail, 32 pass, 40 skip (3h51m49s) 01-09 20:19:18.025 The Case Execution Summary: 01-09 20:19:18.025 PASS OCP-24721 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add support for machine tags [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-25436 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Scale up/scale down the cluster by changing the replicas of the machineSet [Disruptive] [Serial][Slow] 01-09 20:19:18.025 PASS OCP-25615 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine metrics should be collected [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-29147 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Check that all the baremetalhosts are up and running 01-09 20:19:18.025 PASS OCP-29351 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Use oc explain to see detailed documentation of the resources 01-09 20:19:18.025 SKIP OCP-30379 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI New machine can join cluster when VPC has custom DHCP option set [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-32198 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Verify all master bmh are provisioned 01-09 20:19:18.025 SKIP OCP-32269 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement validation/defaulting for AWS [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-33040 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Required configuration should be added to the ProviderSpec to enable spot instances - azure [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-33058 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement defaulting machineset values for azure [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-34718 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Node labels and Affinity definition in PV should match 01-09 20:19:18.025 SKIP OCP-35513 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Windows machine should successfully provision for aws [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-36489 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machineset creation when publicIP: true in disconnected or normal (stratergy private or public ) azure,aws,gcp enviroment [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-36989 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI mapi_instance_create_failed metrics should work [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-37264 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine metrics should be collected [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-37384 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine API components should honour cluster wide proxy settings 01-09 20:19:18.025 SKIP OCP-37497 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI ClusterInfrastructure Dedicated Spot Instances could be created [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-37915 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Creating machines using KMS keys from AWS [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-39639 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI host-based disk encryption at VM on azure platform [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-43764 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI MachineHealthCheckUnterminatedShortCircuit alert should be fired when a MHC has been in a short circuit state [Serial][Slow][Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-44977 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine with GPU is supported on gcp [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-45343 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MHC MAPI nodeStartupTimeout in MachineHealthCheck should revert back to default [Flaky] 01-09 20:19:18.025 PASS OCP-45377 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable accelerated network via MachineSets on azure [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-45499 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI mapi_current_pending_csr should reflect real pending CSR count 01-09 20:19:18.025 PASS OCP-45772 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI MachineSet selector is immutable 01-09 20:19:18.025 SKIP OCP-46078 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Signal when mao no-op in the clusterOperator status conditions 01-09 20:19:18.025 SKIP OCP-46303 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Availability sets could be created when needed for azure [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-46966 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Validation webhook check for gpus on GCP [Disruptive] [Serial] 01-09 20:19:18.025 SKIP OCP-46967 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement Ephemeral OS Disks - OS cache placement on azure [Disruptive] [Serial] 01-09 20:19:18.025 PASS OCP-47177 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Machine Deletion Hooks appropriately block lifecycle phases [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-47201 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Machine Deletion Hooks appropriately block lifecycle phases [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-47230 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MDH] Negative lifecycle hook validation [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-48012 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Change AWS EBS GP3 IOPS in MachineSet should take affect on aws [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-48363 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Machine providerID should be consistent with node providerID 01-09 20:19:18.026 SKIP OCP-48464 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Dedicated tenancy should be exposed on aws providerspec [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-48594 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS EFA network interfaces should be supported via machine api [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-48595 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Negative validation for AWS NetworkInterfaceType [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-49827 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Ensure pd-balanced disk is supported on GCP via machine api [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-50731 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable IMDSv2 on existing worker machines via machine set [Disruptive] [Serial][Slow] 01-09 20:19:18.026 SKIP OCP-51013 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI machine api should issue client cert when AWS DNS suffix missing [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-52471 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Enable configuration of boot diagnostics when creating VMs on azure [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-52473 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Webhook validations for azure boot diagnostics [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-52587 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Webhook validations for CPMS resource [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-52602 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Drain operation should be asynchronous from the other machine operations [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-53081 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Finalizer should be added to control plan machineset [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-53320 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Owner reference could be added/removed to control plan machines [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-53323 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy update instance type [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-53328 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI It doesnt rearrange the availability zones if the order of the zones isnt matching in the CPMS and the Control Plane [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-53610 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Operator control-plane-machine-set should be in Available state and report version information 01-09 20:19:18.026 SKIP OCP-54005 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - update some field [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-54053 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Implement tag categories cache for MAPI vsphere provider [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-54895 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI CPMS generator controller will create a new CPMS if a CPMS is removed from cluster [Disruptive] [Serial] 01-09 20:19:18.026 FAIL OCP-55485 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy - Delete/Add a failureDomain [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-55631 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Implement update logic for RollingUpdate CPMS strategy - Delete a master machine [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-55724 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - Delete/Add a failureDomain [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-55725 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Control plane machine set OnDelete update strategies - Delete a master machine [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-56086 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI Controlplanemachineset should be created by default 01-09 20:19:18.026 SKIP OCP-57438 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add support to Shielded VMs on GCP [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-59718 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [Nutanix] Support bootType categories and project fields of NutanixMachineProviderConfig [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-59760 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Create confidential compute VMs on GCP [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-60147 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [clusterInfra] check machineapi and clusterautoscaler as optional operator 01-09 20:19:18.026 SKIP OCP-64909 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS Placement group support for MAPI [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-66866 Author:dtobolik [sig-cluster-lifecycle] Cluster_Infrastructure MAPI AWS machineset support for multiple AWS security groups [Disruptive] [Serial][Slow] 01-09 20:19:18.026 SKIP OCP-70442 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure CPMS MAPI A warning should be shown when removing the target pools from cpms [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-73668 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Create machineset with Reserved Capacity [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-73669 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Webhook validation for Reserved Capacity [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-73762 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI New machine can join cluster when VPC has custom DHCP option set containing multiple domain names [Disruptive] [Serial] 01-09 20:19:18.026 PASS OCP-73851 Author:zhsun [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Node shouldnt have uninitialized taint [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-74603 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Support AWS Placement Group Partition Number [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-75037 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Webhook validation for AWS Placement Group Partition Number [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-76187 Author:miyadav [sig-cluster-lifecycle] Cluster_Infrastructure MAPI Add Paused condition to Machine and MachineSet resources 01-09 20:19:18.026 SKIP OCP-76366 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Allow creating Nutanix VMs with multiple disks [Disruptive] [Serial] 01-09 20:19:18.026 SKIP OCP-76367 Author:huliu [sig-cluster-lifecycle] Cluster_Infrastructure MAPI [MAPI] Allow creating Nutanix worker VMs with GPUs [Disruptive] [Serial]

OpenShift Jira Bot added a comment - 2025/01/07 3:57 AM

Hi rh-ee-nbrubake,

Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

OpenShift Jira Bot added a comment - 2025/01/07 3:57 AM Hi rh-ee-nbrubake , Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

Joel Speed added a comment - 2025/01/02 4:25 PM

Waiting on the critical fixes requirement to be removed, otherwise this is ready to go

rh-ee-nbrubake can you make sure to follow up with the appropriate backport chains please

Joel Speed added a comment - 2025/01/02 4:25 PM Waiting on the critical fixes requirement to be removed, otherwise this is ready to go rh-ee-nbrubake can you make sure to follow up with the appropriate backport chains please

Taylor Fahlman added a comment - 2024/11/01 6:06 PM

Full map of each existing permission to its linked action

{
  "actionName": "Microsoft.Compute/virtualMachines/extensions/write",
  "linkedProperty": "properties.protectedSettingsFromKeyVault.sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.osProfile.secrets[*].sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaces[*].id",
  "linkedAction": "Microsoft.Network/networkInterfaces/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.managedDisk.id",
  "linkedActionVerb": "write"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.dataDisks[*].managedDisk.id",
  "linkedActionVerb": "write"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.encryptionSettings.diskEncryptionKey.sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.encryptionSettings.keyEncryptionKey.sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.encryptionSettingsCollection.encryptionSettings[*].diskEncryptionKey.sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.encryptionSettingsCollection.encryptionSettings[*].keyEncryptionKey.sourceVault.id",
  "linkedAction": "Microsoft.KeyVault/vaults/deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.host.id",
  "linkedActionVerb": "write"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.hostGroup.id",
  "linkedActionVerb": "write"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.capacityReservation.capacityReservationGroup.id",
  "linkedActionVerb": "deploy/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.virtualMachineScaleSet.id",
  "linkedActionVerb": "write"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.applicationProfile.galleryApplications[*].packageReferenceId",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.serviceArtifactReference.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.imageReference.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "identity.identityIds[*]",
  "linkedAction": "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "identity.userAssignedIdentities.*~",
  "linkedAction": "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.managedDisk.diskEncryptionSet.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.subnet.id",
  "linkedAction": "Microsoft.Network/virtualNetworks/subnets/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.loadBalancerBackendAddressPools[*].id",
  "linkedAction": "Microsoft.Network/loadBalancers/backendAddressPools/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.loadBalancerInboundNatPools[*].id",
  "linkedAction": "Microsoft.Network/loadBalancers/inboundNatPools/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.applicationGatewayBackendAddressPools[*].id",
  "linkedAction": "Microsoft.Network/applicationGateways/backendAddressPools/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.networkSecurityGroup.id",
  "linkedAction": "Microsoft.Network/networkSecurityGroups/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.publicIPAddressConfiguration.properties.publicIPPrefix.id",
  "linkedAction": "Microsoft.Network/publicIPPrefixes/join/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.applicationSecurityGroups[*].id",
  "linkedAction": "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.osDisk.managedDisk.securityProfile.diskEncryptionSet.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.dataDisks[*].managedDisk.securityProfile.diskEncryptionSet.id",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.storageProfile.dataDisks[*].sourceResource.id",
  "linkedAction": "Microsoft.Compute/disks/beginGetAccess/action"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.securityProfile.proxyAgentSettings.wireServer.inVMAccessControlProfileReferenceId",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Compute/virtualMachines/write",
  "linkedProperty": "properties.securityProfile.proxyAgentSettings.imds.inVMAccessControlProfileReferenceId",
  "linkedActionVerb": "read"
}
{
  "actionName": "Microsoft.Network/loadBalancers/write",
  "linkedProperty": "properties.frontendIPConfigurations[*].properties.gatewayLoadBalancer.id",
  "linkedAction": "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action"
}
{
  "actionName": "Microsoft.Network/loadBalancers/write",
  "linkedProperty": "properties.frontendIPConfigurations[*].properties.gatewayLoadBalancerAlias.id",
  "linkedAction": "Microsoft.Network/gatewayLoadBalancerAliases/join/action"
}
{
  "actionName": "Microsoft.Network/loadBalancers/write",
  "linkedProperty": "properties.frontendIPConfigurations[*].properties.subnet.id",
  "linkedAction": "Microsoft.Network/virtualNetworks/subnets/join/action"
}
{
  "actionName": "Microsoft.Network/loadBalancers/write",
  "linkedProperty": "properties.frontendIPConfigurations[*].properties.publicIPAddress.id",
  "linkedAction": "Microsoft.Network/publicIPAddresses/join/action"
}
{
  "actionName": "Microsoft.Network/loadBalancers/write",
  "linkedProperty": "properties.frontendIPConfigurations[*].properties.publicIPPrefix.id",
  "linkedAction": "Microsoft.Network/publicIPPrefixes/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.gatewayLoadBalancer.id",
  "linkedAction": "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.networkSecurityGroup.id",
  "linkedAction": "Microsoft.Network/networkSecurityGroups/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.subnet.id",
  "linkedAction": "Microsoft.Network/virtualNetworks/subnets/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.publicIPAddress.id",
  "linkedAction": "Microsoft.Network/publicIPAddresses/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.elasticNetworkInterfaceLinks[*].properties.networkInterface.id",
  "linkedAction": "Microsoft.Network/networkInterfaces/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.loadBalancerBackendAddressPools[*].id",
  "linkedAction": "Microsoft.Network/loadBalancers/backendAddressPools/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.loadBalancerInboundNatRules[*].id",
  "linkedAction": "Microsoft.Network/loadBalancers/inboundNatRules/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.applicationGatewayBackendAddressPools[*].id",
  "linkedAction": "Microsoft.Network/applicationGateways/backendAddressPools/join/action"
}
{
  "actionName": "Microsoft.Network/networkInterfaces/write",
  "linkedProperty": "properties.ipConfigurations[*].properties.applicationSecurityGroups[*].id",
  "linkedAction": "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action"
}
{
  "actionName": "Microsoft.Network/networkSecurityGroups/write",
  "linkedProperty": "properties.securityRules[*].properties.applicationSecurityGroups[*].id",
  "linkedAction": "Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action"
}
{
  "actionName": "Microsoft.Network/publicIPAddresses/write",
  "linkedProperty": "properties.publicIPPrefix.id",
  "linkedAction": "Microsoft.Network/publicIPPrefixes/join/action"
}
{
  "actionName": "Microsoft.Network/publicIPAddresses/write",
  "linkedProperty": "properties.ddosSettings.ddosProtectionPlan.id",
  "linkedAction": "Microsoft.Network/ddosProtectionPlans/join/action"
}

Taylor Fahlman added a comment - 2024/11/01 6:06 PM Full map of each existing permission to its linked action { "actionName" : "Microsoft.Compute/virtualMachines/extensions/write" , "linkedProperty" : "properties.protectedSettingsFromKeyVault.sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.osProfile.secrets[*].sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaces[*].id" , "linkedAction" : "Microsoft.Network/networkInterfaces/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.managedDisk.id" , "linkedActionVerb" : "write" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.dataDisks[*].managedDisk.id" , "linkedActionVerb" : "write" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.encryptionSettings.diskEncryptionKey.sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.encryptionSettings.keyEncryptionKey.sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.encryptionSettingsCollection.encryptionSettings[*].diskEncryptionKey.sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.encryptionSettingsCollection.encryptionSettings[*].keyEncryptionKey.sourceVault.id" , "linkedAction" : "Microsoft.KeyVault/vaults/deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.host.id" , "linkedActionVerb" : "write" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.hostGroup.id" , "linkedActionVerb" : "write" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.capacityReservation.capacityReservationGroup.id" , "linkedActionVerb" : "deploy/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.virtualMachineScaleSet.id" , "linkedActionVerb" : "write" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.applicationProfile.galleryApplications[*].packageReferenceId" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.serviceArtifactReference.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.imageReference.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "identity.identityIds[*]" , "linkedAction" : "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "identity.userAssignedIdentities.*~" , "linkedAction" : "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.managedDisk.diskEncryptionSet.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.dataDisks[*].managedDisk.diskEncryptionSet.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.subnet.id" , "linkedAction" : "Microsoft.Network/virtualNetworks/subnets/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.loadBalancerBackendAddressPools[*].id" , "linkedAction" : "Microsoft.Network/loadBalancers/backendAddressPools/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.loadBalancerInboundNatPools[*].id" , "linkedAction" : "Microsoft.Network/loadBalancers/inboundNatPools/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.applicationGatewayBackendAddressPools[*].id" , "linkedAction" : "Microsoft.Network/applicationGateways/backendAddressPools/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.networkSecurityGroup.id" , "linkedAction" : "Microsoft.Network/networkSecurityGroups/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.publicIPAddressConfiguration.properties.publicIPPrefix.id" , "linkedAction" : "Microsoft.Network/publicIPPrefixes/join/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.networkProfile.networkInterfaceConfigurations[*].properties.ipConfigurations[*].properties.applicationSecurityGroups[*].id" , "linkedAction" : "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.osDisk.managedDisk.securityProfile.diskEncryptionSet.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.dataDisks[*].managedDisk.securityProfile.diskEncryptionSet.id" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.storageProfile.dataDisks[*].sourceResource.id" , "linkedAction" : "Microsoft.Compute/disks/beginGetAccess/action" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.securityProfile.proxyAgentSettings.wireServer.inVMAccessControlProfileReferenceId" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Compute/virtualMachines/write" , "linkedProperty" : "properties.securityProfile.proxyAgentSettings.imds.inVMAccessControlProfileReferenceId" , "linkedActionVerb" : "read" } { "actionName" : "Microsoft.Network/loadBalancers/write" , "linkedProperty" : "properties.frontendIPConfigurations[*].properties.gatewayLoadBalancer.id" , "linkedAction" : "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action" } { "actionName" : "Microsoft.Network/loadBalancers/write" , "linkedProperty" : "properties.frontendIPConfigurations[*].properties.gatewayLoadBalancerAlias.id" , "linkedAction" : "Microsoft.Network/gatewayLoadBalancerAliases/join/action" } { "actionName" : "Microsoft.Network/loadBalancers/write" , "linkedProperty" : "properties.frontendIPConfigurations[*].properties.subnet.id" , "linkedAction" : "Microsoft.Network/virtualNetworks/subnets/join/action" } { "actionName" : "Microsoft.Network/loadBalancers/write" , "linkedProperty" : "properties.frontendIPConfigurations[*].properties.publicIPAddress.id" , "linkedAction" : "Microsoft.Network/publicIPAddresses/join/action" } { "actionName" : "Microsoft.Network/loadBalancers/write" , "linkedProperty" : "properties.frontendIPConfigurations[*].properties.publicIPPrefix.id" , "linkedAction" : "Microsoft.Network/publicIPPrefixes/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.gatewayLoadBalancer.id" , "linkedAction" : "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.networkSecurityGroup.id" , "linkedAction" : "Microsoft.Network/networkSecurityGroups/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.subnet.id" , "linkedAction" : "Microsoft.Network/virtualNetworks/subnets/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.publicIPAddress.id" , "linkedAction" : "Microsoft.Network/publicIPAddresses/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.elasticNetworkInterfaceLinks[*].properties.networkInterface.id" , "linkedAction" : "Microsoft.Network/networkInterfaces/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.loadBalancerBackendAddressPools[*].id" , "linkedAction" : "Microsoft.Network/loadBalancers/backendAddressPools/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.loadBalancerInboundNatRules[*].id" , "linkedAction" : "Microsoft.Network/loadBalancers/inboundNatRules/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.applicationGatewayBackendAddressPools[*].id" , "linkedAction" : "Microsoft.Network/applicationGateways/backendAddressPools/join/action" } { "actionName" : "Microsoft.Network/networkInterfaces/write" , "linkedProperty" : "properties.ipConfigurations[*].properties.applicationSecurityGroups[*].id" , "linkedAction" : "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action" } { "actionName" : "Microsoft.Network/networkSecurityGroups/write" , "linkedProperty" : "properties.securityRules[*].properties.applicationSecurityGroups[*].id" , "linkedAction" : "Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action" } { "actionName" : "Microsoft.Network/publicIPAddresses/write" , "linkedProperty" : "properties.publicIPPrefix.id" , "linkedAction" : "Microsoft.Network/publicIPPrefixes/join/action" } { "actionName" : "Microsoft.Network/publicIPAddresses/write" , "linkedProperty" : "properties.ddosSettings.ddosProtectionPlan.id" , "linkedAction" : "Microsoft.Network/ddosProtectionPlans/join/action" }

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Zhaohua Sun added a comment - 2025/01/10 8:27 AM, Edited by Zhaohua Sun - 2025/01/10 8:29 AM

Expand comment: Zhaohua Sun added a comment - 2025/01/10 8:27 AM, Edited by Zhaohua Sun - 2025/01/10 8:29 AM

Collapse comment: OpenShift Jira Bot added a comment - 2025/01/07 3:57 AM

Expand comment: OpenShift Jira Bot added a comment - 2025/01/07 3:57 AM

Collapse comment: Joel Speed added a comment - 2025/01/02 4:25 PM

Expand comment: Joel Speed added a comment - 2025/01/02 4:25 PM

Collapse comment: Taylor Fahlman added a comment - 2024/11/01 6:06 PM

Expand comment: Taylor Fahlman added a comment - 2024/11/01 6:06 PM

People

Dates