OADP Authentication with Azure

[shdeshpa07]

Jira

• OADP-6279

OADP Authentication with Azure

Version

• OCP 4.19 → OCP 4.20

Preview

• About authenticating OADP with Azure

• Using a service principal or a storage account access key

• Using OADP with Azure STS auth

• Using OADP with Azure Workload Identity

QE Review

• QE has approved this change.

[shdeshpa07]

/label OADP

[ocpdocs-previewbot]

🤖 Tue Sep 23 06:35:25 - Prow CI generated the docs preview:

https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ibm-cloud.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-kubevirt.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.html
https://96739--ocpdocs-pr.netlify.app/openshift-enterprise/latest/virt/backup_restore/virt-backup-restore-overview.html
https://96739--ocpdocs-pr.netlify.app/openshift-rosa-hcp/latest/virt/backup_restore/virt-backup-restore-overview.html
https://96739--ocpdocs-pr.netlify.app/openshift-rosa/latest/virt/backup_restore/virt-backup-restore-overview.html

[shdeshpa07]

@weshayutin @PrasadJoshi12 - I have made changes in the Azure config docs to use either the service principal or storage account access keys. Could you please review the PR? Thanks.

[weshayutin]

@akarol whomever is testing @kaovilai's standard auth issues for 1.5.1 should also validate the azure, gcp docs for the short term token setup in each cloud. @shdeshpa07 let's be a little patient here, and allow use to get a build out to QE w/ the latest changes and then we'll rewalk the doc here. Incidentally it looks good to me.

[shdeshpa07]

@akarol whomever is testing @kaovilai's standard auth issues for 1.5.1 should also validate the azure, gcp docs for the short term token setup in each cloud. @shdeshpa07 let's be a little patient here, and allow use to get a build out to QE w/ the latest changes and then we'll rewalk the doc here. Incidentally it looks good to me.

Thanks @weshayutin. Yes, this config section needs the Azure AD Workload Identity way of auth. We may want to create a separate section for it. Like you said, we can discuss this when the testing is underway.

[akarol]

@weshayutin I'll make sure the Azure and GCP short-term token setup and documentation are validated alongside the standard auth testing for 1.5.1.

[shdeshpa07]

@stillalearner @weshayutin @kaovilai - Can I request reviews on this PR please?

I have added 2 new sections for the 2 Azure auth methods:

Using OADP with Azure STS auth

Using OADP with Azure Workload Identity

Thanks.

[weshayutin]

@kaovilai please review

[kaovilai]

https://github.com/kaovilai/oadp-operator/blob/cloudstorageAPI-docs/docs/config/azure/oadp-azure-sts-cloud-authentication.adoc

has more up to date docs, please check for removals and additions.

[shdeshpa07]

https://github.com/kaovilai/oadp-operator/blob/cloudstorageAPI-docs/docs/config/azure/oadp-azure-sts-cloud-authentication.adoc

has more up to date docs, please check for removals and additions.

@kaovilai - I have done the changes. Could you please have a look again. Thanks.

[weshayutin]

@anarnold97 can you please ensure this is written in modules that can be shared w/ the ARO team like we have shared doc w/ the ROSA team please. THANK YOU!

[shdeshpa07]

@anarnold97 can you please ensure this is written in modules that can be shared w/ the ARO team like we have shared doc w/ the ROSA team please. THANK YOU!

Hey Wes, yes it is written in modules :).

[weshayutin]

@shdeshpa07 not sure how docs team should intersect w/ mobb doc. For your reference
rh-mobb/documentation#659

[anarnold97]

@shdeshpa07 not sure how docs team should intersect w/ mobb doc. For your reference rh-mobb/documentation#659

@shdeshpa07 & @weshayutin - leave this with me

[shdeshpa07]

@vashirova - Can I request your peer review on this PR please? Thanks.

[vashirova]

@shdeshpa07 peer review is completed. Brilliant work overall, thanks for the opportunity!

[openshift-ci]

@shdeshpa07: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[shdeshpa07]

/cherrypick enterprise-4.20

[shdeshpa07]

/cherrypick enterprise-4.19

[openshift-cherrypick-robot]

@shdeshpa07: new pull request created: #99531

Details

In response to this:

/cherrypick enterprise-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-cherrypick-robot]

@shdeshpa07: new pull request created: #99532

Details

In response to this:

/cherrypick enterprise-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.