Vineeth Guna [Microsoft] (e751f182) at 06 Feb 05:03
Made changes for eck chart to honor nodepool mapping
... and 88 more commits
This PR prints issuer in the logs for Istio. This is done as a part of this feature:-https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/5994
AAD is being used for Authentication and Authorization. Need issuer to check the different authentication mechanisms. This PR will add issuer to the logs.
We were importing AccessDeniedException from the wrong package. Instead of importing spring's AccessDeniedException, we were importing this exception from java.nio.file package. As a result of this, exception handler for this type of exception was never executed instead exception handler logic for Exception.class was being executed and because of this, we were throwing "500 Internal Server" Error instead of "401 Unauthorized" exception.
In this PR, I have fixed the import statement for AccessDeniedException and also added unit test for the same.
We were importing AccessDeniedException from the wrong package. Instead of importing spring's AccessDeniedException, we were importing this exception from java.nio.file package. As a result of this, exception handler for this type of exception was never executed instead exception handler logic for Exception.class was being executed and because of this, we were throwing "500 Internal Server" Error instead of "401 Unauthorized" exception.
In this PR, I have fixed the import statement for AccessDeniedException and also added unit test for the same.
In case user provides invalid data partition id, we throw 403 forbidden error with error message "The user is not authorized to perform this action" which can be misleading for the user. This issue has already been fixed in master branch so I just copied the statement to throw this exception from 'master' branch.
What is happening : Currently, during schema data initialization job, the name of the AKS Cluster in which schemas are to be loaded are fetched via az commands.
What is the fix : Instead of using az commands, we simply pass the correct AKS cluster name as an environment variable to the yaml files that creates the helm charts required for schema data initialization job.
What is happening : Currently, during schema data initialization job, the name of the AKS Cluster in which schemas are to be loaded are fetched via az commands.
What is the fix : Instead of using az commands, we simply pass the correct AKS cluster name as an environment variable to the shell file that loads the schemas.
Lets rename the property to capture the essence instead of just saying msi id, it can azure.admin.client.id
What is the reason to make it protected from private
What is the reason to make it protected from private
The function is doing two operations, first filtering whether it is a operation for which MSI authentication needs to happen and it is also doing MSI authentication check
Separate the functionality into two functions rather than in one function
Can you give context on why this class is name very specific to MSI?
We can overload this function to accept with operation and without operation as a fallback, thoughts?
Should this condition be part of authorizationService code?
Do we want to mandate sending operation name
Is there a default fallback logic if we do not send the operation name?
@harshit283 Can we instead gets the aks based on tags instead of excluding, filtering out?
Tomorrow if we have one more aks cluster for some reason it can cause issues again
Making helm changes to configure the docker image property being added in MR below: infra-azure-provisioning!889