Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ci.jenkins.io) add a custom controller RG in the new subscription to store agent NSG #520

Merged
merged 1 commit into from
Nov 22, 2023

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Nov 22, 2023

Related to jenkins-infra/helpdesk#3818

Fixup of #519 to correct the error

 │ Error: creating/updating Network Security Group: (Name "ci.jenkins.io-ephemeralagents" / Resource Group "ci-jenkins-io-controller"): network.SecurityGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=404 -- Original Error: Code="ResourceGroupNotFound" Message="Resource group 'ci-jenkins-io-controller' could not be found."

Note that permissions have been increased to the SP to correct the following errors seen on the main branch:

│ Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<redacted>' with object id '<redacted>' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/<redacted>/resourceGroups/ci-jenkins-io-ephemeral-agents/providers/Microsoft.Authorization/roleAssignments/e6e75982-06dc-57fd-1743-3a2648e0546f' or the scope is invalid. If access was recently granted, please refresh your credentials."

@dduportal dduportal changed the title feat(ci.jenkins.io) add a custom controller RG in the new subscriptio… feat(ci.jenkins.io) add a custom controller RG in the new subscription to store agent NSG Nov 22, 2023
@dduportal dduportal marked this pull request as ready for review November 22, 2023 17:41
@dduportal dduportal requested a review from a team November 22, 2023 17:41
Copy link
Contributor Author

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plan: 15 to add, 0 to change, 0 to destroy. Let's roll

@dduportal dduportal merged commit 1ddf07b into jenkins-infra:main Nov 22, 2023
7 checks passed
@dduportal dduportal deleted the feat/helpdesk-3818/3 branch November 22, 2023 17:44
dduportal added a commit that referenced this pull request Nov 22, 2023
…he proper provider (#521)

Related to https://github.com/jenkins-infra/helpdesk/milestone/91

This PR fixes up #519 and #520

- Fixup of #520 by adding the proper provider to correct the error

```
│ Error: A resource with the ID "/subscriptions/****/resourceGroups/ci-jenkins-io-controller" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_resource_group" for more information.
```

- Allow specifying a custom storage account name for the new RG in the
subscription as storage account name are scope to ALL Azure :'( to
correct the error

```
│ Storage Account Name: "cijenkinsioagents"): storage.AccountsClient#Create: Failure sending request: StatusCode=409 -- Original Error: Code="StorageAccountAlreadyTaken" Message="The storage account named cijenkinsioagents is already taken."
```

- Cleanup of the `moved` declaration from #516

---------

Signed-off-by: Damien Duportal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant