ROX-19330: Add second declarative config mount point to central CR #1223

ivan-degtiarenko · 2023-08-28T14:45:19Z

Description

This PR adds a second declarative config mount point to ACSCS centrals.

The secret referenced here will not be created by reconciler, but rather manually and only when customer requests multiple orgs support. In that case cloud-service-manual-declarative-configs secret will be created and populated with the corresponding auth provider configuration.

The reasons to introduce separate secret here:

Want to separate ownership - cloud-service-sensible-declarative-configs contents are controlled only by fleetshard-sync, let's keep it that way
It's easier to identify if declarative configuration was manually changed if secret is separate

Ideally, I would like to name secrets cloud-service-reconciled-declarative-configs and cloud-service-manual-declarative-configs, however, migrating existing secret names looks like a non-trivial task not worth pursuing.

Checklist (Definition of Done)

Unit and integration tests added
Added test description under Test manual
Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
CI and all relevant tests are passing
Add the ticket number to the PR title if available, i.e. ROX-12345: ...
Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.
Add secret to app-interface Vault or Secrets Manager if necessary
RDS changes were e2e tested manually
Check AWS limits are reasonable for changes provisioning new resources

Test manual

CI is sufficient

parametalol

LGTM, provided with explanation that the automated tests cover the usecase.

Under condition that the CI tests pass.

openshift-ci · 2023-08-28T15:27:36Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 0x656b694d, ivan-degtiarenko

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [ivan-degtiarenko]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ivan-degtiarenko · 2023-08-28T15:33:30Z

/retest

Add second declarative config mount point to central CR

89bf60f

ivan-degtiarenko temporarily deployed to development August 28, 2023 14:45 — with GitHub Actions Inactive

openshift-ci bot added the approved label Aug 28, 2023

parametalol self-requested a review August 28, 2023 15:06

parametalol approved these changes Aug 28, 2023

View reviewed changes

openshift-ci bot assigned parametalol Aug 28, 2023

openshift-ci bot added the lgtm label Aug 28, 2023

ivan-degtiarenko merged commit 49272f5 into main Aug 28, 2023
8 checks passed

ivan-degtiarenko deleted the ivan/ROX-19330-manual-declarative-config-mount branch August 28, 2023 16:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ROX-19330: Add second declarative config mount point to central CR #1223

ROX-19330: Add second declarative config mount point to central CR #1223

ivan-degtiarenko commented Aug 28, 2023 •

edited

Loading

parametalol left a comment

openshift-ci bot commented Aug 28, 2023

ivan-degtiarenko commented Aug 28, 2023

ROX-19330: Add second declarative config mount point to central CR #1223

ROX-19330: Add second declarative config mount point to central CR #1223

Conversation

ivan-degtiarenko commented Aug 28, 2023 • edited Loading

Description

Checklist (Definition of Done)

Test manual

parametalol left a comment

Choose a reason for hiding this comment

openshift-ci bot commented Aug 28, 2023

ivan-degtiarenko commented Aug 28, 2023

ivan-degtiarenko commented Aug 28, 2023 •

edited

Loading