swatch is working on an epic that's part of the Metered RHEL/CentOS Conversion efforts. Specifically, the epic is for integration between swatch and the new RHEL observatorium.

We found that observatorium/token-refresher lacked the ability to pass "scope" when generating the token. This prevented successful authentication to the RHEL observatorium instance. The token-refresher has already been updated (https://github.com/observatorium/token-refresher/pull/32) to allow for "scope" to be configurable via the --scope argument. This update is available in the master-2023-09-20-f5e3403 image in https://quay.io/repository/observatorium/token-refresher.

We need the token-refresher sidecar operator to also allow for a configurable scope and pass it through to the token-refresher.

TODO:

• Bump the version of the token-refresher that clowder's using to master-2023-09-20-f5e3403
• Support configurable scope in the sidecar
  • Need scope args passed to token-refresher app

• • • --scope=$(SCOPE)

• • https://github.com/RedHatInsights/clowder/blob/0064b9020d63f8fa4c81ef40105b7b43d6135c4a/controllers/cloud.redhat.com/providers/sidecar/default.go#L100
• It would be ideal if we could introduce and use a SCOPE key in the existing $clowdapp-token-refresher secrets like we do with CLIENT_ID, URL, etc.