Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-32096

Add permission to ccx team to see ephemeral-bot token

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Unset
    • No

      Context:

      Some months ago I created a token (https://gitlab.cee.redhat.com/service/app-interface/-/blob/2838bd4d4dcabd55873b5c3090b1a313f021b24a/data/services/insights/ephemeral/namespaces/ephemeral-base.yml#L43) for the ccx-rules-releaser.serviceaccount.yaml which is used to run oc commands on the ephemeral environment from our Gitlab CI release pipeline (https://gitlab.cee.redhat.com/ccx/ccx-rules-releaser).

      The token was refreshed and wasn't updated automatically on Gitlab, so our pipeline lost access to the cluster. There is a ticket ( APPSRE-10108 ) opened on the AppSRE board aiming to automate this, but in the meantime it would be nice to have access to the secret so that we can update it manually.

      Acceptance criteria:

      Grant access to the ccx-data-pipeline team (https://gitlab.cee.redhat.com/service/app-interface/-/blob/2838bd4d4dcabd55873b5c3090b1a313f021b24a/data/teams/insights/roles/ccx-data-pipeline.yml) on that secret.

            gburges@redhat.com Gabor Burges
            jdiazsua@redhat.com Juan Diaz Suarez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: