From 95e9bd678e1b7d76f788d2138036c932ad49647f Mon Sep 17 00:00:00 2001 From: Philip Gough Date: Tue, 3 Oct 2023 09:37:07 +0100 Subject: [PATCH] rbac: Promoote rhel tenant to production (#613) --- configuration/observatorium/rbac.go | 4 ++-- resources/services/observatorium-template.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/configuration/observatorium/rbac.go b/configuration/observatorium/rbac.go index c38c61caf5..2a714770f2 100644 --- a/configuration/observatorium/rbac.go +++ b/configuration/observatorium/rbac.go @@ -319,7 +319,7 @@ func GenerateRBAC(gen *mimic.Generator) { tenant: rhelTenant, signals: []signal{metricsSignal}, perms: []rbac.Permission{rbac.Read}, - envs: []env{stagingEnv}, + envs: []env{stagingEnv, productionEnv}, }) // RHEL // Writer serviceaccount @@ -328,7 +328,7 @@ func GenerateRBAC(gen *mimic.Generator) { tenant: rhelTenant, signals: []signal{metricsSignal}, perms: []rbac.Permission{rbac.Write}, - envs: []env{stagingEnv}, + envs: []env{stagingEnv, productionEnv}, }) // Use JSON because we want to have jsonnet using that in configmaps/secrets. diff --git a/resources/services/observatorium-template.yaml b/resources/services/observatorium-template.yaml index 9a6c92a928..57edad5d38 100644 --- a/resources/services/observatorium-template.yaml +++ b/resources/services/observatorium-template.yaml @@ -967,12 +967,16 @@ objects: "subjects": - "kind": "user" "name": "service-account-observatorium-rhel-read-staging" + - "kind": "user" + "name": "service-account-observatorium-rhel-read" - "name": "observatorium-rhel-write" "roles": - "rhel-metrics-write" "subjects": - "kind": "user" "name": "service-account-observatorium-rhel-write-staging" + - "kind": "user" + "name": "service-account-observatorium-rhel-write" "roles": - "name": "cnvqe-metrics-write" "permissions":