deployment-service: reconcile this code with automate-cli usage #951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For reasons that might have disappeared from everyone's memory, the d-s code was also what drove `chef-automate admin-token`. So, I've removed any "diagnostics"-related wording from the V2 policy data. Note that `chef-automate admin-token` first checks if the system uses v2, so that code path we've recently added for diagnostics should NOT be executed in that scenario. It still felt cleaner to remove the "diagnostics" words. Furthermore, this changes `GenerateAdminToken` so that in the diagnostics+iam-v2 use case, it can be run twice: once before the upgrade, once after; without triggering any policy conflicts. Before this commit, the second run would have not failed completely, but the already existing policy would not have referenced the proper token ID. Now, the v2 code is analogous to the v1 code: one policy per token. While we could do something more clever, this is enough for the limited use case I'm after. If we did do something more clever, we might as well make `chef-automate admin-token` not freak out if A2 is running on IAMv2. Signed-off-by: Stephan Renatus <[email protected]>
4 tasks
stevendanna
approved these changes
Jul 18, 2019
chef-ci
deleted the
sr/diagnostics/admin-token-with-iam-v2-run-twice-second-attempt
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For reasons that might have disappeared from everyone's memory, the d-s
code was also what drove
chef-automate admin-token. So, I've removedany "diagnostics"-related wording from the V2 policy data.
Note that
chef-automate admin-tokenfirst checks if the system usesv2, so that code path we've recently added for diagnostics should NOT be
executed in that scenario. It still felt cleaner to remove the
"diagnostics" words.
Furthermore, this changes
GenerateAdminTokenso that in thediagnostics+iam-v2 use case, it can be run twice: once before the
upgrade, once after; without triggering any policy conflicts.
Before this commit, the second run would have not failed completely, but
the already existing policy would not have referenced the proper token
ID. Now, the v2 code is analogous to the v1 code: one policy per token.
While we could do something more clever, this is enough for the limited
use case I'm after.
If we did do something more clever, we might as well make
chef-automate admin-tokennot freak out if A2 is running on IAMv2.