ROX-27176: Remove observability dead code from acs-fleet-manager (#2103)

stackrox · Nov 29, 2024 · bf1d3f3 · bf1d3f3
1 parent fd67555
commit bf1d3f3
Show file tree

Hide file tree

Showing 55 changed files with 66 additions and 4,255 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -105,7 +105,7 @@ jobs:
           git diff --exit-code
       - name: Setup tests secrets
         run: |
-          make ocm/setup aws/setup redhatsso/setup centralcert/setup observatorium/setup secrets/touch
+          make ocm/setup aws/setup redhatsso/setup centralcert/setup secrets/touch
       - name: Run Migration Script
         run: make db/migrate
       - name: Verify & Test

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
       require_serial: true
       pass_filenames: true
       stages: [push, manual]
-      files: '(openapi/.*|pkg/workers/worker_interface.go|pkg/client/ocm/id.go|pkg/client/aws/client.go|pkg/client/ocm/client.go|pkg/client/iam/client.go|pkg/services/authorization/authorization.go|pkg/services/sso/iam_service.go|pkg/client/redhatsso/client.go|pkg/auth/auth_agent_service.go|internal/dinosaur/pkg/services/observatorium_service.go|internal/dinosaur/pkg/services/cluster_placement_strategy.go|internal/dinosaur/pkg/services/cloud_providers.go|internal/dinosaur/pkg/services/clusters.go|internal/dinosaur/pkg/services/quota.go|internal/dinosaur/pkg/services/fleetshard_operator_addon.go|internal/dinosaur/pkg/services/quota_service_factory.go|internal/dinosaur/pkg/clusters/cluster_builder.go|internal/dinosaur/pkg/clusters/provider.go|internal/dinosaur/pkg/services/dinosaur.go)'
+      files: '(openapi/.*|pkg/workers/worker_interface.go|pkg/client/ocm/id.go|pkg/client/aws/client.go|pkg/client/ocm/client.go|pkg/client/iam/client.go|pkg/services/authorization/authorization.go|pkg/services/sso/iam_service.go|pkg/client/redhatsso/client.go|pkg/auth/auth_agent_service.go|internal/dinosaur/pkg/services/cluster_placement_strategy.go|internal/dinosaur/pkg/services/cloud_providers.go|internal/dinosaur/pkg/services/clusters.go|internal/dinosaur/pkg/services/quota.go|internal/dinosaur/pkg/services/fleetshard_operator_addon.go|internal/dinosaur/pkg/services/quota_service_factory.go|internal/dinosaur/pkg/clusters/cluster_builder.go|internal/dinosaur/pkg/clusters/provider.go|internal/dinosaur/pkg/services/dinosaur.go)'
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.5.0
     hooks:

diff --git a/.secrets.baseline b/.secrets.baseline
@@ -268,7 +268,7 @@
         "filename": "internal/dinosaur/pkg/api/public/api/openapi.yaml",
         "hashed_secret": "5b455797b93de5b6a19633ba22127c8a610f5c1b",
         "is_verified": false,
-        "line_number": 1535
+        "line_number": 1343
       }
     ],
     "internal/dinosaur/pkg/presenters/managedcentral.go": [
@@ -330,63 +330,63 @@
         "filename": "templates/service-template.yml",
         "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
         "is_verified": false,
-        "line_number": 524
+        "line_number": 471
       },
       {
         "type": "Secret Keyword",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
         "is_verified": false,
-        "line_number": 707,
+        "line_number": 654,
         "is_secret": false
       }
     ],
@@ -416,5 +416,5 @@
       }
     ]
   },
-  "generated_at": "2024-10-17T08:34:41Z"
+  "generated_at": "2024-11-26T16:50:48Z"
 }
diff --git a/Makefile b/Makefile
@@ -215,8 +215,6 @@ help:
 	@echo "make setup/git/hooks             setup git hooks"
 	@echo "make secrets/touch               touch all required secret files"
 	@echo "make centralcert/setup           setup the central TLS certificate used for Managed Central Service"
-	@echo "make observatorium/setup         setup observatorium secrets used by CI"
-	@echo "make observatorium/token-refresher/setup" setup a local observatorium token refresher
 	@echo "make docker/login/internal       login to an openshift cluster image registry"
 	@echo "make image/push/internal         push image to an openshift cluster image registry."
 	@echo "make deploy/project              deploy the service via templates to an openshift cluster"
@@ -634,7 +632,6 @@ secrets/touch:
           secrets/central-tls.crt \
           secrets/central-tls.key \
           secrets/central.idp-client-secret \
-          secrets/observability-config-access.token \
           secrets/ocm-service.clientId \
           secrets/ocm-service.clientSecret \
           secrets/ocm-service.token \
@@ -675,31 +672,6 @@ centralcert/setup:
 	@echo -n "$(CENTRAL_TLS_KEY)" > secrets/central-tls.key
 .PHONY:centralcert/setup
 
-observatorium/setup:
-	@echo -n "$(OBSERVATORIUM_CONFIG_ACCESS_TOKEN)" > secrets/observability-config-access.token;
-	@echo -n "$(RHSSO_LOGS_CLIENT_ID)" > secrets/rhsso-logs.clientId;
-	@echo -n "$(RHSSO_LOGS_CLIENT_SECRET)" > secrets/rhsso-logs.clientSecret;
-	@echo -n "$(RHSSO_METRICS_CLIENT_ID)" > secrets/rhsso-metrics.clientId;
-	@echo -n "$(RHSSO_METRICS_CLIENT_SECRET)" > secrets/rhsso-metrics.clientSecret;
-.PHONY:observatorium/setup
-
-observatorium/token-refresher/setup: PORT ?= 8085
-observatorium/token-refresher/setup: IMAGE_TAG ?= latest
-observatorium/token-refresher/setup: ISSUER_URL ?= https://sso.redhat.com/auth/realms/redhat-external
-observatorium/token-refresher/setup: OBSERVATORIUM_URL ?= https://observatorium-mst.api.stage.openshift.com/api/metrics/v1/manageddinosaur
-observatorium/token-refresher/setup:
-	@$(DOCKER) run -d -p ${PORT}:${PORT} \
-		--restart always \
-		--name observatorium-token-refresher quay.io/rhoas/mk-token-refresher:${IMAGE_TAG} \
-		/bin/token-refresher \
-		--oidc.issuer-url="${ISSUER_URL}" \
-		--url="${OBSERVATORIUM_URL}" \
-		--oidc.client-id="${CLIENT_ID}" \
-		--oidc.client-secret="${CLIENT_SECRET}" \
-		--web.listen=":${PORT}"
-	@echo The Observatorium token refresher is now running on 'http://localhost:${PORT}'
-.PHONY: observatorium/token-refresher/setup
-
 # Setup dummy OCM_OFFLINE_TOKEN for integration testing
 ocm/setup: OCM_OFFLINE_TOKEN ?= "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" # pragma: allowlist secret
 ocm/setup:
@@ -743,13 +715,6 @@ deploy/secrets:
 		-p CENTRAL_IDP_CLIENT_SECRET="$(shell ([ -s './secrets/central.idp-client-secret' ] && [ -z '${CENTRAL_IDP_CLIENT_SECRET}' ]) && cat ./secrets/central.idp-client-secret || echo '${CENTRAL_IDP_CLIENT_SECRET}')" \
 		-p CENTRAL_TLS_CERT="$(shell ([ -s './secrets/central-tls.crt' ] && [ -z '${CENTRAL_TLS_CERT}' ]) && cat ./secrets/central-tls.crt || echo '${CENTRAL_TLS_CERT}')" \
 		-p CENTRAL_TLS_KEY="$(shell ([ -s './secrets/central-tls.key' ] && [ -z '${CENTRAL_TLS_KEY}' ]) && cat ./secrets/central-tls.key || echo '${CENTRAL_TLS_KEY}')" \
-		-p OBSERVABILITY_CONFIG_ACCESS_TOKEN="$(shell ([ -s './secrets/observability-config-access.token' ] && [ -z '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}' ]) && cat ./secrets/observability-config-access.token || echo '${OBSERVABILITY_CONFIG_ACCESS_TOKEN}')" \
-		-p OBSERVABILITY_RHSSO_LOGS_CLIENT_ID="$(shell ([ -s './secrets/rhsso-logs.clientId' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}' ]) && cat ./secrets/rhsso-logs.clientId || echo '${OBSERVABILITY_RHSSO_LOGS_CLIENT_ID}')" \
-		-p OBSERVABILITY_RHSSO_LOGS_SECRET="$(shell ([ -s './secrets/rhsso-logs.clientSecret' ] && [ -z '${OBSERVABILITY_RHSSO_LOGS_SECRET}' ]) && cat ./secrets/rhsso-logs.clientSecret || echo '${OBSERVABILITY_RHSSO_LOGS_SECRET}')" \
-		-p OBSERVABILITY_RHSSO_METRICS_CLIENT_ID="$(shell ([ -s './secrets/rhsso-metrics.clientId' ] && [ -z '${OBSERVABILITY_RHSSO_METRICS_CLIENT_ID}' ]) && cat ./secrets/rhsso-metrics.clientId || echo '${OBSERVABILITY_RHSSO_METRICS_CLIENT_ID}')" \
-		-p OBSERVABILITY_RHSSO_METRICS_SECRET="$(shell ([ -s './secrets/rhsso-metrics.clientSecret' ] && [ -z '${OBSERVABILITY_RHSSO_METRICS_SECRET}' ]) && cat ./secrets/rhsso-metrics.clientSecret || echo '${OBSERVABILITY_RHSSO_METRICS_SECRET}')" \
-		-p OBSERVABILITY_RHSSO_GRAFANA_CLIENT_ID="${OBSERVABILITY_RHSSO_GRAFANA_CLIENT_ID}" \
-		-p OBSERVABILITY_RHSSO_GRAFANA_CLIENT_SECRET="${OBSERVABILITY_RHSSO_GRAFANA_CLIENT_SECRET}" \
 		| oc apply -f - -n $(NAMESPACE)
 .PHONY: deploy/secrets
 
@@ -794,9 +759,6 @@ deploy/service: ENABLE_TERMS_ACCEPTANCE ?= "false"
 deploy/service: ENABLE_DENY_LIST ?= "false"
 deploy/service: ALLOW_EVALUATOR_INSTANCE ?= "true"
 deploy/service: QUOTA_TYPE ?= "quota-management-list"
-deploy/service: OBSERVABILITY_CONFIG_REPO ?= "https://api.github.com/repos/bf2fc6cc711aee1a0c2a/observability-resources-mk/contents"
-deploy/service: OBSERVABILITY_CONFIG_CHANNEL ?= "resources"
-deploy/service: OBSERVABILITY_CONFIG_TAG ?= "main"
 deploy/service: DATAPLANE_CLUSTER_SCALING_TYPE ?= "manual"
 deploy/service: CENTRAL_IDP_ISSUER ?= "https://sso.stage.redhat.com/auth/realms/redhat-external"
 deploy/service: CENTRAL_IDP_CLIENT_ID ?= "rhacs-ms-dev"
@@ -830,13 +792,6 @@ endif
 		-p OCM_ADDON_SERVICE_URL="$(OCM_ADDON_SERVICE_URL)" \
 		-p AMS_URL="${AMS_URL}" \
 		-p SERVICE_PUBLIC_HOST_URL="https://$(shell oc get routes/fleet-manager -o jsonpath="{.spec.host}" -n $(NAMESPACE))" \
-		-p OBSERVATORIUM_RHSSO_GATEWAY="${OBSERVATORIUM_RHSSO_GATEWAY}" \
-		-p OBSERVATORIUM_RHSSO_REALM="${OBSERVATORIUM_RHSSO_REALM}" \
-		-p OBSERVATORIUM_RHSSO_TENANT="${OBSERVATORIUM_RHSSO_TENANT}" \
-		-p OBSERVATORIUM_RHSSO_AUTH_SERVER_URL="${OBSERVATORIUM_RHSSO_AUTH_SERVER_URL}" \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_URL="http://token-refresher.$(NAMESPACE).svc.cluster.local" \
-		-p OBSERVABILITY_CONFIG_REPO="${OBSERVABILITY_CONFIG_REPO}" \
-		-p OBSERVABILITY_CONFIG_TAG="${OBSERVABILITY_CONFIG_TAG}" \
 		-p ENABLE_TERMS_ACCEPTANCE="${ENABLE_TERMS_ACCEPTANCE}" \
 		-p ALLOW_EVALUATOR_INSTANCE="${ALLOW_EVALUATOR_INSTANCE}" \
 		-p QUOTA_TYPE="${QUOTA_TYPE}" \
@@ -861,7 +816,6 @@ endif
 # remove service deployments from an OpenShift cluster
 undeploy: FLEET_MANAGER_IMAGE ?= $(SHORT_IMAGE_REF)
 undeploy:
-	@-oc process -f ./templates/observatorium-token-refresher.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/db-template.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/secrets-template.yml --local | oc delete -f - -n $(NAMESPACE)
 	@-oc process -f ./templates/route-template.yml --local | oc delete -f - -n $(NAMESPACE)
@@ -871,20 +825,6 @@ undeploy:
 		| oc delete -f - -n $(NAMESPACE)
 .PHONY: undeploy
 
-# Deploys an Observatorium token refresher on an OpenShift cluster
-deploy/token-refresher: ISSUER_URL ?= "https://sso.redhat.com/auth/realms/redhat-external"
-deploy/token-refresher: OBSERVATORIUM_TOKEN_REFRESHER_IMAGE ?= "quay.io/rhoas/mk-token-refresher"
-deploy/token-refresher: OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG ?= "latest"
-deploy/token-refresher: OBSERVATORIUM_URL ?= "https://observatorium-mst.api.stage.openshift.com/api/metrics/v1/manageddinosaur"
-deploy/token-refresher:
-	@-oc process -f ./templates/observatorium-token-refresher.yml \
-		-p ISSUER_URL=${ISSUER_URL} \
-		-p OBSERVATORIUM_URL=${OBSERVATORIUM_URL} \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_IMAGE=${OBSERVATORIUM_TOKEN_REFRESHER_IMAGE} \
-		-p OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG=${OBSERVATORIUM_TOKEN_REFRESHER_IMAGE_TAG} \
-		 | oc apply -f - -n $(NAMESPACE)
-.PHONY: deploy/token-refresher
-
 # Deploys OpenShift ingress router on a k8s cluster
 deploy/openshift-router:
 	./scripts/openshift-router.sh deploy

diff --git a/cmd/fleet-manager/main.go b/cmd/fleet-manager/main.go
@@ -49,7 +49,6 @@ func main() {
 	// Unsupported CLI commands. Eventually some of them can be removed.
 	// rootCmd.AddCommand(cluster.NewClusterCommand(env))
 	// rootCmd.AddCommand(cloudprovider.NewCloudProviderCommand(env))
-	// rootCmd.AddCommand(observatorium.NewRunObservatoriumCommand(env))
 	// rootCmd.AddCommand(errors.NewErrorsCommand(env))
 
 	if err := rootCmd.Execute(); err != nil {

diff --git a/dev/env/defaults/00-defaults.env b/dev/env/defaults/00-defaults.env
@@ -43,7 +43,6 @@ export OSD_IDP_SSO_CLIENT_ID_DEFAULT=""
 export OSD_IDP_SSO_CLIENT_SECRET_DEFAULT=""
 export ROUTE53_ACCESS_KEY_DEFAULT=""
 export ROUTE53_SECRET_ACCESS_KEY_DEFAULT=""
-export OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT=""
 export SPAWN_LOGGER_DEFAULT="false"
 export DUMP_LOGS_DEFAULT="false"
 export OPERATOR_SOURCE_DEFAULT=""

diff --git a/dev/env/scripts/lib.sh b/dev/env/scripts/lib.sh
@@ -107,7 +107,6 @@ init() {
     export OSD_IDP_SSO_CLIENT_SECRET=${OSD_IDP_SSO_CLIENT_SECRET:-$OSD_IDP_SSO_CLIENT_SECRET_DEFAULT}
     export ROUTE53_ACCESS_KEY=${ROUTE53_ACCESS_KEY:-$ROUTE53_ACCESS_KEY_DEFAULT}
     export ROUTE53_SECRET_ACCESS_KEY=${ROUTE53_SECRET_ACCESS_KEY:-$ROUTE53_SECRET_ACCESS_KEY_DEFAULT}
-    export OBSERVABILITY_CONFIG_ACCESS_TOKEN=${OBSERVABILITY_CONFIG_ACCESS_TOKEN:-$OBSERVABILITY_CONFIG_ACCESS_TOKEN_DEFAULT}
     export INHERIT_IMAGEPULLSECRETS=${INHERIT_IMAGEPULLSECRETS:-$INHERIT_IMAGEPULLSECRETS_DEFAULT}
     export SPAWN_LOGGER=${SPAWN_LOGGER:-$SPAWN_LOGGER_DEFAULT}
     export DUMP_LOGS=${DUMP_LOGS:-$DUMP_LOGS_DEFAULT}
@@ -190,7 +189,6 @@ OSD_IDP_SSO_CLIENT_ID: ********
 OSD_IDP_SSO_CLIENT_SECRET: ********
 ROUTE53_ACCESS_KEY: ********
 ROUTE53_SECRET_ACCESS_KEY: ********
-OBSERVABILITY_CONFIG_ACCESS_TOKEN: ********
 INHERIT_IMAGEPULLSECRETS: ${INHERIT_IMAGEPULLSECRETS}
 SPAWN_LOGGER: ${SPAWN_LOGGER}
 DUMP_LOGS: ${DUMP_LOGS}

diff --git a/docs/development/populating-configuration.md b/docs/development/populating-configuration.md
@@ -115,14 +115,6 @@ In the Data Plane cluster, the Central Operator and the FleetShard Deployments
 might reference container images that are located in authenticated container
 image registries.
 
-## Setup the Observability stack secrets
-See [Obsevability](./observability/README.md) to learn more about Observatorium and the observability stack.
-The following command is used to setup the various secrets needed by the Observability stack.
-
-```
-make observatorium/setup
-```
-
 ## Setup a custom TLS certificate for Central Host URLs
 
 When Fleet Manager creates Central instances, it can be configured to

diff --git a/docs/legacy/feature-flags.md b/docs/legacy/feature-flags.md
@@ -13,7 +13,6 @@ This lists the feature flags and their sub-configurations to enable/disable and
   - [Central](#central)
   - [IAM](#iam)
   - [Metrics Server](#metrics-server)
-  - [Observability](#observability)
   - [OpenShift Cluster Manager](#openshift-cluster-manager)
   - [Dataplane Cluster Management](#dataplane-cluster-management)
   - [Sentry](#sentry)
@@ -76,28 +75,6 @@ This lists the feature flags and their sub-configurations to enable/disable and
     - `https-cert-file` [Required]: The path to the file containing the TLS certificate.
     - `https-key-file` [Required]: The path to the file containing the TLS private key.
 
-## Observability
-- **enable-observatorium-mock**: Enables use of a mock Observatorium client.
-    - `observatorium-timeout` [Optional]: Timeout to be used for Observatorium requests (default: `240s`).
-- **observatorium-debug**: Enables Observatorium debug logging.
-- **observatorium-ignore-ssl**: Disables Observatorium TLS verification.
-
-### Red Hat SSO Authentication
-- The '[Required]' in the following denotes that these flags are required to use Red Hat SSO Authentication with the service.
-    - `observability-red-hat-sso-auth-server-url`[Required]: Red Hat SSO authentication server URL (default: `https://sso.redhat.com/auth`).
-    - `observability-red-hat-sso-realm`[Required]: Red Hat SSO realm (default: `redhat-external`).
-    - `observability-red-hat-sso-token-refresher-url`[Required]: Red Hat SSO token refresher URL (default: `www.test.com`).
-    - `observability-red-hat-sso-observatorium-gateway`[Required]: Red Hat SSO observatorium gateway (default: `https://observatorium-mst.api.stage.openshift.com`).
-    - `observability-red-hat-sso-tenant`[Required]: Red Hat SSO tenant (default: `managedCentral`).
-    - `observability-red-hat-sso-logs-client-id-file`[Required]: The path to the file containing the client
-    ID for the logs service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-logs-secret-file`[Required]: The path to the file containing the client
-    secret for the logs service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-metrics-client-id-file`[Required]: The path to the file containing the client
-    ID for the metrics service account for use with Red Hat SSO.
-    - `observability-red-hat-sso-metrics-secret-file`[Required]: The path to the file containing the client
-    secret for the metrics service account for use with Red Hat SSO.
-
 ## OpenShift Cluster Manager
 - **enable-ocm-mock**: Enables use of a mock OCM client.
     - `ocm-mock-mode` [Optional]: Sets the ocm client mock type (default: `stub-server`).