Offboard logging tenants and rbac

rhobs · Mar 15, 2024 · 29c85e1 · 29c85e1
1 parent d184050
commit 29c85e1
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 157 deletions.
diff --git a/configuration/observatorium/rbac.go b/configuration/observatorium/rbac.go
@@ -12,9 +12,7 @@ import (
 type tenantID string
 
 const (
-	appsreTenant            tenantID = "appsre"
 	cnvqeTenant             tenantID = "cnvqe"
-	dptpTenant              tenantID = "dptp"
 	telemeterTenant         tenantID = "telemeter"
 	rhobsTenant             tenantID = "rhobs"
 	psiocpTenant            tenantID = "psiocp"
@@ -102,26 +100,19 @@ func GenerateRBAC() *observatoriumRBAC {
 		perms:   []rbac.Permission{rbac.Read},
 		envs:    []env{stagingEnv, productionEnv},
 	})
-	attachBinding(&obsRBAC, bindingOpts{
-		name:    "observatorium-rhacs-logs",
-		tenant:  rhacsTenant,
-		signals: []signal{logsSignal},
-		perms:   []rbac.Permission{rbac.Write, rbac.Read},
-		envs:    []env{stagingEnv, productionEnv},
-	})
 
 	// RHOBS
 	attachBinding(&obsRBAC, bindingOpts{
 		name:    "observatorium-rhobs",
 		tenant:  rhobsTenant,
-		signals: []signal{metricsSignal, logsSignal, tracesSignal},
+		signals: []signal{metricsSignal},
 		perms:   []rbac.Permission{rbac.Write, rbac.Read},
 		envs:    []env{testingEnv, stagingEnv, productionEnv},
 	})
 	attachBinding(&obsRBAC, bindingOpts{
 		name:    "observatorium-rhobs-mst",
 		tenant:  rhobsTenant,
-		signals: []signal{metricsSignal, logsSignal, tracesSignal},
+		signals: []signal{metricsSignal},
 		perms:   []rbac.Permission{rbac.Write, rbac.Read},
 		envs:    []env{stagingEnv, productionEnv},
 	})
@@ -131,8 +122,6 @@ func GenerateRBAC() *observatoriumRBAC {
 		Roles: []string{
 			getOrCreateRoleName(&obsRBAC, telemeterTenant, metricsSignal, rbac.Read),
 			getOrCreateRoleName(&obsRBAC, rhobsTenant, metricsSignal, rbac.Read),
-			getOrCreateRoleName(&obsRBAC, rhobsTenant, logsSignal, rbac.Read),
-			getOrCreateRoleName(&obsRBAC, rhobsTenant, tracesSignal, rbac.Read),
 		},
 		Subjects: []rbac.Subject{{Name: "[email protected]", Kind: rbac.Group}},
 	})
@@ -285,36 +274,6 @@ func GenerateRBAC() *observatoriumRBAC {
 		skipConventionCheck: true,
 	})
 
-	// RHOBS Logs only tenants
-
-	// DPTP
-	// Reader serviceaccount
-	attachBinding(&obsRBAC, bindingOpts{
-		name:    "observatorium-dptp-reader",
-		tenant:  dptpTenant,
-		signals: []signal{logsSignal},
-		perms:   []rbac.Permission{rbac.Read},
-		envs:    []env{stagingEnv, productionEnv},
-	})
-	// Writer serviceaccount
-	attachBinding(&obsRBAC, bindingOpts{
-		name:    "observatorium-dptp-collector",
-		tenant:  dptpTenant,
-		signals: []signal{logsSignal},
-		perms:   []rbac.Permission{rbac.Write},
-		envs:    []env{stagingEnv, productionEnv},
-	})
-
-	// APPSRE
-	// Reader and Writer serviceaccount
-	attachBinding(&obsRBAC, bindingOpts{
-		name:    "observatorium-appsre",
-		tenant:  appsreTenant,
-		signals: []signal{logsSignal},
-		perms:   []rbac.Permission{rbac.Read, rbac.Write},
-		envs:    []env{stagingEnv, productionEnv},
-	})
-
 	// RHTAP
 	// Reader and Writer serviceaccount
 	attachBinding(&obsRBAC, bindingOpts{

diff --git a/resources/services/observatorium-template.yaml b/resources/services/observatorium-template.yaml
@@ -782,23 +782,10 @@ objects:
           "name": "service-account-observatorium-rhacs-grafana-staging"
         - "kind": "user"
           "name": "service-account-observatorium-rhacs-grafana"
-      - "name": "observatorium-rhacs-logs"
-        "roles":
-        - "rhacs-logs-write"
-        - "rhacs-logs-read"
-        "subjects":
-        - "kind": "user"
-          "name": "service-account-observatorium-rhacs-logs-staging"
-        - "kind": "user"
-          "name": "service-account-observatorium-rhacs-logs"
       - "name": "observatorium-rhobs"
         "roles":
         - "rhobs-metrics-write"
         - "rhobs-metrics-read"
-        - "rhobs-logs-write"
-        - "rhobs-logs-read"
-        - "rhobs-traces-write"
-        - "rhobs-traces-read"
         "subjects":
         - "kind": "user"
           "name": "service-account-observatorium-rhobs-testing"
@@ -810,10 +797,6 @@ objects:
         "roles":
         - "rhobs-metrics-write"
         - "rhobs-metrics-read"
-        - "rhobs-logs-write"
-        - "rhobs-logs-read"
-        - "rhobs-traces-write"
-        - "rhobs-traces-read"
         "subjects":
         - "kind": "user"
           "name": "service-account-observatorium-rhobs-mst-staging"
@@ -823,8 +806,6 @@ objects:
         "roles":
         - "telemeter-metrics-read"
         - "rhobs-metrics-read"
-        - "rhobs-logs-read"
-        - "rhobs-traces-read"
         "subjects":
         - "kind": "group"
           "name": "[email protected]"
@@ -934,31 +915,6 @@ objects:
         "subjects":
         - "kind": "user"
           "name": "service-account-observatorium-hypershift-platform-staging-qe-read"
-      - "name": "observatorium-dptp-reader"
-        "roles":
-        - "dptp-logs-read"
-        "subjects":
-        - "kind": "user"
-          "name": "service-account-observatorium-dptp-reader-staging"
-        - "kind": "user"
-          "name": "service-account-observatorium-dptp-reader"
-      - "name": "observatorium-dptp-collector"
-        "roles":
-        - "dptp-logs-write"
-        "subjects":
-        - "kind": "user"
-          "name": "service-account-observatorium-dptp-collector-staging"
-        - "kind": "user"
-          "name": "service-account-observatorium-dptp-collector"
-      - "name": "observatorium-appsre"
-        "roles":
-        - "appsre-logs-read"
-        - "appsre-logs-write"
-        "subjects":
-        - "kind": "user"
-          "name": "service-account-observatorium-appsre-staging"
-        - "kind": "user"
-          "name": "service-account-observatorium-appsre"
       - "name": "observatorium-rhtap"
         "roles":
         - "rhtap-metrics-read"
@@ -1027,20 +983,6 @@ objects:
         - "metrics"
         "tenants":
         - "rhacs"
-      - "name": "rhacs-logs-write"
-        "permissions":
-        - "write"
-        "resources":
-        - "logs"
-        "tenants":
-        - "rhacs"
-      - "name": "rhacs-logs-read"
-        "permissions":
-        - "read"
-        "resources":
-        - "logs"
-        "tenants":
-        - "rhacs"
       - "name": "rhobs-metrics-write"
         "permissions":
         - "write"
@@ -1055,34 +997,6 @@ objects:
         - "metrics"
         "tenants":
         - "rhobs"
-      - "name": "rhobs-logs-write"
-        "permissions":
-        - "write"
-        "resources":
-        - "logs"
-        "tenants":
-        - "rhobs"
-      - "name": "rhobs-logs-read"
-        "permissions":
-        - "read"
-        "resources":
-        - "logs"
-        "tenants":
-        - "rhobs"
-      - "name": "rhobs-traces-write"
-        "permissions":
-        - "write"
-        "resources":
-        - "traces"
-        "tenants":
-        - "rhobs"
-      - "name": "rhobs-traces-read"
-        "permissions":
-        - "read"
-        "resources":
-        - "traces"
-        "tenants":
-        - "rhobs"
       - "name": "telemeter-metrics-read"
         "permissions":
         - "read"
@@ -1167,34 +1081,6 @@ objects:
         - "metrics"
         "tenants":
         - "hypershift-platform-staging"
-      - "name": "dptp-logs-read"
-        "permissions":
-        - "read"
-        "resources":
-        - "logs"
-        "tenants":
-        - "dptp"
-      - "name": "dptp-logs-write"
-        "permissions":
-        - "write"
-        "resources":
-        - "logs"
-        "tenants":
-        - "dptp"
-      - "name": "appsre-logs-read"
-        "permissions":
-        - "read"
-        "resources":
-        - "logs"
-        "tenants":
-        - "appsre"
-      - "name": "appsre-logs-write"
-        "permissions":
-        - "write"
-        "resources":
-        - "logs"
-        "tenants":
-        - "appsre"
       - "name": "rhtap-metrics-read"
         "permissions":
         - "read"