From 4665164a394b44037552d27ae33f4fcc23df56d2 Mon Sep 17 00:00:00 2001
From: Gerald Nunn <gerald.b.nunn@gmail.com>
Date: Sat, 7 Oct 2023 15:37:24 -0700
Subject: [PATCH] Update analysis monitoring binding

---
 bootstrap/ansible/bootstrap.yaml              | 180 +++++++++---------
 .../ansible/templates/user-appset.yaml.j2     |   8 +-
 .../templates/prod/auth-monitoring-rb.yaml    |   2 +-
 3 files changed, 96 insertions(+), 94 deletions(-)

diff --git a/bootstrap/ansible/bootstrap.yaml b/bootstrap/ansible/bootstrap.yaml
index 66c05a7..374431c 100644
--- a/bootstrap/ansible/bootstrap.yaml
+++ b/bootstrap/ansible/bootstrap.yaml
@@ -12,95 +12,97 @@
       - openshift-gitops-server
 
   tasks:
-    - name: Get Ingress from Cluster
-      k8s_info:
-        api_version: config.openshift.io/v1
-        kind: Ingress
-        name: cluster
-        namespace: openshift-ingress
-      register: ingress
-
-    - name: Get sub_domain from ingress
-      set_fact:
-        sub_domain: "{{ ingress | json_query('resources[0].spec.domain')}}"
-
-    - name: Create cluster-admins group
-      kubernetes.core.k8s:
-        state: present
-        definition:
-          apiVersion: user.openshift.io/v1
-          kind: Group
-          metadata:
-            name: cluster-admins
-          users:
-            - admin
-            - opentlc-mgr
-
-    - name: Create openshift-gitops-operator namespace
-      kubernetes.core.k8s:
-        name: openshift-gitops-operator
-        api_version: v1
-        kind: Namespace
-        state: present
-
-    - name: Create Operator Group
-      kubernetes.core.k8s:
-        state: present
-        definition:
-          api_version: operators.coreos.com/v1
-          kind: OperatorGroup
-          metadata:
-            name: gitops
-            namespace: openshift-gitops-operator
-          spec:
-            upgradeStrategy: Default
-
-    - name: deploy-gitops-operator
-      k8s:
-        src: files/gitops-operator/subscription.yaml
-        state: present
-
-    - name: Sleep for 30 seconds
-      wait_for:
-        timeout: 30
-
-    - name: Check that all deployments are up and running
-      command: "oc rollout status deployment {{ item }} -n openshift-gitops"
-      with_items: "{{ gitops_deployments }}"
-
-    - name: Give application-controller cluster-admin permissions
-      kubernetes.core.k8s:
-        state: present
-        src: files/gitops-operator/application-controller-rolebinding.yaml
-
-    - name: Deploy CMP Configuration
-      kubernetes.core.k8s:
-        state: present
-        src: files/gitops-operator/setenv-cmp-plugin-cm.yaml
-
-    - name: Update openshift-gitops-instance
-      kubernetes.core.k8s:
-        state: present
-        definition: "{{ lookup('template', 'argocd-cr.yaml.j2') }}"
-
-    - name: Sleep for 10 seconds
-      wait_for:
-        timeout: 10
-
-    - name: Check that all deployments are up and running
-      command: "oc rollout status deployment {{ item }} -n openshift-gitops"
-      with_items: "{{ gitops_deployments }}"
-
-    - name: Deploy infra applications
-      kubernetes.core.k8s:
-        state: present
-        src: "{{ item }}"
-      with_items:
-        - files/applications/pipelines-operator.yaml
-        - files/applications/web-terminal-operator.yaml
-
-    # Todo: Check health of apps
-    - name: Wait 30 seconds for deployment
+    # - name: Get Ingress from Cluster
+    #   k8s_info:
+    #     api_version: config.openshift.io/v1
+    #     kind: Ingress
+    #     name: cluster
+    #     namespace: openshift-ingress
+    #   register: ingress
+
+    # - name: Get sub_domain from ingress
+    #   set_fact:
+    #     sub_domain: "{{ ingress | json_query('resources[0].spec.domain')}}"
+
+    # - name: Create cluster-admins group
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     definition:
+    #       apiVersion: user.openshift.io/v1
+    #       kind: Group
+    #       metadata:
+    #         name: cluster-admins
+    #       users:
+    #         - admin
+    #         - opentlc-mgr
+
+    # - name: Create openshift-gitops-operator namespace
+    #   kubernetes.core.k8s:
+    #     name: openshift-gitops-operator
+    #     api_version: v1
+    #     kind: Namespace
+    #     state: present
+
+    # - name: Create Operator Group
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     definition:
+    #       api_version: operators.coreos.com/v1
+    #       kind: OperatorGroup
+    #       metadata:
+    #         name: gitops
+    #         namespace: openshift-gitops-operator
+    #       spec:
+    #         upgradeStrategy: Default
+
+    # - name: deploy-gitops-operator
+    #   k8s:
+    #     src: files/gitops-operator/subscription.yaml
+    #     state: present
+
+    # - name: Sleep for 30 seconds
+    #   wait_for:
+    #     timeout: 30
+
+    # - name: Check that all deployments are up and running
+    #   command: "oc rollout status deployment {{ item }} -n openshift-gitops"
+    #   with_items: "{{ gitops_deployments }}"
+
+    # - name: Give application-controller cluster-admin permissions
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     src: files/gitops-operator/application-controller-rolebinding.yaml
+
+    # - name: Deploy CMP Configuration
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     src: files/gitops-operator/setenv-cmp-plugin-cm.yaml
+
+    # - name: Update openshift-gitops-instance
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     definition: "{{ lookup('template', 'argocd-cr.yaml.j2') }}"
+
+    # - name: Sleep for 10 seconds
+    #   wait_for:
+    #     timeout: 10
+
+    # - name: Check that all deployments are up and running
+    #   command: "oc rollout status deployment {{ item }} -n openshift-gitops"
+    #   with_items: "{{ gitops_deployments }}"
+
+    # - name: Deploy infra applications
+    #   kubernetes.core.k8s:
+    #     state: present
+    #     src: "{{ item }}"
+    #   with_items:
+    #     - files/applications/pipelines-operator.yaml
+    #     - files/applications/web-terminal-operator.yaml
+
+    # # Todo: Check health of apps
+    # - name: Wait 30 seconds for deployment
+    #   wait_for:
+    #     timeout: 30
 
     - name: Update users applicationset
       kubernetes.core.k8s:
diff --git a/bootstrap/ansible/templates/user-appset.yaml.j2 b/bootstrap/ansible/templates/user-appset.yaml.j2
index 4ca8081..c07504b 100644
--- a/bootstrap/ansible/templates/user-appset.yaml.j2
+++ b/bootstrap/ansible/templates/user-appset.yaml.j2
@@ -9,15 +9,15 @@ spec:
   - list:
       elements:
 {% for n in range(1, users | int + 1 ) %}
-      - user: {{ n }}
+      - user: "{{ n }}"
 {% endfor %}
   template:
     metadata:
-      name: "user{{ user }}"
+      name: "user{% raw %}{{ user }}{% endraw %}"
       namespace: openshift-gitops
     spec:
       destination:
-        namespace: "user{{user}}-tools"
+        namespace: "user{% raw %}{{ user }}{% endraw %}-tools"
         server: 'https://kubernetes.default.svc'
       project: default
       syncPolicy:
@@ -32,4 +32,4 @@ spec:
         path: bootstrap/user
         helm:
           values: |
-            user: {{ user }}
+            user: "{% raw %}{{ user }}{% endraw %}"
diff --git a/bootstrap/user/templates/prod/auth-monitoring-rb.yaml b/bootstrap/user/templates/prod/auth-monitoring-rb.yaml
index 201c81f..25187cf 100644
--- a/bootstrap/user/templates/prod/auth-monitoring-rb.yaml
+++ b/bootstrap/user/templates/prod/auth-monitoring-rb.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: analysis-monitoring-view
+  name: analysis-monitoring-view-user{{ .Values.user }}
   namespace: user{{ .Values.user }}-prod
 roleRef:
   apiGroup: rbac.authorization.k8s.io