[COST-4417] Add service account support (#91)

[COST-4417] Add service account support * Make use of service account support in koku-nise v4.4.7 * remove the openshift directory from the containerfile
project-koku · Nov 9, 2023 · d15b0bc · d15b0bc
1 parent 9cde984
commit d15b0bc
Show file tree

Hide file tree

Showing 9 changed files with 373 additions and 562 deletions.
diff --git a/.env.example b/.env.example
@@ -7,6 +7,8 @@ AZURE_STORAGE_CONNECTION_STRING=AZURE_STORAGE_CONNECTION_STRING
 INSIGHTS_USER=INSIGHTS_USER
 INSIGHTS_PASSWORD=INSIGHTS_PASSWORD
 INSIGHTS_URL=INSIGHTS_URL
+HCC_SERVICE_ACCOUNT_ID=HCC_SERVICE_ACCOUNT_ID
+HCC_SERVICE_ACCOUNT_SECRET=HCC_SERVICE_ACCOUNT_SECRET
 
 INSIGHTS_ACCOUNT_ID=INSIGHTS_ACCOUNT_ID
 INSIGHTS_ORG_ID=INSIGHTS_ORG_ID

diff --git a/Dockerfile b/Dockerfile
@@ -70,7 +70,6 @@ ENV \
     PROMETHEUS_MULTIPROC_DIR=/tmp
 
 # copy the src files into the workdir
-COPY openshift openshift
 COPY static-files static-files
 COPY nise-populator nise-populator
 

diff --git a/Pipfile b/Pipfile
@@ -12,6 +12,7 @@ azure-storage-blob = "*"
 oci = "*"
 
 [dev-packages]
+cython = "<3.0"
 
 [requires]
 python_version = "3.8"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/README.md b/README.md
@@ -23,6 +23,9 @@ AZURE_STORAGE_CONNECTION_STRING=AZURE_STORAGE_CONNECTION_STRING
 INSIGHTS_USER=INSIGHTS_USER
 INSIGHTS_PASSWORD=INSIGHTS_PASSWORD
 INSIGHTS_URL=INSIGHTS_URL
+HCC_SERVICE_ACCOUNT_ID=HCC_SERVICE_ACCOUNT_ID
+HCC_SERVICE_ACCOUNT_SECRET=HCC_SERVICE_ACCOUNT_SECRET
+
 
 GCP_DATASET=GCP_DATASET
 GCP_PROJECT_ID=GCP_PROJECT_ID

diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
@@ -88,6 +88,18 @@ objects:
                 key: insights-password
                 name: ${SECRET_NAME}
                 optional: true
+          - name: HCC_SERVICE_ACCOUNT_ID
+            valueFrom:
+              secretKeyRef:
+                key: hcc-service-account-id
+                name: ${SECRET_NAME}
+                optional: true
+          - name: HCC_SERVICE_ACCOUNT_SECRET
+            valueFrom:
+              secretKeyRef:
+                key: hcc-service-account-secret
+                name: ${SECRET_NAME}
+                optional: true
           - name: INSIGHTS_ACCOUNT_ID
             valueFrom:
               secretKeyRef:

diff --git a/nise-populator/sources/ocp.py b/nise-populator/sources/ocp.py
@@ -21,6 +21,10 @@ def __init__(self, **kwargs):
         self.insights_user = os.environ.get("INSIGHTS_USER")
         self.insights_password = os.environ.get("INSIGHTS_PASSWORD")
         self.insights_url = os.environ.get("INSIGHTS_URL")
+        self.hcc_service_account_id = os.environ.get("HCC_SERVICE_ACCOUNT_ID")
+        self.hcc_service_account_secret = os.environ.get(
+            "HCC_SERVICE_ACCOUNT_SECRET"
+        )
         self.cluster_id = kwargs.get(self.CLUSTER_ID)
         self.static_file = kwargs.get(self.STATIC_FILE)
         super().__init__(**kwargs)
@@ -32,7 +36,12 @@ def get_source_type():
 
     def check_configuration(self):
         """Determine if source is properly configured for access."""
-        if self.insights_user and self.insights_password and self.insights_url:
+        if self.insights_url and (
+            (self.insights_user and self.insights_password)
+            or (
+                self.hcc_service_account_id and self.hcc_service_account_secret
+            )
+        ):
             return True
         return False
 

diff --git a/openshift/example.parameters.properties b/openshift/example.parameters.properties
diff --git a/openshift/nise-populator.yaml b/openshift/nise-populator.yaml