Skip to content

Commit

Permalink
fix: revert client-folder name to original value (#712)
Browse files Browse the repository at this point in the history
revert client-folder name to original value by removing the environment from the name.

Remember that in our scenario, the organization name identify the environment. If we want a client(app team) to see what environment he is working on (using the cloud console) we need to grant him organization viewer role. That role requires to be granted using the tier1 repo because that is where organization level roles are granted. We did not want to modify the tier1 repo every time a new client was onboarded so instead, we chose to embed the environment name in the client-folder name and have the folder viewer role granted in the tier2 repo.

The solution to this problem was to leverage nested groups.
1- organization viewer role is granted to a parent group which includes all of the client folder viewer group
2- folder viewer role is granted to the client folder viewer group which in turn is the parent group for all application team groups.

using this solution, remove the needs to have the environment within the client folder name as all application team will endup nested under the client folder viewer group (single nest) and the organization viewer group (double nest)
  • Loading branch information
davelanglois-ssc authored Nov 23, 2023
1 parent 14964df commit 5636b01
Show file tree
Hide file tree
Showing 5 changed files with 3 additions and 8 deletions.
1 change: 0 additions & 1 deletion solutions/client-setup/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ Package to setup a client's namespaces, folder, management project and root sync
| client-management-project-id | client-management-project-12345 | str | 111 |
| client-name | client1 | str | 149 |
| dns-project-id | dns-project-12345 | str | 1 |
| environment | env | str | 1 |
| management-namespace | config-control | str | 27 |
| management-project-id | management-project-12345 | str | 6 |
| management-project-number | 0000000000 | str | 1 |
Expand Down
2 changes: 1 addition & 1 deletion solutions/client-setup/folder.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,6 @@ metadata:
name: clients.client-name # kpt-set: clients.${client-name}
namespace: hierarchy
spec:
displayName: client-name # kpt-set: ${client-name}-${environment}
displayName: client-name # kpt-set: ${client-name}
folderRef:
name: clients
4 changes: 0 additions & 4 deletions solutions/client-setup/setters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,6 @@ data:
# customization: required
org-id: "0000000000"
#
# The environment (dev, preprod, prod), used in the client folder display name
# customization: required
environment: env
#
##########################
# Management Project
##########################
Expand Down
2 changes: 1 addition & 1 deletion solutions/experimentation/client-landing-zone/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ This package has no sub-packages.

1. Move into the local package:
```shell
cd ".//solutions/experimentation/client-landing-zone/"
cd "./client-landing-zone/"
```

1. Edit the function config file(s):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,6 @@ metadata:
name: clients.client-name # kpt-set: clients.${client-name}
namespace: hierarchy
spec:
displayName: client-name-experimentation # kpt-set: ${client-name}-experimentation
displayName: client-name # kpt-set: ${client-name}
folderRef:
name: clients

0 comments on commit 5636b01

Please sign in to comment.