elektra icon indicating copy to clipboard operation
elektra copied to clipboard

Published 20 hours ago verified publisher icon sapcc

[Bedrock] [EOV] Elektra changes for Bedrock

Open edda opened this issue 10 months ago • 2 comments

Collection of things that need to be done for project Bedrock.

Bedrock customers will each get their own domain which follows a certain naming pattern (probably this will be iaas-someID). All the adjustments we will have to make should only be done for domains following this naming pattern. Don't hardcode name pattern but store it in a configuration.

Hide certain services/plugins via service_available? method:

  • [x] cost report
  • [x] automation
  • [x] masterdata (?)

Additional stuff:

  • [x] project wizard fip network step needs a differentiation for these specific domains and configure a fip network that doesn't follow the same naming pattern as the exisiting domains. Exact naming pattern for the network tbd
  • [x] check fip validation. We used to have some validation that only allowed certain subnet ranges because others are reserved within SAP. Check if this is still enforced anywhere as for these customers it doesn't make sense to do this.

edda avatar Apr 04 '24 12:04 edda

https://operations.global.cloud.sap/docs/operation/active_directory/external_domains/

First draft tasks:

  • [x] Ensure all navigations are aligned using the plugin_available? method and Ensure primary entries within SimpleNavigation.

  • [x] Design a domain configuration object accessible throughout the entire application. This object should encapsulate the necessary logic for all configuration types. Convert this object to JavaScript for consumption in the React apps.

  • [x] Browse routing should be secured by adding logic into the ScopeController redirecting the user to the domain page when trying to access to one of the disabled plugins.

  • [x] Project wizard fip network step needs a differentiation for these specific domains and configure a fip network that doesn't follow the same naming pattern as the exisiting domains. Name FloatingIP-external-iaas-01 (probably without 01). Discovering of the free existing network. Rbac for the Admin domain ccadmin/ccadmin-netinfra.

  • [x] DNS create new hide only.sap, c.<region>.cloud.sap

  • [x] disable cidr_must_be_in_reserved_range

    • Disable specific cidr validation. Just make a global syntax validation (https://github.com/sapcc/elektra/blob/0636bf37ed3fd941629eb53cabd94d289b47a3e0/plugins/networking/app/models/networking/subnet.rb#L76)

    • Remove check for allowed ranges (https://github.com/sapcc/elektra/blob/0636bf37ed3fd941629eb53cabd94d289b47a3e0/plugins/networking/app/models/networking/subnet.rb#L46)

  • [ ] merge PRs for new domains:

    • [x] https://github.com/sapcc/helm-charts/pull/6538
    • [ ] https://github.com/sapcc/juno/pull/604

  • e2e tests for bedrock configuration

    • [x] disabled plugins
    • [x] disable routing paths
    • [x] hide DNS zone creation sap internal provider
    • [x] disable check cidr_must_be_in_reserved_range method

ArtieReus avatar Apr 23 '24 13:04 ArtieReus

Potential open topics that need to be checked once the first actual customer use case becomes clearer:

  • [ ] Are there issues with users that aren't C/D/I-users, e.g. sending emails, log in without client cert, request workflow (inquiry tool), ...

edda avatar Jun 06 '24 14:06 edda

Done

hgw77 avatar Aug 20 '24 13:08 hgw77