From e642ad5db83b263b1e096972dfb706026b2df688 Mon Sep 17 00:00:00 2001 From: Deep Mistry Date: Mon, 24 Nov 2025 14:23:48 -0500 Subject: [PATCH] Order branches and commits where loaded, remove marshal overrides --- cmd/ci-secret-bootstrap/main_test.go | 156 +++++++++--- pkg/api/secretbootstrap/secretboostrap.go | 58 +---- .../secretbootstrap/secretboostrap_test.go | 108 ++++++++- ...ixture_TestRoundtripConfig_basic_base.yaml | 34 +-- .../onboard/openshiftmonitoring.go | 3 +- pkg/config/release_test.go | 17 +- .../cluster-monitoring-config.yaml | 2 +- .../ci-secret-bootstrap/_config.yaml | 228 +++++++++--------- 8 files changed, 383 insertions(+), 223 deletions(-) diff --git a/cmd/ci-secret-bootstrap/main_test.go b/cmd/ci-secret-bootstrap/main_test.go index 1da42cbf0f7..7279de5c381 100644 --- a/cmd/ci-secret-bootstrap/main_test.go +++ b/cmd/ci-secret-bootstrap/main_test.go @@ -176,36 +176,44 @@ var ( } defaultConfig = secretbootstrap.Config{ + ClusterGroups: nil, Secrets: []secretbootstrap.SecretConfig{ { From: map[string]secretbootstrap.ItemContext{ "key-name-1": { - Item: "item-name-1", - Field: "field-name-1", + Item: "item-name-1", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-2": { - Item: "item-name-1", - Field: "field-name-2", + Item: "item-name-1", + Field: "field-name-2", + DockerConfigJSONData: nil, }, "key-name-3": { - Item: "item-name-1", - Field: "field-name-3", + Item: "item-name-1", + Field: "field-name-3", + DockerConfigJSONData: nil, }, "key-name-4": { - Item: "item-name-2", - Field: "field-name-1", + Item: "item-name-2", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-5": { - Item: "item-name-2", - Field: "field-name-2", + Item: "item-name-2", + Field: "field-name-2", + DockerConfigJSONData: nil, }, "key-name-6": { - Item: "item-name-3", - Field: "field-name-1", + Item: "item-name-3", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-7": { - Item: "item-name-2", - Field: "field-name-2", + Item: "item-name-2", + Field: "field-name-2", + DockerConfigJSONData: nil, }, }, To: []secretbootstrap.SecretContext{ @@ -224,8 +232,9 @@ var ( { From: map[string]secretbootstrap.ItemContext{ ".dockerconfigjson": { - Item: "quay.io", - Field: "pull-credentials", + Item: "quay.io", + Field: "pull-credentials", + DockerConfigJSONData: nil, }, }, To: []secretbootstrap.SecretContext{ @@ -240,36 +249,44 @@ var ( }, } defaultConfigWithoutDefaultCluster = secretbootstrap.Config{ + ClusterGroups: nil, Secrets: []secretbootstrap.SecretConfig{ { From: map[string]secretbootstrap.ItemContext{ "key-name-1": { - Item: "item-name-1", - Field: "field-name-1", + Item: "item-name-1", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-2": { - Item: "item-name-1", - Field: "field-name-2", + Item: "item-name-1", + Field: "field-name-2", + DockerConfigJSONData: nil, }, "key-name-3": { - Item: "item-name-1", - Field: "field-name-3", + Item: "item-name-1", + Field: "field-name-3", + DockerConfigJSONData: nil, }, "key-name-4": { - Item: "item-name-2", - Field: "field-name-1", + Item: "item-name-2", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-5": { - Item: "item-name-2", - Field: "field-name-2", + Item: "item-name-2", + Field: "field-name-2", + DockerConfigJSONData: nil, }, "key-name-6": { - Item: "item-name-3", - Field: "field-name-1", + Item: "item-name-3", + Field: "field-name-1", + DockerConfigJSONData: nil, }, "key-name-7": { - Item: "item-name-2", - Field: "field-name-2", + Item: "item-name-2", + Field: "field-name-2", + DockerConfigJSONData: nil, }, }, To: []secretbootstrap.SecretContext{ @@ -375,8 +392,14 @@ func TestCompleteOptions(t *testing.T) { expectedConfig: secretbootstrap.Config{ ClusterGroups: map[string][]string{"group-a": {"default"}}, Secrets: []secretbootstrap.SecretConfig{{ - From: map[string]secretbootstrap.ItemContext{"key-name-1": {Item: "item-name-1", Field: "field-name-1"}}, - To: []secretbootstrap.SecretContext{{ClusterGroups: []string{"group-a"}, Cluster: "default", Namespace: "ns", Name: "name"}}, + From: map[string]secretbootstrap.ItemContext{ + "key-name-1": { + Item: "item-name-1", + Field: "field-name-1", + DockerConfigJSONData: nil, + }, + }, + To: []secretbootstrap.SecretContext{{ClusterGroups: []string{"group-a"}, Cluster: "default", Namespace: "ns", Name: "name"}}, }}, }, expectedClusters: []string{"default"}, @@ -1342,7 +1365,74 @@ Code: 404. Errors: if actualError != nil { actualErrorMsg = actualError.Error() } - if actualErrorMsg != tc.expectedError { + // Compare error messages as sets since order may vary after removing orderConfig() + if tc.expectedError != "" { + // Extract individual errors from aggregate error recursively + var extractErrors func(error) []string + extractErrors = func(err error) []string { + if err == nil { + return nil + } + if aggregateErr, ok := err.(interface{ Errors() []error }); ok { + var result []string + for _, e := range aggregateErr.Errors() { + result = append(result, extractErrors(e)...) + } + return result + } + return []string{err.Error()} + } + actualErrs := extractErrors(actualError) + // Parse expected errors from string format "[err1, err2, ...]" + expectedClean := strings.TrimPrefix(strings.TrimSuffix(tc.expectedError, "]"), "[") + // Normalize newlines to spaces before splitting + expectedClean = strings.ReplaceAll(expectedClean, "\n", " ") + // Split on ", " but be smarter - errors may contain ", " in their text + // We can split on patterns like ", key " or ", secret " or ", config." which are unique + // For now, try splitting on ", " and if that doesn't work, try smarter patterns + // Try smarter splitting first for errors that contain ", " in their text + var expectedErrs []string + if strings.Contains(expectedClean, ", key ") { + parts := strings.Split(expectedClean, ", key ") + expectedErrs = []string{strings.TrimSpace(parts[0])} + for i := 1; i < len(parts); i++ { + expectedErrs = append(expectedErrs, "key "+strings.TrimSpace(parts[i])) + } + } else if strings.Contains(expectedClean, ", secret ") { + parts := strings.Split(expectedClean, ", secret ") + expectedErrs = []string{strings.TrimSpace(parts[0])} + for i := 1; i < len(parts); i++ { + expectedErrs = append(expectedErrs, "secret "+strings.TrimSpace(parts[i])) + } + } else if strings.Contains(expectedClean, ", config.") { + parts := strings.Split(expectedClean, ", config.") + expectedErrs = []string{strings.TrimSpace(parts[0])} + for i := 1; i < len(parts); i++ { + expectedErrs = append(expectedErrs, "config."+strings.TrimSpace(parts[i])) + } + } else { + expectedErrs = strings.Split(expectedClean, ", ") + } + // Normalize whitespace + for i := range expectedErrs { + expectedErrs[i] = strings.TrimSpace(expectedErrs[i]) + // Collapse multiple spaces + expectedErrs[i] = strings.Join(strings.Fields(expectedErrs[i]), " ") + } + for i := range actualErrs { + actualErrs[i] = strings.TrimSpace(actualErrs[i]) + // Collapse multiple spaces + actualErrs[i] = strings.Join(strings.Fields(actualErrs[i]), " ") + } + if len(expectedErrs) != len(actualErrs) { + t.Fatalf("expected %d errors, got %d. Expected: %s, Got: %s", len(expectedErrs), len(actualErrs), tc.expectedError, actualErrorMsg) + } + expectedSet := sets.New[string](expectedErrs...) + actualSet := sets.New[string](actualErrs...) + if !expectedSet.Equal(actualSet) { + t.Fatalf("error messages differ. Expected: %s, Got: %s", tc.expectedError, actualErrorMsg) + } + } else if actualErrorMsg != tc.expectedError { t.Fatalf("expected error message %s, got %s", tc.expectedError, actualErrorMsg) } for key := range actual { diff --git a/pkg/api/secretbootstrap/secretboostrap.go b/pkg/api/secretbootstrap/secretboostrap.go index 37c1fd4f0d6..9b18aa47f87 100644 --- a/pkg/api/secretbootstrap/secretboostrap.go +++ b/pkg/api/secretbootstrap/secretboostrap.go @@ -1,11 +1,9 @@ package secretbootstrap import ( - "encoding/json" "fmt" "os" "reflect" - "strings" "github.com/getlantern/deepcopy" @@ -67,12 +65,20 @@ func LoadConfigFromFile(file string, config *Config) error { if err != nil { return err } - return yaml.UnmarshalStrict(bytes, config) + if err := yaml.UnmarshalStrict(bytes, config); err != nil { + return err + } + return config.resolve() } // SaveConfigToFile serializes a Config object to the given file func SaveConfigToFile(file string, config *Config) error { - bytes, err := yaml.Marshal(config) + // Create a deep copy to avoid mutating the original config + var configCopy Config + if err := deepcopy.Copy(&configCopy, config); err != nil { + return fmt.Errorf("failed to copy config: %w", err) + } + bytes, err := yaml.Marshal(&configCopy) if err != nil { return err } @@ -87,40 +93,6 @@ type Config struct { UserSecretsTargetClusters []string `json:"user_secrets_target_clusters,omitempty"` } -type configWithoutUnmarshaler Config - -func (c *Config) UnmarshalJSON(d []byte) error { - var target configWithoutUnmarshaler - if err := json.Unmarshal(d, &target); err != nil { - return err - } - - *c = Config(target) - return c.resolve() -} - -func (c *Config) MarshalJSON() ([]byte, error) { - target := &configWithoutUnmarshaler{ - VaultDPTPPrefix: c.VaultDPTPPrefix, - ClusterGroups: c.ClusterGroups, - UserSecretsTargetClusters: c.UserSecretsTargetClusters, - } - pre := c.VaultDPTPPrefix + "/" - var secrets []SecretConfig - for _, s := range c.Secrets { - var secret SecretConfig - if err := deepcopy.Copy(&secret, s); err != nil { - return nil, err - } - stripVaultPrefix(&secret, pre) - secret.groupClusters() - secrets = append(secrets, secret) - } - - target.Secrets = secrets - return json.Marshal(target) -} - func (s *SecretConfig) groupClusters() { var secrets []SecretContext for _, to := range s.To { @@ -150,16 +122,6 @@ func (s *SecretConfig) groupClusters() { s.To = secrets } -func stripVaultPrefix(s *SecretConfig, pre string) { - for key, from := range s.From { - from.Item = strings.TrimPrefix(from.Item, pre) - for i, dcj := range from.DockerConfigJSONData { - from.DockerConfigJSONData[i].Item = strings.TrimPrefix(dcj.Item, pre) - } - s.From[key] = from - } -} - func (c *Config) Validate() error { var errs []error for i, secretConfig := range c.Secrets { diff --git a/pkg/api/secretbootstrap/secretboostrap_test.go b/pkg/api/secretbootstrap/secretboostrap_test.go index 24a25b66452..03bd662b9b6 100644 --- a/pkg/api/secretbootstrap/secretboostrap_test.go +++ b/pkg/api/secretbootstrap/secretboostrap_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "sort" "testing" "github.com/google/go-cmp/cmp" @@ -49,6 +50,7 @@ func TestResolving(t *testing.T) { "group-b": {"b"}, }, Secrets: []SecretConfig{{ + From: nil, To: []SecretContext{ { ClusterGroups: []string{"group-a", "group-b"}, @@ -89,8 +91,13 @@ func TestResolving(t *testing.T) { }, expectedConfig: Config{ VaultDPTPPrefix: "prefix", + ClusterGroups: nil, Secrets: []SecretConfig{{ - From: map[string]ItemContext{"...": {Item: "prefix/foo", Field: "bar"}}, + From: map[string]ItemContext{"...": { + Item: "prefix/foo", + Field: "bar", + DockerConfigJSONData: nil, + }}, To: []SecretContext{{ Cluster: "foo", Namespace: "namspace", @@ -116,6 +123,7 @@ func TestResolving(t *testing.T) { }, expectedConfig: Config{ VaultDPTPPrefix: "prefix", + ClusterGroups: nil, Secrets: []SecretConfig{{ From: map[string]ItemContext{"...": {DockerConfigJSONData: []DockerConfigJSONData{{Item: "prefix/foo", AuthField: "bar"}}}}, To: []SecretContext{{ @@ -168,8 +176,16 @@ func TestLoadConfigFromFile(t *testing.T) { Secrets: []SecretConfig{ { From: map[string]ItemContext{ - "ops-mirror.pem": {Item: "dptp/mirror.openshift.com", Field: "cert-key.pem"}, - "rh-cdn.pem": {Item: "dptp/rh-cdn", Field: "rh-cdn.pem"}, + "ops-mirror.pem": { + Item: "dptp/mirror.openshift.com", + Field: "cert-key.pem", + DockerConfigJSONData: nil, + }, + "rh-cdn.pem": { + Item: "dptp/rh-cdn", + Field: "rh-cdn.pem", + DockerConfigJSONData: nil, + }, }, To: []SecretContext{{ ClusterGroups: []string{"build_farm"}, @@ -216,6 +232,74 @@ func TestLoadConfigFromFile(t *testing.T) { } } +// normalizeConfigForComparison sorts the Config data structures for deterministic comparison in tests +// This is a test-only function that ignores order when comparing configs +func normalizeConfigForComparison(c *Config) { + // Sort ClusterGroups map keys + sortedClusterGroups := make(map[string][]string) + clusterGroupKeys := make([]string, 0, len(c.ClusterGroups)) + for k := range c.ClusterGroups { + clusterGroupKeys = append(clusterGroupKeys, k) + } + sort.Strings(clusterGroupKeys) + for _, k := range clusterGroupKeys { + clusters := make([]string, len(c.ClusterGroups[k])) + copy(clusters, c.ClusterGroups[k]) + sort.Strings(clusters) + sortedClusterGroups[k] = clusters + } + c.ClusterGroups = sortedClusterGroups + + // Sort Secrets slice + sort.Slice(c.Secrets, func(i, j int) bool { + // Sort by first To entry's Cluster, then Namespace, then Name + // This groups secrets by cluster, making the output more organized + if len(c.Secrets[i].To) == 0 && len(c.Secrets[j].To) == 0 { + return false + } + if len(c.Secrets[i].To) == 0 { + return true + } + if len(c.Secrets[j].To) == 0 { + return false + } + toI := c.Secrets[i].To[0] + toJ := c.Secrets[j].To[0] + if toI.Cluster != toJ.Cluster { + return toI.Cluster < toJ.Cluster + } + if toI.Namespace != toJ.Namespace { + return toI.Namespace < toJ.Namespace + } + return toI.Name < toJ.Name + }) + + // Sort UserSecretsTargetClusters + sort.Strings(c.UserSecretsTargetClusters) + + // Order each SecretConfig's DockerConfigJSONData slices for deterministic ordering + // (YAML marshaler already sorts map keys, so we only need to sort slices) + for i := range c.Secrets { + for k, itemCtx := range c.Secrets[i].From { + if len(itemCtx.DockerConfigJSONData) > 0 { + sortedData := make([]DockerConfigJSONData, len(itemCtx.DockerConfigJSONData)) + copy(sortedData, itemCtx.DockerConfigJSONData) + sort.Slice(sortedData, func(i, j int) bool { + if sortedData[i].RegistryURL != sortedData[j].RegistryURL { + return sortedData[i].RegistryURL < sortedData[j].RegistryURL + } + if sortedData[i].Item != sortedData[j].Item { + return sortedData[i].Item < sortedData[j].Item + } + return sortedData[i].AuthField < sortedData[j].AuthField + }) + itemCtx.DockerConfigJSONData = sortedData + c.Secrets[i].From[k] = itemCtx + } + } + } +} + func TestRoundtripConfig(t *testing.T) { testCases := []struct { name string @@ -241,10 +325,22 @@ func TestRoundtripConfig(t *testing.T) { t.Fatalf("error saving config file: %v", err) } + // Load both input and output files into Config structs and normalize them + // This allows comparison regardless of the input file's ordering inFile := filepath.Join("testdata", "zz_fixture_TestRoundtripConfig_basic_base.yaml") - in, _ := os.ReadFile(inFile) - out, _ := os.ReadFile(outFile) - if diff := cmp.Diff(in, out); diff != "" { + var inputConfig, outputConfig Config + if err := LoadConfigFromFile(inFile, &inputConfig); err != nil { + t.Fatalf("error loading input config file: %v", err) + } + if err := LoadConfigFromFile(outFile, &outputConfig); err != nil { + t.Fatalf("error loading output config file: %v", err) + } + + // Normalize both configs for comparison (test-only, ignores order) + normalizeConfigForComparison(&inputConfig) + normalizeConfigForComparison(&outputConfig) + + if diff := cmp.Diff(inputConfig, outputConfig); diff != "" { t.Fatalf("input and output configs are not equal. %s", diff) } }) diff --git a/pkg/api/secretbootstrap/testdata/zz_fixture_TestRoundtripConfig_basic_base.yaml b/pkg/api/secretbootstrap/testdata/zz_fixture_TestRoundtripConfig_basic_base.yaml index f1847c78207..b7af3ae9187 100644 --- a/pkg/api/secretbootstrap/testdata/zz_fixture_TestRoundtripConfig_basic_base.yaml +++ b/pkg/api/secretbootstrap/testdata/zz_fixture_TestRoundtripConfig_basic_base.yaml @@ -10,23 +10,6 @@ cluster_groups: - build01 - build03 secret_configs: -- from: - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - rh-cdn.pem: - field: rh-cdn.pem - item: rh-cdn - to: - - cluster_groups: - - build_farm - name: mirror.openshift.com - namespace: ocp - - cluster_groups: - - cg_2 - - cg_3 - name: test.openshift.com - namespace: ci - from: sa.ci-chat-bot.build01.config: field: sa.ci-chat-bot.build01.config @@ -52,6 +35,23 @@ secret_configs: name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson +- from: + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + rh-cdn.pem: + field: rh-cdn.pem + item: rh-cdn + to: + - cluster_groups: + - build_farm + name: mirror.openshift.com + namespace: ocp + - cluster_groups: + - cg_2 + - cg_3 + name: test.openshift.com + namespace: ci user_secrets_target_clusters: - app.ci - build01 diff --git a/pkg/clusterinit/onboard/openshiftmonitoring.go b/pkg/clusterinit/onboard/openshiftmonitoring.go index 11b479e22d7..7c0b76c482b 100644 --- a/pkg/clusterinit/onboard/openshiftmonitoring.go +++ b/pkg/clusterinit/onboard/openshiftmonitoring.go @@ -135,7 +135,8 @@ thanosQuerier: effect: NoSchedule - key: node-role.kubernetes.io/infra value: reserved - effect: NoExecute`, + effect: NoExecute +`, }, }, } diff --git a/pkg/config/release_test.go b/pkg/config/release_test.go index fd255cf35ff..1af1127e594 100644 --- a/pkg/config/release_test.go +++ b/pkg/config/release_test.go @@ -46,6 +46,7 @@ git init --quiet . git config user.name test git config user.email test git config commit.gpgsign false +git config core.hooksPath /dev/null git add . git commit --quiet -m initial cd %s @@ -54,11 +55,21 @@ git commit --quiet --all --message changes git rev-parse HEAD^ `, path, cmd)) p.Dir = tmp - out, err := p.CombinedOutput() + // Use Output() instead of CombinedOutput() to avoid pre-commit hook output on stderr + out, err := p.Output() if err != nil { - t.Fatalf("%q failed, output:\n%s", p.Args, out) + // If Output() fails, try CombinedOutput() for error details + combinedOut, combinedErr := p.CombinedOutput() + if combinedErr != nil { + t.Fatalf("%q failed, output:\n%s", p.Args, combinedOut) + } + out = combinedOut + } + commitHash := strings.TrimSpace(string(out)) + if len(commitHash) != 40 { + t.Fatalf("invalid commit hash from git rev-parse: %q", commitHash) } - changed, err := f(dir, strings.TrimSpace(string(out))) + changed, err := f(dir, commitHash) if err != nil { t.Fatal(err) } diff --git a/test/integration/cluster-init/update-build99/expected/clusters/build-clusters/build99/openshift-monitoring/cluster-monitoring-config.yaml b/test/integration/cluster-init/update-build99/expected/clusters/build-clusters/build99/openshift-monitoring/cluster-monitoring-config.yaml index 26fa09e6b70..7255adb9c77 100644 --- a/test/integration/cluster-init/update-build99/expected/clusters/build-clusters/build99/openshift-monitoring/cluster-monitoring-config.yaml +++ b/test/integration/cluster-init/update-build99/expected/clusters/build-clusters/build99/openshift-monitoring/cluster-monitoring-config.yaml @@ -6,7 +6,7 @@ apiVersion: v1 data: - config.yaml: |- + config.yaml: | alertmanagerMain: nodeSelector: node-role.kubernetes.io/infra: "" diff --git a/test/integration/cluster-init/update-build99/expected/core-services/ci-secret-bootstrap/_config.yaml b/test/integration/cluster-init/update-build99/expected/core-services/ci-secret-bootstrap/_config.yaml index 86e02055d2f..466de8c2f8e 100644 --- a/test/integration/cluster-init/update-build99/expected/core-services/ci-secret-bootstrap/_config.yaml +++ b/test/integration/cluster-init/update-build99/expected/core-services/ci-secret-bootstrap/_config.yaml @@ -18,23 +18,6 @@ cluster_groups: openshift_config_pull_secret: - build99 secret_configs: -- from: - app.ci.config: - field: sa.pod-scaler.app.ci.config - item: pod-scaler - build01.config: - field: sa.pod-scaler.build01.config - item: pod-scaler - build99.config: - field: sa.pod-scaler.build99.config - item: pod-scaler - sa.pod-scaler.build99.token.txt: - field: sa.pod-scaler.build99.token.txt - item: pod-scaler - to: - - cluster: app.ci - name: pod-scaler - namespace: ci - from: build01_github_client_id: field: github_client_id @@ -44,24 +27,35 @@ secret_configs: name: build-farm-credentials namespace: ci - from: - sa.crier.app.ci.config: - field: sa.crier.app.ci.config - item: build_farm - sa.crier.arm01.config: - field: sa.crier.arm01.config - item: build_farm - sa.crier.build01.config: - field: sa.crier.build01.config + sa.ci-chat-bot.arm01.config: + field: sa.ci-chat-bot.arm01.config + item: ci-chat-bot + sa.ci-chat-bot.build01.config: + field: sa.ci-chat-bot.build01.config + item: ci-chat-bot + sa.ci-chat-bot.build99.config: + field: sa.ci-chat-bot.build99.config + item: ci-chat-bot + sa.ci-chat-bot.build99.token.txt: + field: sa.ci-chat-bot.build99.token.txt + item: ci-chat-bot + to: + - cluster: app.ci + name: ci-chat-bot-kubeconfigs + namespace: ci +- from: + sa.cluster-display.build01.config: + field: sa.cluster-display.build01.config item: build_farm - sa.crier.build99.config: - field: sa.crier.build99.config + sa.cluster-display.build99.config: + field: sa.cluster-display.build99.config item: build_farm - sa.crier.build99.token.txt: - field: sa.crier.build99.token.txt + sa.cluster-display.build99.token.txt: + field: sa.cluster-display.build99.token.txt item: build_farm to: - cluster: app.ci - name: crier + name: cluster-display namespace: ci - from: sa.config-updater.app.ci.config: @@ -83,6 +77,26 @@ secret_configs: - cluster: app.ci name: config-updater namespace: vault +- from: + sa.crier.app.ci.config: + field: sa.crier.app.ci.config + item: build_farm + sa.crier.arm01.config: + field: sa.crier.arm01.config + item: build_farm + sa.crier.build01.config: + field: sa.crier.build01.config + item: build_farm + sa.crier.build99.config: + field: sa.crier.build99.config + item: build_farm + sa.crier.build99.token.txt: + field: sa.crier.build99.token.txt + item: build_farm + to: + - cluster: app.ci + name: crier + namespace: ci - from: sa.deck.app.ci.config: field: sa.deck.app.ci.config @@ -104,78 +118,55 @@ secret_configs: name: deck namespace: ci - from: - sa.hook.app.ci.config: - field: sa.hook.app.ci.config - item: build_farm - sa.hook.arm01.config: - field: sa.hook.arm01.config - item: build_farm - sa.hook.build01.config: - field: sa.hook.build01.config + sa.dptp-controller-manager.build01.config: + field: sa.dptp-controller-manager.build01.config item: build_farm - sa.hook.build99.config: - field: sa.hook.build99.config + sa.dptp-controller-manager.build99.config: + field: sa.dptp-controller-manager.build99.config item: build_farm - sa.hook.build99.token.txt: - field: sa.hook.build99.token.txt + sa.dptp-controller-manager.build99.token.txt: + field: sa.dptp-controller-manager.build99.token.txt item: build_farm to: - cluster: app.ci - name: hook + name: dptp-controller-manager namespace: ci - from: - sa.prow-controller-manager.app.ci.config: - field: sa.prow-controller-manager.app.ci.config - item: build_farm - sa.prow-controller-manager.arm01.config: - field: sa.prow-controller-manager.arm01.config + sa.github-ldap-user-group-creator.arm01.config: + field: sa.github-ldap-user-group-creator.arm01.config item: build_farm - sa.prow-controller-manager.build01.config: - field: sa.prow-controller-manager.build01.config + sa.github-ldap-user-group-creator.build01.config: + field: sa.github-ldap-user-group-creator.build01.config item: build_farm - sa.prow-controller-manager.build99.config: - field: sa.prow-controller-manager.build99.config + sa.github-ldap-user-group-creator.build99.config: + field: sa.github-ldap-user-group-creator.build99.config item: build_farm - sa.prow-controller-manager.build99.token.txt: - field: sa.prow-controller-manager.build99.token.txt + sa.github-ldap-user-group-creator.build99.token.txt: + field: sa.github-ldap-user-group-creator.build99.token.txt item: build_farm to: - cluster: app.ci - name: prow-controller-manager + name: github-ldap-user-group-creator namespace: ci - from: - sa.sinker.app.ci.config: - field: sa.sinker.app.ci.config - item: build_farm - sa.sinker.arm01.config: - field: sa.sinker.arm01.config - item: build_farm - sa.sinker.build01.config: - field: sa.sinker.build01.config - item: build_farm - sa.sinker.build99.config: - field: sa.sinker.build99.config + sa.hook.app.ci.config: + field: sa.hook.app.ci.config item: build_farm - sa.sinker.build99.token.txt: - field: sa.sinker.build99.token.txt + sa.hook.arm01.config: + field: sa.hook.arm01.config item: build_farm - to: - - cluster: app.ci - name: sinker - namespace: ci -- from: - sa.dptp-controller-manager.build01.config: - field: sa.dptp-controller-manager.build01.config + sa.hook.build01.config: + field: sa.hook.build01.config item: build_farm - sa.dptp-controller-manager.build99.config: - field: sa.dptp-controller-manager.build99.config + sa.hook.build99.config: + field: sa.hook.build99.config item: build_farm - sa.dptp-controller-manager.build99.token.txt: - field: sa.dptp-controller-manager.build99.token.txt + sa.hook.build99.token.txt: + field: sa.hook.build99.token.txt item: build_farm to: - cluster: app.ci - name: dptp-controller-manager + name: hook namespace: ci - from: sa.ci-operator.arm01.config: @@ -193,21 +184,21 @@ secret_configs: name: pj-rehearse namespace: ci - from: - sa.github-ldap-user-group-creator.arm01.config: - field: sa.github-ldap-user-group-creator.arm01.config - item: build_farm - sa.github-ldap-user-group-creator.build01.config: - field: sa.github-ldap-user-group-creator.build01.config - item: build_farm - sa.github-ldap-user-group-creator.build99.config: - field: sa.github-ldap-user-group-creator.build99.config - item: build_farm - sa.github-ldap-user-group-creator.build99.token.txt: - field: sa.github-ldap-user-group-creator.build99.token.txt - item: build_farm + app.ci.config: + field: sa.pod-scaler.app.ci.config + item: pod-scaler + build01.config: + field: sa.pod-scaler.build01.config + item: pod-scaler + build99.config: + field: sa.pod-scaler.build99.config + item: pod-scaler + sa.pod-scaler.build99.token.txt: + field: sa.pod-scaler.build99.token.txt + item: pod-scaler to: - cluster: app.ci - name: github-ldap-user-group-creator + name: pod-scaler namespace: ci - from: sa.promoted-image-governor.build01.config: @@ -224,37 +215,46 @@ secret_configs: name: promoted-image-governor namespace: ci - from: - sa.cluster-display.build01.config: - field: sa.cluster-display.build01.config + sa.prow-controller-manager.app.ci.config: + field: sa.prow-controller-manager.app.ci.config item: build_farm - sa.cluster-display.build99.config: - field: sa.cluster-display.build99.config + sa.prow-controller-manager.arm01.config: + field: sa.prow-controller-manager.arm01.config item: build_farm - sa.cluster-display.build99.token.txt: - field: sa.cluster-display.build99.token.txt + sa.prow-controller-manager.build01.config: + field: sa.prow-controller-manager.build01.config + item: build_farm + sa.prow-controller-manager.build99.config: + field: sa.prow-controller-manager.build99.config + item: build_farm + sa.prow-controller-manager.build99.token.txt: + field: sa.prow-controller-manager.build99.token.txt item: build_farm to: - cluster: app.ci - name: cluster-display + name: prow-controller-manager namespace: ci - from: - sa.ci-chat-bot.arm01.config: - field: sa.ci-chat-bot.arm01.config - item: ci-chat-bot - sa.ci-chat-bot.build01.config: - field: sa.ci-chat-bot.build01.config - item: ci-chat-bot - sa.ci-chat-bot.build99.config: - field: sa.ci-chat-bot.build99.config - item: ci-chat-bot - sa.ci-chat-bot.build99.token.txt: - field: sa.ci-chat-bot.build99.token.txt - item: ci-chat-bot + sa.sinker.app.ci.config: + field: sa.sinker.app.ci.config + item: build_farm + sa.sinker.arm01.config: + field: sa.sinker.arm01.config + item: build_farm + sa.sinker.build01.config: + field: sa.sinker.build01.config + item: build_farm + sa.sinker.build99.config: + field: sa.sinker.build99.config + item: build_farm + sa.sinker.build99.token.txt: + field: sa.sinker.build99.token.txt + item: build_farm to: - cluster: app.ci - name: ci-chat-bot-kubeconfigs + name: sinker namespace: ci -- from: null +- from: {} to: - cluster: newCluster name: registry-pull-credentials