Adjust PCO SCS IaaS-compatible checks. (#867)

garloff · mbuechse · web-flow · commit 5b8adff3e3b4 · 2025-01-13T13:01:20.000+01:00
* Adjust PCO SCS IaaS-compatible checks. - Using AppCreds for Prod1 and Prod2 (was using usernm, passwd before) - Name Secrets OS_ACSECRET_PCOPROD[1-4] rather than OS_PASSWORD_... - Run v4 checks 5mins past v3 checks. * The v4 checks should run 5mins later. I had only changed the comment, not the setting in one case... Thanks for spotting @berendt and for the the fix @mbuechse! Signed-off-by: Kurt Garloff <kurt@garloff.de> Co-authored-by: Matthias Büchse <matthias.buechse@cloudandheat.com>
diff --git a/.github/scs-compliance-check/openstack/clouds.yaml b/.github/scs-compliance-check/openstack/clouds.yaml
@@ -10,30 +10,26 @@ clouds:
     interface: "public"
     identity_api_version: 3
   pco-prod1:
+    auth_type: "v3applicationcredential"
     auth:
       auth_url: https://prod1.api.pco.get-cloud.io:5000
-      username: "u500924-svc-standards"
-      project_id: 204eba6723954d0d900d1144b4c9e48d
-      project_name: "p500924-scs-healthmonitor"
-      user_domain_name: "d500924"
+      application_credential_id: "22801bcede0746a192abec1805c8c4e5"
     region_name: "prod1"
     interface: "public"
     identity_api_version: 3
   pco-prod2:
+    auth_type: "v3applicationcredential"
     auth:
       auth_url: https://prod2.api.pco.get-cloud.io:5000
-      username: "u500924-svc-standards"
-      project_id: 6e54c8e75b744902a4c5f4389cdb0529
-      project_name: "p500924-scs-healthmonitor"
-      user_domain_name: "d500924"
+      application_credential_id: "df41234ebc334d2cb99c586e8ad0056d"
     region_name: "prod2"
     interface: "public"
     identity_api_version: 3
   pco-prod3:
     auth_type: "v3applicationcredential"
     auth:
       auth_url: https://prod3.api.pco.get-cloud.io:5000
-      application_credential_id: "fe66c4c8cd3b4ea08262424783e1c58f"
+      application_credential_id: "f5864cd2b0ce4fb3ba9d7e4d5e6e0674"
     region_name: "prod3"
     interface: "public"
     identity_api_version: 3
@@ -42,7 +38,7 @@ clouds:
     auth:
       auth_url: https://prod4.api.pco.get-cloud.io:5000
       #project_id: 6a97f8c649d342429cbe5d0f943602b0
-      application_credential_id: "11ecfb998b474b99ab044f5b20cb23d6"
+      application_credential_id: "d265546ca8ef47e99d743c67e1230897"
     region_name: "prod4"
     interface: "public"
     identity_api_version: 3
diff --git a/.github/workflows/check-pco-prod1-v3.yml b/.github/workflows/check-pco-prod1-v3.yml
@@ -14,10 +14,10 @@ on:
   
 jobs:
   check-pco-prod1:
-    uses: ./.github/workflows/scs-compliance-check.yml
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v3
       layer: iaas
       cloud: "pco-prod1"
-      secret_name: "OS_PASSWORD_PCOPROD1"
+      secret_name: "OS_ACSECRET_PCOPROD1"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod1-v4.yml b/.github/workflows/check-pco-prod1-v4.yml
@@ -1,9 +1,9 @@
 name: "Compliance IaaS v4 of pco-prod1"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:35 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '35 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -14,10 +14,10 @@ on:
   
 jobs:
   check-pco-prod1:
-    uses: ./.github/workflows/scs-compliance-check.yml
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v4
       layer: iaas
       cloud: "pco-prod1"
-      secret_name: "OS_PASSWORD_PCOPROD1"
+      secret_name: "OS_ACSECRET_PCOPROD1"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod2-v3.yml b/.github/workflows/check-pco-prod2-v3.yml
@@ -14,10 +14,10 @@ on:
   
 jobs:
   check-pco-prod2:
-    uses: ./.github/workflows/scs-compliance-check.yml
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v3
       layer: iaas
       cloud: "pco-prod2"
-      secret_name: "OS_PASSWORD_PCOPROD2"
+      secret_name: "OS_ACSECRET_PCOPROD2"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod2-v4.yml b/.github/workflows/check-pco-prod2-v4.yml
@@ -1,9 +1,9 @@
 name: "Compliance IaaS v4 of pco-prod2"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:35 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '35 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -14,10 +14,10 @@ on:
   
 jobs:
   check-pco-prod2:
-    uses: ./.github/workflows/scs-compliance-check.yml
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v4
       layer: iaas
       cloud: "pco-prod2"
-      secret_name: "OS_PASSWORD_PCOPROD2"
+      secret_name: "OS_ACSECRET_PCOPROD2"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod3-v3.yml b/.github/workflows/check-pco-prod3-v3.yml
@@ -19,5 +19,5 @@ jobs:
       version: v3
       layer: iaas
       cloud: "pco-prod3"
-      secret_name: "OS_PASSWORD_PCOPROD3"
+      secret_name: "OS_ACSECRET_PCOPROD3"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod3-v4.yml b/.github/workflows/check-pco-prod3-v4.yml
@@ -1,9 +1,9 @@
 name: "Compliance IaaS v4 of pco-prod3"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:35 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '35 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -19,5 +19,5 @@ jobs:
       version: v4
       layer: iaas
       cloud: "pco-prod3"
-      secret_name: "OS_PASSWORD_PCOPROD3"
+      secret_name: "OS_ACSECRET_PCOPROD3"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod4-v3.yml b/.github/workflows/check-pco-prod4-v3.yml
@@ -19,5 +19,5 @@ jobs:
       version: v3
       layer: iaas
       cloud: "pco-prod4"
-      secret_name: "OS_PASSWORD_PCOPROD4"
+      secret_name: "OS_ACSECRET_PCOPROD4"
     secrets: inherit
diff --git a/.github/workflows/check-pco-prod4-v4.yml b/.github/workflows/check-pco-prod4-v4.yml
@@ -1,9 +1,9 @@
 name: "Compliance IaaS v4 of pco-prod4"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:35 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '35 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -19,5 +19,5 @@ jobs:
       version: v4
       layer: iaas
       cloud: "pco-prod4"
-      secret_name: "OS_PASSWORD_PCOPROD4"
+      secret_name: "OS_ACSECRET_PCOPROD4"
     secrets: inherit
