Replace gx-scs by SCS2. (#885)

Signed-off-by: Kurt Garloff <[email protected]>

Author: garloff

.github/scs-compliance-check/openstack/clouds.yaml

@@ -1,12 +1,10 @@
 clouds:
-  gx-scs:
+  scs2:
+    auth_type: "v3applicationcredential"
     auth:
-      auth_url: https://api.gx-scs.sovereignit.cloud:5000
-      username: "u500924-svc-standards"
-      project_id: 3829cc7c8f034fc985f5055a1df6f247
-      project_name: "p500924-scs-healthmonitor"
-      user_domain_name: "d500924"
-    region_name: "RegionOne"
+      auth_url: https://scs2.api.pco.get-cloud.io:5000
+      application_credential_id: "f8f301ccf04047589afac62665227edd"
+    region_name: "scs2"
     interface: "public"
     identity_api_version: 3
   pco-prod1:

.github/workflows/check-gx-scs-v4.yml .github/workflows/check-scs2-v4.yml.github/workflows/check-gx-scs-v4.yml renamed to .github/workflows/check-scs2-v4.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v4 of gx-scs"
+name: "Compliance IaaS v4 of scs2"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:45 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '45 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-gx-scs:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-scs2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v4
       layer: iaas
-      cloud: "gx-scs"
-      secret_name: "OS_PASSWORD_GXSCS"
+      cloud: "scs2"
+      secret_name: "OS_ACSECRET_SCS2"
     secrets: inherit

.github/workflows/check-gx-scs-v3.yml .github/workflows/check-scs2-v5.yml.github/workflows/check-gx-scs-v3.yml renamed to .github/workflows/check-scs2-v5.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v3 of gx-scs"
+name: "Compliance IaaS v5 of scs2"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:25 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '25 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-gx-scs:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-scs2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v3
+      version: v5
       layer: iaas
-      cloud: "gx-scs"
-      secret_name: "OS_PASSWORD_GXSCS"
+      cloud: "scs2"
+      secret_name: "OS_ACSECRET_SCS2"
     secrets: inherit

.zuul.d/config.yaml

@@ -8,10 +8,10 @@
         - scs-check-all
     periodic-hourly:
       jobs:
-        - scs-check-gx-scs-main
+        - scs-check-scs2-main
     post:
       jobs:
-        - scs-check-gx-scs
+        - scs-check-scs2
     check:
       jobs:
         - scs-check-adr-syntax
@@ -22,7 +22,7 @@
     pre-run: playbooks/pre.yaml
     run: playbooks/adr_syntax.yaml
 - job:
-    name: scs-check-gx-scs
+    name: scs-check-scs2
     parent: base
     secrets:
      - name: clouds_conf
@@ -35,11 +35,11 @@
      - playbooks/pre_cloud.yaml
     run: playbooks/compliance_check.yaml
 - job:
-    name: scs-check-gx-scs-main
-    parent: scs-check-gx-scs
+    name: scs-check-scs2-main
+    parent: scs-check-scs2
     branches: main
 - job:
     name: scs-check-all
-    parent: scs-check-gx-scs-main
+    parent: scs-check-scs2-main
     vars:
       preset: all

.zuul.d/secure.yaml

@@ -35,28 +35,6 @@
           JWvUvQl33JFC1jzIoQ7Rph6c660fRmz377jwjqx9/+bkHwLozGCP/9XrZVcizefEJM6jD
           eHRcpMpjuyFJLyNKnEF1lp58sfVQoJfVHTIvmzS9erVJhU/zjyeDFPsrLFweV7/5QzRvI
           lDiXrfj+X40EQvPrkSBJj/BIBYl+RuF8PfYnV4jqaQBwFNNBQoL/hGEotZa5h4=
-      gx_scs_ac_id: !encrypted/pkcs1-oaep
-        - uTdKdJXEzdx0pFAOAxR3054IdWqY1Hpjo/HQoNTJrXwT1yKFS2lkXk4LZWfVy2pnkk+I8
-          T3vpvonxb8hwkZQLZRbauzLmuCrjWpM6u2Nu2aY6bppFkj26t/VZ2/ovFjWmKL2isd7qx
-          iZPaVcniFLG/nEUeH3Jaq0dnGgoE1k8jRj+ke4tw8gy+KVVy51Ok9g1dq4AtTAtl04KkR
-          Xcu9O2gFQaN6aikbbr5Nh4tJJAlbybSk0pbPD9e5Kj9aamls7rHLaJCzdh2BBAYfdBejp
-          iuCcY15cauNiwYCAHVmnz+E0gDA4IfIH224Id8LrlO8xp5r0+hd1nWZw48jjk5ozZLIFv
-          Ud7DsPoTKs8zhME7tIglbdzVFllc5L3IF5mSpvc5mKfvT8b4bNN5T7fOgpsUYyorpzE0G
-          5oWNW5dG0YsK+6UkbUGIgHFHOBQbZ1qhthb+QQ7bvFUiMEft6Sbga1p1DXi6P++b8tsCQ
-          L9e0LdDMqK5vWlbcM1xYbjqhuYYSHwPqqMrAYVc5/rlLIsXJEHEt8s/D4/0rX20VAE/Ii
-          1CQMRyU7sgVQqaS9YPoVyGFdaL8FoVAbyageQxWSTjFVXZ4EUmrsncOcxAVrVmWOZmIZn
-          wrZYNjAYSkHWnHIO2gFoC8QtnThb0i4htmRf1Nv2YGWWyUxA32JbIyliS2O57k=
-      gx_scs_ac_secret: !encrypted/pkcs1-oaep
-        - QmUbdGH6ZrkVaL7qV8P0lxKn/kvpEREmf8MffxWvQb+zeWs4y2O8A4TNl/tGRjmJzV7Vk
-          tkte+bdazt7fG665WxKaUI8exkuLYCA3fPPp00/7CyhYDc24bWG/BH0ypEWpjfzInxv3Q
-          waqjvC4O3tp2oNX9wIicrZuDVfdDywCHgkEdApQpjJZqe0VifjZ4/Arj3m4sCA9yCj3gW
-          PUa8kDgGheYYqyIETAbKAskcUbRNUrKGkDZBMfYqXSuXLRDbjk4G2RZK74E56s7iZcW51
-          FLBVFrdfU+EV/haAIkLPacQ05xbtsLJ9tUdmy4gjd2lzA7CQxtZ3Kf6p9lWXk/xvnHvdv
-          SLvQPsWV1/6WeLaBq+m2ncajWrJW2WyltxEfUF4jYTroM1bw+b4OiYOhSwFDipzyYpTwY
-          zxFSwfmhHvkwPdeinjK2s04XmDLBGjfYFGvGwMKpEIYC9/hoBNQcSV26k2CKIPMX2Wb+z
-          TW7x5U3evZ22RResSQrIxZGt1xOvYFVw8KK8n243pL1tk0VtRtlEpNNVLbY7Zm8dUj9mU
-          ogEUIbRB2NVl904YLtqD1u/jasBYsvdvB7HmcXQmh+8/lybh5ouBP2ZTdSNnPy2tZDTTB
-          aqdJ+oJYtAwnm+e5fR8ddqvfcEW6eq8D7ouahjNYcbWT7K2ZjWlR2HxrqJJRxs=
       cc_rrze_ac_id: !encrypted/pkcs1-oaep
         - DUgJ7ozJOzJq1TSmBE6P8RGAW6C+s9LDRbW6mHIbAQlAX3+21d/KgoLk9zEyDdOanK1yd
           QaEZJDjURsIAcHJh7vh9w/2Z948XKDybxIOb1tcJGJU1LsEmYoNAQXM5G3+l8Z66Crpgw
@@ -321,3 +299,25 @@
           cYBWMsILDfv/7AR2lE+QTCxtL3gqPbjX5h0XlIXS/8p+xuA04pvSA6MWWCOuEUgQyt7i2
           6QnUC2DdYiVKGf54pBGuyilsBlH9Hmmcpa3UFrFQhGJjvZ1+M+8shFH3m238UYu72Q57q
           JZBtAU3zdwqDrDe5d/EfGSDE9FFLoMvColJpwLeY4zhP3XK6MrDnjwkMGMpsrE=
+      scs2_ac_id: !encrypted/pkcs1-oaep
+        - Y8BQv9PqamMnqL72LDSTxIE7qKQUz8pclYYZV2MhBbspuzBzs9/a3dMXyrOL1HyFacGZo
+          IPYnTG7BnnQLup0iwNoL2DMmsut69c0nLXIId2+hmH2/inW9GmEN12zE70nSG1jhGqAm/
+          V6q814Ef0O+bnvs8Abr06w2mWDAtbyZeAD7K7UzsQpz1SzyJKidRltQQNuI5cCpPCenkm
+          5Co9q0df8E3JeLwOa96Y1Xb4bHXmh0sfDTsc2DNGOAE3+wWc2iYMYIvCqrIvYmTUJMX+z
+          IqGJ3Ca1Py27xl7hOhlwFerJdTZTB1YZ61T5+RAbJ9LzNhP6hzQscArYLJHCMclxH7kI4
+          SH778FfSPK7nJmkAK8T6D8uFLuJmw7aNhuUPcRTIWrvMic1Pe+y12OJa2mCF3ULiaj+Ct
+          roCW3hPBVOwQPe1LsgoT2pUbhhA4Gej5vDeGSgcCqwFyZMK+9F4y6ueGeupYgaenSSNSA
+          oDvjYvE7IAceBqpm06miDNIMHRiHOfKvS7GWmN64axgoFvL8PwpjHmufOg5tvDqAPhNPo
+          ymNxEuQbPyXz6uEvqkIzXNqJD1Rso9lzDSpmuw0DGYiURINAlJ5+aIKd1I80E5jnYqWDi
+          AzoVDdcc8rs5dSv5EVUNgHAZbhoGXCrDG4Rle3W7O7OjYRhujWfPvOsZpKshus=
+      scs2_ac_secret: !encrypted/pkcs1-oaep
+        - IKyt7UBMh6ByyMYriD1348U14YAeDyshpizDi+JFRKMUTHfGOMt8ymMwvSNjZNl0lDq05
+          hj+5eihgASkXeKrDVqqB/UV1eB5romShC72AyoeenR33ydfXhpscAW6Ygsx1o1k49FDVa
+          zc7xe4T6dEcGfuXCELUcC6bl7LiOh4lX8fKUie1liq5l3yonYGgKQ00kLMTd3NkEiIzan
+          HJF6ezLq2AvJPHBeoa7x0yGUk6IwJGafL++kiYNUqbzYP1MG0JJyMbHP4svM/Fq/IiO6y
+          HBoLT0zc3owQ3JUxysQ+jDCeltLvwdwEtl7T10+xtSYsOQnsoN+/KTqW3+jrFHEAI0xDc
+          v3X81xZb9zW6aEQc75Upx0fnDOBHPnGBziHG+4m8YrIkMthJ812v0Xrwi1VH6sFac1lET
+          dOvR0LsXw1t/N8T7JbmzsJ7TTluN32iegt9mZ0syXHJyNr6DuUs3P6iDoOlRUzv+UzIJP
+          PHOVS1umROCJJi/5T78EA4ukDdFN/zdEktGauSDqUVRPASodV8Q3qvN6PgskPh1dQgxwB
+          Po9R1405It3aQtBiXnT+38eKAd1nTJkaRlC03VgbeV+XrjMI1YsMQDAt+YhMKSfys1ZhB
+          n6Dw+nc3Qi21G/CnY45rFUMLGTzevukKuHeiApf+eX4PdNQ1LPkUGrHdNnqkj8=

Tests/config.toml

@@ -8,7 +8,7 @@ scopes = [
     "scs-compatible-iaas",
 ]
 subjects = [
-    "gx-scs",
+    "scs2",
 ]
 
 
@@ -17,7 +17,7 @@ scopes = [
     "scs-compatible-iaas",
 ]
 subjects = [
-    "gx-scs",
+    "scs2",
     "artcodix",
     # currently not reachable from outside: "cc-rrze",
     "pco-prod1",

compliance-monitor/README.md

@@ -90,7 +90,7 @@ accounts:
       - read_any  # can read non-public details of compliance results for any subject
       - admin  # can cause reload of the bootstrap file, among other things
       - approve  # can approve non-pass results
-  - subject: gx-scs
+  - subject: scs2
     api_keys: []
     keys: []
 ```

compliance-monitor/bootstrap.yaml

@@ -15,13 +15,9 @@ accounts:
         public_key_name: "zuul_ci_sign"
     roles:
       - append_any
-  - subject: gx-scs
+  - subject: scs2
     delegates:
       - zuul_ci
-    keys:
-      - public_key: "AAAAC3NzaC1lZDI1NTE5AAAAILufk4C7e0eQQIkmUDK8GB2IoiDjYtv6mx2eE8wZ3VWT"
-        public_key_type: "ssh-ed25519"
-        public_key_name: "primary"
   - subject: artcodix
     delegates:
       - zuul_ci

compliance-monitor/templates/overview.md.j2

@@ -8,9 +8,9 @@ Version numbers are suffixed by a symbol depending on state: * for _draft_, †
 {% set iaas = '50393e6f-2ae1-4c5c-a62c-3b75f2abef3f' -%}
 | Name  | Description  | Operator  | [SCS-compatible IaaS](https://docs.scs.community/standards/scs-compatible-iaas/)  | HealthMon  |
 |-------|--------------|-----------|----------------------|:----------:|
-| [gx-scs](https://github.com/SovereignCloudStack/docs/blob/main/community/cloud-resources/plusserver-gx-scs.md) | Dev environment provided for SCS & GAIA-X context | plusserver GmbH | 
-{#- #} [{{ results | pick('gx-scs', iaas) | summary }}]({{ detail_url('gx-scs', iaas) }}) {# -#}
-| [HM](https://health.gx-scs.sovereignit.cloud:3000/) |
+| [scs2](https://docs.scs.community/community/cloud-resources/plusserver-gx-scs) | Dev/Test/Demo environment (2nd gen) provided for SCS & GAIA-X context | plusserver GmbH | 
+{#- #} [{{ results | pick('scs2', iaas) | summary }}]({{ detail_url('scs2', iaas) }}) {# -#}
+| [HM](https://health.prod1.plusserver.sovereignit.cloud:3000/d/9ltTEmlnk/openstack-health-monitor2?orgId=1&refresh=5m&var-mycmd=All&var-mymethod=All&var-mywait=All&var-mybench=All&var-mycloud=gx-scs2) |
 | [aov.cloud](https://www.aov.de/) | Community cloud for customers | aov IT.Services GmbH |
 {#- #} [{{ results | pick('aov-cloud', iaas) | summary }}]({{ detail_url('aov-cloud', iaas) }}) {# -#}
 | [HM](https://health.aov.cloud/) |

playbooks/clouds.yaml.j2

@@ -1,11 +1,11 @@
 ---
 clouds:
-  gx-scs:
+  scs2:
     auth:
-      auth_url: https://api.gx-scs.sovereignit.cloud:5000
-      application_credential_id: "{{ clouds_conf.gx_scs_ac_id }}"
-      application_credential_secret: "{{ clouds_conf.gx_scs_ac_secret }}"
-    region_name: "RegionOne"
+      auth_url: https://scs2.api.pco.get-cloud.io:5000/
+      application_credential_id: "{{ clouds_conf.scs2_ac_id }}"
+      application_credential_secret: "{{ clouds_conf.scs2_ac_secret }}"
+    region_name: "scs2"
     interface: "public"
     identity_api_version: 3
     auth_type: "v3applicationcredential"