ROX-31105: Use CentralID to ignore quota checks (#2446)

* Use CentralID to ignore quota checks

* Update comment

Author: kurlov

internal/central/pkg/config/central.go

@@ -46,7 +46,7 @@ func (c *CentralConfig) AddFlags(fs *pflag.FlagSet) {
 	fs.IntVar(&c.CentralLifespan.CentralLifespanInHours, "central-lifespan", c.CentralLifespan.CentralLifespanInHours, "The desired lifespan of a Central instance")
 	fs.StringVar(&c.CentralDomainName, "central-domain-name", c.CentralDomainName, "The domain name to use for Central instances")
 	fs.StringVar(&c.Quota.Type, "quota-type", c.Quota.Type, "The type of the quota service to be used. The available options are: 'ams' for AMS backed implementation and 'quota-management-list' for quota list backed implementation (default).")
-	fs.StringArrayVar(&c.Quota.InternalOrganisationIDs, "quota-internal-organisation-ids", c.Quota.InternalOrganisationIDs, "Comma separated list of organisation IDs that should be ignored for quota checks and for the expiration worker.")
+	fs.StringArrayVar(&c.Quota.InternalCentralIDs, "quota-internal-central-ids", c.Quota.InternalCentralIDs, "Comma separated list of Central IDs that should be ignored for quota checks and for the expiration worker.")
 	fs.BoolVar(&c.Quota.AllowEvaluatorInstance, "allow-evaluator-instance", c.Quota.AllowEvaluatorInstance, "Allow the creation of central evaluator instances")
 
 	fs.StringVar(&c.CentralIDPClientID, "central-idp-client-id", c.CentralIDPClientID, "OIDC client_id to pass to Central's auth config")

internal/central/pkg/config/central_quota.go

@@ -6,15 +6,15 @@ import "github.com/stackrox/acs-fleet-manager/pkg/api"
 type CentralQuotaConfig struct {
 	Type                   string `json:"type"`
 	AllowEvaluatorInstance bool   `json:"allow_evaluator_instance"`
-	// InternalOrganisationIDs is a list of organisation IDs that should be ignored for quota checks
-	InternalOrganisationIDs []string `json:"internal_organisation_ids"`
+	// InternalCentralIDs is a list of Central IDs that should be ignored for quota checks
+	InternalCentralIDs []string `json:"internal_central_ids"`
 }
 
 // NewCentralQuotaConfig ...
 func NewCentralQuotaConfig() *CentralQuotaConfig {
 	return &CentralQuotaConfig{
-		Type:                    api.QuotaManagementListQuotaType.String(),
-		AllowEvaluatorInstance:  true,
-		InternalOrganisationIDs: []string{},
+		Type:                   api.QuotaManagementListQuotaType.String(),
+		AllowEvaluatorInstance: true,
+		InternalCentralIDs:     []string{},
 	}
 }

internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go

@@ -94,14 +94,14 @@ func (k *ExpirationDateManager) reconcileCentralExpiredAt(centrals dbapi.Central
 
 	quotaCostCache := make(map[quotaCostCacheKey]bool, 0)
 	for _, central := range centrals {
-		if slice.Contains(k.centralConfig.Quota.InternalOrganisationIDs, central.OrganisationID) {
-			glog.Infof("skipping quota check for central instance %q as it belongs to an internal organisation", central.ID)
-			// remove expiration date from internal organisation Central instances
+		if slice.Contains(k.centralConfig.Quota.InternalCentralIDs, central.ID) {
+			glog.Infof("skipping quota check for internal central instance %q", central.ID)
+			// remove expiration date from internal Central instances
 			if central.ExpiredAt.Valid {
 				central.ExpiredAt = dbapi.TimePtrToNullTime(nil)
 				if err := k.updateExpiredAtInDB(central); err != nil {
 					svcErrors = append(svcErrors, errors.Wrapf(err,
-						"failed to update expired_at for internal organisation central instance %q", central.ID))
+						"failed to update expired_at for internal central instance %q", central.ID))
 				}
 			}
 			continue

internal/central/pkg/workers/centralmgrs/expiration_date_mgr_test.go

@@ -17,6 +17,8 @@ import (
 	"github.com/stackrox/acs-fleet-manager/pkg/errors"
 )
 
+const internalCentralID = "internal-central-id"
+
 func TestExpirationDateManager(t *testing.T) {
 	withEntitlement := func(e bool) (*services.QuotaServiceMock, *services.QuotaServiceFactoryMock) {
 		qs := &services.QuotaServiceMock{
@@ -44,7 +46,7 @@ func TestExpirationDateManager(t *testing.T) {
 		}
 	}
 	quotaConf := config.NewCentralQuotaConfig()
-	quotaConf.InternalOrganisationIDs = []string{"internal-org-id"}
+	quotaConf.InternalCentralIDs = []string{internalCentralID}
 	defaultCfg := &config.CentralConfig{
 		Quota: quotaConf,
 	}
@@ -92,8 +94,9 @@ func TestExpirationDateManager(t *testing.T) {
 		assert.Len(t, quotaFactory.GetQuotaServiceCalls(), 1)
 	})
 
-	t.Run("skip setting expired_at for internal organisation even if no valid quota", func(t *testing.T) {
-		central := &dbapi.CentralRequest{OrganisationID: "internal-org-id"}
+	t.Run("skip setting expired_at for internal central even if no valid quota", func(t *testing.T) {
+		central := &dbapi.CentralRequest{}
+		central.ID = internalCentralID
 		centralService := withCentrals(central)
 		quotaSvc, quotaFactory := withEntitlement(true)
 		gpm := NewExpirationDateManager(centralService, quotaFactory, defaultCfg)

templates/service-template.yml

@@ -294,9 +294,9 @@ parameters:
   description: The domain name to use for Central instances
   value: acs-stage.rhcloud.com
 
-- name: QUOTA_INTERNAL_ORG_IDS
-  displayName: Quota internal organisation ids
-  description: A Comma separated list of organisation IDs that should be ignored for quota checks and for the expiration worker
+- name: QUOTA_INTERNAL_CENTRAL_IDS
+  displayName: Quota internal Central ids
+  description: A Comma separated list of Central IDs that should be ignored for quota checks and for the expiration worker
   value: ""
 
 - name: ENABLE_READY_DATA_PLANE_CLUSTERS_RECONCILE
@@ -963,7 +963,7 @@ objects:
             - --public-host-url=${SERVICE_PUBLIC_HOST_URL}
             - --dataplane-cluster-scaling-type=${DATAPLANE_CLUSTER_SCALING_TYPE}
             - --central-domain-name=${CENTRAL_DOMAIN_NAME}
-            - --quota-internal-organisation-ids=${QUOTA_INTERNAL_ORG_IDS}
+            - --quota-internal-central-ids=${QUOTA_INTERNAL_CENTRAL_IDS}
             - --alsologtostderr
             - --central-request-expiration-timeout=${CENTRAL_REQUEST_EXPIRATION_TIMEOUT}
             - --central-request-internal-user-agents=${CENTRAL_REQUEST_INTERNAL_USER_AGENTS}