[patch] fix automated initial user creation when Manage is not installed #305

tomklapiscak · 2025-05-15T12:46:15Z

Description

After the automated initial user creation feature was merged to gitops:main (#278) an issue was discovered in fvtsaas where the new postsyncjobs ArgoCD application would fail to sync on MAS instances where Manage is not installed (which may be the case <9.1.x) due to the mas-xxx-manage namespace not being present.

This PR fixes this issue by only creating the Manage-related RBAC resources when Manage is actually installed.

Testing

Verified that the `postsyncjobs` application now syncs successfully and functions as expected in a 9.0.x env without Manage

Logging into AWS SecretsManager ...
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     **************** shared-credentials-file
secret_key     **************** shared-credentials-file
    region                us-east-2              env    ['AWS_REGION', 'AWS_DEFAULT_REGION']
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     Configuration:
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     --------------
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     mas_instance_id:           tgk02
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     mas_workspace_id:          masdev
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     initial_users_yaml_file:   None
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     initial_users_secret_name: fyre-dev/noble6/tgk02/initial_users
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     log_level:                 20
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     coreapi_port:              443
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     admin_dashboard_port:      443
2025-05-15 12:57:30,431   root                                               [MainThread] INFO     manage_api_port:           443
2025-05-15 12:57:30,431   root                                               [MainThread] INFO
2025-05-15 12:57:30,650   root                                               [MainThread] INFO     Loading initial_users configuration from secret fyre-dev/noble6/tgk02/initial_users
2025-05-15 12:57:30,664   botocore.credentials                               [MainThread] INFO     Found credentials in shared credentials file: ~/.aws/credentials
2025-05-15 12:57:32,141   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-05-15 12:57:32,142   mas.devops.users.MASUserUtils                      [MainThread] INFO     Syncing primary user test1@example.com
2025-05-15 12:57:32,246   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new user test1@example.com
2025-05-15 12:57:34,255   mas.devops.users.MASUserUtils                      [MainThread] INFO     Linking user test1@example.com to local IDP (email_password: True)
2025-05-15 12:57:35,542   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user test1@example.com to masdev (is_workspace_admin: True)
2025-05-15 12:57:36,008   mas.devops.users.MASUserUtils                      [MainThread] INFO     Completed sync of primary user test1@example.com
2025-05-15 12:57:36,008   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-05-15 12:57:36,008   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-05-15 12:57:36,008   mas.devops.users.MASUserUtils                      [MainThread] INFO     Syncing secondary user test2@example.com
2025-05-15 12:57:36,867   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new user test2@example.com
2025-05-15 12:57:39,011   mas.devops.users.MASUserUtils                      [MainThread] INFO     Linking user test2@example.com to local IDP (email_password: True)
2025-05-15 12:57:39,673   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user test2@example.com to masdev (is_workspace_admin: False)
2025-05-15 12:57:40,092   mas.devops.users.MASUserUtils                      [MainThread] INFO     Completed sync of secondary user test2@example.com
2025-05-15 12:57:40,092   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-05-15 12:57:40,092   root                                               [MainThread] INFO     Removing synced user test1@example.com from fyre-dev/noble6/tgk02/initial_users secret
2025-05-15 12:57:40,092   root                                               [MainThread] INFO     Removing synced user test2@example.com from fyre-dev/noble6/tgk02/initial_users secret
2025-05-15 12:57:40,092   root                                               [MainThread] INFO     Updating secret fyre-dev/noble6/tgk02/initial_users

Verified that the `postsyncjobs` application still functions as expected (Manage RBAC resources created) in envs that do have Manage:

Logging into AWS SecretsManager ...
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     **************** shared-credentials-file
secret_key     **************** shared-credentials-file
    region                us-east-2              env    ['AWS_REGION', 'AWS_DEFAULT_REGION']
2025-05-15 17:17:09,539   root                                               [MainThread] INFO     Configuration:
2025-05-15 17:17:09,539   root                                               [MainThread] INFO     --------------
2025-05-15 17:17:09,539   root                                               [MainThread] INFO     mas_instance_id:           tgk02
2025-05-15 17:17:09,539   root                                               [MainThread] INFO     mas_workspace_id:          masdev
2025-05-15 17:17:09,539   root                                               [MainThread] INFO     initial_users_yaml_file:   None
2025-05-15 17:17:09,540   root                                               [MainThread] INFO     initial_users_secret_name: fyre-dev/noble6/tgk02/initial_users
2025-05-15 17:17:09,540   root                                               [MainThread] INFO     log_level:                 20
2025-05-15 17:17:09,540   root                                               [MainThread] INFO     coreapi_port:              443
2025-05-15 17:17:09,540   root                                               [MainThread] INFO     admin_dashboard_port:      443
2025-05-15 17:17:09,540   root                                               [MainThread] INFO     manage_api_port:           443
2025-05-15 17:17:09,540   root                                               [MainThread] INFO
2025-05-15 17:17:09,728   root                                               [MainThread] INFO     Loading initial_users configuration from secret fyre-dev/noble6/tgk02/initial_users
2025-05-15 17:17:09,739   botocore.credentials                               [MainThread] INFO     Found credentials in shared credentials file: ~/.aws/credentials
2025-05-15 17:17:10,554   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for manage to become ready and available: 600.00 seconds remaining
2025-05-15 17:17:10,710   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-05-15 17:17:10,710   mas.devops.users.MASUserUtils                      [MainThread] INFO     Syncing primary user test5@example.com
2025-05-15 17:17:10,850   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new user test5@example.com
2025-05-15 17:17:12,640   mas.devops.users.MASUserUtils                      [MainThread] INFO     Linking user test5@example.com to local IDP (email_password: True)
2025-05-15 17:17:13,421   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user test5@example.com to masdev (is_workspace_admin: True)
2025-05-15 17:17:13,992   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for manage to become ready and available: 600.00 seconds remaining
2025-05-15 17:17:14,391   mas.devops.users.MASUserUtils                      [MainThread] INFO     Setting user test5@example.com role for manage to MANAGEUSER
2025-05-15 17:17:15,500   mas.devops.users.MASUserUtils                      [MainThread] INFO     Awaiting user test5@example.com sync status "SUCCESS" for app manage: 600.00 seconds remaining
2025-05-15 17:17:15,628   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 599.87 seconds remaining
2025-05-15 17:17:20,767   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 594.73 seconds remaining
2025-05-15 17:17:25,922   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 589.58 seconds remaining
2025-05-15 17:17:31,062   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 584.44 seconds remaining
2025-05-15 17:17:36,201   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 579.30 seconds remaining
2025-05-15 17:17:41,353   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 574.15 seconds remaining
2025-05-15 17:17:46,496   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 569.00 seconds remaining
2025-05-15 17:17:51,634   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 563.87 seconds remaining
2025-05-15 17:17:56,761   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 558.74 seconds remaining
2025-05-15 17:18:01,906   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 553.59 seconds remaining
2025-05-15 17:18:07,034   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 548.47 seconds remaining
2025-05-15 17:18:12,173   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 543.33 seconds remaining
2025-05-15 17:18:17,317   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 538.18 seconds remaining
2025-05-15 17:18:22,463   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 533.04 seconds remaining
2025-05-15 17:18:27,612   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 527.89 seconds remaining
2025-05-15 17:18:32,743   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 522.76 seconds remaining
2025-05-15 17:18:37,882   mas.devops.users.MASUserUtils                      [MainThread] INFO     User test5@example.com sync has not been completed yet for app manage (currrently PENDING): 517.62 seconds remaining
2025-05-15 17:18:43,222   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new Manage API Key for user MAXADMIN
2025-05-15 17:18:43,555   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user test5@example.com to Manage group MAXADMIN
2025-05-15 17:18:43,729   mas.devops.users.MASUserUtils                      [MainThread] INFO     Completed sync of primary user test5@example.com
2025-05-15 17:18:43,730   root                                               [MainThread] INFO     Removing synced user test5@example.com from fyre-dev/noble6/tgk02/initial_users secret
2025-05-15 17:18:43,730   root                                               [MainThread] INFO     Updating secret fyre-dev/noble6/tgk02/initial_users
2025-05-15 17:18:44,213   mas.devops.users.MASUserUtils                      [MainThread] INFO     Deleting Manage API Key for user MAXADMIN

…nstalled https://jsw.ibm.com/browse/MASCORE-6481

tomklapiscak added 2 commits May 15, 2025 11:30

[patch] Do not attempt to create RBAC in Manage ns if Manage is not i…

eb0ca16

…nstalled https://jsw.ibm.com/browse/MASCORE-6481

tweak

841ffe2

tomklapiscak marked this pull request as draft May 15, 2025 12:46

tomklapiscak marked this pull request as ready for review May 15, 2025 15:18

tomklapiscak requested review from mnivedithaa, rbinns, ashleytate614, caroazad, whitfiea and benbakowski May 15, 2025 15:20

ashleytate614 approved these changes May 15, 2025

View reviewed changes

tomklapiscak merged commit da39a10 into main May 15, 2025
2 checks passed

tomklapiscak deleted the mascore6072fix branch May 15, 2025 17:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[patch] fix automated initial user creation when Manage is not installed #305

[patch] fix automated initial user creation when Manage is not installed #305

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[patch] fix automated initial user creation when Manage is not installed #305

[patch] fix automated initial user creation when Manage is not installed #305

Uh oh!

Conversation

Uh oh!

Description

Testing

Verified that the postsyncjobs application now syncs successfully and functions as expected in a 9.0.x env without Manage

Verified that the postsyncjobs application still functions as expected (Manage RBAC resources created) in envs that do have Manage:

Uh oh!

Uh oh!

Uh oh!

Verified that the `postsyncjobs` application now syncs successfully and functions as expected in a 9.0.x env without Manage

Verified that the `postsyncjobs` application still functions as expected (Manage RBAC resources created) in envs that do have Manage: