From 93e4bb5999ee0e9cb5200056c87e276a47590ac9 Mon Sep 17 00:00:00 2001 From: Aleksandr Kurlov Date: Wed, 1 Oct 2025 11:13:18 +0200 Subject: [PATCH 1/2] Use CentralID to ignore quota checks --- internal/central/pkg/config/central.go | 2 +- internal/central/pkg/config/central_quota.go | 10 +++++----- .../pkg/workers/centralmgrs/expiration_date_mgr.go | 4 ++-- .../workers/centralmgrs/expiration_date_mgr_test.go | 9 ++++++--- templates/service-template.yml | 8 ++++---- 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/internal/central/pkg/config/central.go b/internal/central/pkg/config/central.go index b3128150b8..6e4426f63e 100644 --- a/internal/central/pkg/config/central.go +++ b/internal/central/pkg/config/central.go @@ -46,7 +46,7 @@ func (c *CentralConfig) AddFlags(fs *pflag.FlagSet) { fs.IntVar(&c.CentralLifespan.CentralLifespanInHours, "central-lifespan", c.CentralLifespan.CentralLifespanInHours, "The desired lifespan of a Central instance") fs.StringVar(&c.CentralDomainName, "central-domain-name", c.CentralDomainName, "The domain name to use for Central instances") fs.StringVar(&c.Quota.Type, "quota-type", c.Quota.Type, "The type of the quota service to be used. The available options are: 'ams' for AMS backed implementation and 'quota-management-list' for quota list backed implementation (default).") - fs.StringArrayVar(&c.Quota.InternalOrganisationIDs, "quota-internal-organisation-ids", c.Quota.InternalOrganisationIDs, "Comma separated list of organisation IDs that should be ignored for quota checks and for the expiration worker.") + fs.StringArrayVar(&c.Quota.InternalCentralIDs, "quota-internal-central-ids", c.Quota.InternalCentralIDs, "Comma separated list of Central IDs that should be ignored for quota checks and for the expiration worker.") fs.BoolVar(&c.Quota.AllowEvaluatorInstance, "allow-evaluator-instance", c.Quota.AllowEvaluatorInstance, "Allow the creation of central evaluator instances") fs.StringVar(&c.CentralIDPClientID, "central-idp-client-id", c.CentralIDPClientID, "OIDC client_id to pass to Central's auth config") diff --git a/internal/central/pkg/config/central_quota.go b/internal/central/pkg/config/central_quota.go index 19adb4b246..6e0ced7658 100644 --- a/internal/central/pkg/config/central_quota.go +++ b/internal/central/pkg/config/central_quota.go @@ -6,15 +6,15 @@ import "github.com/stackrox/acs-fleet-manager/pkg/api" type CentralQuotaConfig struct { Type string `json:"type"` AllowEvaluatorInstance bool `json:"allow_evaluator_instance"` - // InternalOrganisationIDs is a list of organisation IDs that should be ignored for quota checks - InternalOrganisationIDs []string `json:"internal_organisation_ids"` + // InternalCentralIDs is a list of Central IDs that should be ignored for quota checks + InternalCentralIDs []string `json:"internal_central_ids"` } // NewCentralQuotaConfig ... func NewCentralQuotaConfig() *CentralQuotaConfig { return &CentralQuotaConfig{ - Type: api.QuotaManagementListQuotaType.String(), - AllowEvaluatorInstance: true, - InternalOrganisationIDs: []string{}, + Type: api.QuotaManagementListQuotaType.String(), + AllowEvaluatorInstance: true, + InternalCentralIDs: []string{}, } } diff --git a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go index 999553f6d7..5f99ec0656 100644 --- a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go +++ b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go @@ -94,8 +94,8 @@ func (k *ExpirationDateManager) reconcileCentralExpiredAt(centrals dbapi.Central quotaCostCache := make(map[quotaCostCacheKey]bool, 0) for _, central := range centrals { - if slice.Contains(k.centralConfig.Quota.InternalOrganisationIDs, central.OrganisationID) { - glog.Infof("skipping quota check for central instance %q as it belongs to an internal organisation", central.ID) + if slice.Contains(k.centralConfig.Quota.InternalCentralIDs, central.ID) { + glog.Infof("skipping quota check for internal central instance %q", central.ID) // remove expiration date from internal organisation Central instances if central.ExpiredAt.Valid { central.ExpiredAt = dbapi.TimePtrToNullTime(nil) diff --git a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr_test.go b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr_test.go index 2c8e8228ae..8247ed6fbb 100644 --- a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr_test.go +++ b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr_test.go @@ -17,6 +17,8 @@ import ( "github.com/stackrox/acs-fleet-manager/pkg/errors" ) +const internalCentralID = "internal-central-id" + func TestExpirationDateManager(t *testing.T) { withEntitlement := func(e bool) (*services.QuotaServiceMock, *services.QuotaServiceFactoryMock) { qs := &services.QuotaServiceMock{ @@ -44,7 +46,7 @@ func TestExpirationDateManager(t *testing.T) { } } quotaConf := config.NewCentralQuotaConfig() - quotaConf.InternalOrganisationIDs = []string{"internal-org-id"} + quotaConf.InternalCentralIDs = []string{internalCentralID} defaultCfg := &config.CentralConfig{ Quota: quotaConf, } @@ -92,8 +94,9 @@ func TestExpirationDateManager(t *testing.T) { assert.Len(t, quotaFactory.GetQuotaServiceCalls(), 1) }) - t.Run("skip setting expired_at for internal organisation even if no valid quota", func(t *testing.T) { - central := &dbapi.CentralRequest{OrganisationID: "internal-org-id"} + t.Run("skip setting expired_at for internal central even if no valid quota", func(t *testing.T) { + central := &dbapi.CentralRequest{} + central.ID = internalCentralID centralService := withCentrals(central) quotaSvc, quotaFactory := withEntitlement(true) gpm := NewExpirationDateManager(centralService, quotaFactory, defaultCfg) diff --git a/templates/service-template.yml b/templates/service-template.yml index 30c2a164c2..9d3c02837d 100644 --- a/templates/service-template.yml +++ b/templates/service-template.yml @@ -294,9 +294,9 @@ parameters: description: The domain name to use for Central instances value: acs-stage.rhcloud.com -- name: QUOTA_INTERNAL_ORG_IDS - displayName: Quota internal organisation ids - description: A Comma separated list of organisation IDs that should be ignored for quota checks and for the expiration worker +- name: QUOTA_INTERNAL_CENTRAL_IDS + displayName: Quota internal Central ids + description: A Comma separated list of Central IDs that should be ignored for quota checks and for the expiration worker value: "" - name: ENABLE_READY_DATA_PLANE_CLUSTERS_RECONCILE @@ -963,7 +963,7 @@ objects: - --public-host-url=${SERVICE_PUBLIC_HOST_URL} - --dataplane-cluster-scaling-type=${DATAPLANE_CLUSTER_SCALING_TYPE} - --central-domain-name=${CENTRAL_DOMAIN_NAME} - - --quota-internal-organisation-ids=${QUOTA_INTERNAL_ORG_IDS} + - --quota-internal-central-ids=${QUOTA_INTERNAL_CENTRAL_IDS} - --alsologtostderr - --central-request-expiration-timeout=${CENTRAL_REQUEST_EXPIRATION_TIMEOUT} - --central-request-internal-user-agents=${CENTRAL_REQUEST_INTERNAL_USER_AGENTS} From 5c400c3a0e3dbee2c7c6e84eb6a705641f547a7b Mon Sep 17 00:00:00 2001 From: Aleksandr Kurlov Date: Wed, 1 Oct 2025 11:15:22 +0200 Subject: [PATCH 2/2] Update comment --- .../central/pkg/workers/centralmgrs/expiration_date_mgr.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go index 5f99ec0656..29d72a5226 100644 --- a/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go +++ b/internal/central/pkg/workers/centralmgrs/expiration_date_mgr.go @@ -96,12 +96,12 @@ func (k *ExpirationDateManager) reconcileCentralExpiredAt(centrals dbapi.Central for _, central := range centrals { if slice.Contains(k.centralConfig.Quota.InternalCentralIDs, central.ID) { glog.Infof("skipping quota check for internal central instance %q", central.ID) - // remove expiration date from internal organisation Central instances + // remove expiration date from internal Central instances if central.ExpiredAt.Valid { central.ExpiredAt = dbapi.TimePtrToNullTime(nil) if err := k.updateExpiredAtInDB(central); err != nil { svcErrors = append(svcErrors, errors.Wrapf(err, - "failed to update expired_at for internal organisation central instance %q", central.ID)) + "failed to update expired_at for internal central instance %q", central.ID)) } } continue