remove pull secret from int/prod

.pipelines/deploy-int-env.yml

@@ -33,7 +33,6 @@ jobs:
           mdsdMonitoringEnviroment: "Test"
           mdsdConfigVersion: $(MDSD-CONFIG-VERSION)
           rpMode: "int"
-          pullSecret: $(aro-pullsecret)
           acrResourceId: "/subscriptions/0cc1cafa-578f-4fa5-8d6b-ddfd8d82e6ea/resourceGroups/global-infra/providers/Microsoft.ContainerRegistry/registries/arointsvc"
           sshPublicKey: $(int-ssh-public-key)
           subscriptionId: "0cc1cafa-578f-4fa5-8d6b-ddfd8d82e6ea"

.pipelines/templates/template-deploy-int-env.yml

@@ -12,7 +12,6 @@ parameters:
   mdsdConfigVersion: ""
   rpMode: ""
   sshPublicKey: ""
-  pullSecret: ""
   acrResourceId: ""
   subscriptionId: ""
   adminApiCaBundle: ""
@@ -30,8 +29,6 @@ steps:
       export RP_IMAGE_AUTH=$(echo "$pull_spn_client_id:$pull_spn_client_secret" | base64 -w 0)
       rm pull-spn.json
 
-      export PULL_SECRET=$(echo ${{ parameters.pullSecret }} | base64 -d -w 0)
-
       export DOMAIN_NAME=${{ parameters.domainName }}
       export AZURE_FP_CLIENT_ID=${{ parameters.azureFpClientId }}
       export COSMOSDB_ACCOUNT=${{ parameters.databaseAccountName }}

cmd/aro/rp.go

@@ -30,14 +30,6 @@ import (
 )
 
 func rp(ctx context.Context, log *logrus.Entry) error {
-	for _, key := range []string{
-		"PULL_SECRET",
-	} {
-		if _, found := os.LookupEnv(key); !found {
-			return fmt.Errorf("environment variable %q unset", key)
-		}
-	}
-
 	uuid := uuid.NewV4().String()
 	log.Printf("uuid %s", uuid)
 
@@ -46,16 +38,26 @@ func rp(ctx context.Context, log *logrus.Entry) error {
 		return err
 	}
 
-	if _, ok := _env.(env.Dev); !ok {
-		for _, key := range []string{
+	var keys []string
+	if _, ok := _env.(env.Dev); ok {
+		keys = []string{
+			"PULL_SECRET",
+		}
+	} else {
+		keys = []string{
 			"ACR_RESOURCE_ID",
 			"ADMIN_API_CLIENT_CERT_COMMON_NAME",
 			"MDM_ACCOUNT",
 			"MDM_NAMESPACE",
-		} {
-			if _, found := os.LookupEnv(key); !found {
-				return fmt.Errorf("environment variable %q unset", key)
-			}
+		}
+
+		if _, found := os.LookupEnv("PULL_SECRET"); found {
+			return fmt.Errorf(`environment variable "PULL_SECRET" set`)
+		}
+	}
+	for _, key := range keys {
+		if _, found := os.LookupEnv(key); !found {
+			return fmt.Errorf("environment variable %q unset", key)
 		}
 	}
 

deploy/config.yaml.example

@@ -19,7 +19,6 @@ configuration:
   mdmFrontendUrl: ''
   mdsdConfigVersion: ''
   mdsdEnvironment: ''
-  pullSecret: ''
   rpImage: ''
   rpImageAuth: ''
   rpMode: ''

deploy/rp-production-parameters.json

@@ -32,9 +32,6 @@
         "mdsdEnvironment": {
             "value": ""
         },
-        "pullSecret": {
-            "value": ""
-        },
         "rpImage": {
             "value": ""
         },

hack/deploy/prepare-int-parameters.sh

@@ -23,9 +23,6 @@ cat >secrets/parameters.json <<EOF
         "keyvaultPrefix": {
             "value": "$KEYVAULT_PREFIX"
         },
-        "pullSecret": {
-            "value": "$PULL_SECRET"
-        },
         "acrResourceId": {
             "value": "$ACR_RESOURCE_ID"
         },

pkg/deploy/generator/resources.go

@@ -565,7 +565,6 @@ func (g *generator) vmss() *arm.Resource {
 		"mdmFrontendUrl",
 		"mdsdConfigVersion",
 		"mdsdEnvironment",
-		"pullSecret",
 		"acrResourceId",
 		"rpImage",
 		"rpImageAuth",
@@ -755,7 +754,6 @@ EOF
 cat >/etc/sysconfig/aro-rp <<EOF
 MDM_ACCOUNT=AzureRedHatOpenShiftRP
 MDM_NAMESPACE=RP
-PULL_SECRET='$PULLSECRET'
 ACR_RESOURCE_ID='$ACRRESOURCEID'
 ADMIN_API_CLIENT_CERT_COMMON_NAME='$ADMINAPICLIENTCERTCOMMONNAME'
 RPIMAGE='$RPIMAGE'
@@ -776,7 +774,6 @@ ExecStart=/usr/bin/docker run \
   --rm \
   -e MDM_ACCOUNT \
   -e MDM_NAMESPACE \
-  -e PULL_SECRET \
   -e ADMIN_API_CLIENT_CERT_COMMON_NAME \
   -e RP_MODE \
   -e ACR_RESOURCE_ID \

pkg/deploy/generator/templates.go

@@ -44,7 +44,6 @@ func (g *generator) rpTemplate() *arm.Template {
 			"mdmFrontendUrl",
 			"mdsdConfigVersion",
 			"mdsdEnvironment",
-			"pullSecret",
 			"acrResourceId",
 			"rpImage",
 			"rpImageAuth",
@@ -59,7 +58,7 @@ func (g *generator) rpTemplate() *arm.Template {
 		switch param {
 		case "extraCosmosDBIPs", "rpMode":
 			p.DefaultValue = ""
-		case "pullSecret", "rpImageAuth":
+		case "rpImageAuth":
 			p.Type = "securestring"
 		}
 		t.Parameters[param] = p