-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fedramp: Add environment-specific configuration #702
Conversation
02d1ba0
to
aa65d1b
Compare
9c36c42
to
fc7eecf
Compare
b23e57c
to
f879f06
Compare
9d59e2b
to
d967741
Compare
f54806e
to
683336c
Compare
8c3f9bb
to
bd0dbe5
Compare
To support using ROSA against the FedRAMP deployment of the OCM API, we override all authentication configuration and API endpoints. We can determine that the user intends on using FedRAMP if they explicitly set a GovCloud region, use an encrypted refresh token, or explicitly set the 'govcloud' flag during login. To allow users to login against the development FedRAMP GovCloud environment, we add a way of tracking the various APIs and AWS Cognito user pool and client data.
@dustman9000 @mjlshen @tonytheleg @markturansky - please take a look and confirm that this latest version works for you (with the correct vanity URLs, on all environments). Would be nice to get this merged/released soon. |
Currently Integration is working with the vanity URLs but changes still need applying in Stage and Prod |
@vkareh Vanity URLs are fixed and this is good to go! Ive tested it in Int, Stage and Prod. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tonytheleg, vkareh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@vkareh: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/label tide/merge-method-squash |
/remove-label tide/merge-method-squash |
- Fix typo in error message when looking up account role prefix - fix for - Not able to remove or add a new cluster-admin in rosa cli fix for - Can't create temporary admin user for ROSA cluster - Create cluster - validate availability zones count interactively - Delete admin should not deleted htpasswd idp as the htpasswd list is not empty - fedramp: Add environment-specific configuration (openshift#702)
To support using ROSA against the FedRAMP deployment of the OCM API, we
override all authentication configuration and API endpoints. We can
determine that the user intends on using FedRAMP if they explicitly set
a GovCloud region, use an encrypted refresh token, or explicitly set the
'govcloud' flag during login.
To allow users to login against the development FedRAMP GovCloud
environment, we add a way of tracking the various APIs and AWS Cognito
user pool and client data.