fedramp: Add environment-specific configuration #702
Conversation
openshift-ci
bot
added
the
approved
vkareh
force-pushed
the
rosa-cognito
branch
3 times, most recently
from
02d1ba0
to
aa65d1b
Compare
vkareh
changed the title
vkareh
changed the title
vkareh
force-pushed
the
rosa-cognito
branch
7 times, most recently
from
9c36c42
to
fc7eecf
Compare
vkareh
force-pushed
the
rosa-cognito
branch
2 times, most recently
from
b23e57c
to
f879f06
Compare
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
needs-rebase
vkareh
force-pushed
the
rosa-cognito
branch
3 times, most recently
from
9d59e2b
to
d967741
Compare
vkareh
changed the title
vkareh
force-pushed
the
rosa-cognito
branch
5 times, most recently
from
f54806e
to
683336c
Compare
vkareh
force-pushed
the
rosa-cognito
branch
3 times, most recently
from
8c3f9bb
to
bd0dbe5
Compare
To support using ROSA against the FedRAMP deployment of the OCM API, we override all authentication configuration and API endpoints. We can determine that the user intends on using FedRAMP if they explicitly set a GovCloud region, use an encrypted refresh token, or explicitly set the 'govcloud' flag during login. To allow users to login against the development FedRAMP GovCloud environment, we add a way of tracking the various APIs and AWS Cognito user pool and client data.
|
@dustman9000 @mjlshen @tonytheleg @markturansky - please take a look and confirm that this latest version works for you (with the correct vanity URLs, on all environments). Would be nice to get this merged/released soon. |
Currently Integration is working with the vanity URLs but changes still need applying in Stage and Prod |
|
@vkareh Vanity URLs are fixed and this is good to go! Ive tested it in Int, Stage and Prod. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tonytheleg, vkareh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@vkareh: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/label tide/merge-method-squash |
openshift-ci
bot
added
the
tide/merge-method-squash
|
/remove-label tide/merge-method-squash |
openshift-ci
bot
removed
the
tide/merge-method-squash
- Fix typo in error message when looking up account role prefix - fix for - Not able to remove or add a new cluster-admin in rosa cli fix for - Can't create temporary admin user for ROSA cluster - Create cluster - validate availability zones count interactively - Delete admin should not deleted htpasswd idp as the htpasswd list is not empty - fedramp: Add environment-specific configuration (openshift#702)
To support using ROSA against the FedRAMP deployment of the OCM API, we
override all authentication configuration and API endpoints. We can
determine that the user intends on using FedRAMP if they explicitly set
a GovCloud region, use an encrypted refresh token, or explicitly set the
'govcloud' flag during login.
To allow users to login against the development FedRAMP GovCloud
environment, we add a way of tracking the various APIs and AWS Cognito
user pool and client data.