Document changes to auth.yaml to be used by CloudManager

[fbalak]

Function CloudManager calls cred_dict = load_auth_config().get('AUTH') and expects that in output of load_auth_config is key 'AUTH'. There should be documented how to set AUTH in auth.yaml. In Getting Started guide is no information about it.

[mbukatov]

Also this option should not be called just AUTH, but it should capture it's purpose in it's name, eg. MCG_AUTH_FOOBAR.

[clacroix12]

Also this option should not be called just AUTH, but it should capture it's purpose in it's name, eg. MCG_AUTH_FOOBAR.

I agree. auth.yaml is intended to be a generic yaml file that contains sensitive information regarding authentication. It's outlined in our getting started guide with quay.io as an example. The top level keys we are reading in from this file should be explicit and clear to their purpose / the service they correspond to. AUTH is far too generic for this file as everything in the file should be related to some form of authentication.

That being said, I don't think we need to document every key that code in ocs-ci expects. However, what we should be doing in this case is reading in the file and seeing if the key we need exists. If it does not we should be raising an appropriate error with message describing the missing information so the user knows what their auth.yaml is missing.

[Neon-White]

All,
Currently, no doc changes were made because the change was implemented silently in MCG only. We're currently redesigning many parts, and the design isn't final. One main reason is described in issue #2623

The main key of AUTH was not picked by me - it's merely the main key that resides in the auth.yaml file under our ocs-ci-data bucket. My personal auth.yaml did not have this entry, I just chose to align myself to the existing format.

I'm attaching the skeleton of auth.yaml as it should appear in ocs-ci/data/. The fields have to be filled accordingly.
In cases where credentials are not provided, and OCS-CI has no access to the OCS-CI AWS cloud, the appropriate tests will be skipped.

AUTH:
  quay:
    access_token: 'ocs-ci-auth'

  ipmi:
  - hostname: hostname
    console: console
    username: username
    password: password

  AWS:
    AWS_ACCESS_KEY_ID: 
    AWS_SECRET_ACCESS_KEY: 
  GCP:
    CREDENTIALS_JSON_BASE64: 
  AZURE:
    STORAGE_ACCOUNT_NAME: 
    STORAGE_ACCOUNT_KEY: 
  IBMCOS:
    IBM_COS_ACCESS_KEY_ID:
    IBM_COS_SECRET_ACCESS_KEY:
    SECRET_PREFIX: IBM_COS
    DATA_PREFIX: IBM_COS
    REGION: EU
    ENDPOINT:

It's possible to separate the clouds under a different main key called MCG for better clarity.

*NOTE: GCP credentials need to be provided by a single BASE64 string, which should contain the encoded contents of the entire credentials.json file supplied by GCP.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 30 days if no further activity occurs.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 30 days if no further activity occurs.

[github-actions]

This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation.