github-ldap-user-group-creator

What it does

github-ldap-user-group-creator is a tool to maintain the groups on CI clusters.

Why it exists

The groups are used

• by ci-operator which promotes the group to the admins of the namespace created for the test.
• in the manifests of CI clusters in the release repo.

How it works

github-ldap-user-group-creator reads

• the mapping files generated by sync-rover-groups that stores the mapping from github-id to its Red Hat kerberos-id and for each github-id, creates a group github-id-group on each cluster.

• the groups file generated by sync-rover-groups that stores the group names and their members from the Red Hat LDAP server and for each group creates a group on each cluster.

Deleting users

This tool is also responsible for deleting the users and their identities on all clusters when they no longer exist in Rover.

Note
Users that are not part of any group or don't have their github account linked in their Rover profile are deleted as well.

How is it deployed

The periodic job periodic-github-ldap-user-group-creator (definition) uses github-ldap-user-group-creator to create the groups. The service account RBACs are defined in admin_github-ldap-user-group-creator_rbac.yaml