chore(workflows): complete migration away from old svc acct

cardoe · cardoe · commit 74a32101211d · 2026-02-20T09:39:28.000-06:00
The old openstack-svc-acct was something hardcoded and this moves us
away from using that. Remove the creation of the hardcoded account as
well as any references remaining to it. Now we're using a generated
account in all cases.
diff --git a/ansible/roles/keystone_bootstrap/tasks/misc.yml b/ansible/roles/keystone_bootstrap/tasks/misc.yml
@@ -13,21 +13,6 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- name: Create 'argoworkflow' user
-  openstack.cloud.identity_user:
-    name: argoworkflow
-    password: demo
-    domain: infra
-    state: present
-
-- name: Set 'argoworkflow' role
-  openstack.cloud.role_assignment:
-    domain: infra
-    user: argoworkflow
-    project: baremetal
-    role: admin
-    state: present
-
 - name: Create 'monitoring' user
   openstack.cloud.identity_user:
     name: monitoring
diff --git a/components/openstack/templates/secretstore-openstack.yaml.tpl b/components/openstack/templates/secretstore-openstack.yaml.tpl
@@ -26,7 +26,6 @@ rules:
   - watch
   resourceNames:
   - baremetal-manage
-  - svc-acct-argoworkflow
   - svc-acct-netapp
   - cinder-netapp-config
   - admin-keystone-password
diff --git a/components/openstack/templates/svc-acct-argoworkflow.yaml.tpl b/components/openstack/templates/svc-acct-argoworkflow.yaml.tpl
diff --git a/workflows/argo-events/kustomization.yaml b/workflows/argo-events/kustomization.yaml
@@ -4,7 +4,6 @@ kind: Kustomization
 resources:
   - eventbus/eventbus-default.yaml
   - eventbus/poddisruptionbudget-eventbus-default-pdb.yaml
-  - secrets/openstack-svc-acct.yaml
   - secrets/operate-workflow-sa.token.yaml
   - secrets/baremetal-manage.yaml
   - eventsources/nautobot-webhook.yaml
diff --git a/workflows/argo-events/secrets/openstack-svc-acct.yaml b/workflows/argo-events/secrets/openstack-svc-acct.yaml
diff --git a/workflows/argo-events/workflowtemplates/alert-automation-neutron-agent-down.yaml b/workflows/argo-events/workflowtemplates/alert-automation-neutron-agent-down.yaml
@@ -48,9 +48,12 @@ spec:
             value: understack
         volumeMounts:
           - mountPath: /etc/openstack
-            name: openstack-svc-acct
+            name: baremetal-manage
             readOnly: true
       volumes:
-        - name: openstack-svc-acct
+        - name: baremetal-manage
           secret:
-            secretName: openstack-svc-acct
+            secretName: baremetal-manage
+            items:
+              - key: clouds.yaml
+                path: clouds.yaml
diff --git a/workflows/argo-events/workflowtemplates/keystone-event-project.yaml b/workflows/argo-events/workflowtemplates/keystone-event-project.yaml
@@ -40,12 +40,15 @@ spec:
             name: nb-token
             readOnly: true
           - mountPath: /etc/openstack
-            name: openstack-svc-acct
+            name: baremetal-manage
             readOnly: true
       volumes:
         - name: nb-token
           secret:
             secretName: nautobot-token
-        - name: openstack-svc-acct
+        - name: baremetal-manage
           secret:
-            secretName: openstack-svc-acct
+            secretName: baremetal-manage
+            items:
+              - key: clouds.yaml
+                path: clouds.yaml
diff --git a/workflows/argo-events/workflowtemplates/neutron-event-network-segment-range.yaml b/workflows/argo-events/workflowtemplates/neutron-event-network-segment-range.yaml
@@ -52,12 +52,15 @@ spec:
             name: nb-token
             readOnly: true
           - mountPath: /etc/openstack
-            name: openstack-svc-acct
+            name: baremetal-manage
             readOnly: true
       volumes:
         - name: nb-token
           secret:
             secretName: nautobot-token
-        - name: openstack-svc-acct
+        - name: baremetal-manage
           secret:
-            secretName: openstack-svc-acct
+            secretName: baremetal-manage
+            items:
+              - key: clouds.yaml
+                path: clouds.yaml
diff --git a/workflows/argo-events/workflowtemplates/reclean-server.yaml b/workflows/argo-events/workflowtemplates/reclean-server.yaml
@@ -59,12 +59,15 @@ spec:
             value: understack
         volumeMounts:
           - mountPath: /etc/openstack
-            name: openstack-svc-acct
+            name: baremetal-manage
             readOnly: true
       volumes:
-        - name: openstack-svc-acct
+        - name: baremetal-manage
           secret:
-            secretName: openstack-svc-acct
+            secretName: baremetal-manage
+            items:
+              - key: clouds.yaml
+                path: clouds.yaml
     - name: openstack-state-cmd
       inputs:
         parameters:
@@ -87,9 +90,12 @@ spec:
             value: understack
         volumeMounts:
           - mountPath: /etc/openstack
-            name: openstack-svc-acct
+            name: baremetal-manage
             readOnly: true
       volumes:
-        - name: openstack-svc-acct
+        - name: baremetal-manage
           secret:
-            secretName: openstack-svc-acct
+            secretName: baremetal-manage
+            items:
+              - key: clouds.yaml
+                path: clouds.yaml
