From 8b7c29376a0abe842e923ae5408508ed076f3b6d Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Boll <jboll@redhat.com>
Date: Tue, 17 Dec 2024 15:43:23 +0100
Subject: [PATCH] Use new SP

---
 cluster-service/Makefile                     | 2 +-
 dev-infrastructure/Makefile                  | 7 +++++++
 dev-infrastructure/docs/development-setup.md | 8 ++++----
 dev-infrastructure/local_CS.sh               | 4 ++--
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/cluster-service/Makefile b/cluster-service/Makefile
index 67728090e..d3620894f 100644
--- a/cluster-service/Makefile
+++ b/cluster-service/Makefile
@@ -8,7 +8,7 @@ deploy: provision-shard
 	kubectl create namespace cluster-service --dry-run=client -o json | kubectl apply -f - && \
 	kubectl label namespace cluster-service "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \
 	AZURE_CS_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n clusters-service --query clientId -o tsv) && \
-	CS_SERVICE_PRINCIPAL_CREDS_BASE64='$(shell az keyvault secret show --vault-name "${SERVICE_KV}" --name "aro-hcp-dev-sp-cs" | jq .value -r | base64 | tr -d '\n')' && \
+	CS_SERVICE_PRINCIPAL_CREDS_BASE64='$(shell az keyvault secret show --vault-name "${SERVICE_KV}" --name "aro-hcp-dev-sp-new-cs" | jq .value -r | base64 | tr -d '\n')' && \
 	TENANT_ID=$(shell az account show --query tenantId --output tsv) && \
 	OIDC_BLOB_SERVICE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.blob -o tsv) && \
 	OIDC_ISSUER_BASE_ENDPOINT=$(shell az storage account show -n ${OIDC_STORAGE_ACCOUNT} -g ${RESOURCEGROUP} --query primaryEndpoints.web -o tsv) && \
diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile
index 82bb47856..1812dfd7b 100644
--- a/dev-infrastructure/Makefile
+++ b/dev-infrastructure/Makefile
@@ -87,6 +87,13 @@ create-mock-identities:
 	ROLE_DEFINITION_NAME=Contributor \
 	SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) \
 	./scripts/create-sp-for-rbac.sh
+
+	APPLICATION_NAME=aro-hcp-dev-sp-new \
+	KEY_VAULT_NAME=aro-hcp-dev-svc-kv \
+	CERTIFICATE_NAME=aro-hcp-dev-sp-new \
+	ROLE_DEFINITION_NAME=Contributor \
+	SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) \
+	./scripts/create-sp-for-rbac.sh
 .PHONY: create-mock-identities
 
 #
diff --git a/dev-infrastructure/docs/development-setup.md b/dev-infrastructure/docs/development-setup.md
index 3b7a94d24..03f416403 100644
--- a/dev-infrastructure/docs/development-setup.md
+++ b/dev-infrastructure/docs/development-setup.md
@@ -63,13 +63,13 @@ Every developer creates their own set of service/management clusters, including
   what: base64 encoded access token for the `quay.io/app-sre` organization
   purposes: used by image-sync to mirror component images
 
-* `aro-hcp-dev-sp`
+* `aro-hcp-dev-sp-new`
   what: Azure SP credentials to be used for HCPs
   purpose: until managed identities are available for HCPs, this is the auth creds
     for controlplane operators to interact with Azure. This SP has contributer
     permissions in the subscription
 
-* `aro-hcp-dev-sp-cs`
+* `aro-hcp-dev-sp-new-cs`
   what: the same Azure SP credentials as `aro-hcp-dev-sp` but formatted for CS
   purpose: until the 1P mock certificate is going to be used by CS to interact
     with Azure, it will use these static creds instead
@@ -505,13 +505,13 @@ Users require membership in the `aro-hcp-engineering` group to read secrets.  Th
 * Azure SP credentials in the format HyperShift Operator requires it (line format)
 
   ```sh
-  az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp" | jq .value -r > azure-creds
+  az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp-new" | jq .value -r > azure-creds
   ```
 
 * Azure SP credentials in the format CS requires it (json format)
 
   ```sh
-  az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp-cs" | jq .value -r > azure-creds.json
+  az keyvault secret show --vault-name "aro-hcp-dev-svc-kv" --name "aro-hcp-dev-sp-new-cs" | jq .value -r > azure-creds.json
   ```
 
 ### Access integrated DEV environment
diff --git a/dev-infrastructure/local_CS.sh b/dev-infrastructure/local_CS.sh
index 5f0f722ed..086903890 100755
--- a/dev-infrastructure/local_CS.sh
+++ b/dev-infrastructure/local_CS.sh
@@ -7,8 +7,8 @@ make db/teardown
 # Obtain Azure credentials from keyvault
 VAULTNAME=aro-hcp-dev-svc-kv
 az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-pull-secret" | jq .value -r > pull-secret.json
-az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp" | jq .value -r > azure-creds
-az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp-cs" | jq .value -r > azure-creds.json
+az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp-new" | jq .value -r > azure-creds
+az keyvault secret show --vault-name $VAULTNAME --name "aro-hcp-dev-sp-new-cs" | jq .value -r > azure-creds.json
 
 # Setup the development.yml
 cp ./configs/development.yml .