Indeed. A quick and hacky solution would be to create a Secret for that manually, and a proper solution is T334585: [cookbooks.wmcs.toolforge.component.deploy] Add secrets support when deploying.. do you have any preferences which approach to take for now?

In T334629#8779557, @taavi wrote:

Indeed. A quick and hacky solution would be to create a Secret for that manually, and a proper solution is T334585: [cookbooks.wmcs.toolforge.component.deploy] Add secrets support when deploying.. do you have any preferences which approach to take for now?

will helm secrets work in this case too?

In T334629#8779640, @dcaro wrote:

In T334629#8779557, @taavi wrote:

Indeed. A quick and hacky solution would be to create a Secret for that manually, and a proper solution is T334585: [cookbooks.wmcs.toolforge.component.deploy] Add secrets support when deploying.. do you have any preferences which approach to take for now?

will helm secrets work in this case too?

Oh yes, it's deployed with the same method :), nice

The first few steps for having a decent development environment to work on this has been made:

• create a fake LDAP server that can be used by maintain-kubeusers, see https://gitlab.wikimedia.org/repos/cloud/toolforge/foxtrot-ldap/
• adapt such LDAP server and maintain-kubeusers itself to able to run on a local kubernetes deployment, in particular in lima-kilo, see: https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/41 (about to be merged soon)

I guess the next logical step would be to have some kind of fake toolsdb that can be used in the same development setup.

The times for esoteric (or nonexistent) maintain-kubeusers development setup should end.

note: this is mostly about duplicating the logic from here https://gerrit.wikimedia.org/r/plugins/gitiles/cloud/toolforge/disable-tool/+/refs/heads/master/disable_tool.py#554 into maintain_kubeusers