ROX-28909: Rename ENABLE_CENTRAL_EXTERNAL_CERTIFICATE to ENABLE_CENTRAL_EXTERNAL_DOMAIN

.github/workflows/multicluster-e2e.yaml

@@ -95,7 +95,7 @@ jobs:
       - name: "Run"
         env:
           RUN_MULTICLUSTER_E2E: "true"
-          ENABLE_CENTRAL_EXTERNAL_CERTIFICATE: "true"
+          ENABLE_CENTRAL_EXTERNAL_DOMAIN: "true"
         run: "scripts/ci/multicluster_tests/entrypoint.sh"
 
   cleanup-clusters:

Makefile

@@ -356,7 +356,7 @@ test/cluster/cleanup:
 test/e2e: $(GINKGO_BIN)
 	CLUSTER_ID=1234567890abcdef1234567890abcdef \
 	RUN_E2E=true \
-	ENABLE_CENTRAL_EXTERNAL_CERTIFICATE=$(ENABLE_CENTRAL_EXTERNAL_CERTIFICATE) \
+	ENABLE_CENTRAL_EXTERNAL_DOMAIN=$(ENABLE_CENTRAL_EXTERNAL_DOMAIN) \
 	GITOPS_CONFIG_PATH=$(GITOPS_CONFIG_FILE) \
 	$(GINKGO_BIN) -r $(GINKGO_FLAGS) \
 		--randomize-suites \
@@ -371,7 +371,7 @@ test/e2e: $(GINKGO_BIN)
 
 test/e2e/multicluster: $(GINKGO_BIN)
 	CLUSTER_ID=1234567890abcdef1234567890abcdef \
-	ENABLE_CENTRAL_EXTERNAL_CERTIFICATE=$(ENABLE_CENTRAL_EXTERNAL_CERTIFICATE) \
+	ENABLE_CENTRAL_EXTERNAL_DOMAIN=$(ENABLE_CENTRAL_EXTERNAL_DOMAIN) \
 	GITOPS_CONFIG_PATH=$(GITOPS_CONFIG_FILE) \
 	RUN_MULTICLUSTER_E2E=true \
 	$(GINKGO_BIN) -r $(GINKGO_FLAGS) \
@@ -738,7 +738,7 @@ deploy/service: FLEET_MANAGER_IMAGE ?= $(SHORT_IMAGE_REF)
 deploy/service: IMAGE_TAG ?= $(image_tag)
 deploy/service: FLEET_MANAGER_ENV ?= "development"
 deploy/service: REPLICAS ?= "1"
-deploy/service: ENABLE_CENTRAL_EXTERNAL_CERTIFICATE ?= "false"
+deploy/service: ENABLE_CENTRAL_EXTERNAL_DOMAIN ?= "false"
 deploy/service: ENABLE_CENTRAL_LIFE_SPAN ?= "false"
 deploy/service: CENTRAL_LIFE_SPAN ?= "48"
 deploy/service: OCM_URL ?= "https://api.stage.openshift.com"
@@ -772,7 +772,7 @@ endif
 		-p REPO_DIGEST="$(FLEET_MANAGER_IMAGE)" \
 		-p IMAGE_TAG=$(IMAGE_TAG) \
 		-p REPLICAS="${REPLICAS}" \
-		-p ENABLE_CENTRAL_EXTERNAL_CERTIFICATE="${ENABLE_CENTRAL_EXTERNAL_CERTIFICATE}" \
+		-p ENABLE_CENTRAL_EXTERNAL_DOMAIN="${ENABLE_CENTRAL_EXTERNAL_DOMAIN}" \
 		-p ENABLE_CENTRAL_LIFE_SPAN="${ENABLE_CENTRAL_LIFE_SPAN}" \
 		-p CENTRAL_LIFE_SPAN="${CENTRAL_LIFE_SPAN}" \
 		-p ENABLE_OCM_MOCK=$(ENABLE_OCM_MOCK) \

dev/env/defaults/00-defaults.env

@@ -37,7 +37,7 @@ export ROUTE53_SECRET_ACCESS_KEY_DEFAULT=""
 export SPAWN_LOGGER_DEFAULT="false"
 export DUMP_LOGS_DEFAULT="false"
 export SKIP_TESTS_DEFAULT="false"
-export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE_DEFAULT=false
+export ENABLE_CENTRAL_EXTERNAL_DOMAIN_DEFAULT=false
 
 export FLEETSHARD_SYNC_RESOURCES_DEFAULT='{"requests":{"cpu":"200m","memory":"300Mi"},"limits":{"cpu":"200m","memory":"300Mi"}}'
 export EMAIL_SENDER_RESOURCES_DEFAULT='{"requests":{"cpu":"200m","memory":"300Mi"},"limits":{"cpu":"200m","memory":"300Mi"}}'

dev/env/defaults/cluster-type-crc/env

@@ -1,3 +1,3 @@
-export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE="true"
+export ENABLE_CENTRAL_EXTERNAL_DOMAIN="true"
 export ENABLE_EXTERNAL_CONFIG_DEFAULT="true"
 export AWS_AUTH_HELPER_DEFAULT="aws-saml"

dev/env/defaults/cluster-type-infra-openshift/env

@@ -3,4 +3,4 @@ export EXPOSE_OPENSHIFT_ROUTER_DEFAULT="true"
 export ENABLE_EXTERNAL_CONFIG_DEFAULT="true"
 export AWS_AUTH_HELPER_DEFAULT="aws-saml"
 export INHERIT_IMAGEPULLSECRETS_DEFAULT="true" # pragma: allowlist secret
-export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE_DEFAULT="true"
+export ENABLE_CENTRAL_EXTERNAL_DOMAIN_DEFAULT="true"

dev/env/defaults/cluster-type-openshift-ci/env

@@ -1,6 +1,6 @@
 export SPAWN_LOGGER_DEFAULT="true"
 export DUMP_LOGS_DEFAULT="true"
 export GOTESTSUM="/usr/local/bin/gotestsum"
-export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE=true
+export ENABLE_CENTRAL_EXTERNAL_DOMAIN=true
 # To be adjusted for runnign in OpenShift CI
 # export FLEETSHARD_SYNC_RESOURCES_DEFAULT='{"requests":{"cpu":"200m","memory":"300Mi"},"limits":{"cpu":"200m","memory":"300Mi"}}'

dev/env/scripts/lib.sh

@@ -102,7 +102,7 @@ init() {
     export ENABLE_FM_PORT_FORWARDING=${ENABLE_FM_PORT_FORWARDING:-$ENABLE_FM_PORT_FORWARDING_DEFAULT}
     export FLEETSHARD_SYNC_RESOURCES=${FLEETSHARD_SYNC_RESOURCES:-$FLEETSHARD_SYNC_RESOURCES_DEFAULT}
     export SKIP_TESTS=${SKIP_TESTS:-$SKIP_TESTS_DEFAULT}
-    export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE=${ENABLE_CENTRAL_EXTERNAL_CERTIFICATE:-$ENABLE_CENTRAL_EXTERNAL_CERTIFICATE_DEFAULT}
+    export ENABLE_CENTRAL_EXTERNAL_DOMAIN=${ENABLE_CENTRAL_EXTERNAL_DOMAIN:-$ENABLE_CENTRAL_EXTERNAL_DOMAIN_DEFAULT}
     export FLEET_MANAGER_IMAGE=${FLEET_MANAGER_IMAGE:-$FLEET_MANAGER_IMAGE_DEFAULT}
     export ENABLE_EMAIL_SENDER=${ENABLE_EMAIL_SENDER:-$ENABLE_EMAIL_SENDER_DEFAULT}
     export EMAIL_SENDER_IMAGE=${EMAIL_SENDER_IMAGE:-$EMAIL_SENDER_IMAGE_DEFAULT}
@@ -118,9 +118,9 @@ init() {
         log "FLEET_MANAGER_IMAGE not set, using ${FLEET_MANAGER_IMAGE}"
     fi
 
-    if [[ "$ENABLE_CENTRAL_EXTERNAL_CERTIFICATE" != "false" && ("$ROUTE53_ACCESS_KEY" == "" || "$ROUTE53_SECRET_ACCESS_KEY" == "") ]]; then
-        log "setting ENABLE_CENTRAL_EXTERNAL_CERTIFICATE to false since no Route53 credentials were provided"
-        ENABLE_CENTRAL_EXTERNAL_CERTIFICATE=false
+    if [[ "$ENABLE_CENTRAL_EXTERNAL_DOMAIN" != "false" && ("$ROUTE53_ACCESS_KEY" == "" || "$ROUTE53_SECRET_ACCESS_KEY" == "") ]]; then
+        log "setting ENABLE_CENTRAL_EXTERNAL_DOMAIN to false since no Route53 credentials were provided"
+        ENABLE_CENTRAL_EXTERNAL_DOMAIN=false
     fi
 
     if [[ "$CLUSTER_TYPE" == "minikube" ]]; then
@@ -170,7 +170,7 @@ ENABLE_DB_PORT_FORWARDING: ${ENABLE_DB_PORT_FORWARDING}
 ENABLE_FM_PORT_FORWARDING: ${ENABLE_FM_PORT_FORWARDING}
 FLEETSHARD_SYNC_RESOURCES: ${FLEETSHARD_SYNC_RESOURCES}
 SKIP_TESTS: ${SKIP_TESTS}
-ENABLE_CENTRAL_EXTERNAL_CERTIFICATE: ${ENABLE_CENTRAL_EXTERNAL_CERTIFICATE}
+ENABLE_CENTRAL_EXTERNAL_DOMAIN: ${ENABLE_CENTRAL_EXTERNAL_DOMAIN}
 FLEET_MANAGER_IMAGE: ${FLEET_MANAGER_IMAGE}
 FLEETSHARD_SYNC_CONTAINER_COMMAND: ${FLEETSHARD_SYNC_CONTAINER_COMMAND}
 EMAIL_SENDER_IMAGE: ${EMAIL_SENDER_IMAGE}

docs/development/setup-test-environment.md

@@ -102,7 +102,7 @@ export ROUTE53_ACCESS_KEY="<key-id>"
 export ROUTE53_SECRET_ACCESS_KEY="<secret-key>"
 
 # Depending on cluster type and its default configuration you might need
-export ENABLE_CENTRAL_EXTERNAL_CERTIFICATE_DEFAULT=true
+export ENABLE_CENTRAL_EXTERNAL_DOMAIN_DEFAULT=true
 
 # If the domain you test against is not the default dev domain
 export CENTRAL_DOMAIN_NAME="<domain>"

docs/legacy/feature-flags.md

@@ -35,7 +35,7 @@ This lists the feature flags and their sub-configurations to enable/disable and
 ## Central
 - **enable-deletion-of-expired-central**: Enables deletion of eval Central instances when its life span has expired.
     - `central-lifespan` [Optional]: The desired lifespan of a Central instance in hour(s) (default: `48`).
-- **enable-central-external-certificate**: Enables custom Central TLS certificate.
+- **enable-central-external-domain**: Enables custom Central domain.
     - `central-tls-cert-file` [Required]: The path to the file containing the Central TLS certificate (default: `'secrets/central-tls.crt'`).
     - `central-tls-key-file` [Required]: The path to the file containing the Central TLS private key (default: `'secrets/central-tls.key'`).
 - **enable-evaluator-instance**: Enable the creation of one central evaluator instances per user

e2e/testutil/testutil.go

@@ -38,7 +38,7 @@ func GetWaitTimeout() time.Duration {
 func DNSConfiguration(routesEnabled bool) (dnsEnabled bool, accessKey string, secretKey string) {
 	accessKey = os.Getenv("ROUTE53_ACCESS_KEY")
 	secretKey = os.Getenv("ROUTE53_SECRET_ACCESS_KEY")
-	enableExternal := os.Getenv("ENABLE_CENTRAL_EXTERNAL_CERTIFICATE")
+	enableExternal := os.Getenv("ENABLE_CENTRAL_EXTERNAL_DOMAIN")
 	dnsEnabled = accessKey != "" &&
 		secretKey != "" &&
 		enableExternal == "true" && routesEnabled

internal/dinosaur/pkg/config/central.go

@@ -10,12 +10,12 @@ import (
 
 // CentralConfig ...
 type CentralConfig struct {
-	CentralTLSCert                   string `json:"central_tls_cert"`
-	CentralTLSCertFile               string `json:"central_tls_cert_file"`
-	CentralTLSKey                    string `json:"central_tls_key"`
-	CentralTLSKeyFile                string `json:"central_tls_key_file"`
-	EnableCentralExternalCertificate bool   `json:"enable_central_external_certificate"`
-	CentralDomainName                string `json:"central_domain_name"`
+	CentralTLSCert              string `json:"central_tls_cert"`
+	CentralTLSCertFile          string `json:"central_tls_cert_file"`
+	CentralTLSKey               string `json:"central_tls_key"`
+	CentralTLSKeyFile           string `json:"central_tls_key_file"`
+	EnableCentralExternalDomain bool   `json:"enable_central_external_domain"`
+	CentralDomainName           string `json:"central_domain_name"`
 
 	CentralLifespan *CentralLifespanConfig `json:"central_lifespan"`
 	Quota           *CentralQuotaConfig    `json:"central_quota"`
@@ -33,23 +33,23 @@ type CentralConfig struct {
 // NewCentralConfig ...
 func NewCentralConfig() *CentralConfig {
 	return &CentralConfig{
-		CentralTLSCertFile:               "secrets/central-tls.crt",
-		CentralTLSKeyFile:                "secrets/central-tls.key",
-		EnableCentralExternalCertificate: false,
-		CentralDomainName:                "rhacs-dev.com",
-		CentralLifespan:                  NewCentralLifespanConfig(),
-		Quota:                            NewCentralQuotaConfig(),
-		CentralIDPClientSecretFile:       "secrets/central.idp-client-secret", //pragma: allowlist secret
-		CentralIDPIssuer:                 "https://sso.redhat.com/auth/realms/redhat-external",
-		CentralRetentionPeriodDays:       7,
+		CentralTLSCertFile:          "secrets/central-tls.crt",
+		CentralTLSKeyFile:           "secrets/central-tls.key",
+		EnableCentralExternalDomain: false,
+		CentralDomainName:           "rhacs-dev.com",
+		CentralLifespan:             NewCentralLifespanConfig(),
+		Quota:                       NewCentralQuotaConfig(),
+		CentralIDPClientSecretFile:  "secrets/central.idp-client-secret", //pragma: allowlist secret
+		CentralIDPIssuer:            "https://sso.redhat.com/auth/realms/redhat-external",
+		CentralRetentionPeriodDays:  7,
 	}
 }
 
 // AddFlags ...
 func (c *CentralConfig) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&c.CentralTLSCertFile, "central-tls-cert-file", c.CentralTLSCertFile, "File containing central certificate")
 	fs.StringVar(&c.CentralTLSKeyFile, "central-tls-key-file", c.CentralTLSKeyFile, "File containing central certificate private key")
-	fs.BoolVar(&c.EnableCentralExternalCertificate, "enable-central-external-certificate", c.EnableCentralExternalCertificate, "Enable custom certificate for Central TLS")
+	fs.BoolVar(&c.EnableCentralExternalDomain, "enable-central-external-domain", c.EnableCentralExternalDomain, "Enable custom domain for Central TLS")
 	fs.BoolVar(&c.CentralLifespan.EnableDeletionOfExpiredCentral, "enable-deletion-of-expired-central", c.CentralLifespan.EnableDeletionOfExpiredCentral, "Enable the deletion of centrals when its life span has expired")
 	fs.IntVar(&c.CentralLifespan.CentralLifespanInHours, "central-lifespan", c.CentralLifespan.CentralLifespanInHours, "The desired lifespan of a Central instance")
 	fs.StringVar(&c.CentralDomainName, "central-domain-name", c.CentralDomainName, "The domain name to use for Central instances")

internal/dinosaur/pkg/environments/development.go

@@ -6,33 +6,33 @@ import "github.com/stackrox/acs-fleet-manager/pkg/environments"
 // NewDevelopmentEnvLoader The development environment is intended for use while developing features, requiring manual verification
 func NewDevelopmentEnvLoader() environments.EnvLoader {
 	return environments.SimpleEnvLoader{
-		"v":                                   "10",
-		"ocm-debug":                           "false",
-		"ams-base-url":                        "https://api.stage.openshift.com",
-		"ocm-base-url":                        "https://api.stage.openshift.com",
-		"enable-ocm-mock":                     "true",
-		"enable-https":                        "false",
-		"enable-metrics-https":                "false",
-		"enable-terms-acceptance":             "false",
-		"api-server-bindaddress":              "localhost:8000",
-		"enable-sentry":                       "false",
-		"enable-deny-list":                    "true",
-		"enable-instance-limit-control":       "false",
-		"enable-central-external-certificate": "false",
-		"cluster-compute-machine-type":        "m5.2xlarge",
-		"allow-evaluator-instance":            "true",
-		"quota-type":                          "quota-management-list",
-		"enable-deletion-of-expired-central":  "true",
-		"dataplane-cluster-scaling-type":      "manual",
-		"enable-additional-sso-issuers":       "true",
-		"additional-sso-issuers-file":         "config/additional-sso-issuers.yaml",
-		"jwks-file":                           "config/jwks-file-static.json",
-		"fleetshard-authz-config-file":        "config/fleetshard-authz-development.yaml",
-		"central-idp-client-id":               "rhacs-ms-dev",
-		"central-idp-issuer":                  "https://sso.stage.redhat.com/auth/realms/redhat-external",
-		"admin-authz-config-file":             "config/admin-authz-roles-dev.yaml",
-		"enable-leader-election":              "false",
-		"kubernetes-issuer-enabled":           "true",
-		"kubernetes-issuer-uri":               "https://127.0.0.1:6443",
+		"v":                                  "10",
+		"ocm-debug":                          "false",
+		"ams-base-url":                       "https://api.stage.openshift.com",
+		"ocm-base-url":                       "https://api.stage.openshift.com",
+		"enable-ocm-mock":                    "true",
+		"enable-https":                       "false",
+		"enable-metrics-https":               "false",
+		"enable-terms-acceptance":            "false",
+		"api-server-bindaddress":             "localhost:8000",
+		"enable-sentry":                      "false",
+		"enable-deny-list":                   "true",
+		"enable-instance-limit-control":      "false",
+		"enable-central-external-domain":     "false",
+		"cluster-compute-machine-type":       "m5.2xlarge",
+		"allow-evaluator-instance":           "true",
+		"quota-type":                         "quota-management-list",
+		"enable-deletion-of-expired-central": "true",
+		"dataplane-cluster-scaling-type":     "manual",
+		"enable-additional-sso-issuers":      "true",
+		"additional-sso-issuers-file":        "config/additional-sso-issuers.yaml",
+		"jwks-file":                          "config/jwks-file-static.json",
+		"fleetshard-authz-config-file":       "config/fleetshard-authz-development.yaml",
+		"central-idp-client-id":              "rhacs-ms-dev",
+		"central-idp-issuer":                 "https://sso.stage.redhat.com/auth/realms/redhat-external",
+		"admin-authz-config-file":            "config/admin-authz-roles-dev.yaml",
+		"enable-leader-election":             "false",
+		"kubernetes-issuer-enabled":          "true",
+		"kubernetes-issuer-uri":              "https://127.0.0.1:6443",
 	}
 }

internal/dinosaur/pkg/environments/integration.go

@@ -21,28 +21,28 @@ func NewIntegrationEnvLoader() environments.EnvLoader {
 // Defaults ...
 func (b IntegrationEnvLoader) Defaults() map[string]string {
 	return map[string]string{
-		"v":                                   "0",
-		"logtostderr":                         "true",
-		"ocm-base-url":                        "https://api-integration.6943.hive-integration.openshiftapps.com",
-		"ams-base-url":                        "https://api-integration.6943.hive-integration.openshiftapps.com",
-		"enable-https":                        "false",
-		"enable-metrics-https":                "false",
-		"enable-terms-acceptance":             "false",
-		"enable-leader-election":              "false",
-		"ocm-debug":                           "false",
-		"enable-ocm-mock":                     "true",
-		"ocm-mock-mode":                       ocm.MockModeEmulateServer,
-		"enable-sentry":                       "false",
-		"enable-deny-list":                    "true",
-		"enable-instance-limit-control":       "true",
-		"max-allowed-instances":               "1",
-		"enable-central-external-certificate": "false",
-		"cluster-compute-machine-type":        "m5.xlarge",
-		"allow-evaluator-instance":            "true",
-		"quota-type":                          "quota-management-list",
-		"enable-deletion-of-expired-central":  "true",
-		"dataplane-cluster-scaling-type":      "auto", // need to set this to 'auto' for integration environment as some tests rely on this
-		"fleetshard-authz-config-file":        "config/fleetshard-authz-development.yaml",
+		"v":                                  "0",
+		"logtostderr":                        "true",
+		"ocm-base-url":                       "https://api-integration.6943.hive-integration.openshiftapps.com",
+		"ams-base-url":                       "https://api-integration.6943.hive-integration.openshiftapps.com",
+		"enable-https":                       "false",
+		"enable-metrics-https":               "false",
+		"enable-terms-acceptance":            "false",
+		"enable-leader-election":             "false",
+		"ocm-debug":                          "false",
+		"enable-ocm-mock":                    "true",
+		"ocm-mock-mode":                      ocm.MockModeEmulateServer,
+		"enable-sentry":                      "false",
+		"enable-deny-list":                   "true",
+		"enable-instance-limit-control":      "true",
+		"max-allowed-instances":              "1",
+		"enable-central-external-domain":     "false",
+		"cluster-compute-machine-type":       "m5.xlarge",
+		"allow-evaluator-instance":           "true",
+		"quota-type":                         "quota-management-list",
+		"enable-deletion-of-expired-central": "true",
+		"dataplane-cluster-scaling-type":     "auto", // need to set this to 'auto' for integration environment as some tests rely on this
+		"fleetshard-authz-config-file":       "config/fleetshard-authz-development.yaml",
 	}
 }
 

internal/dinosaur/pkg/environments/production.go

@@ -5,15 +5,15 @@ import "github.com/stackrox/acs-fleet-manager/pkg/environments"
 // NewProductionEnvLoader ...
 func NewProductionEnvLoader() environments.EnvLoader {
 	return environments.SimpleEnvLoader{
-		"ocm-base-url":                        "https://api.openshift.com",
-		"ams-base-url":                        "https://api.openshift.com",
-		"v":                                   "1",
-		"ocm-debug":                           "false",
-		"enable-ocm-mock":                     "false",
-		"enable-sentry":                       "true",
-		"enable-deny-list":                    "true",
-		"max-allowed-instances":               "1",
-		"enable-central-external-certificate": "true",
-		"cluster-compute-machine-type":        "m5.2xlarge",
+		"ocm-base-url":                   "https://api.openshift.com",
+		"ams-base-url":                   "https://api.openshift.com",
+		"v":                              "1",
+		"ocm-debug":                      "false",
+		"enable-ocm-mock":                "false",
+		"enable-sentry":                  "true",
+		"enable-deny-list":               "true",
+		"max-allowed-instances":          "1",
+		"enable-central-external-domain": "true",
+		"cluster-compute-machine-type":   "m5.2xlarge",
 	}
 }

internal/dinosaur/pkg/environments/stage.go

@@ -5,17 +5,17 @@ import "github.com/stackrox/acs-fleet-manager/pkg/environments"
 // NewStageEnvLoader ...
 func NewStageEnvLoader() environments.EnvLoader {
 	return environments.SimpleEnvLoader{
-		"ocm-base-url":                        "https://api.stage.openshift.com",
-		"ams-base-url":                        "https://api.stage.openshift.com",
-		"enable-ocm-mock":                     "false",
-		"enable-deny-list":                    "true",
-		"max-allowed-instances":               "1",
-		"enable-central-external-certificate": "true",
-		"cluster-compute-machine-type":        "m5.2xlarge",
-		"enable-additional-sso-issuers":       "true",
-		"additional-sso-issuers-file":         "config/additional-sso-issuers.yaml",
-		"jwks-file":                           "config/jwks-file-static.json",
-		"fleetshard-authz-config-file":        "config/fleetshard-authz-development.yaml",
-		"admin-authz-config-file":             "config/admin-authz-roles-dev.yaml",
+		"ocm-base-url":                   "https://api.stage.openshift.com",
+		"ams-base-url":                   "https://api.stage.openshift.com",
+		"enable-ocm-mock":                "false",
+		"enable-deny-list":               "true",
+		"max-allowed-instances":          "1",
+		"enable-central-external-domain": "true",
+		"cluster-compute-machine-type":   "m5.2xlarge",
+		"enable-additional-sso-issuers":  "true",
+		"additional-sso-issuers-file":    "config/additional-sso-issuers.yaml",
+		"jwks-file":                      "config/jwks-file-static.json",
+		"fleetshard-authz-config-file":   "config/fleetshard-authz-development.yaml",
+		"admin-authz-config-file":        "config/admin-authz-roles-dev.yaml",
 	}
 }