Comment 1 for bug 2060068

Reviewed: https://review.opendev.org/c/starlingx/config/+/914907
Committed: https://opendev.org/starlingx/config/commit/03443ef16c0c47d15631eb9001b413a3b8ea39fc
Submitter: "Zuul (22348)"
Branch: master

commit 03443ef16c0c47d15631eb9001b413a3b8ea39fc
Author: Kyle MacLeod <email address hidden>
Date: Tue Apr 2 11:52:39 2024 -0400

    Filter cert-mon for geo-redundancy in audit and DC_CertWatcher

    This commit adds a filter for querying all subclouds from dcmanager, to
    account for secondary subclouds that should not be audited by cert-mon
    for this system controller. The filter is performed against a list of
    invalid deploy states that should be considered when querying
    the list of subcloud from dcmanager.

    Likewise, the DC_CertWatcher -> DCIntermediateCertRenew flow must ensure
    that subclouds which are secondary to this system controller are ignored
    by the kubernetes watch in place for the DC intermediate cert renewal
    detection. Subclouds are filtered by the watch based on their online
    state and their deploy-status. A subcloud with invalid deploy state is
    ignored by this system controller.

    Test Cases

    PASS:
    - Trigger audits on service restart. Verify that offline/secondary
      subclouds are excluded.
    - Ensure full daily audit is executed. Verify that all subclouds
      belonging to this system controller are audited. Secondary subclouds
      are not audited.
    - Verify that DC_CertWatcher -> DCIntermediateCertRenew watch fires are
      ignored for offline and/or invalid deploy state

    Closes-Bug: 2060068

    Change-Id: Iffe3d7c76db8d2f17aed0bfebc792af0f9d75ca2
    Signed-off-by: Kyle MacLeod <email address hidden>