Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update keycloak resources and tas-env script #190

Closed
wants to merge 9 commits into from
Closed

update keycloak resources and tas-env script #190

wants to merge 9 commits into from

Conversation

sallyom
Copy link
Collaborator

@sallyom sallyom commented Feb 26, 2024

@lance @cooktheryan update this first, then update main to match release-1.0.gamma?

@sallyom sallyom closed this Feb 27, 2024
@sallyom sallyom deleted the update-keycloak-tas-env-vars branch February 27, 2024 00:24
@sallyom sallyom restored the update-keycloak-tas-env-vars branch February 27, 2024 00:25
@sallyom sallyom reopened this Feb 27, 2024
@sallyom
Copy link
Collaborator Author

sallyom commented Feb 27, 2024

oops accidentally closed this, and re-opened now

sallyom
sallyom commented Feb 27, 2024
View reviewed changes
tas-env-variables.sh
export BASE_HOSTNAME=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDomain }')
echo "base hostname = $BASE_HOSTNAME"
# This assumes you are currently running from the context of the namespace where your securesign is created
# Run `oc project <securesign namespace>` to ensure you are working within the correct context
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should accept an env var for the securesign namespace but I'm being lazy here and maybe can be done in a follow-up

lance
lance approved these changes Feb 27, 2024
View reviewed changes
Copy link
Member

@lance lance left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 27, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 27, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lance, sallyom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

JasonPowr
JasonPowr reviewed Feb 27, 2024
View reviewed changes
tas-env-variables.sh
export COSIGN_OIDC_ISSUER=$KEYCLOAK_URL/auth/realms/$KEYCLOAK_REALM
export COSIGN_CERTIFICATE_OIDC_ISSUER=$COSIGN_OIDC_ISSUER
export COSIGN_OIDC_ISSUER=$OIDC_ISSUER_URL
export COSIGN_OIDC_CLIENT_ID=trusted-artifact-signer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how important the go binary installer is to GA, but I remember there being issues for TP2 with theses variables not being up-to-date with https://github.com/securesign/sigstore-ocp/blob/release-1.0.gamma/tas-installer/cmd/envgen.go#L33

So they may need an update too

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the script sigstore -> trusted-artifact-signer and also added the CLIENT_ID env var there

@openshift-ci openshift-ci bot removed the lgtm label Feb 28, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 28, 2024

New changes are detected. LGTM label has been removed.

@sallyom
Copy link
Collaborator Author

sallyom commented Feb 28, 2024

closing this, will open against main!

@sallyom sallyom closed this Feb 28, 2024
@sallyom sallyom mentioned this pull request Feb 28, 2024
Merged
@cooktheryan cooktheryan deleted the update-keycloak-tas-env-vars branch February 28, 2024 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JasonPowr JasonPowr JasonPowr left review comments

@lance lance lance approved these changes

@lkatalin lkatalin Awaiting requested review from lkatalin

Assignees

@lance lance

Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sallyom @lance @JasonPowr