OSD-22507: New IAM credential, secret rotate util #601
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@nephomaniac: This pull request references OSD-22507 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
Overall this looks very good! Got a few comments, but I don't think any of them are MAJOR changes, like I mentioned at standup some of them are little nits or things like expanding on what something is with a comment because it doesn't make sense at first glance.
|
Big thanks @iamkirkbater for the review and comments. Most recent commit should contain these suggestions as well as support -o yaml/json to stdout (logs to stderr) for the 'describe' specific commands. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/test lint |
nephomaniac
changed the title
There was a problem hiding this comment.
Generally super small comments/spelling suggestions. I have one concern with saving the keys that might just be me being too paranoid, and a suggestion about how to search for the credentialsRequests.
Otherwise great work! This is WAY more than I expected it to be when I wrote OSD-22507!
nephomaniac
changed the title
|
@nephomaniac: This pull request references OSD-22507 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
1 similar comment
|
@nephomaniac: This pull request references OSD-22507 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@nephomaniac: This pull request references OSD-22507 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@nephomaniac: This pull request references OSD-22507 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test lint |
openshift-merge-robot
added
the
needs-rebase
…review/apply. Allow json, yaml output.
CPMS should be the default case now when this command is used, as clusters < 4.12 are EOL. We keep the old way for edge cases, issues with CPMS or any leftover EOL cluster
The new default for controlplane resizes is using cpms. The legacy single-node resize can be used by specifying and running for each node with --node. Added warnings and improve the errors/guardrails around the usage.
Bumps [github.com/openshift/osd-network-verifier](https://github.com/openshift/osd-network-verifier) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/openshift/osd-network-verifier/releases) - [Changelog](https://github.com/openshift/osd-network-verifier/blob/main/RELEASE.md) - [Commits](openshift/osd-network-verifier@v1.1.2...v1.2.0) --- updated-dependencies: - dependency-name: github.com/openshift/osd-network-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Combined with the `-i` option this makes it possible to send a servicelog without using a template at all.
Bumps [github.com/openshift/osd-network-verifier](https://github.com/openshift/osd-network-verifier) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/openshift/osd-network-verifier/releases) - [Changelog](https://github.com/openshift/osd-network-verifier/blob/main/RELEASE.md) - [Commits](openshift/osd-network-verifier@v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: github.com/openshift/osd-network-verifier dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…ependency on target name if canary not set 1. instead of looking for a specific yaml path in resource template, loop through all of them. This is important when a saas file does not have the standard operator yaml path eg MCC, MCVW 2. If saas file does not have canary targets set, continue to do a full replace of old sha with new.
This client helps you develop, build, deploy, and run your applications on any OpenShift or Kubernetes cluster. It also includes the administrative commands for managing a cluster under the 'adm' subcommand. Basic Commands: login Log in to a server new-project Request a new project new-app Create a new application status Show an overview of the current project project Switch to another project projects Display existing projects explain Get documentation for a resource Build and Deploy Commands: rollout Manage a Kubernetes deployment or OpenShift deployment config rollback Revert part of an application back to a previous deployment new-build Create a new build configuration start-build Start a new build cancel-build Cancel running, pending, or new builds import-image Import images from a container image registry tag Tag existing images into image streams Application Management Commands: create Create a resource from a file or from stdin apply Apply a configuration to a resource by file name or stdin get Display one or many resources describe Show details of a specific resource or group of resources edit Edit a resource on the server set Commands that help set specific features on objects label Update the labels on a resource annotate Update the annotations on a resource expose Expose a replicated application as a service or route delete Delete resources by file names, stdin, resources and names, or by resources and label selector scale Set a new size for a deployment, replica set, or replication controller autoscale Autoscale a deployment config, deployment, replica set, stateful set, or replication controller secrets Manage secrets Troubleshooting and Debugging Commands: logs Print the logs for a container in a pod rsh Start a shell session in a container rsync Copy files between a local file system and a pod port-forward Forward one or more local ports to a pod debug Launch a new instance of a pod for debugging exec Execute a command in a container proxy Run a proxy to the Kubernetes API server attach Attach to a running container run Run a particular image on the cluster cp Copy files and directories to and from containers wait Experimental: Wait for a specific condition on one or many resources events List events Advanced Commands: adm Tools for managing a cluster replace Replace a resource by file name or stdin patch Update fields of a resource process Process a template into list of resources extract Extract secrets or config maps to disk observe Observe changes to resources and react to them (experimental) policy Manage authorization policy auth Inspect authorization image Useful commands for managing images registry Commands for working with the registry idle Idle scalable resources api-versions Print the supported API versions on the server, in the form of "group/version" api-resources Print the supported API resources on the server cluster-info Display cluster information diff Diff the live version against a would-be applied version kustomize Build a kustomization target from a directory or URL Settings Commands: get-token Experimental: Get token from external OIDC issuer as credentials exec plugin logout End the current server session config Modify kubeconfig files whoami Return information about the current session completion Output shell completion code for the specified shell (bash, zsh, fish, or powershell) Other Commands: plugin Provides utilities for interacting with plugins version Print the client and server version information Usage: oc [flags] [options] Use "oc <command> --help" for more information about a given command. Use "oc options" for a list of global command-line options (applies to all commands). for osdctl hcp must-gather
…umps (openshift#670) * Feat(OSD-25864): update osdctl hcp must-gather to create hypershift dumps * Add reference to ACM must-gather image ticket
Bumps [github.com/openshift/backplane-cli](https://github.com/openshift/backplane-cli) from 0.1.39 to 0.1.40. - [Release notes](https://github.com/openshift/backplane-cli/releases) - [Changelog](https://github.com/openshift/backplane-cli/blob/main/docs/release.md) - [Commits](openshift/backplane-cli@v0.1.39...v0.1.40) --- updated-dependencies: - dependency-name: github.com/openshift/backplane-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
openshift-merge-robot
removed
the
needs-rebase
|
@nephomaniac: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
First pass at OSD-22507. Attempting to consolidate previous bash, osdctl, additional SOP steps to into a single command/context to help users rotate Osd Admin user(s)' IAM creds and related secrets.
To test...
git clone [email protected]:nephomaniac/osdctl.git --branch OSD-22507-poc --single-branch --depth 1 osdctl_osd_22507 && cd osdctl_osd_22507
go build
./osdctl account iam-secret-mgmt -h