Add encrypted CRC_PULL_SECRET #648
Conversation
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 25s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
0abb1c6 to
6b95f96
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 28s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
6b95f96 to
7d0aff7
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 22s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
7d0aff7 to
c7467d1
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 26s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
c7467d1 to
40ee5f3
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 22s |
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 24s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
400934a to
2eb1e75
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 24s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
2eb1e75 to
fd1b5cf
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
fd1b5cf to
0349c77
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 26s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
0349c77 to
bd7a86e
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
2 times, most recently
from
84e22e3 to
cb40675
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 24s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
cb40675 to
d47e43b
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
d47e43b to
afa686c
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 21s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
afa686c to
861cb75
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 26s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
861cb75 to
83532f6
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
83532f6 to
6a8a424
Compare
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
638a056 to
e960d56
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 29s |
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 31s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
784452a to
67a55c3
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
67a55c3 to
7f081d0
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 23s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
7f081d0 to
f159fc7
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 43s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
f159fc7 to
53efadb
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 21s |
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 22s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
01e3426 to
065af09
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 24s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
065af09 to
c2a2a8b
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 24s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
c2a2a8b to
ebd8a85
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 33s |
| @@ -130,3 +130,47 @@ In both cases you have to do some tweaks before using them: | |||
| - `id_ed25519[.pub]`: replace with your ssh keys | |||
|
|
|||
| Not all services use all of them. For example `copr` is needed only by `packit` service. | |||
|
|
|||
| ## Encrypting Secrets for OpenShift Tests in Testing Farm | |||
There was a problem hiding this comment.
if this is needed only for running from forks, I would mention it explicitly in the title, and also add a note in the beginning that if you have the access and create branches in the repo itself, this process is not needed
There was a problem hiding this comment.
If you don't run the test from a fork, someone still has to go through this procedure and encrypt the CRC pull secret against the main packit repo. So I think the title is ok. I should probably make it clearer in the description below. I will try to rephrase it.
| - name: Look for pull_secret (splitted in small parts due to testing farm encryption) | ||
| ansible.builtin.set_fact: | ||
| pull_secret_part_1: "{{ lookup('env', 'CRC_PULL_SECRET_PART_1') }}" | ||
| pull_secret_part_2: "{{ lookup('env', 'CRC_PULL_SECRET_PART_2') }}" | ||
| pull_secret_part_3: "{{ lookup('env', 'CRC_PULL_SECRET_PART_3') }}" | ||
| pull_secret_part_4: "{{ lookup('env', 'CRC_PULL_SECRET_PART_4') }}" | ||
| pull_secret_part_5: "{{ lookup('env', 'CRC_PULL_SECRET_PART_5') }}" | ||
| pull_secret_part_6: "{{ lookup('env', 'CRC_PULL_SECRET_PART_6') }}" | ||
| pull_secret_part_7: "{{ lookup('env', 'CRC_PULL_SECRET_PART_7') }}" | ||
| when: pull_secret == "" | ||
|
|
||
| - name: Rebuild pull_secret from its parts | ||
| ansible.builtin.set_fact: | ||
| pull_secret: "{{ pull_secret_part_1 }}{{ pull_secret_part_2 }}{{ pull_secret_part_3 }}{{ pull_secret_part_4 }}{{ pull_secret_part_5 }}{{ pull_secret_part_6 }}{{ pull_secret_part_7 }}" | ||
| when: pull_secret == "" and pull_secret_part_1 != "" |
There was a problem hiding this comment.
could this be simplified using a list, like pull_secret_parts?
There was a problem hiding this comment.
I am not sure I follow, you mean simplify with a loop? I am not sure I can dynamically create variable names in ansible. I would not know hot to do that.
There was a problem hiding this comment.
If you mean, instead, recreate the secret outside of ansible, it can be done, but since I have some checks here I preferred to do it here.
There was a problem hiding this comment.
I meant the first way. But I don't know the details on how to do this with ansible, so I am ok with leaving as it is.
There was a problem hiding this comment.
I think I have an idea for this…
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 30s |
majamassarini
force-pushed
the
openshift-tests-with-tf-secrets
branch
from
c7d5777 to
f5f03bd
Compare
|
Build succeeded. ✔️ pre-commit SUCCESS in 1m 29s |
Fixes #564