Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECURESIGN-589 | Fulcio OIDC issuers configuration does not show in Web Form #257

Merged
merged 1 commit into from
Mar 13, 2024
Merged

SECURESIGN-589 | Fulcio OIDC issuers configuration does not show in Web Form #257

merged 1 commit into from
Mar 13, 2024

Conversation

JasonPowr
Copy link
Contributor

This pr fixes the issue laid out in this jira https://issues.redhat.com/browse/SECURESIGN-589, The main issues was with how the issuer info was stored in the api.

Screenshot from 2024-03-08 11-20-42

@openshift-ci openshift-ci bot requested review from sabre1041 and tommyd450 March 8, 2024 11:21
@openshift-ci openshift-ci bot added the approved label Mar 8, 2024
@JasonPowr JasonPowr requested review from osmman and bouskaJ March 8, 2024 11:34
@JasonPowr JasonPowr force-pushed the fix-fulcio-config branch from c829ae4 to 7d156d7 Compare March 8, 2024 14:37
@JasonPowr
Copy link
Contributor Author

/test tas-operator-e2e

@JasonPowr JasonPowr force-pushed the fix-fulcio-config branch from 7d156d7 to 0d420cd Compare March 8, 2024 15:58
@JasonPowr
Copy link
Contributor Author

/test tas-operator-e2e

@cooktheryan
Copy link
Collaborator

/retest

@JasonPowr
Copy link
Contributor Author

Dont merge this yet, I believe its only passing openshift e2e because I added this line:

secure-sign-operator/ci/openshift/sign-test.sh

Line 74 in ba7585b

oc logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager

to the end of the test script

@JasonPowr
Copy link
Contributor Author

This error is showing up in e2e on openshift

E0312 10:44:15.878404 1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1alpha1.Securesign: failed to list *v1alpha1.Securesign: json: cannot unmarshal array into Go struct field FulcioConfig.items.spec.fulcio.config.OIDCIssuers of type map[string]v1alpha1.OIDCIssuer
W0312 10:44:17.647975 1 reflector.go:535] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1alpha1.Securesign: json: cannot unmarshal array into Go struct field FulcioConfig.items.spec.fulcio.config.OIDCIssuers of type map[string]v1alpha1.OIDCIssuer

@JasonPowr
Copy link
Contributor Author

I believe the ci in openshift is failing because its building and deploying an fbc image, and in the fbc image its using an older version of the operator that wont have the necessary changes to the api to support this new fulcio config. Looking at the ci run its using the image: quay.io/redhat-user-workloads/rhtas-tenant/operator/rhtas-operator@sha256:e550dad4a7299118fe220cd4c145c6e2deee75d2e28e41525f9dc2fb6c9f7508
reference: if its still up: https://console-openshift-console.apps.build04.34d2.p2.openshiftapps.com/k8s/ns/ci-op-8n70cb7l/pods/tas-operator-e2e-install/logs

So we kinda have a chicken and egg thing here...
@osmman @bouskaJ @cooktheryan, whats the best way to proceed with this?

@JasonPowr
Copy link
Contributor Author

JasonPowr commented Mar 12, 2024
edited
Loading

I believe the ci in openshift is failing because its building and deploying an fbc image, and in the fbc image its using an older version of the operator that wont have the necessary changes to the api to support this new fulcio config. Looking at the ci run its using the image: quay.io/redhat-user-workloads/rhtas-tenant/operator/rhtas-operator@sha256:e550dad4a7299118fe220cd4c145c6e2deee75d2e28e41525f9dc2fb6c9f7508 reference: if its still up: https://console-openshift-console.apps.build04.34d2.p2.openshiftapps.com/k8s/ns/ci-op-8n70cb7l/pods/tas-operator-e2e-install/logs

So we kinda have a chicken and egg thing here... @osmman @bouskaJ @cooktheryan, whats the best way to proceed with this?

I think the best option to deal with this is to merge this pr, get a new operator image from konflux, I can then update the bundle and fbc images accordingly. wdyt?

lance
lance approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@lance lance left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 12, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 12, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JasonPowr, lance

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@JasonPowr
Copy link
Contributor Author

/test tas-operator-e2e

@openshift-merge-bot openshift-merge-bot bot merged commit 0835d5d into main Mar 13, 2024
11 checks passed
@osmman osmman deleted the fix-fulcio-config branch March 14, 2024 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osmman osmman osmman left review comments

@lance lance lance approved these changes

@sabre1041 sabre1041 Awaiting requested review from sabre1041

@tommyd450 tommyd450 Awaiting requested review from tommyd450

@bouskaJ bouskaJ Awaiting requested review from bouskaJ

Assignees

@lance lance

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JasonPowr @cooktheryan @lance @osmman