[federation] Add OIDC federation configuration on OSP17#3840
Conversation
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/26034762f48a48fca288e7e854787c5e ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 06m 43s |
9a25df6 to
8a6201f
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/dae0701d12884153b6f006c8aa172cf8 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 21m 31s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/102768d2db2046618e2df2abea191087 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 17m 13s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/6b63548911024fcca24385452213899b ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 10m 31s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/81d4d0c7435840dc9203c85d5a6f872f ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 45m 21s |
|
recheck |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/53bfedc8e1734c589c90d309603d550a ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 20m 30s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/fac472f1014a4d1f8cce26c1ca856514 ❌ openstack-k8s-operators-content-provider RETRY_LIMIT in 2m 42s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/3f61f7b075e64a3a907272d315f0f8da ❌ openstack-k8s-operators-content-provider RETRY_LIMIT in 2m 56s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/2e78e38282b64fe48a7163bb9d24d466 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 24m 48s |
xek
left a comment
There was a problem hiding this comment.
The cifmw-pod-pre-commit failure is caused by missing trailing newlines in three files added by this PR — not by any pre-existing issue.
The end-of-file-fixer hook reports:
Fixing roles/federation/tasks/run_osp17_oidc_setup.yml
Fixing hooks/playbooks/federation-osp17-post-deploy.yml
Fixing roles/federation/templates/enable-federation-openidc.yaml.j2
Fix: run pre-commit run --all-files locally, commit the changes, and push. That will add the missing newlines and the check will pass.
xek
left a comment
There was a problem hiding this comment.
The cifmw-pod-pre-commit failure is caused by missing trailing newlines in three files added by this PR — not a pre-existing issue.
The end-of-file-fixer hook reports:
Fixing roles/federation/tasks/run_osp17_oidc_setup.yml
Fixing hooks/playbooks/federation-osp17-post-deploy.yml
Fixing roles/federation/templates/enable-federation-openidc.yaml.j2
Fix: run pre-commit run --all-files locally, commit the result, and push.
|
This PR is stale because it has been for over 15 days with no activity. |
|
I see there's a testproject in the linked jira's comments, but I don't see this pr mentioned as a |
|
/approve |
|
/lgtm |
|
Hey @Valkyrie00! Can we please have this approved? |
|
Not sure if i can approve but will try |
|
/lgtm |
|
Build failed (check pipeline). Post ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 53m 17s |
|
recheck |
Add Ansible playbooks and role tasks to configure OSP 17.1 for OIDC federation, enabling adoption testing with Keycloak as the identity provider. Changes: - Add federation-osp17-pre-deploy hook playbook that renders the Heat environment file and configures Keystone for OIDC - Add run_osp17_oidc_setup.yml tasks to create the federation domain, identity provider, mapping, group, project and protocol on OSP 17.1 - Add enable-federation-openidc.yaml.j2 Heat template for OIDC params - Refactor Keycloak operator deployment to use kubernetes.core.k8s instead of oc apply with a template file - Make operator namespace configurable via cifmw_federation_operator_namespace variable - Add passthrough Route for Keycloak and grant privileged SCC - Conditionally include the OIDC env file in overcloud deploy Jira: https://issues.redhat.com/browse/OSPRH-19960 Signed-off-by: Andre Aranha <afariasa@redhat.com> Co-authored-by: Grzegorz Grasza <xek@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: d34dh0r53, jistr, Valkyrie00 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cherry-pick 18.0-fr6 |
|
@afaranha: new pull request created: #4025 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Add Ansible playbooks and role tasks to configure OSP 17.1 for OIDC federation, enabling adoption testing with Keycloak as the identity provider.
Changes:
Original Patch: #3307
Depends-On: openstack-k8s-operators/data-plane-adoption#1418
Jira: https://issues.redhat.com/browse/OSPRH-19960