Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue-1249: entitlements cert not working using buildah task with support for activation keys #1269

Merged
merged 1 commit into from
Aug 10, 2024
Merged

issue-1249: entitlements cert not working using buildah task with support for activation keys #1269

merged 1 commit into from
Aug 10, 2024

Conversation

brianwcook
Copy link
Contributor

closes #1249

When an activation key secret is not provided, Kubernetes still mounts a volume. This volume is also not truly empty but contains some symlinks in it. To ensure that the fallback to mounted certificates works for backwards compatibility, activation keys will only be mounted now if the 'org' key is present in the key/value secret. This is tested by checking for a file-like-object (-e) in the dir where the secret is mounted.

Before you complete this pull request ...

Look for any open pull requests in the repository with the title "e2e-tests update" and
see if there are recent e2e-tests updates that will be applicable to your change.

@brianwcook
fix issue reported in issue-1249
5704cbe 
konflux-ci#1249
When an activation key is not provided, Kubernetes still mounts a
volume. This volume is also not truly empty but contains some symlinks
in it. To ensure that the fallback to mounted certificates works for
backwards compatibility, activation keys will only be mounted now if the
'org' key is present in the key/value secret. This is tested by
checking for a file-like-object (-e) in the dir where the secret is
mounted.
@arewm
Copy link
Member

arewm commented Aug 10, 2024

I have no issue with this pull request but I cannot comment on the technical details of it as I don't have experience with activation keys.

Do we have documentation for activation keys that indicate the required org key? I assume that this is more of a bug fix than a breaking change so no version bump would be needed.

@brianwcook
Copy link
Contributor Author

this is indeed a bugfix. I have tested it pretty thoroughly. Without this fix anyone mounting entitlement certificates will see PR failures on newer versions of the buildah task.

I am holding off on posting activation keys docs (but I have a draft) because there is a chance that there will be a follow up PR to move the 'subscription-manager register' command into a STEP script so that it is not required to be in the Dockerfile. This is being asked for by a number of people already. I have a meeting to discuss it with another team this coming week. I'd like to minimize the number of people who need to make yet another change to how they obtain content access.

@arewm
Copy link
Member

arewm commented Aug 10, 2024

/retest

@brianwcook brianwcook added this pull request to the merge queue Aug 10, 2024
Merged via the queue into konflux-ci:main with commit a6e5d9e Aug 10, 2024
9 checks passed
@rh-tap-build-team rh-tap-build-team bot mentioned this pull request Aug 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arewm arewm arewm approved these changes

Assignees

@arewm arewm

@rcerven rcerven

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

etc-pki-entitlement secret ignored after #1207
3 participants
@brianwcook @arewm @rcerven