Merge pull request #2330 from sswguo/oidc_parameters

Configure the client account information as parameters

deploy/pipeline/mw-pipeline-v0.1.yaml

@@ -41,6 +41,10 @@ spec:
       type: string
     - name: ENABLE_INDY_PROXY
       type: string
+    - name: INDY_PROXY_CLIENT_ID
+      type: string
+    - name: INDY_PROXY_CLIENT_CREDENTIAL
+      type: string
     - name: JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE
       type: string
     - name: NOTIFICATION_CONTEXT
@@ -125,6 +129,10 @@ spec:
           value: $(params.caTrustConfigMapName)
         - name: ENABLE_INDY_PROXY
           value: $(params.ENABLE_INDY_PROXY)
+        - name: INDY_PROXY_CLIENT_ID
+          value: $(params.INDY_PROXY_CLIENT_ID)
+        - name: INDY_PROXY_CLIENT_CREDENTIAL
+          value: $(params.INDY_PROXY_CLIENT_CREDENTIAL)
         - name: BUILD_ARGS  #TODO this should be baked in the OCI source image only a ACCESS_TOKEN should be passed
           value:
             - PROXY_URL=$(params.MVN_REPO_DEPENDENCIES_URL)

deploy/tasks/README.md

@@ -12,18 +12,18 @@ It should be base-lined to the most recent definition from Konflux build-definit
 ### Domain Proxy
 Adds Domain Proxy to the build:
 * https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L134-L189
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L288-L313
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L327
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L621-L657
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L296-L321
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L335
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L629-L665
 
 ### Indy Sidecar
 Adds Indy configuration to the build:
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L190-L193
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L226-L236
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L864-L884
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L190-L201
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L234-L244
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L872-L894
 
 
 ### Trusted CA
 Adds the trusted ca to the build:
-* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L591-L595
+* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L599-L603
 

deploy/tasks/buildah-oci-ta.yaml

@@ -191,6 +191,14 @@ spec:
       type: string
       description: Enable the indy generic proxy (true/false)
       default: "false"
+    - name: INDY_PROXY_CLIENT_ID
+      type: string
+      description: The client ID used by indy proxy to communicate with Indy.
+      default: ""
+    - name: INDY_PROXY_CLIENT_CREDENTIAL
+      type: string
+      description: The client credential used by indy proxy to communicate with Indy.
+      default: ""
   results:
     - name: IMAGE_DIGEST
       description: Digest of the image just built
@@ -880,5 +888,7 @@ spec:
           memory: 512Mi
       script: |
         if [ "$(params.ENABLE_INDY_PROXY)" == "true" ]; then
-          /usr/local/bin/dumb-init /deployment/start-service.sh
+          export QUARKUS_OIDC_CLIENT_CLIENT_ID="$(params.INDY_PROXY_CLIENT_ID)"
+          export QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET="$(params.INDY_PROXY_CLIENT_CREDENTIAL)"
+          /deployment/start-service.sh
         fi