Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate Sonatype Nexus With OpenShift OAuth #233

Open
InfoSec812 opened this issue Oct 31, 2018 · 3 comments
Open

Integrate Sonatype Nexus With OpenShift OAuth #233

InfoSec812 opened this issue Oct 31, 2018 · 3 comments

Comments

@InfoSec812
Copy link
Collaborator

As a CI/CD administrator, it would be very nice if Nexus were to use OpenShift authentication instead of it's own authentication. Using OpenShift OAuth Proxy as a sidecar, it should be possible to integrate with the Nexus "Remote User Token" feature for authentication.

@springdo
Copy link
Contributor

This would be cool @InfoSec812! We did some work on my current client to change the default nexus password using the post hook in ci/cd and a custom script but its not great as it replaces the admin password on the first run after configuring repos etc..... then on a replay of the inventory it fails to replace as the password has already changed!! It doesn't sync with openshift but we store teh secret there anyway.

@pcarney8
Copy link
Contributor

@springdo you should checkout encrypting the string with ansible vault and replacing it in your local repo with that custom script after it updates the password (or just put the custom password you want into an encrypted string in a file). Check out my example for secrets with applier here

@InfoSec812
Copy link
Collaborator Author

We had some additional discussions around just using the service account token which is associated with the Jenkins service account. Since that is a long-lived token it would be sufficient for Jenkins to interact with Nexus.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants