diff --git a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-commands.sh b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-commands.sh index 68488b2887a94..14469123c5c58 100755 --- a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-commands.sh @@ -8,11 +8,5 @@ infra_name=${NAMESPACE}-${JOB_NAME_HASH} export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" REGION="${LEASED_RESOURCE}" -# extract ccoctl from the release image -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST") -cd "/tmp" -oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # delete credentials infrastructure created by oidc-creds-provision configure step -"/tmp/ccoctl" aws delete --name="${infra_name}" --region="${REGION}" +ccoctl aws delete --name="${infra_name}" --region="${REGION}" diff --git a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-ref.yaml index 14e59bbf86483..bfe88e409dc8f 100644 --- a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-ref.yaml @@ -1,6 +1,6 @@ ref: as: ipi-conf-aws-oidc-creds-deprovision - from: cli + from: cloud-credential-operator commands: ipi-conf-aws-oidc-creds-deprovision-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-commands.sh b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-commands.sh index 007c1f8fc3ec1..a04a8e08993c4 100755 --- a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-commands.sh @@ -10,18 +10,12 @@ infra_name=${NAMESPACE}-${JOB_NAME_HASH} export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" REGION="${LEASED_RESOURCE}" -# extract ccoctl from the release image -oc registry login -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST") -cd "/tmp" -oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # extract aws credentials requests from the release image +oc registry login oc adm release extract --credentials-requests --cloud=aws --to="/tmp/credrequests" "$RELEASE_IMAGE_LATEST" # create required credentials infrastructure and installer manifests -"/tmp/ccoctl" aws create-all --name="${infra_name}" --region="${REGION}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp" +ccoctl aws create-all --name="${infra_name}" --region="${REGION}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp" # copy generated service account signing from ccoctl target directory into shared directory cp "/tmp/tls/bound-service-account-signing-key.key" "${TPREFIX}_bound-service-account-signing-key.key" diff --git a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-ref.yaml index 09fb86eee4ea6..443af834d642c 100644 --- a/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-ref.yaml @@ -1,6 +1,7 @@ ref: as: ipi-conf-aws-oidc-creds-provision - from: cli + from: cloud-credential-operator + cli: latest commands: ipi-conf-aws-oidc-creds-provision-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-commands.sh b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-commands.sh index 3c24c98a2de37..497497c2a5531 100755 --- a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-commands.sh @@ -9,12 +9,6 @@ export GCP_SHARED_CREDENTIALS_FILE=${CLUSTER_PROFILE_DIR}/gce.json export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}" PROJECT="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" -# extract ccoctl from the release image -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST") -cd "/tmp" -oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # delete credentials infrastructure created by oidc-creds-provision-provision configure step export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}" -"/tmp/ccoctl" gcp delete --name="${infra_name}" --project="${PROJECT}" +ccoctl gcp delete --name="${infra_name}" --project="${PROJECT}" diff --git a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-ref.yaml b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-ref.yaml index 08dff818e0664..3653375ee90d0 100644 --- a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-ref.yaml @@ -1,6 +1,6 @@ ref: as: ipi-conf-gcp-oidc-creds-deprovision - from: cli + from: cloud-credential-operator commands: ipi-conf-gcp-oidc-creds-deprovision-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-commands.sh b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-commands.sh index 90db7ea38f9bd..6131dfd3bd721 100755 --- a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-commands.sh @@ -11,19 +11,13 @@ export GCP_SHARED_CREDENTIALS_FILE=${CLUSTER_PROFILE_DIR}/gce.json export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}" PROJECT="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" -# extract ccoctl from the release image -oc registry login -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST") -cd "/tmp" -oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # extract gcp credentials requests from the release image +oc registry login oc adm release extract --credentials-requests --cloud=gcp --to="/tmp/credrequests" "$RELEASE_IMAGE_LATEST" # create required credentials infrastructure and installer manifests for workload identity export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}" -"/tmp/ccoctl" gcp create-all --name="${infra_name}" --project="${PROJECT}" --region="${LEASED_RESOURCE}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp" +ccoctl gcp create-all --name="${infra_name}" --project="${PROJECT}" --region="${LEASED_RESOURCE}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp" # copy generated service account signing from ccoctl target directory into shared directory cp "/tmp/tls/bound-service-account-signing-key.key" "${TPREFIX}_bound-service-account-signing-key.key" diff --git a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-ref.yaml b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-ref.yaml index e6d17812e0742..639a2cb61c218 100644 --- a/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-ref.yaml @@ -1,6 +1,7 @@ ref: as: ipi-conf-gcp-oidc-creds-provision - from: cli + from: cloud-credential-operator + cli: latest commands: ipi-conf-gcp-oidc-creds-provision-commands.sh resources: requests: