Skip to content

ci-operator/step-registry/ipi/conf: Run ccoctl steps from cloud-credential-operator #25575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Jan 25, 2022
Merged

ci-operator/step-registry/ipi/conf: Run ccoctl steps from cloud-credential-operator #25575

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 1 addition & 7 deletions ...istry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,5 @@ infra_name=${NAMESPACE}-${JOB_NAME_HASH}
export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
REGION="${LEASED_RESOURCE}"

# extract ccoctl from the release image
CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST")
cd "/tmp"
oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl"
chmod 555 "/tmp/ccoctl"

# delete credentials infrastructure created by oidc-creds-provision configure step
"/tmp/ccoctl" aws delete --name="${infra_name}" --region="${REGION}"
ccoctl aws delete --name="${infra_name}" --region="${REGION}"
2 changes: 1 addition & 1 deletion ...registry/ipi/conf/aws/oidc-creds-deprovision/ipi-conf-aws-oidc-creds-deprovision-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ref:
as: ipi-conf-aws-oidc-creds-deprovision
from: cli
from: cloud-credential-operator
commands: ipi-conf-aws-oidc-creds-deprovision-commands.sh
resources:
requests:
Expand Down
10 changes: 2 additions & 8 deletions ...-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,12 @@ infra_name=${NAMESPACE}-${JOB_NAME_HASH}
export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
REGION="${LEASED_RESOURCE}"

# extract ccoctl from the release image
oc registry login
CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST")
cd "/tmp"
oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl"
chmod 555 "/tmp/ccoctl"

# extract aws credentials requests from the release image
oc registry login
oc adm release extract --credentials-requests --cloud=aws --to="/tmp/credrequests" "$RELEASE_IMAGE_LATEST"

# create required credentials infrastructure and installer manifests
"/tmp/ccoctl" aws create-all --name="${infra_name}" --region="${REGION}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp"
ccoctl aws create-all --name="${infra_name}" --region="${REGION}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp"

# copy generated service account signing from ccoctl target directory into shared directory
cp "/tmp/tls/bound-service-account-signing-key.key" "${TPREFIX}_bound-service-account-signing-key.key"
Expand Down
3 changes: 2 additions & 1 deletion ...tep-registry/ipi/conf/aws/oidc-creds-provision/ipi-conf-aws-oidc-creds-provision-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
ref:
as: ipi-conf-aws-oidc-creds-provision
from: cli
from: cloud-credential-operator
cli: latest
Comment on lines +3 to +4
Copy link
Contributor

@akhil-rane akhil-rane Jan 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will have changes from the PR right? We want to test any changes to ccoctl as well. I am not sure if the current code does that.

Copy link
Member Author

@wking wking Jan 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you will still have new versions of both oc and ccoctl in the step, both as master stands before this PR, and as I have things set up in the PR. The PR just gets us there more conveniently, with less in-step hoop-jumping.

commands: ipi-conf-aws-oidc-creds-provision-commands.sh
resources:
requests:
Expand Down
8 changes: 1 addition & 7 deletions ...istry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,6 @@ export GCP_SHARED_CREDENTIALS_FILE=${CLUSTER_PROFILE_DIR}/gce.json
export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}"
PROJECT="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)"

# extract ccoctl from the release image
CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST")
cd "/tmp"
oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl"
chmod 555 "/tmp/ccoctl"

# delete credentials infrastructure created by oidc-creds-provision-provision configure step
export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}"
"/tmp/ccoctl" gcp delete --name="${infra_name}" --project="${PROJECT}"
ccoctl gcp delete --name="${infra_name}" --project="${PROJECT}"
2 changes: 1 addition & 1 deletion ...registry/ipi/conf/gcp/oidc-creds-deprovision/ipi-conf-gcp-oidc-creds-deprovision-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ref:
as: ipi-conf-gcp-oidc-creds-deprovision
from: cli
from: cloud-credential-operator
commands: ipi-conf-gcp-oidc-creds-deprovision-commands.sh
resources:
requests:
Expand Down
10 changes: 2 additions & 8 deletions ...-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,13 @@ export GCP_SHARED_CREDENTIALS_FILE=${CLUSTER_PROFILE_DIR}/gce.json
export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}"
PROJECT="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)"

# extract ccoctl from the release image
oc registry login
CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "$RELEASE_IMAGE_LATEST")
cd "/tmp"
oc image extract "$CCO_IMAGE" --file="/usr/bin/ccoctl"
chmod 555 "/tmp/ccoctl"

# extract gcp credentials requests from the release image
oc registry login
oc adm release extract --credentials-requests --cloud=gcp --to="/tmp/credrequests" "$RELEASE_IMAGE_LATEST"

# create required credentials infrastructure and installer manifests for workload identity
export GOOGLE_APPLICATION_CREDENTIALS="${GCP_SHARED_CREDENTIALS_FILE}"
"/tmp/ccoctl" gcp create-all --name="${infra_name}" --project="${PROJECT}" --region="${LEASED_RESOURCE}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp"
ccoctl gcp create-all --name="${infra_name}" --project="${PROJECT}" --region="${LEASED_RESOURCE}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp"

# copy generated service account signing from ccoctl target directory into shared directory
cp "/tmp/tls/bound-service-account-signing-key.key" "${TPREFIX}_bound-service-account-signing-key.key"
Expand Down
3 changes: 2 additions & 1 deletion ...tep-registry/ipi/conf/gcp/oidc-creds-provision/ipi-conf-gcp-oidc-creds-provision-ref.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
ref:
as: ipi-conf-gcp-oidc-creds-provision
from: cli
from: cloud-credential-operator
cli: latest
commands: ipi-conf-gcp-oidc-creds-provision-commands.sh
resources:
requests:
Expand Down