Skip to content

AGENT-1193: Allow access to release info when self-signed cert is used #385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

AGENT-1193: Allow access to release info when self-signed cert is used #385

wants to merge 1 commit into from
+2 −2

Conversation

rwsu
Copy link

@rwsu rwsu commented May 6, 2025

Adds --insecure=true to "oc adm release" commands when fetching version and digest.

This allows appliance to work with registries that are using self-signed certificates.

The alterative would be to pass the self-signed certificates to the appliance when it is operated within a container and then use the --certificate-authority flag when executing "oc adm release".

@rwsu
AGENT-1193: Allow access to release info when self-signed cert is used
0ece1e6 
Adds --insecure=true to "oc adm release" commands when
fetching version and digest.

This allows appliance to work with registries that are using
self-signed certificates.

The alterative would be to pass the self-signed certificates
to the appliance when it is operated within a container and
then use the --certificate-authority flag when executing
"oc adm release".
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 6, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented May 6, 2025
edited by openshift-ci bot
Loading

@rwsu: This pull request references AGENT-1193 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.20.0" version, but no target version was set.

In response to this:

Adds --insecure=true to "oc adm release" commands when fetching version and digest.

This allows appliance to work with registries that are using self-signed certificates.

The alterative would be to pass the self-signed certificates to the appliance when it is operated within a container and then use the --certificate-authority flag when executing "oc adm release".

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from danielerez and jhernand May 6, 2025 02:32
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 6, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rwsu
Once this PR has been reviewed and has the lgtm label, please assign danielerez for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 6, 2025

@rwsu: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-compact-ipv4-static 0ece1e6 link true /test e2e-compact-ipv4-static

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

danielerez
danielerez reviewed May 11, 2025
View reviewed changes
pkg/asset/config/appliance_config.go
@@ -48,8 +48,8 @@ const (
PodmanPull = "podman pull %s"

// Release
templateGetVersion = "oc adm release info %s -o template --template '{{.metadata.version}}'"
templateGetDigest = "oc adm release info %s -o template --template '{{.digest}}'"
templateGetVersion = "oc adm release info %s -o template --template '{{.metadata.version}}' --insecure=true"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering what's the use-case, is it required for tests/CI purposes?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For local development purposes where we want the appliance to read the ephemeral release payload created by dev-scripts. This may not be needed, in the additionalImages approach so I will put it on hold.

@rwsu
Copy link
Author

rwsu commented May 13, 2025

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielerez danielerez danielerez left review comments

@jhernand jhernand Awaiting requested review from jhernand

Assignees
No one assigned
Labels
do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rwsu @openshift-ci-robot @danielerez