Skip to content

Commit

Permalink
feat(RELEASE-1191): use prod radas for signing
Browse files Browse the repository at this point in the history 
This commit modifies the signing configMaps in two ways. First, it
changes all the UMB variables to be the production values. This makes it
so that we will use prod radas even in stage signing requests.

Secondly, it removes the SSL_ variables from the configMaps. These were
left for backwards compatibility, but now the PYXIS_ and UMB_ variables
take their places.

Signed-off-by: Johnny Bieren <[email protected]>
  • Loading branch information
@johnbieren
johnbieren committed Dec 16, 2024
1 parent d4f6f6e commit 75c347d
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 45 deletions.
3 changes: 0 additions & 3 deletions ...nal-services/config/signing/production/hacbs-signing-pipeline-config-openshifthosted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ data:
PYXIS_URL: "https://pyxis.engineering.redhat.com"
SIG_KEY_ID: "B906BA72"
SIG_KEY_NAME: "openshifthosted"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
Expand Down
3 changes: 0 additions & 3 deletions internal-services/config/signing/production/hacbs-signing-pipeline-config-redhatbeta2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ data:
PYXIS_URL: "https://pyxis.engineering.redhat.com"
SIG_KEY_ID: "4096R/F21541EB SHA-256"
SIG_KEY_NAME: "beta2"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
Expand Down
3 changes: 0 additions & 3 deletions ...rnal-services/config/signing/production/hacbs-signing-pipeline-config-redhatrelease2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ data:
PYXIS_URL: "https://pyxis.engineering.redhat.com"
SIG_KEY_ID: "4096R/FD431D51 SHA-256"
SIG_KEY_NAME: "redhatrelease2"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
Expand Down
9 changes: 3 additions & 6 deletions ...ices/config/signing/production/hacbs-signing-pipeline-config-staging-openshifthosted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign
9 changes: 3 additions & 6 deletions ...services/config/signing/production/hacbs-signing-pipeline-config-staging-redhatbeta2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign
9 changes: 3 additions & 6 deletions ...vices/config/signing/production/hacbs-signing-pipeline-config-staging-redhatrelease2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign
9 changes: 3 additions & 6 deletions internal-services/config/signing/staging/hacbs-signing-pipeline-config-openshifthosted.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign
9 changes: 3 additions & 6 deletions internal-services/config/signing/staging/hacbs-signing-pipeline-config-redhatbeta2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign
9 changes: 3 additions & 6 deletions internal-services/config/signing/staging/hacbs-signing-pipeline-config-redhatrelease2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,13 @@ data:
PYXIS_URL: "https://pyxis.stage.engineering.redhat.com"
SIG_KEY_ID: "4096R/37036783 SHA-256"
SIG_KEY_NAME: "redhate2etesting"
SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
PYXIS_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
PYXIS_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
PYXIS_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_SSL_CERT_FILE_NAME: "hacbs-signing-pipeline.pem"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-staging-certs"
UMB_SSL_CERT_SECRET_NAME: "hacbs-signing-pipeline-certs"
UMB_SSL_KEY_FILE_NAME: "hacbs-signing-pipeline.key"
UMB_CLIENT_NAME: "hacbs-signing-pipeline-nonprod"
UMB_URL: "umb.stage.api.redhat.com"
UMB_CLIENT_NAME: "hacbs-signing-pipeline"
UMB_URL: "umb.api.redhat.com"
UMB_LISTEN_TOPIC: VirtualTopic.eng.robosignatory.hacbs.sign
UMB_PUBLISH_TOPIC: VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign

0 comments on commit 75c347d

Please sign in to comment.