koji_builder: switch the koji-osbuild token URL to the unified SSO
identity.api.openshift.com was shut down several hours ago. The plugin now needs to use sso.redhat.com instead. This commit adjusts the token URL and the script that pokes holes in the firewall for selected domains.
This commit is contained in:
parent
08405d960f
commit
a9f0785b5c
3 changed files with 4 additions and 7 deletions
|
@ -4,7 +4,7 @@ server = https://api.openshift.com/
|
||||||
[composer:oauth]
|
[composer:oauth]
|
||||||
client_id = {{koji_builder_client_id}}
|
client_id = {{koji_builder_client_id}}
|
||||||
client_secret = {{koji_builder_client_secret}}
|
client_secret = {{koji_builder_client_secret}}
|
||||||
token_url = https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/token
|
token_url = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
|
||||||
|
|
||||||
[koji]
|
[koji]
|
||||||
server = https://koji.fedoraproject.org/kojihub
|
server = https://koji.fedoraproject.org/kojihub
|
||||||
|
|
|
@ -4,7 +4,7 @@ server = https://api.stage.openshift.com/
|
||||||
[composer:oauth]
|
[composer:oauth]
|
||||||
client_id = {{koji_builder_client_id_stg}}
|
client_id = {{koji_builder_client_id_stg}}
|
||||||
client_secret = {{koji_builder_client_secret_stg}}
|
client_secret = {{koji_builder_client_secret_stg}}
|
||||||
token_url = https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/token
|
token_url = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
|
||||||
|
|
||||||
[koji]
|
[koji]
|
||||||
server = https://koji.stg.fedoraproject.org/kojihub
|
server = https://koji.stg.fedoraproject.org/kojihub
|
||||||
|
|
|
@ -19,10 +19,8 @@ do
|
||||||
/usr/sbin/ipset add osbuildapi $j
|
/usr/sbin/ipset add osbuildapi $j
|
||||||
done
|
done
|
||||||
|
|
||||||
{% if env == 'staging' %}
|
# both stage and prod authenticate using sso.redhat.com
|
||||||
# in stg we need to add identity.api because we are using api.stage above.
|
RESOLVEQUERY=`resolvectl -4 --cache=no --legend=no query sso.redhat.com 2> /dev/null`
|
||||||
# in prod this is already the same as api.openshift.com, so skip it.
|
|
||||||
RESOLVEQUERY=`resolvectl -4 --cache=no --legend=no query identity.api.openshift.com 2> /dev/null`
|
|
||||||
test $? -eq 0 || exit $?
|
test $? -eq 0 || exit $?
|
||||||
|
|
||||||
NEWIDENTITYIPS=`echo "$RESOLVEQUERY" | grep link | sed -E 's/.* ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/g' | sort -n`
|
NEWIDENTITYIPS=`echo "$RESOLVEQUERY" | grep link | sed -E 's/.* ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/g' | sort -n`
|
||||||
|
@ -31,4 +29,3 @@ for j in $NEWIDENTITYIPS
|
||||||
do
|
do
|
||||||
/usr/sbin/ipset add osbuildapi $j
|
/usr/sbin/ipset add osbuildapi $j
|
||||||
done
|
done
|
||||||
{% endif %}
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue