From fb6087140263cc54b7caa3a8c47dbf3d62c61374 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 4 Jul 2024 07:45:53 +0200
Subject: [PATCH] Bugzilla2Fedmsg: deploy keytab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/openshift-apps/bugzilla2fedmsg.yml     |  9 +++++++++
 .../templates/deploymentconfig.yml               | 16 ++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml
index 27538c4fda..71bfebda49 100644
--- a/playbooks/openshift-apps/bugzilla2fedmsg.yml
+++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml
@@ -55,6 +55,15 @@
     key: msg-client-fedora-prod.key
     privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.key"
 
+    # FASJSON access
+  - role: openshift/ipa-client
+    app: bugzilla2fedmsg
+  - role: openshift/keytab
+    app: bugzilla2fedmsg
+    key: service.keytab
+    secret_name: keytab
+    service: bugzilla2fedmsg
+
   - role: openshift/imagestream
     app: bugzilla2fedmsg
     imagename: bugzilla2fedmsg
diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml b/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml
index fd4251f9a3..04db31bad8 100644
--- a/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bugzilla2fedmsg/templates/deploymentconfig.yml
@@ -27,6 +27,10 @@ spec:
             value: "/opt/app-root/bin/bugzilla2fedmsg"
           # - name: FEDORA_MESSAGING_CONF
           #   value: "/etc/fedora-messaging/config.toml"
+          - name: KRB5_CONFIG
+            value: /etc/ipa/krb5.conf
+          - name: KRB5_CLIENT_KTNAME
+            value: /etc/keytabs/service.keytab
         volumeMounts:
           - name: fedora-messaging-config-volume
             mountPath: /etc/fedora-messaging
@@ -51,6 +55,12 @@ spec:
             mountPath: /etc/pki/stomp/msg-client-fedora-prod.key
             subPath: msg-client-fedora-prod.key
             readOnly: true
+          - name: ipa-config-volume
+            mountPath: /etc/ipa
+            readOnly: true
+          - name: keytab-volume
+            mountPath: /etc/keytabs
+            readOnly: true
       volumes:
         - name: fedora-messaging-config-volume
           configMap:
@@ -70,6 +80,12 @@ spec:
         - name: stomp-key-volume
           secret:
             secretName: stomp-key
+        - name: ipa-config-volume
+          configMap:
+            name: ipa-client-config
+        - name: keytab-volume
+          secret:
+            secretName: keytab
 
   triggers:
   - type: ConfigChange