From 67e3bcc8643328e9a8e8dd0b3cd03bd3ae3b5485 Mon Sep 17 00:00:00 2001 From: Joaci Morais Date: Wed, 29 Jan 2025 11:21:21 -0300 Subject: [PATCH] OIDC App Up Versioning Upversioned the oidc-auth-apps to latest stable versions to pick up the latest CVE fixes. Images From To ------------- ------- ------- helm-charts/dex 0.18.0 0.20.0 dex v2.40.0 v2.41.1 curl 8.8.0 8.11.1 stx-oidc-client stx.9.0-v1.0.7 stx.11.0-v1.0.8 CVE report comparison CVEs CVEs Images Before Up Version After Up Version ------------------ ----------------- ---------------- ghcr.io/dexidp/dex 23 11 curl 14 0 stx-oidc-client 49 2 Test Plan: PASS: Build an master ISO without the the changes. PASS: Build an master ISO with the the changes. PASS: Deploy a SX and a DX system. PASS: The test plan was performed for all kubernetes version available into the image: 1.24.4, 1.25.3, 1.26.1, 1.27.5, 1.28.4, 1.29.2(Default), 1.30.6 PASS: Apply & Test procedure: - Apply oidc-auth-apps acording 'Set up OIDC Auth Applications' guide. The oidc-auth-apps should be applied successfully. - Once oidc-auth-apps in applied status, perform oidc-auth-apps test by creating a user, apply rolebiding and authenticate it using oidc-auth command, check if the new user can send k8s commands based on its roles. - Authenticate using the Remote CLI method, should work. - Authenticate using the WEB Method by accessing the url https://:30555, you should be served with a webpage and be able to authenticate through oidc as well. PASS: Update test: - Do the test case 'Apply & Test procedure' to the previous oidc-auth-apps version. - Build oidc-auth-apps tarball with the changes. - Consindering the old oidc-auth-apps in apply state. update the current oidc-auth-apps using the command: system application-update oidc-auth-apps-.tgz. The oidc-auth-apps should be applied automatically. PASS: Installation from scratch: - Remove & delete the oidc-auth-apps with the command: system application-remove oidc-auth-apps and system application-delete oidc-auth-apps - Install from scratch oidc-auth-apps-.tgz using the command: system application-upload oidc-auth-apps-.tgz - Redo the test case 'Apply & Test procedure'. PASS: Full deploy test: - Build an ISO with the changes. - Deploy a system. - Do the test case 'Apply & Test procedure'. The new oidc-auth-apps should be applied successfully. PASS: The app 'intel-device-plugins-operator' also share the same secret-observer helm chart, It is important to build, upload and apply this app to check if there are no impacts: - Build the intel-device-plugins-operator with this change - system application-upload intel-device-plugins-operator.tgz - apply first the app node-feature-discovery with is required by the intel-device-plugins-operator - check the helm-override-list and make sure secret-observer helm is there, command: system helm-override-list intel-device-plugins-operator --long - apply the app: system application-apply intel-device-plugins-operator, the app should be applied successfuly. - check the intel-device-plugins-operator pods: kubectl get pods -A Story: 2011328 Task: 51669 Change-Id: I8020e7b9283b67e8f66a47a2e31836e1596145b5 Signed-off-by: Joaci Morais --- .../secret-observer/helm-charts/secret-observer/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml b/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml index 9de9fb0..7a5bda5 100644 --- a/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml +++ b/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml @@ -1,11 +1,11 @@ # -# Copyright (c) 2021-2024 Wind River Systems, Inc. +# Copyright (c) 2021-2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # image: docker.io/curlimages/curl -imageTag: 8.8.0 +imageTag: 8.11.1 namespace: default RoleBinding: