-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use static password in the Hot Rod endpoint #468
Conversation
@@ -198,19 +195,16 @@ tasks: | |||
if [ "{{.KC_ISPN_NAMESPACE}}" != "" ]; then | |||
echo "true" > .task/remote-store-enabled | |||
echo "infinispan.{{.KC_ISPN_NAMESPACE}}.svc" > .task/remote-store-host | |||
oc -n {{.KC_ISPN_NAMESPACE}} get secrets infinispan-generated-secret -o 'jsonpath={.data.identities\.yaml}' | base64 -d | yq .credentials[0].username > .task/remote-store-username | |||
oc -n {{.KC_ISPN_NAMESPACE}} get secrets infinispan-generated-secret -o 'jsonpath={.data.identities\.yaml}' | base64 -d | yq .credentials[0].password > .task/remote-store-password | |||
oc -n {{.KC_ISPN_NAMESPACE}} get secrets connect-secret -o 'jsonpath={.data.identities\.yaml}' | base64 -d | yq .credentials[0].password > .task/remote-store-password |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I keep fetching the password from the secret or convert this to a variable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this a secret generated by the operator ? @pruivo how much of an effort would it be to fetch it from the AWS IAM and keep it common with all other passwords ? --secret-id "$KEYCLOAK_MASTER_PASSWORD_SECRET_NAME"
kind: Secret | ||
type: Opaque | ||
metadata: | ||
name: connect-secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kami619 the secret is generated here with the password from AWS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in this case we don't need it to be a variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
2 changes included in the PR:
KC_ISPN_PORT
since it is not possible to change it.