At first this is needed for staging. If the token could be saved in the private ansible under : {{ private }}/files/osbs/staging/odcs-oidc-token
{{ private }}/files/osbs/staging/odcs-oidc-token
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Needs Review)
There is a super useful SOP that show how to generate a OIDC token :stuck_out_tongue_winking_eye:
https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/ipsilon.html
What should I request exactly here for scope? (ie, the -s argument)
It needs the new-compose scope which looking at this should be https://pagure.io/odcs/new-compose
new-compose
What should I request exactly here for scope? (ie, the -s argument) It needs the new-compose scope which looking at this should be https://pagure.io/odcs/new-compose
Also should this be done on Ipsilon stg ? since this is for odcs stg ? maybe @puiterwijk can help here
Done. Yes, it was/should be in staging. ;)
Let us know if you run into any problems with it!
:last_quarter_moon:
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @cverna: - Issue status updated to: Open (was: Closed)
Reopening has it truns out that ODCS requires the following scopes.
https://id.fedoraproject.org/scope/groups https://pagure.io/odcs/new-compose https://pagure.io/odcs/renew-compose https://pagure.io/odcs/delete-compose
Could you create a new token with these scopes and update the secret file {{ private }}/files/osbs/staging/odcs-oidc-token
It should be possible to add mutilple scopes like that
/scripts/generate-oidc-token osbs -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
CC'ing @otaylor
Done. I've generated new token with required scopes and ran the playbook:
ansible-playbook /srv/web/infra/ansible/playbooks/groups/osbs-cluster.yml -l staging -t osbs-orchestrator-namespace
Metadata Update from @mizdebsk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.