-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
renew Azure AD Password before expiration for sponsorship.ci.jenkins.io-tf-managed
#4052
Comments
…cipal_end_date for ci.jenkins.io (#669) as per jenkins-infra/helpdesk#4052 track the end date, it's using the same script as in azure-net. EDIT: The short term solution would be to generate a new date directly for the ci.jenkins.io service principal but using this manifest will help us to check if it's working in production as the certificate is due in a week. The next step will be to migrate the scripts used in the shared-tools as they are the same than in azure-net. --------- Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
Update:
Next steps:
|
sponsorship.ci.jenkins.io-tf-managed
Update:
|
Update: ci.jenkins.io uses the new credential with success. https://ci.jenkins.io/job/Infra/job/acceptance-tests/job/check-agent-availability/3605/ was run with success after a controller restart. |
as per jenkins-infra/helpdesk#4052 add a little more information in the created PR.
|
…nd date: 2024-07-22T00:00:00Z) (#766) Generate a new password for the Azure Service Principal `ci.jenkins.io`. See jenkins-infra/helpdesk#4052 (comment) for details. --- <Actions> <action id="acb7646fbd8dac790f09a1398ca8a42522f8128cdae3e25082927aa213936d26"> <h3>Generate new end date for ci.jenkins.io controller service principal</h3> <details id="4191ba5f46dbb754c1e7d30549ffcee986a6a05817c850ea79cf471743ba992d"> <summary>Update Terraform file `ci.jenkins.io.tf` with new expiration date for controller_service_principal_end_date</summary> <p>1 file(s) updated with "${1}2024-10-19T00:00:00Z\"":
	* ci.jenkins.io.tf
</p> </details> <a href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/332/">Jenkins pipeline link</a> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> --------- Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
Service(s)
ci.jenkins.io
Summary
The Azure Service Principal password used for the sponsorship.ci.jenkins.io-tf-managed is soon to be expired.
We need to rotate it and to check if we can automate the renewal at least partly with updatecli like #4043
to update
https://github.com/jenkins-infra/azure/blob/1cf37c7fd95e043d6ed6d60cb799c6574f6eed1b/ci.jenkins.io.tf#L39
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: