renew Azure AD Password before expiration for sponsorship.ci.jenkins.io-tf-managed
#4052
Comments
dduportal
added a commit
to jenkins-infra/azure
that referenced
this issue
Apr 23, 2024
…cipal_end_date for ci.jenkins.io (#669) as per jenkins-infra/helpdesk#4052 track the end date, it's using the same script as in azure-net. EDIT: The short term solution would be to generate a new date directly for the ci.jenkins.io service principal but using this manifest will help us to check if it's working in production as the certificate is due in a week. The next step will be to migrate the scripts used in the shared-tools as they are the same than in azure-net. --------- Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
|
Update:
Next steps:
|
dduportal
changed the title
sponsorship.ci.jenkins.io-tf-managed
|
Update:
|
|
Update: ci.jenkins.io uses the new credential with success. https://ci.jenkins.io/job/Infra/job/acceptance-tests/job/check-agent-availability/3605/ was run with success after a controller restart. |
dduportal
modified the milestones:
infra-team-sync-2024-04-23,
infra-team-sync-2024-04-30
smerle33
added a commit
to jenkins-infra/azure
that referenced
this issue
Apr 29, 2024
as per jenkins-infra/helpdesk#4052 add a little more information in the created PR.
|
dduportal
pushed a commit
to jenkins-infra/azure
that referenced
this issue
Jul 22, 2024
…nd date: 2024-07-22T00:00:00Z) (#766) Generate a new password for the Azure Service Principal `ci.jenkins.io`. See jenkins-infra/helpdesk#4052 (comment) for details. --- <Actions> <action id="acb7646fbd8dac790f09a1398ca8a42522f8128cdae3e25082927aa213936d26"> <h3>Generate new end date for ci.jenkins.io controller service principal</h3> <details id="4191ba5f46dbb754c1e7d30549ffcee986a6a05817c850ea79cf471743ba992d"> <summary>Update Terraform file `ci.jenkins.io.tf` with new expiration date for controller_service_principal_end_date</summary> <p>1 file(s) updated with "${1}2024-10-19T00:00:00Z\"":
	* ci.jenkins.io.tf
</p> </details> <a href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/332/">Jenkins pipeline link</a> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> --------- Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Service(s)
ci.jenkins.io
Summary
The Azure Service Principal password used for the sponsorship.ci.jenkins.io-tf-managed is soon to be expired.
We need to rotate it and to check if we can automate the renewal at least partly with updatecli like #4043
to update
https://github.com/jenkins-infra/azure/blob/1cf37c7fd95e043d6ed6d60cb799c6574f6eed1b/ci.jenkins.io.tf#L39
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: