From 5a32ff7795bbb69aeeb6bcbfc29cafa1fcb33864 Mon Sep 17 00:00:00 2001 From: Johnny Bieren Date: Thu, 5 Dec 2024 14:13:41 -0500 Subject: [PATCH] feat(RELEASE-1191): differentiate pyxis and umb in signing This commit modifies the `simple-signing-pipeline` and its tasks to use separate credentials for Pyxis and UMB authentication. Prior to this commit, both were pulled from the same configMap values so it was impossible to use stage for one system and prod for the other. Signed-off-by: Johnny Bieren --- pipelines/simple-signing-pipeline/README.md | 8 ++++ .../simple-signing-pipeline.yaml | 26 ++++++------ tasks/collect-simple-signing-params/README.md | 7 ++++ .../collect-simple-signing-params.yaml | 38 +++++++++++------ .../tests/pre-apply-task-hook.sh | 11 +++-- tasks/request-and-upload-signature/README.md | 42 +++++++++++-------- .../request-and-upload-signature.yaml | 39 ++++++++++------- .../tests/pre-apply-task-hook.sh | 10 +++-- ...-request-and-upload-signature-retries.yaml | 14 +++++-- .../test-request-and-upload-signature.yaml | 14 +++++-- 10 files changed, 136 insertions(+), 73 deletions(-) diff --git a/pipelines/simple-signing-pipeline/README.md b/pipelines/simple-signing-pipeline/README.md index 9bac9893a..4acc110d7 100644 --- a/pipelines/simple-signing-pipeline/README.md +++ b/pipelines/simple-signing-pipeline/README.md @@ -13,3 +13,11 @@ Tekton pipeline for simple signing. It is meant to be used by the rh-sign-image | config_map_name | A config map name with configuration | Yes | hacbs-signing-pipeline-config | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | + +## Changes in 0.2.0 +* Changed the results used as parameters to `request-and-upload-signature` + * Instead of using the same results for both the Pyxis and UMB SSL authentication, the two were split into + their own keys. The `request-and-upload-signature` task already had separate parameters for them, but + they were using the same values + * While it did have separate parameters for them, one set was prefixed `pyxis_` and the other had no + prefix, so the prefix was added for the `umb_` ones diff --git a/pipelines/simple-signing-pipeline/simple-signing-pipeline.yaml b/pipelines/simple-signing-pipeline/simple-signing-pipeline.yaml index f2e083321..e6a55356e 100644 --- a/pipelines/simple-signing-pipeline/simple-signing-pipeline.yaml +++ b/pipelines/simple-signing-pipeline/simple-signing-pipeline.yaml @@ -4,7 +4,7 @@ kind: Pipeline metadata: name: simple-signing-pipeline labels: - app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/version: "0.2.0" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -77,12 +77,12 @@ spec: value: $(tasks.collect-simple-signing-params.results.sig_key_id) - name: sig_key_name value: $(tasks.collect-simple-signing-params.results.sig_key_name) - - name: ssl_cert_secret_name - value: $(tasks.collect-simple-signing-params.results.ssl_cert_secret_name) - - name: ssl_cert_file_name - value: $(tasks.collect-simple-signing-params.results.ssl_cert_file_name) - - name: ssl_key_file_name - value: $(tasks.collect-simple-signing-params.results.ssl_key_file_name) + - name: umb_ssl_cert_secret_name + value: $(tasks.collect-simple-signing-params.results.umb_ssl_cert_secret_name) + - name: umb_ssl_cert_file_name + value: $(tasks.collect-simple-signing-params.results.umb_ssl_cert_file_name) + - name: umb_ssl_key_file_name + value: $(tasks.collect-simple-signing-params.results.umb_ssl_key_file_name) - name: umb_client_name value: $(tasks.collect-simple-signing-params.results.umb_client_name) - name: umb_listen_topic @@ -91,12 +91,12 @@ spec: value: $(tasks.collect-simple-signing-params.results.umb_publish_topic) - name: umb_url value: $(tasks.collect-simple-signing-params.results.umb_url) - - name: pyxis_ssl_secret_name - value: $(tasks.collect-simple-signing-params.results.ssl_cert_secret_name) - - name: pyxis_ssl_cert_secret_key - value: $(tasks.collect-simple-signing-params.results.ssl_cert_file_name) - - name: pyxis_ssl_key_secret_key - value: $(tasks.collect-simple-signing-params.results.ssl_key_file_name) + - name: pyxis_ssl_cert_secret_name + value: $(tasks.collect-simple-signing-params.results.pyxis_ssl_cert_secret_name) + - name: pyxis_ssl_cert_file_name + value: $(tasks.collect-simple-signing-params.results.pyxis_ssl_cert_file_name) + - name: pyxis_ssl_key_file_name + value: $(tasks.collect-simple-signing-params.results.pyxis_ssl_key_file_name) - name: pyxis_url value: $(tasks.collect-simple-signing-params.results.pyxis_url) - name: taskGitUrl diff --git a/tasks/collect-simple-signing-params/README.md b/tasks/collect-simple-signing-params/README.md index ce34d7b07..df52412cb 100644 --- a/tasks/collect-simple-signing-params/README.md +++ b/tasks/collect-simple-signing-params/README.md @@ -7,3 +7,10 @@ Task to collect parameters for the simple signing pipeline | Name | Description | Optional | Default value | |------------------|---------------------------------------------------------------------------------------|----------|--------------------------------------------------------| | config_map_name | Name of a configmap with pipeline configuration | No | - | + +## Changes in 0.2.0 +* Added the `[pyxis,umb]_ssl_cert_file_name`, `[pyxis,umb]_ssl_cert_secret_name` and `[pyxis,umb]_ssl_key_file_name` + results + * They take the place of `ssl_cert_file_name`, `ssl_cert_secret_name` and `ssl_key_file_name` respectively + * These keys now exist in the configMaps used in this task + * They were added to break apart Pyxis and UMB credentials diff --git a/tasks/collect-simple-signing-params/collect-simple-signing-params.yaml b/tasks/collect-simple-signing-params/collect-simple-signing-params.yaml index e68f91c88..e676df159 100644 --- a/tasks/collect-simple-signing-params/collect-simple-signing-params.yaml +++ b/tasks/collect-simple-signing-params/collect-simple-signing-params.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: collect-simple-signing-params labels: - app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/version: "0.2.0" annotations: tekton.dev/tags: release spec: @@ -26,12 +26,18 @@ spec: description: umb topic which is used for publishing - name: umb_client_name description: Client name to connect to umb, usually a service account name - - name: ssl_cert_secret_name - description: SSL secret name - - name: ssl_cert_file_name - description: SSL certificate file name - - name: ssl_key_file_name - description: SSL key file name + - name: pyxis_ssl_cert_secret_name + description: Pyxis SSL secret name + - name: pyxis_ssl_cert_file_name + description: Pyxis SSL certificate file name + - name: pyxis_ssl_key_file_name + description: Pyxis SSL key file name + - name: umb_ssl_cert_secret_name + description: UMB SSL secret name + - name: umb_ssl_cert_file_name + description: UMB SSL certificate file name + - name: umb_ssl_key_file_name + description: UMB SSL key file name steps: - name: collect-simple-signing-params image: quay.io/konflux-ci/release-service-utils:7d0135b80a47cdaa225010ea1e2dff78d057c922 @@ -46,21 +52,27 @@ spec: PYXIS_URL=$(jq -er '.data.PYXIS_URL' <<< "${configMapJson}") SIG_KEY_ID=$(jq -er '.data.SIG_KEY_ID' <<< "${configMapJson}") SIG_KEY_NAME=$(jq -er '.data.SIG_KEY_NAME' <<< "${configMapJson}") - SSL_CERT_FILE_NAME=$(jq -er '.data.SSL_CERT_FILE_NAME' <<< "${configMapJson}") - SSL_CERT_SECRET_NAME=$(jq -er '.data.SSL_CERT_SECRET_NAME' <<< "${configMapJson}") - SSL_KEY_FILE_NAME=$(jq -er '.data.SSL_KEY_FILE_NAME' <<< "${configMapJson}") + PYXIS_SSL_CERT_FILE_NAME=$(jq -er '.data.PYXIS_SSL_CERT_FILE_NAME' <<< "${configMapJson}") + PYXIS_SSL_CERT_SECRET_NAME=$(jq -er '.data.PYXIS_SSL_CERT_SECRET_NAME' <<< "${configMapJson}") + PYXIS_SSL_KEY_FILE_NAME=$(jq -er '.data.PYXIS_SSL_KEY_FILE_NAME' <<< "${configMapJson}") UMB_CLIENT_NAME=$(jq -er '.data.UMB_CLIENT_NAME' <<< "${configMapJson}") UMB_LISTEN_TOPIC=$(jq -er '.data.UMB_LISTEN_TOPIC' <<< "${configMapJson}") UMB_PUBLISH_TOPIC=$(jq -er '.data.UMB_PUBLISH_TOPIC' <<< "${configMapJson}") UMB_URL=$(jq -er '.data.UMB_URL' <<< "${configMapJson}") + UMB_SSL_CERT_FILE_NAME=$(jq -er '.data.UMB_SSL_CERT_FILE_NAME' <<< "${configMapJson}") + UMB_SSL_CERT_SECRET_NAME=$(jq -er '.data.UMB_SSL_CERT_SECRET_NAME' <<< "${configMapJson}") + UMB_SSL_KEY_FILE_NAME=$(jq -er '.data.UMB_SSL_KEY_FILE_NAME' <<< "${configMapJson}") echo -n "$PYXIS_URL" | tee "$(results.pyxis_url.path)" echo -n "$SIG_KEY_ID" | tee "$(results.sig_key_id.path)" echo -n "$SIG_KEY_NAME" | tee "$(results.sig_key_name.path)" - echo -n "$SSL_CERT_FILE_NAME" | tee "$(results.ssl_cert_file_name.path)" - echo -n "$SSL_CERT_SECRET_NAME" | tee "$(results.ssl_cert_secret_name.path)" - echo -n "$SSL_KEY_FILE_NAME" | tee "$(results.ssl_key_file_name.path)" + echo -n "$PYXIS_SSL_CERT_FILE_NAME" | tee "$(results.pyxis_ssl_cert_file_name.path)" + echo -n "$PYXIS_SSL_CERT_SECRET_NAME" | tee "$(results.pyxis_ssl_cert_secret_name.path)" + echo -n "$PYXIS_SSL_KEY_FILE_NAME" | tee "$(results.pyxis_ssl_key_file_name.path)" echo -n "$UMB_CLIENT_NAME" | tee "$(results.umb_client_name.path)" echo -n "$UMB_LISTEN_TOPIC" | tee "$(results.umb_listen_topic.path)" echo -n "$UMB_PUBLISH_TOPIC" | tee "$(results.umb_publish_topic.path)" echo -n "$UMB_URL" | tee "$(results.umb_url.path)" + echo -n "$UMB_SSL_CERT_FILE_NAME" | tee "$(results.umb_ssl_cert_file_name.path)" + echo -n "$UMB_SSL_CERT_SECRET_NAME" | tee "$(results.umb_ssl_cert_secret_name.path)" + echo -n "$UMB_SSL_KEY_FILE_NAME" | tee "$(results.umb_ssl_key_file_name.path)" diff --git a/tasks/collect-simple-signing-params/tests/pre-apply-task-hook.sh b/tasks/collect-simple-signing-params/tests/pre-apply-task-hook.sh index 501a27c60..f1388cb4f 100755 --- a/tasks/collect-simple-signing-params/tests/pre-apply-task-hook.sh +++ b/tasks/collect-simple-signing-params/tests/pre-apply-task-hook.sh @@ -14,13 +14,16 @@ cat > "/tmp/configMap.json" << EOF "PYXIS_URL": "https://pyxis.stage.engineering.redhat.com", "SIG_KEY_ID": "4096R/37036783 SHA-256", "SIG_KEY_NAME": "redhate2etesting", - "SSL_CERT_FILE_NAME": "hacbs-signing-pipeline.pem", - "SSL_CERT_SECRET_NAME": "hacbs-signing-pipeline-certs", - "SSL_KEY_FILE_NAME": "hacbs-signing-pipeline.key", + "PYXIS_SSL_CERT_FILE_NAME": "hacbs-signing-pipeline.pem", + "PYXIS_SSL_CERT_SECRET_NAME": "hacbs-signing-pipeline-certs", + "PYXIS_SSL_KEY_FILE_NAME": "hacbs-signing-pipeline.key", "UMB_CLIENT_NAME": "hacbs-signing-pipeline-nonprod", "UMB_LISTEN_TOPIC": "VirtualTopic.eng.robosignatory.hacbs.sign", "UMB_PUBLISH_TOPIC": "VirtualTopic.eng.hacbs-signing-pipeline.hacbs.sign", - "UMB_URL": "umb.stage.api.redhat.com" + "UMB_URL": "umb.stage.api.redhat.com", + "UMB_SSL_CERT_FILE_NAME": "hacbs-signing-pipeline.pem", + "UMB_SSL_CERT_SECRET_NAME": "hacbs-signing-pipeline-certs", + "UMB_SSL_KEY_FILE_NAME": "hacbs-signing-pipeline.key" }, "kind": "ConfigMap", "metadata": { diff --git a/tasks/request-and-upload-signature/README.md b/tasks/request-and-upload-signature/README.md index 155ce2f3a..482194375 100644 --- a/tasks/request-and-upload-signature/README.md +++ b/tasks/request-and-upload-signature/README.md @@ -4,20 +4,28 @@ Task to request and upload signatures using RADAS and pyxis ## Parameters -| Name | Description | Optional | Default value | -|----------------------|-------------------------------------------------------------------------------------------------------|----------|-------------------------------------------------------| -| pipeline_image | An image with CLI tools needed for the signing. | Yes | quay.io/redhat-isv/operator-pipelines-images:released | -| manifest_digest | Manifest digest for the signed content, usually in the format sha256:xxx | No | - | -| reference | Docker reference for the signed content, e.g. registry.redhat.io/redhat/community-operator-index:v4.9 | No | - | -| requester | Name of the user that requested the signing, for auditing purposes | No | - | -| sig_key_id | The signing key id that the content is signed with | Yes | 4096R/55A34A82 SHA-256 | -| sig_key_name | The signing key name that the content is signed with | Yes | containerisvsign | -| ssl_cert_secret_name | Kubernetes secret name that contains the umb SSL files | No | - | -| ssl_cert_file_name | The key within the Kubernetes secret that contains the umb SSL cert. | No | - | -| ssl_key_file_name | The key within the Kubernetes secret that contains the umb SSL key. | No | - | -| umb_client_name | Client name to connect to umb, usually a service account name | Yes | operatorpipelines | -| umb_listen_topic | umb topic to listen to for responses with signed content | Yes | VirtualTopic.eng.robosignatory.isv.sign | -| umb_publish_topic | umb topic to publish to for requesting signing | Yes | VirtualTopic.eng.operatorpipelines.isv.sign | -| umb_url | umb host to connect to for messaging | Yes | umb.api.redhat.com | -| pyxis_url | Pyxis instance to upload the signature to. | Yes | https://pyxis.engineering.redhat.com | -| signature_data_file | The file where the signing response should be placed | Yes | signing_response.json | +| Name | Description | Optional | Default value | +|----------------------------|-------------------------------------------------------------------------------------------------------|----------|-------------------------------------------------------| +| pipeline_image | An image with CLI tools needed for the signing. | Yes | quay.io/redhat-isv/operator-pipelines-images:released | +| manifest_digest | Manifest digest for the signed content, usually in the format sha256:xxx | No | - | +| reference | Docker reference for the signed content, e.g. registry.redhat.io/redhat/community-operator-index:v4.9 | No | - | +| requester | Name of the user that requested the signing, for auditing purposes | No | - | +| sig_key_id | The signing key id that the content is signed with | Yes | 4096R/55A34A82 SHA-256 | +| sig_key_name | The signing key name that the content is signed with | Yes | containerisvsign | +| pyxis_ssl_cert_secret_name | Kubernetes secret name that contains the Pyxis SSL files | No | - | +| pyxis_ssl_cert_file_name | The key within the Kubernetes secret that contains the Pyxis SSL cert. | No | - | +| pyxis_ssl_key_file_name | The key within the Kubernetes secret that contains the Pyxis SSL key. | No | - | +| umb_client_name | Client name to connect to umb, usually a service account name | Yes | operatorpipelines | +| umb_listen_topic | umb topic to listen to for responses with signed content | Yes | VirtualTopic.eng.robosignatory.isv.sign | +| umb_publish_topic | umb topic to publish to for requesting signing | Yes | VirtualTopic.eng.operatorpipelines.isv.sign | +| umb_url | umb host to connect to for messaging | Yes | umb.api.redhat.com | +| umb_ssl_cert_secret_name | Kubernetes secret name that contains the umb SSL files | No | - | +| umb_ssl_cert_file_name | The key within the Kubernetes secret that contains the umb SSL cert. | No | - | +| umb_ssl_key_file_name | The key within the Kubernetes secret that contains the umb SSL key. | No | - | +| pyxis_url | Pyxis instance to upload the signature to. | Yes | https://pyxis.engineering.redhat.com | +| signature_data_file | The file where the signing response should be placed | Yes | signing_response.json | + +## Changes in 1.0.0 + * Replaced `ssl_cert_secret_name`, `ssl_cert_file_name` and `ssl_key_file_name` parameters with Pyxis and UMB + specific ones + * This allows us to use the stage version of one system with the prod version of the other diff --git a/tasks/request-and-upload-signature/request-and-upload-signature.yaml b/tasks/request-and-upload-signature/request-and-upload-signature.yaml index 31b600902..1a1ad8c00 100644 --- a/tasks/request-and-upload-signature/request-and-upload-signature.yaml +++ b/tasks/request-and-upload-signature/request-and-upload-signature.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: request-and-upload-signature labels: - app.kubernetes.io/version: "0.1.0" + app.kubernetes.io/version: "1.0.0" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -37,14 +37,14 @@ spec: description: The signing key name that the content is signed with name: sig_key_name type: string - - description: Kubernetes secret name that contains the umb SSL files - name: ssl_cert_secret_name + - description: Kubernetes secret name that contains the Pyxis SSL files + name: pyxis_ssl_cert_secret_name type: string - - description: The key within the Kubernetes secret that contains the umb SSL cert. - name: ssl_cert_file_name + - description: The key within the Kubernetes secret that contains the Pyxis SSL cert. + name: pyxis_ssl_cert_file_name type: string - - description: The key within the Kubernetes secret that contains the umb SSL key. - name: ssl_key_file_name + - description: The key within the Kubernetes secret that contains the Pyxis SSL key. + name: pyxis_ssl_key_file_name type: string - default: operatorpipelines description: Client name to connect to umb, usually a service account name @@ -62,6 +62,15 @@ spec: description: umb host to connect to for messaging name: umb_url type: string + - description: Kubernetes secret name that contains the umb SSL files + name: umb_ssl_cert_secret_name + type: string + - description: The key within the Kubernetes secret that contains the umb SSL cert. + name: umb_ssl_cert_file_name + type: string + - description: The key within the Kubernetes secret that contains the umb SSL key. + name: umb_ssl_key_file_name + type: string - default: https://pyxis.engineering.redhat.com description: Pyxis instance to upload the signature to. name: pyxis_url @@ -78,13 +87,13 @@ spec: - name: UmbCert valueFrom: secretKeyRef: - name: $(params.ssl_cert_secret_name) - key: $(params.ssl_cert_file_name) + name: $(params.umb_ssl_cert_secret_name) + key: $(params.umb_ssl_cert_file_name) - name: UmbKey valueFrom: secretKeyRef: - name: $(params.ssl_cert_secret_name) - key: $(params.ssl_key_file_name) + name: $(params.umb_ssl_cert_secret_name) + key: $(params.umb_ssl_key_file_name) - name: UMB_CERT_PATH value: "/tmp/crt" - name: UMB_KEY_PATH @@ -159,13 +168,13 @@ spec: - name: PyxisCert valueFrom: secretKeyRef: - name: $(params.ssl_cert_secret_name) - key: $(params.ssl_cert_file_name) + name: $(params.pyxis_ssl_cert_secret_name) + key: $(params.pyxis_ssl_cert_file_name) - name: PyxisKey valueFrom: secretKeyRef: - name: $(params.ssl_cert_secret_name) - key: $(params.ssl_key_file_name) + name: $(params.pyxis_ssl_cert_secret_name) + key: $(params.pyxis_ssl_key_file_name) - name: PYXIS_CERT_PATH value: "/tmp/pyxisCert" - name: PYXIS_KEY_PATH diff --git a/tasks/request-and-upload-signature/tests/pre-apply-task-hook.sh b/tasks/request-and-upload-signature/tests/pre-apply-task-hook.sh index 35e3d7f65..f764654ab 100755 --- a/tasks/request-and-upload-signature/tests/pre-apply-task-hook.sh +++ b/tasks/request-and-upload-signature/tests/pre-apply-task-hook.sh @@ -6,6 +6,10 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) yq -i '.spec.steps[0].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[0].script' "$TASK_PATH" yq -i '.spec.steps[1].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[1].script' "$TASK_PATH" -# Create a dummy secret for ssl cert for UMB/pyxis interactions (and delete it first if it exists) -kubectl delete secret ssl-cert --ignore-not-found -kubectl create secret generic ssl-cert --from-literal=cert=mycert --from-literal=key=mykey +# Create a dummy secret for ssl cert for pyxis interactions (and delete it first if it exists) +kubectl delete secret pyxis-ssl-cert --ignore-not-found +kubectl create secret generic pyxis-ssl-cert --from-literal=cert=mypyxiscert --from-literal=key=mypyxiskey + +# Create a dummy secret for ssl cert for UMB interactions (and delete it first if it exists) +kubectl delete secret umb-ssl-cert --ignore-not-found +kubectl create secret generic umb-ssl-cert --from-literal=cert=myumbcert --from-literal=key=myumbkey diff --git a/tasks/request-and-upload-signature/tests/test-request-and-upload-signature-retries.yaml b/tasks/request-and-upload-signature/tests/test-request-and-upload-signature-retries.yaml index 46b0ae59a..cd75b127e 100644 --- a/tasks/request-and-upload-signature/tests/test-request-and-upload-signature-retries.yaml +++ b/tasks/request-and-upload-signature/tests/test-request-and-upload-signature-retries.yaml @@ -28,11 +28,11 @@ spec: name: sig_key_id - value: containerisvsign name: sig_key_name - - name: ssl_cert_secret_name - value: ssl-cert - - name: ssl_cert_file_name + - name: pyxis_ssl_cert_secret_name + value: pyxis-ssl-cert + - name: pyxis_ssl_cert_file_name value: cert - - name: ssl_key_file_name + - name: pyxis_ssl_key_file_name value: key - value: operatorpipelines name: umb_client_name @@ -42,6 +42,12 @@ spec: name: umb_publish_topic - value: umb.api.redhat.com name: umb_url + - name: umb_ssl_cert_secret_name + value: umb-ssl-cert + - name: umb_ssl_cert_file_name + value: cert + - name: umb_ssl_key_file_name + value: key - value: https://pyxis.engineering.redhat.com name: pyxis_url - name: signature_data_file diff --git a/tasks/request-and-upload-signature/tests/test-request-and-upload-signature.yaml b/tasks/request-and-upload-signature/tests/test-request-and-upload-signature.yaml index 8d3509a58..5807d7523 100644 --- a/tasks/request-and-upload-signature/tests/test-request-and-upload-signature.yaml +++ b/tasks/request-and-upload-signature/tests/test-request-and-upload-signature.yaml @@ -25,11 +25,11 @@ spec: name: sig_key_id - value: containerisvsign name: sig_key_name - - name: ssl_cert_secret_name - value: ssl-cert - - name: ssl_cert_file_name + - name: pyxis_ssl_cert_secret_name + value: pyxis-ssl-cert + - name: pyxis_ssl_cert_file_name value: cert - - name: ssl_key_file_name + - name: pyxis_ssl_key_file_name value: key - value: operatorpipelines name: umb_client_name @@ -39,6 +39,12 @@ spec: name: umb_publish_topic - value: umb.api.redhat.com name: umb_url + - name: umb_ssl_cert_secret_name + value: umb-ssl-cert + - name: umb_ssl_cert_file_name + value: cert + - name: umb_ssl_key_file_name + value: key - value: https://pyxis.engineering.redhat.com name: pyxis_url - name: signature_data_file