From a8f507bba10ae94de6a6f9ce444257dfcbb821b6 Mon Sep 17 00:00:00 2001 From: Yury Kovalev Date: Tue, 21 Oct 2025 21:34:52 +0200 Subject: [PATCH] ROX-31353: Make RHSSO base url configurable --- .secrets.baseline | 20 ++++++++++---------- templates/service-template.yml | 5 +++++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 56eb531a0..8ce6886f7 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -296,63 +296,63 @@ "filename": "templates/service-template.yml", "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1", "is_verified": false, - "line_number": 455 + "line_number": 459 }, { "type": "Secret Keyword", "filename": "templates/service-template.yml", "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949", "is_verified": false, - "line_number": 638, + "line_number": 642, "is_secret": false } ], @@ -382,5 +382,5 @@ } ] }, - "generated_at": "2025-09-26T12:25:05Z" + "generated_at": "2025-10-21T17:55:55Z" } diff --git a/templates/service-template.yml b/templates/service-template.yml index 090acd2bf..1837d6bb3 100644 --- a/templates/service-template.yml +++ b/templates/service-template.yml @@ -346,6 +346,10 @@ parameters: description: Kubernetes issuer URI for verifying service account tokens value: "https://kubernetes.default.svc" +- name: REDHAT_SSO_BASE_URL + description: The base URL of the RedHat SSO external realm, production by default + value: "https://sso.redhat.com" + objects: - kind: ConfigMap apiVersion: v1 @@ -895,6 +899,7 @@ objects: - --db-sslmode=${DB_SSLMODE} - --db-max-open-connections=${DB_MAX_OPEN_CONNS} - --enable-db-debug=${ENABLE_DB_DEBUG} + - --redhat-sso-base-url=${REDHAT_SSO_BASE_URL} - --redhat-sso-client-id-file=/secrets/fleet-manager-credentials/redhatsso-service.clientId - --redhat-sso-client-secret-file=/secrets/fleet-manager-credentials/redhatsso-service.clientSecret - --central-idp-issuer=${CENTRAL_IDP_ISSUER}