Skip to content

Add additional prod RHSSO issuer to fix auth issues on integration#2469

Merged
kovayur merged 1 commit intomainfrom
yury/ROX-31353-iam-config
Oct 22, 2025
Merged

Add additional prod RHSSO issuer to fix auth issues on integration#2469
kovayur merged 1 commit intomainfrom
yury/ROX-31353-iam-config

Conversation

@kovayur
Copy link
Copy Markdown
Contributor

@kovayur kovayur commented Oct 22, 2025

Description

Fleet Manager doesn't trust JWT tokens issued by prod RHSSO if it is pointed to RHSSO stage (#2467). This change makes FM trust tokens issued by both issuers regardless of the base RHSSO url setting.
This PR also disables the additional issuers on the stage environment to make it closer to production.

Checklist (Definition of Done)

  • Unit and integration tests added
  • Added test description under Test manual
  • Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
  • CI and all relevant tests are passing
  • Add the ticket number to the PR title if available, i.e. ROX-12345: ...
  • Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.
  • Add secret to app-interface Vault or Secrets Manager if necessary
  • RDS changes were e2e tested manually
  • Check AWS limits are reasonable for changes provisioning new resources
  • (If applicable) Changes to the dp-terraform Helm values have been reflected in the addon on integration environment

Test manual

TODO: Add manual testing efforts

# To run tests locally run:
make db/teardown db/setup db/migrate
make ocm/setup
make verify lint binary test test/integration

@openshift-ci openshift-ci bot added the lgtm label Oct 22, 2025
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Oct 22, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ebensh, kovayur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kovayur
Copy link
Copy Markdown
Contributor Author

kovayur commented Oct 22, 2025

/override ci/prow/e2e

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Oct 22, 2025

@kovayur: Overrode contexts on behalf of kovayur: ci/prow/e2e

Details

In response to this:

/override ci/prow/e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kovayur kovayur merged commit 2f269cd into main Oct 22, 2025
14 checks passed
@kovayur kovayur deleted the yury/ROX-31353-iam-config branch October 22, 2025 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ebensh ebensh ebensh approved these changes

Assignees

@ebensh ebensh

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kovayur @ebensh