d3b2cf7f78
Upversioned the oidc-auth-apps to latest stable versions to pick up
the latest CVE fixes.
Images From To
------------- ------- -------
helm-charts/dex 0.20.0 0.23.0
dex v2.41.1 v2.42.0
curl 8.11.1 8.13.0
stx-oidc-client stx.11.0-v1.0.8 stx.11.0-v1.0.9
CVE report comparison
CVEs CVEs
Images Before Up Version After Up Version
------------------ ----------------- ----------------
ghcr.io/dexidp/dex 28 11
curl 0 0
stx-oidc-client 6 0
Test Plan:
PASS: Build an master ISO without the the changes.
PASS: Build an master ISO with the the changes.
PASS: Deploy a SX and a DX system.
PASS: The test plan was performed for all kubernetes version available
into the image: 1.29.2, 1.30.6, 1.31.5, 1.32.2(Default)
PASS: Apply & Test procedure:
- Apply oidc-auth-apps acording 'Set up OIDC Auth Applications'
guide. The oidc-auth-apps should be applied successfully.
- Once oidc-auth-apps in applied status, perform oidc-auth-apps
test by creating a user, apply rolebiding and authenticate it
using oidc-auth command, check if the new user can send k8s
commands based on its roles.
- Authenticate using the Remote CLI method, should work.
- Authenticate using the WEB Method by accessing the url
https://<OAM_IP>:30555, you should be served with a webpage and be
able to authenticate through oidc as well.
PASS: Update test:
- Do the test case 'Apply & Test procedure' to the previous
oidc-auth-apps version.
- Build oidc-auth-apps tarball with the changes.
- Consindering the old oidc-auth-apps in apply state. update
the current oidc-auth-apps using the command:
system application-update oidc-auth-apps-<version>.tgz. The
oidc-auth-apps should be applied automatically.
PASS: Installation from scratch:
- Remove & delete the oidc-auth-apps with the command:
system application-remove oidc-auth-apps and system
application-delete oidc-auth-apps
- Install from scratch oidc-auth-apps-<version>.tgz using the
command: system application-upload
oidc-auth-apps-<version>.tgz
- Redo the test case 'Apply & Test procedure'.
PASS: Full deploy test:
- Build an ISO with the changes.
- Deploy a system.
- Do the test case 'Apply & Test procedure'. The new
oidc-auth-apps should be applied successfully.
PASS: The app 'intel-device-plugins-operator' also share the same
secret-observer helm chart, It is important to build, upload and
apply this app to check if there are no impacts:
- Build the intel-device-plugins-operator with this change
- system application-upload intel-device-plugins-operator.tgz
- apply first the app node-feature-discovery with is required
by the intel-device-plugins-operator
- check the helm-override-list and make sure secret-observer
helm is there, command: system helm-override-list
intel-device-plugins-operator --long
- apply the app:
system application-apply intel-device-plugins-operator, the
app should be applied successfuly.
- check the intel-device-plugins-operator pods:
kubectl get pods -A
Story: 2011328
Task: 52437
Change-Id: Ic20f36a0e760d6f4cdd1b4a0d0d73738b0686cab
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>