Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: crc-2022-09-07
Affects Version/s: cloud-2022-06-06
Component/s: Infrastructure
Labels:
- signing

Epic Link:
Collection Signing: CRC remaining + deployment + PAH fixes
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Feature Link:
ANSTRAT-411 - Content Signing

SFDC Cases Counter:
SFDC Cases Links:

Description

Automated tests need to use the dev key to sign collections, as they do not have access to and shouldn't use the production key. Because stage is configured exactly as production will be, using the key from prod sec to verify signatures. Automated tests need to use the dev key, so they are now broken on stage.

Steps to Reproduce

Upload a collection to stage

Sign the collection with the dev key found in the galaxy_ng repo

Upload the signature file

Actual Behavior

The uploaded signature is denied.

Expected Behavior

The uploaded signature should be accepted, as we must run automated tests on stage and they must use a dev key, not the final production key.

Proposed Solution:

Add multiple keys on c.stage.rh.c - the dev key can be added alongside the prod key to the keyfile stored in vault just for stage
Modify the entrypoint script that adds the key from the keyfile to the keystore to allow importing multiple keys

Attachments

Issue Links

mentioned on

Merge request - Automation Hub: add additional signing public key to stage

Merge request - Updated US source to: fff29f5 Import all signing keys from keyfile (#1349)

Activity

People

Assignee:: Daniel Rodowicz

Reporter:: Clara Spealman

QA Contact:: Clara Spealman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2022/07/05 6:11 PM

Updated:: 2022/11/03 8:05 PM

Resolved:: 2022/07/27 7:42 PM