Story (Required)

As a developer trying to build applications with RHEL content I want to mount a RHEL entitlement certificate into my builds so that I can install Red Hat content with yum/dnf.

<Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

Background (Required)

<Describes the context or background related to this story>

In Builds 1.1, we GA-ed the Shared Resource CSI Driver. The rationale for this component is to make it easy for customers to build applications that need to install RHEL content via yum/dnf. We need to automatically verify that our documented procedures work with Shipwright + Shared Resource CSI Driver.

Our initial release did not specify a volume in our build strategy for the RHEL entitlement keys. Upstream doc: link

Out of scope

<Defines what is not included in this story>

• Additional default volumes for builds - ex: caching.

Approach (Required)

<Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

• Add `etc-pki-entitlement` volume to the buildah and s2i build strategies, which gets mounted to the /etc/pki/entitlement directory in all build containers.

Testing approach:

1. Provision a ROSA cluster, potentially with Konflux "environments as a service."
2. Create a test scenario that does the following:
a. Create the Shared Secret for the cluster entitlement
b. Follow documented procedure to mount the shared secret into the build, using CSI volume source type.

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

1. Mechanism to deploy ROSA clusters in a CI/test environment
2. Test suite that verifies other product behavior.

Acceptance Criteria (Mandatory)

<Describe edge cases to consider when implementing the story and defining tests>

<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

• buildah strategy build can install RHEL content using a Dockerfile/Containerfile

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met