From 044c9e2f1f3890a54d8246dfe108b38c29d3c79c Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Fri, 11 Apr 2025 11:30:52 -0400 Subject: [PATCH 1/6] Adding CF URL for service_guid call --- ci/uaa-client-audit.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/uaa-client-audit.sh b/ci/uaa-client-audit.sh index 3dec814f..9bb320ee 100755 --- a/ci/uaa-client-audit.sh +++ b/ci/uaa-client-audit.sh @@ -50,7 +50,7 @@ uaapaginate() { # Get known clients from broker service_label="cloud-gov-identity-provider" -service_guid=$(cfcurl "/v3/service_offerings?names=${service_label}" | jq -r '.resources[0].guid') +service_guid=$(cfcurl "${CF_API_URL}/v3/service_offerings?names=${service_label}" | jq -r '.resources[0].guid') service_plan_guids=$(paginate "/v3/service_plans?service_offering_guids=${service_guid}" ".resources[].guid") service_plan_list=$(echo "${service_plan_guids}" | paste -sd "," -) From 9beae9d64f7745e6c6d657da237d33bb7271818a Mon Sep 17 00:00:00 2001 From: = Date: Mon, 14 Apr 2025 16:49:58 -0700 Subject: [PATCH 2/6] chore: update minimum recommended CF version --- bosh/opsfiles/api-defaults.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bosh/opsfiles/api-defaults.yml b/bosh/opsfiles/api-defaults.yml index f78fb211..df97a3bd 100644 --- a/bosh/opsfiles/api-defaults.yml +++ b/bosh/opsfiles/api-defaults.yml @@ -12,7 +12,7 @@ - type: replace path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/min_recommended_cli_version? - value: 7.7.1 + value: 8.9.0 - type: replace From 2ba54f021021243f868e9f1017b4a31cd9b3de4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Apr 2025 13:08:46 -0400 Subject: [PATCH 3/6] Bump h11 in /ci/test-space-egress in the pip group across 1 directory (#963) Bumps the pip group with 1 update in the /ci/test-space-egress directory: [h11](https://github.com/python-hyper/h11). Updates `h11` from 0.12.0 to 0.16.0 - [Commits](https://github.com/python-hyper/h11/compare/v0.12.0...v0.16.0) --- updated-dependencies: - dependency-name: h11 dependency-version: 0.16.0 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ci/test-space-egress/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index e3c67c04..e69c77dd 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -6,7 +6,7 @@ charset-normalizer==2.0.4 click==8.0.1 fastapi==0.115.4 furl==2.1.3 -h11==0.12.0 +h11==0.16.0 idna==3.7 mypy-extensions==0.4.3 orderedmultidict==1.0.1 From 30cba27881642e98a4b6af23466501e13d215382 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Thu, 24 Apr 2025 16:20:25 -0400 Subject: [PATCH 4/6] add opensearch-ci-cf-read-only UAA client and secret (#964) --- bosh/opsfiles/clients.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bosh/opsfiles/clients.yml b/bosh/opsfiles/clients.yml index 27a6e374..667ffc58 100644 --- a/bosh/opsfiles/clients.yml +++ b/bosh/opsfiles/clients.yml @@ -155,6 +155,21 @@ name: opensearch-dashboards-proxy-ci-secret type: password +- type: replace + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/opensearch-ci-cf-read-only? + value: + override: true + authorized-grant-types: client_credentials + scope: cloud_controller.read,openid,scim.read + authorities: scim.read + secret: ((opensearch-ci-cf-read-only-secret)) + +- type: replace + path: /variables/- + value: + name: opensearch-ci-cf-read-only-secret + type: password + - type: replace path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/opensearch_dashboards_proxy? value: From 2d98962e41bad1c5a21ff3125042f03d20c2bc33 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 25 Apr 2025 11:42:37 -0400 Subject: [PATCH 5/6] update opensearch-ci-cf-read-only UAA client (#965) * update opensearch-ci-cf-read-only UAA client to have cloud_controller.global_auditor scope and authority * remove unnecessary scopes --- bosh/opsfiles/clients.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bosh/opsfiles/clients.yml b/bosh/opsfiles/clients.yml index 667ffc58..0a7d3f1e 100644 --- a/bosh/opsfiles/clients.yml +++ b/bosh/opsfiles/clients.yml @@ -160,8 +160,7 @@ value: override: true authorized-grant-types: client_credentials - scope: cloud_controller.read,openid,scim.read - authorities: scim.read + authorities: scim.read,cloud_controller.global_auditor secret: ((opensearch-ci-cf-read-only-secret)) - type: replace From 79c93c1944c03c817438224910b9c5724b6cfb54 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 1 May 2025 09:38:57 -0400 Subject: [PATCH 6/6] Adding sandbox-bot-user --- bosh/opsfiles/users.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/bosh/opsfiles/users.yml b/bosh/opsfiles/users.yml index ec23dc65..fb938b69 100644 --- a/bosh/opsfiles/users.yml +++ b/bosh/opsfiles/users.yml @@ -25,4 +25,18 @@ path: /variables/- value: name: autoscaler-password + type: password + +# Sandbox Bot user +# Note: this user is used by the acceptance tests, the sandbox-bot client is used inside the app and doesn't need the higher level of permissions +- type: replace + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/scim/users/- + value: + name: sandbox-bot-user + password: ((sandbox-bot-password)) + groups: [openid, cloud_controller.admin, scim.read, scim.write] +- type: replace + path: /variables/- + value: + name: sandbox-bot-password type: password \ No newline at end of file