From 7823fb2d455ce3dfd8b697a7849b750d1a1edd6e Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Tue, 18 Apr 2023 22:40:20 +0200 Subject: [PATCH 1/3] fix(deployment): hmac secret fix Signed-off-by: Miguel Martinez Trivino --- .../chainloop/templates/controlplane/config.secret.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/chainloop/templates/controlplane/config.secret.yaml b/deployment/chainloop/templates/controlplane/config.secret.yaml index 3dfbf7a41..2782d3604 100644 --- a/deployment/chainloop/templates/controlplane/config.secret.yaml +++ b/deployment/chainloop/templates/controlplane/config.secret.yaml @@ -35,9 +35,9 @@ stringData: {{- end }} # HMAC key used to sign the JWTs generated by the controlplane - # NOTE: We are base64 encoding the value but can't remove it because it's quoted too by the helper - # TODO: Make sure we inject the pass here verbatim - generated_jws_hmac_secret: {{ $hmacpass }} + # The helper returns the base64 quoted value of the secret + # We need to remove the quotes and then decoding it so it's compatible with the stringData stanza + generated_jws_hmac_secret: {{ $hmacpass | replace "\"" "" | b64dec | quote }} # Private key used to sign the JWTs meant to be consumed by the CAS cas_robot_account_private_key_path: "/tmp/cas.private.key" From 903504d4cf3cba2425100d351eb300bea7571c2e Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Tue, 18 Apr 2023 22:40:46 +0200 Subject: [PATCH 2/3] fix(deployment): hmac secret fix Signed-off-by: Miguel Martinez Trivino --- deployment/chainloop/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml index f01dd6fe1..2061cd6a0 100644 --- a/deployment/chainloop/Chart.yaml +++ b/deployment/chainloop/Chart.yaml @@ -3,7 +3,7 @@ name: chainloop description: Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process. type: application -version: 1.0.4 +version: 1.0.5 appVersion: v0.8.98 dependencies: From fcd5963a5fd8103451fb14c039260e0e7d1e0409 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Tue, 18 Apr 2023 22:41:47 +0200 Subject: [PATCH 3/3] fix(deployment): hmac secret fix Signed-off-by: Miguel Martinez Trivino --- deployment/chainloop/templates/controlplane/config.secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/chainloop/templates/controlplane/config.secret.yaml b/deployment/chainloop/templates/controlplane/config.secret.yaml index 2782d3604..628a3980b 100644 --- a/deployment/chainloop/templates/controlplane/config.secret.yaml +++ b/deployment/chainloop/templates/controlplane/config.secret.yaml @@ -37,7 +37,7 @@ stringData: # HMAC key used to sign the JWTs generated by the controlplane # The helper returns the base64 quoted value of the secret # We need to remove the quotes and then decoding it so it's compatible with the stringData stanza - generated_jws_hmac_secret: {{ $hmacpass | replace "\"" "" | b64dec | quote }} + generated_jws_hmac_secret: {{ $hmacpass | replace "\"" "" | b64dec | quote }} # Private key used to sign the JWTs meant to be consumed by the CAS cas_robot_account_private_key_path: "/tmp/cas.private.key"