Add reencrypt route support to RHACS role#141
Merged
Conversation
- Add variable ocp4_workload_rhacs_enable_reencrypt_route to enable/disable reencrypt route - Extract CA certificate chain from rhacs-central-tls secret - Configure Central CR with reencrypt route and destinationCACertificate - Hardcoded to use rhacs-central-tls secret name - Role fails if secret doesn't exist when reencrypt is enabled The regex removes the first certificate (server cert) from the chain, leaving only the CA certificates needed for backend verification. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
treddy08
requested review from
agonzalezrh,
fridim,
rut31337,
stencell and
wkulhanek
as code owners
- Get central-reencrypt route when reencrypt is enabled - Display reencrypt route URL in user info - Save reencrypt route URL to user data - Conditionally includes info only when enabled Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Changed from folded scalar (>-) to literal scalar (|-) to preserve newlines - Removed multiline=True from regex_replace (not needed) - Changed indent filter to indent first line (first=True) - This ensures the certificate is properly formatted in the YAML The previous version was creating malformed YAML because the certificate content wasn't being indented correctly. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Use [\s\S]*? pattern to properly match across newlines and remove literal scalar (|-) to ensure regex processes correctly. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated the CA certificate extraction for reencrypt routes to work with both Let's Encrypt and ZeroSSL certificates by combining: 1. Intermediate CA certificates from the rhacs-central-tls secret 2. Full cluster trusted CA bundle from openshift-config-managed This ensures the router can verify certificate chains regardless of which certificate authority cert-manager uses. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Use YAML folded scalar to keep line under 150 characters limit. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Split long regex_replace line to keep under 150 characters. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The regex removes the first certificate (server cert) from the chain, leaving only the CA certificates needed for backend verification.