Skip to content

Commit

Permalink
Documentation update about credentials rotation (#647)
Browse files Browse the repository at this point in the history 
* initial version

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* Update docs/contributor/05-20-e2e_tests.md

Co-authored-by: Iwona Langer <[email protected]>

* review remarks

---------

Co-authored-by: Iwona Langer <[email protected]>
  • Loading branch information
@jaroslaw-pieszka @IwonaLanger
jaroslaw-pieszka and IwonaLanger authored Apr 5, 2024
1 parent 518ca51 commit 0f99df0
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions docs/contributor/05-20-e2e_tests.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,21 @@ The GitHub Actions workflows execute the two tests:
The Kubernetes cluster is created, and the sources are checked out.
The workflows wait till the binary image is available for fetching.
The scripts create the required prerequisites, get the BTP Manager and BtpOperator installed or upgraded, validate expected statuses, and get BtpOperator and BTP Manager uninstalled.

### Real Credentials Rotation

Real credentials used in the test are configured as repository secrets.
The following secrets are used and substituted in the `sap-btp-manager` Kyma Secret resource:
- SM_CLIENT_ID - Service Manager client ID, `data.clientid`
- SM_CLIENT_SECRET - Service Manager client secret, `data.clientsecret`
- SM_URL - Service Manager URL, `data.sm_url`
- SM_TOKEN_URL - Service Manager token URL, `data.tokenurl`
All secrets should be base64 encoded. Caveat of the new line character at the end of the secret value.

The following bash command could be used to encode the secret:

```echo -n "secret" | base64```

Currently used values are taken from Service Binding `e2e-test-sm` created for the `e2e-test-sm` Service Manager instance in the `e2e-test-btp-manager` subaccount of the `kyma-gopher` global account on the Canary environment.
In case of credentials rotation, the secrets should be updated in the repository secrets, regardless of the location and naming of the Service Manager instance and Secret Binding used.

0 comments on commit 0f99df0

Please sign in to comment.