Skip to content

Add support for custom Barbican images and parameterized HSM secrets #1183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mauricioharley wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add support for custom Barbican images and parameterized HSM secrets #1183

mauricioharley wants to merge 3 commits into from
+134 −1

Conversation

@mauricioharley
Copy link

@mauricioharley mauricioharley commented Dec 15, 2025
edited by openshift-ci bot
Loading

This PR adds support for custom Barbican container images and parameterized
HSM secret names in the adoption process.

Changes

  • barbican_adoption/defaults/main.yaml: Parameterized loginSecret and
    clientDataSecret names in the barbican_hsm_patch template to allow
    custom secret names via variables.

  • backend_services/tasks/main.yaml: Added two new tasks to patch
    OpenStackVersion CR with custom Barbican images when
    barbican_custom_api_image or barbican_custom_worker_image are defined.

Jira: OSPRH-20112

@mauricioharley mauricioharley force-pushed the barbican-hsm-custom-images-support branch from bc5941f to 3f7277b Compare December 17, 2025 09:59
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 17, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/779a6be761b541e3a19a1b3710c0df40

✔️ noop SUCCESS in 0s
✔️ adoption-standalone-to-crc-ceph SUCCESS in 2h 59m 56s
adoption-standalone-to-crc-no-ceph NODE_FAILURE Node request 100-0008118136 failed in 0s

@mauricioharley
Copy link
Author

mauricioharley commented Dec 17, 2025

recheck

@github-actions
Copy link

github-actions bot commented Jan 2, 2026

This PR is stale because it has been for over 15 days with no activity.
Remove stale label or comment or this PR will be closed in 7 days.

@github-actions github-actions bot added the Stale label Jan 2, 2026
jistr
jistr previously requested changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@jistr jistr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think my previous review is still relevant: #1059 (review)

@jistr
Copy link
Contributor

jistr commented Jan 13, 2026

Thank you, lgtm :)
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jan 13, 2026
@jistr jistr self-requested a review January 13, 2026 12:07
@jistr jistr dismissed their stale review January 13, 2026 12:07

implemented

@mauricioharley
Copy link
Author

mauricioharley commented Jan 13, 2026

@jistr, is there a merge bot in this repository? :-)

@jistr
Copy link
Contributor

jistr commented Jan 14, 2026

There should be at least 2 reviews (unless the patch is trivial), then we merge.

Mauricio Harley added 3 commits January 15, 2026 10:16
Add minimal HSM support to barbican_adoption role
4df4292 
Extend the existing barbican_adoption role with minimal HSM support for Proteccio integration.

Fixes: OSPRH-18981

Signed-off-by: Mauricio Harley <[email protected]>
Add support for custom Barbican images and parameterized HSM secrets
d5d2883 
This change adds support for:
- Custom Barbican API and Worker container images via
  barbican_custom_api_image and barbican_custom_worker_image variables
- Parameterized HSM secret names via proteccio_login_secret_name and
  proteccio_client_data_secret_name variables

This enables adoption scenarios where Barbican requires custom images
with HSM client libraries (e.g., Proteccio) installed.

Signed-off-by: Mauricio Harley <[email protected]>
Addressing reviewer's comment
51a7db2 
This commit addresses some comments by a reviewer on an analogous PR
(openstack-k8s-operators#1059 (review)).

Signed-off-by: Mauricio Harley <[email protected]>
@mauricioharley mauricioharley force-pushed the barbican-hsm-custom-images-support branch from a126db2 to 51a7db2 Compare January 15, 2026 10:39
@openshift-ci openshift-ci bot removed the lgtm label Jan 15, 2026
@openshift-ci
Copy link

openshift-ci bot commented Jan 15, 2026

New changes are detected. LGTM label has been removed.

@openshift-ci
Copy link

openshift-ci bot commented Jan 15, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from jistr. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jistr jistr Awaiting requested review from jistr

Assignees

@jistr jistr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mauricioharley @jistr