SSO Integration Updates
General MR
Summary
- Updated job to allow for automatic SSO integration when Keycloak is present in same BB cluster
Relevant logs/screenshots
Used sonarqube-sso-integration branch on Big Bang to test
Ran the following command while shell'ed into the sonarqube pod:
cat conf/sonar.properties
sonar.auth.saml.applicationId=dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_saml-sonarqube
sonar.auth.saml.certificate.secured=MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=
sonar.auth.saml.enabled=true
sonar.auth.saml.group.name=group
sonar.auth.saml.loginUrl=https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml
sonar.auth.saml.providerId=https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda
sonar.auth.saml.providerName=SSO
sonar.auth.saml.user.email=email
sonar.auth.saml.user.login=login
sonar.auth.saml.user.name=name
sonar.ce.javaAdditionalOpts=-Dcom.redhat.fips=false
sonar.core.serverBaseURL=https://sonarqube.dev.bigbang.mil
sonar.forceAuthentication=true
sonar.search.javaAdditionalOpts=-Dcom.redhat.fips=false
sonar.telemetry.enable=false
sonar.web.javaAdditionalOpts=-Dcom.redhat.fips=falseOutput of same command after upgrade (Showing correct certificate and no duplicate entries):
sonar.auth.saml.applicationId=dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_saml-sonarqube
sonar.auth.saml.enabled=true
sonar.auth.saml.group.name=group
sonar.auth.saml.loginUrl=https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml
sonar.auth.saml.providerId=https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda
sonar.auth.saml.providerName=SSO
sonar.auth.saml.user.email=email
sonar.auth.saml.user.login=login
sonar.auth.saml.user.name=name
sonar.ce.javaAdditionalOpts=-Dcom.redhat.fips=false
sonar.core.serverBaseURL=https://sonarqube.dev.bigbang.mil
sonar.forceAuthentication=true
sonar.search.javaAdditionalOpts=-Dcom.redhat.fips=false
sonar.telemetry.enable=false
sonar.web.javaAdditionalOpts=-Dcom.redhat.fips=false
sonar.auth.saml.certificate.secured=MIICoTCCAYkCBgGb4wRk7zANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjYwMTIyMDAwMjU0WhcNMzYwMTIyMDAwNDM0WjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChUdcHIxEwNwJ6N3L97PduGb9u+Q05DFkTOGogS8O1RP2q80EJYRCZl8Addakoa4vUkWxuUWlcnSactccTxk4ElyYDYEA3U/FcwrdZQNz++jg3SE1cUXQNz1g5f4izQNjLXkzjtLbENqJLkdO5av8W8LxCYT1p9CodleKTtiUnaGjiNLch9S6PKA7cwY8LfW1G05odjG4VR79ZZWmPZHGMBbihXYXvBA4UhLWMJ8Gmf39YAHIPFtHeZdHWbG33j0b6C5UJkQ4IHQusIurizCJQ9twMMrEvi1DJd/ZTG5s8tWNTaPbrHsqxQRljOZLUUwMmNZ17w7dit2lXLItlXFnzAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFHbYngTNTBpKwbPrYOmd3r5hMUn8mnQ1qJ6gfveZY1AF7wdxxDMKKQFte5/uFc9sCTOj/qAnWKdPsijEIQlAPPkNzogbWKnYucAr6WxTpEwvErhlYi2hpnj7mrAWq7nmBm4NgMp1fbSQSVr+mah9rcRkZibI8VBS09riIPhwAEBivp+PJazWdj0pLqLld7eG7vxBICWnd8nFNecn/DzafSbM7AZVkR0zNd7lyWox2mzafi9czbeoHBxM21Urkt6k9zE+JBiJ8G/Ax6XjJLAufxErofhxTc12WDHLKoXYTkU2U/WxhyauJZ3yz5rrJMgPp4lhVV8rguuEJgWJv5gTEU=Also verified the secret being in place does not cause issues by simulating a helm upgrade with the following changes made to values.yaml:
addons:
sonarqube:
values:
upstream:
resources:
requests:
cpu: 200m
memory: 400MiVerified secret created by the job is not required if Keycloak is not deployed along side Sonarqube.
Linked Issue
Upgrade Notices
N/A
Edited by Jimmy Bourque