diff --git a/.gitignore b/.gitignore index 0f3af34e..3ef4a493 100644 --- a/.gitignore +++ b/.gitignore @@ -198,5 +198,16 @@ tags # Persistent undo [._]*.un~ +**/exploit-iq-ips.json +**/user-feedback-ips.json +**/google-sheets-secrets.yaml +**/integration-tests-secrets.yaml +**/server-model-config.yaml +**/sec-decryption.key +**/registry-app-creds.yaml +**/exploit-iq-client-build-ips.yaml +**/exploit-iq-automation-token.yaml + + # End of https://www.gitignore.io/api/vim,c++,cmake,python,synology diff --git a/.gitmodules b/.gitmodules index 1717d5fe..555ccf7b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,8 @@ [submodule ".tests-automation"] path = .tests-automation url = https://github.com/RHEcosystemAppEng/exploitiq-tests-automation.git + +[submodule "exploit-iq-models"] + path = exploit-iq-models + url = https://github.com/RHEcosystemAppEng/exploit-iq-models.git + diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index 00d714fb..5551a482 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -17,6 +17,10 @@ metadata: # How many runs we want to keep. pipelinesascode.tekton.dev/max-keep-runs: "5" spec: + taskRunTemplate: + podTemplate: + imagePullSecrets: + - name: ecosystem-appeng-morpheus-quay params: # The variable with brackets are special to Pipelines as Code # They will automatically be expanded with the events from Github. @@ -255,6 +259,8 @@ spec: workspace: basic-auth # Needed for pushing tags/releases - name: exploit-iq-data workspace: exploit-iq-data + - name: dockerconfig + workspace: dockerconfig-ws params: - name: CURRENT_REVISION value: $(params.revision) @@ -262,6 +268,7 @@ spec: value: $(params.pr_number) taskSpec: + params: - name: CURRENT_REVISION type: string @@ -271,7 +278,6 @@ spec: - name: source - name: basic-auth - name: exploit-iq-data - # >>> THE SERVER (Sidecar) <<< sidecars: - name: server-application diff --git a/kustomize/README.md b/kustomize/README.md index 0e837506..7993f32a 100644 --- a/kustomize/README.md +++ b/kustomize/README.md @@ -236,3 +236,57 @@ kustomize build overlays/$DEPLOYMENT_VARIANT_NAME/ | oc delete -l purpose!=pers # Or, Delete Everything kustomize build overlays/$DEPLOYMENT_VARIANT_NAME/ | oc delete -f - ``` +### Deploy Test overlay variant (Rapid deployment) +1. Download and install [GnuPG](https://www.gnupg.org/download/) and [sops](https://github.com/getsops/sops/releases) +2. Create new namespace/project: +```shell +export PROJECT_NAME=exploit-test +oc new-project $PROJECT_NAME +``` +3. Take private key and import it to GPG: +```shell +gpg --import /path/to/sec-decryption.key +``` +4. Decrypt all secret files: +```shell +cd $(git rev-parse --show-toplevel)/kustomize/overlays/tests +mkdir -p secrets +sops -d exploit-iq-ips.secret > secrets/exploit-iq-ips.json +sops -d google-sheets-secrets-enc.yaml > secrets/google-sheets-secrets.yaml +sops -d integration-tests-secrets-enc.yaml > secrets/integration-tests-secrets.yaml +sops -d mongodb-credentials.env2 > secrets/mongodb-credentials.env +sops -d oauth-secrets.env2 > secrets/oauth-secrets.env +sops -d registry-app-creds-enc.yaml > secrets/registry-app-creds.yaml +sops -d secrets.env2 > secrets/secrets.env +sops -d server-model-config-enc.yaml > secrets/server-model-config.yaml +sops -d user-feedback-ips.secret > secrets/user-feedback-ips.json +sops -d exploit-iq-client-build-ips-enc.yaml > secrets/exploit-iq-client-build-ips.yaml +sops -d exploit-iq-automation-token-enc.yaml > secrets/exploit-iq-automation-token.yaml +``` + +5. Override any secret that you need in the decrypted files, if not needed, you can continue to next step. +6. Now deploy to the cluster the exploitIQ system ( minus agent) with all resources: +```shell +kustomize build . | oc apply -f - +``` + +7. Deploy Self hosted LLM for the automation tests ( Integration tests and Confusion matrix runner): +```shell +helm upgrade --install --set nim_embed.enabled=false --set llama3_1_70b_instruct_4bit.storageClass.name=gp3-csi-throughput-2000 --set llama3_1_70b_instruct_4bit.readinessProbe.initialDelaySeconds=25 --set llama3_1_70b_instruct_4bit.readinessProbe.periodSeconds=10 --set global.tolerationsKey=p4d-gpu exploit-iq-tests ../../../exploit-iq-models/agent-morpheus-models +``` + +8. Remove untracked decrypted secrets files +```shell +rm -rf secrets/ +``` + +9. Tear down: +```shell +helm delete exploit-iq-tests + +oc delete project $(oc project --short -q) +``` + +10. Need to install on cluster [Openshift pipelines operator](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines/1.19/html/installing_and_configuring/installing-pipelines) +11. If need to install the [exploit-iq-pac](https://github.com/apps/exploit-iq-pac/) PAC (pipeline as code) github application on a new cluster , you need to make sure to configure it according to the [PAC github application docs](https://pipelinesascode.com/docs/install/github_apps/#configure-pipelines-as-code-on-your-cluster-to-access-the-github-app). +In this case, you need to supply to the secret in the documentation github application private key generated in the github app settings, and webhook secret defined and set in the application settings. diff --git a/.tekton/tasks/buildah-task.yaml b/kustomize/overlays/tests/buildah-task.yaml similarity index 99% rename from .tekton/tasks/buildah-task.yaml rename to kustomize/overlays/tests/buildah-task.yaml index 60f9a43a..953dceaf 100644 --- a/.tekton/tasks/buildah-task.yaml +++ b/kustomize/overlays/tests/buildah-task.yaml @@ -2,7 +2,6 @@ apiVersion: tekton.dev/v1 kind: Task metadata: name: buildah-pvc - namespace: ruben-morpheus spec: description: | @@ -165,4 +164,4 @@ spec: - description: An optional workspace that allows providing the entitlement keys for Buildah to access subscription. The mounted workspace contains entitlement.pem and entitlement-key.pem. mountPath: /tmp/entitlement name: rhel-entitlement - optional: true \ No newline at end of file + optional: true diff --git a/kustomize/overlays/tests/exploit-iq-automation-token-enc.yaml b/kustomize/overlays/tests/exploit-iq-automation-token-enc.yaml new file mode 100644 index 00000000..d8df648f --- /dev/null +++ b/kustomize/overlays/tests/exploit-iq-automation-token-enc.yaml @@ -0,0 +1,24 @@ +apiVersion: ENC[AES256_GCM,data:Uns=,iv:t7ZWH0eiE63kyMW42wFsfsKN01OkC+brLLXaJUEClQs=,tag:pxTCqrwC1cUO/EMTfFrPzA==,type:str] +data: + gh-token: ENC[AES256_GCM,data:GgFKPuhztlsqsZ7PjXGH6V04uNu6ElKs5iC8uUW/UCL7vjmx5VR0suUaDA1DISb+Bc9W83bMnkW70H8CUwMX50OI536T/hDTokLAYTsFD+05HsUWKSxBqq7G25fv3mzPYSBAVKs0EL7K+f2Le6k2yeYltkOkfIRFtabFcg==,iv:cl5jl1oKbR2AtJYCoH4Je8SSyP4Jc+gPInIRfOflTSw=,tag:CrnZspbYfUjz0wgjzwfQhg==,type:str] +kind: ENC[AES256_GCM,data:j8rCiStt,iv:CaoFjqicLryq3MS+mvgVO5ffBbIX9vUQVQ5uy/NyNnM=,tag:r4LeUOBMkvXK3hd7faj/wA==,type:str] +metadata: + name: ENC[AES256_GCM,data:X7/gU5Es3+keADmoDJQWfF27KBKVjoCUcLRe,iv:zYPeX1H91bcUut1/wbVi6UdyRAwcT2QKRu//GS8KAY0=,tag:hPQtbwjqeIazh/hrnmzbjA==,type:str] +type: ENC[AES256_GCM,data:waF5cqrS,iv:yh5grziLkmXblL+zoo/DbsFI8GJdBICWq5xbGrjqrjM=,tag:W1odWNRYm9RpU4XBAXDvpA==,type:str] +sops: + lastmodified: "2026-01-27T15:12:24Z" + mac: ENC[AES256_GCM,data:AupZMMI0ycLlxF3/s2fLy97AC75/QF7itpaldF+I6Cuoj6FdmBd+2HwiDuz+505ZAm0/pP7Ez7p+zA7STyxY0vzGBu2XoOhKOcj0seJHrHZh60PXlV2BgQarBxVTtSg3BWFLrKYNRRHevHezfRKxFichlQZzj5Pc6TmheNs2c7U=,iv:TXYL4TE8GlAeuTjaw9GfdP+mmXtWpz++sHp0InHk04c=,tag:0I+c3wRyLh2vL+9N7K5i+w==,type:str] + pgp: + - created_at: "2026-01-27T15:12:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdA/biMrPzXXQ6FZhsAqOpLTXUzegYmekUNov4ZxfhQyWsw + GLEYcoYdGLjZo/BSUP3t6+8XJ/LY6ytRvMvsxWWJKGBspxIyE7JwTCpIdOWA4p0v + 0lwBlyu0o8Jc31ct4J1V+mPowF8L1znKEgqVBugA+l3N5JRizwecTdcb8k0OXHqf + +hXfcCYVK5FYJbdtGsGEEZmS6vGjdAViNiTyuS4NS+Lh4sEFXA0Z4CT7YILArA== + =5nCL + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/exploit-iq-client-build-ips-enc.yaml b/kustomize/overlays/tests/exploit-iq-client-build-ips-enc.yaml new file mode 100644 index 00000000..1e385c0b --- /dev/null +++ b/kustomize/overlays/tests/exploit-iq-client-build-ips-enc.yaml @@ -0,0 +1,24 @@ +apiVersion: ENC[AES256_GCM,data:V0g=,iv:aku+6VNcpHX/VwyWNuHMU9p1UJn9QgI9az5pl57Up0c=,tag:9cHqcamNq/n459qQRu6bKg==,type:str] +data: + .dockerconfigjson: ENC[AES256_GCM,data:PSc/c7Dw4D0LycEKR0DwFGucqdHms9QombznJc7BtJEfDBd1/mTFOobGw4LHkUtUc3I7eplOd+u41N0PvERRXbsf26iWQkupb578MdoTXXtzpzwKZcOt1pmROrIs/I8yIgCmOYL0feqhPwSP0aYESYwTCQXK9nMvkrCNPpdsyeBMaQ17K2G+Lg0zk2/Crh8xQwbbVuU+ZxVCQ2mlORGQVFTQzjCCvMll28szpvqSXS6fcxJ1Ctma3I9Dhzv4fDP0QVlmxM9IjCZ2gQLqqMulXzmIViqxUn5G7Nmm3GtS7DjdKTpIFr6hIowzi/ikywmOX9rvqQKpZsq1VSkdenR7Nkq2BJQERmjxrGRp460ikA9MxI076q5HdjY6fibKSFROom9fltTOdniDZjnzd7rp/WT0Q+rrI4C9hVOFZ291KEOysLfmovSXWtDOKlX1EsnrwZVll7QWjLbqElqmGluOAHKJNFVUeBMxveRPcFVT01+4ddtcOqKgvx8vVihavEDEYCHTUny+VqUhnAYbXyH27TqfcfH7xs7KOcc71xnpXtcyAkdPBXku7T1xzl9090O4ZuDEK0hADGIL3RJuO6kCVIJes8vEfAY1HAiCBO3ykcrizkV76E9FPvNZlX7vbsmWQ07NbyFHBv6lKsuPrLBf80eulUxLnBz5+jfaHi7QcNjY2ADaPcdxyKvYipWxnjmOE5UisIQ3mmH6TvMg2ZuyBfuLwgDeLRyReXjfutYz1XFUNc5dstNJ0BRQ086zfppvKn+EniP6mmpflmFRGp1jULg3SgZiWXQ7SvLWhnDGIE2JS0j+dLr2ZyGrwrXNRSb0ypLuB2fxS3Tn1ZjVGsToB0gWv574v8IE68uI1J63FnL73DpYGIBLrnpN3QsAtRXSQ8jgPU6OLn3F8CNGM0NY9EsaT5sR2KA7TOo/dWzHWPfgphs3P1JwvAiT4shvFB1weu0jAKRAE2+vWPyazK29IYyqFg18KP5b/ibU4v/cmPJo69uy7tBOhS8YGKZ68IGcq4QJO9JKgS6LRd66mqZd9YdJSqwsVSi0fh+CtesxvpHWn1bz0Q1RMSczw4/8/4SY2mDIDOf/Z1ViiO+CgH1z5gR7UNeUmWHXUlDRf3y1YRFu8BhRCw+VH4yu+pg/m4r8E4bZ8fWZTMZpm/Q9Vf5NwJoKpwgOXorImJmSb0/UUq2VkMjDTiv0W7DZ9Ks6hz1yVCsALQB0FgC73zUAFm+f5PfpB3yhloxFeUKPWW4vNfHGq1M5GIc6eW87f39/U44n7WKYz0cdqebejVUNO6bIn8uF6+KqGc8dMKOpFheZQdIciOFkjd9L73//+NiG3kPXiwtsJKGLd3QybB3yEVF/DvFI7P1Kn0SaKB4Z0+lSElAxj7FF6P/oJHA9nNIYF+FR9EISstJOoyo2nXqQO3iMPeqjVdIBo1NJHjn33uvu6hVcnA15pXJshWpUPlSWq2Vw2R6YJcxzYnSQSxZYN+I9YQ5FIAOElA/8HJv9/4vDd4fkK2+P++UzgBOiZtLyNeNc6fuJkBisqqlse2MPtAttrvpjFmSAWgBzN7MUtd6bIrsTCP1i+tdNsyzIkDQtgTQVvjGT8knc0OHsgzvNZuIXfzqNbVwok6X8Lsal1I91en/o6BSGsOSLAKKN1trTb6UKFTqzkpKbKTQpthuN1sWlZuQGyfuNKVbx2KGciUjB9RtBUtNrj71moZ+90gQ9/chvAl3bRpMEwKhdtkrgX5k2rQGLz3Rtll96tEmJqvsPaF4geydJMTS6WIdZXGaBbsDA7barMi78ntiHSgHswQIw7FdMh/E+kmyITAi/rePle3nfSXiqP281XzdSWkzVgQDuVMQ7iq4+mD+r2hVaxA/DpVfi71qryHLY1GG9R57ba7wi1LMOLxcJ0SGVVnf4Y8qV7HdBtatig64JMrMFsfwT68RSd0XjNa8o8tsPKxsWgWfLYor1R+X0DvDTjXfEai/TgExmt+d9HKT/fiHpGpu21RmmJ89Q2HxxKaBG6ItwoyQfYmV77Wxl34UkPeG3NWuEmyzZ+MS/skkbVDdpMEc0R8h9xk3Uot8yT+1KBH/cyXvpqa7Q7kfRYFaeuKUDpHMZfSa4hfriRZsTrgDGF16kHU7HLpCQN6gPe16j6GfVSFHQpjEDcx5XxDp06ZFjhl06xsNt18ytPdykOBux26f4KWyN/TTgjDU0lVqWZ6P2I9tgDyJf6lQmqQ==,iv:GiAFMGtzev6bnTtbKrhaUmJipZfYEriVDR0hIIcbuvk=,tag:p87FISG6OFI5n2suKECcKg==,type:str] +kind: ENC[AES256_GCM,data:oDXj1wmI,iv:zRQA0DPLBhe7skXIqE4vLQKlQgzsOW7PhmSQBTUhVcw=,tag:NeNhMXL3nrFDXVGiISQqvw==,type:str] +metadata: + name: ENC[AES256_GCM,data:YWKVdWVd7Vkby+mGaoqCCdFbZnk=,iv:xNy7/XNWt0Ng7A45WEZ+K8RQD6inqy9TEhVFqnWzxm0=,tag:X+ar+MFIhG4Nsz5gwopLJg==,type:str] +type: ENC[AES256_GCM,data:tC3kqUKpNt1xPF8COd35itVzvDwEXxmOvnc5iYOT,iv:4KHXCxzXmH2LSX3/WmvWjeol2kG9FtcB9K1vczpoS2k=,tag:EkcbbOGnUM5ICiwV9fyYog==,type:str] +sops: + lastmodified: "2026-01-27T14:58:25Z" + mac: ENC[AES256_GCM,data:4QX9acqwVT0yIblv0/On8BZVK3d47GcLccXhWWyrdRYW+4BgR8zc1v+k1YRxJEBlojlXNqvaFs9tEEdNWQ0QHBUsR8jMQ0T2t5EqHb9LPE4WOYuBVcTyeqDmyc01EKHDWdutYxo15kotCMG1FO5OgZ11Rcwdv3f1QVdgskN4Pks=,iv:kiq2siF75QwGOK84k013AD8ex5N/kPMc6FrUOp531v0=,tag:Qq2Y1COIOw46WyU/qUH+ZQ==,type:str] + pgp: + - created_at: "2026-01-27T14:58:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdAeDQZY4S70FaOHXTn3u7lIZfKvrpRyBtH5osQEepI+E4w + NnlXnnxgtOHBU8nHJZK2vmNge1hVUaGBcZ+mvsnanMEs0zpFkn2LD1hoQhVR+kYo + 0l4BIJTzMKoU0+NlCheUC8dD4lPhgVszP+Lis2ftddN2+q3rAwkcpBZC3ADkw4lp + GFuWjTCeNbfrWV5VGPj0rUfgXrqBS49df/aBBlkwCuEI+iwKFaw6UE21TrOT7p6L + =MreB + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/exploit-iq-ips.secret b/kustomize/overlays/tests/exploit-iq-ips.secret new file mode 100644 index 00000000..975a0461 --- /dev/null +++ b/kustomize/overlays/tests/exploit-iq-ips.secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:7Mhg0suh1pr4gW2ZSVDfDVBxR9M+WeOS/ndzCa6HynWbnbVi6o/bXSBrUwukb9NLEPyXG+i0Ja265AmV2Ix//+0YiHxRMTNWuAWeik9C1FhPyMefg/QJ7/TqVA19011U1oaqZwttcfxtiC69lKbIG6vZnxuLtWhjoWfi1SJrqPZ+EsKSD/st2DoWkhvlGd+ea8RyboXt2knL2jy7smo1wRWSUl98SqDr6TLqNg==,iv:oup5Ep55EXokJe+jRlOBXIxGoP88ZqV6aHzQtDrAGok=,tag:UuwWcFrQ8OJf5weq0HNBrg==,type:str]", + "sops": { + "lastmodified": "2026-01-25T12:11:15Z", + "mac": "ENC[AES256_GCM,data:o+/YRK8wHs6hlEJqkwDtzV/3plYxOTRs7QGfqLGv0TaGZMIYFnbav1M4AFDYY7pMxEnRCyRJWr6G6L3mN8Uwdcr9FyMls1yQAXnu8a6iP7xLSvShvk4sXmdRKCV+ZoI6uWOGpT5um2ovpqce2GENStvk7PhFhS0R+Dc2IqBYbyA=,iv:rWe1RZ8QEIeOTrIVYTroLrqm9QaugtTVw41dtxJRk5Y=,tag:CRh9MgwYzbLV+fqkIjpcxA==,type:str]", + "pgp": [ + { + "created_at": "2026-01-25T12:11:15Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy77zzNMwU0sSAQdAenSUkHYnXpk59IsDKXVzwzXcmJYgwOC/mjNFPxrPUQkw\nIroNi7SaoYcdQ5bNd/IygS+LSJbqxWpMvPLgxw+Z/BUS0lWppfzAYgMeHGjH5Y+u\n0lwBGxusz5C9WM+oOHNOhrg8DZZU3iLfDgWpICqJ6OtRlcSlJlr2gXPFZngunkxz\nX5fFnLDgs2j6OV5CQEAkjC3j73t9RSE61ILuRLqZGMFjCm/xtL7KieKhstFxqw==\n=mhUv\n-----END PGP MESSAGE-----", + "fp": "8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7" + } + ], + "version": "3.11.0" + } +} diff --git a/kustomize/overlays/tests/google-sheets-secrets-enc.yaml b/kustomize/overlays/tests/google-sheets-secrets-enc.yaml new file mode 100644 index 00000000..9f9b7cd7 --- /dev/null +++ b/kustomize/overlays/tests/google-sheets-secrets-enc.yaml @@ -0,0 +1,26 @@ +apiVersion: ENC[AES256_GCM,data:FCE=,iv:mX1MhglqJCtmZ2+lAxeUdRweyKUjU0eEcxBBOyEfhQ0=,tag:wVimkqWtiSk2L6IcokRRHg==,type:str] +data: + credentials.json: ENC[AES256_GCM,data:eLGkTsE6lGTJOawS4Z4nNhbKwBLJVkSaFF1Tji8vpcH0M0A7LvRY53W6zH3TqSbvQ+AWssXjkuz7OIyHSg0WW60tkYixfToK/Rgy4TAbLTA++LcVqoe9tVspDtifEJLwTwHEiirX61SVgdK11Rm+035ICXmPlbV4VyQBfC1hHf0LDeX533raYq4QDyz/X/htT9eO/x3NyyYlPykcCT5Uyva1BV2Gi9iq8AJdpMBC/V+20DrPfzSsHgNlGUMOTmMK4qzs6nyOj3LeGc07ycKfGRK+hCCwTxoFyBJ25hgpNGB2FLRfJApqUjnKnh7VuoeilYEUdeWKVnzzsNsJc26CzeixxNXTaNPG2eo6LtNXndtMgXyEOa9zu0owJsrLl/zHHqqmtOkJvEKYkED6QhVMzfF5ciCnoyh3kwyVERVXhVMRGB19Gdn3dv9pdw/OPGOvvV3AGuzGR6SMvfKUn3lqoui7EWnOhsVd03RHXY8CXuBX7u9Y3aBEFj0DPaIBfH6CkG6oA6XhCt4kH57M/S43MbnlUC+napRqTJiJzRc49Qc3TpxG9VFSkMNOCnnm+8pxnbhGzaYA1izm1YHUTk1v6yjTaOCyTWQFEfum73TaafoF+QGypyHaiidRaa6VQ5XGkDxZ/yONWpt4i9NUp9+xoFersBYk9XBLWJdza4jVe2qOuLkM64OdNrnwKnxVqXFUNk9kyvXfMoCcweV9jCRN8Ky214MfnU5ALgVizPbW7TkZD/Tt9T4She4F17SgiR/+NTn8DArPVUuhQlCX4oR54CMFv/iQBYs1NMKKLZJ+aFyo62shAj7cV4grhtLNgezh+i5u9ISWS6ruU7GPxlOgxrdoDIPavCMi2GmcoCsxF2q/CtOghYyKh1fg02gnrkrJW8k3z9ZCmti5wlaPy8Td58xCLzsVxGSOwfexFdtR45EaPaHmlQotyIivfPKsFS24vqNdSjPYp6SygRv61G6aHg67EmzsT21hLb1PhtMLGpSdYYASBfdHq/6y2KsUQg2YZcDAURKEIc+1QWkRwsDBdr7RPrcmUFZVq7V0QsmFRiJqt1nDgn9GRfF02QXGLFoAehH64COjpERpymENoRKzqwVzL71VqoTdu9A1YXYhJdSzcWcSZ61pkLxgh6B6eM5PKLxqiQAIxgektIYf8yvSg3o+l3X36YHqb1pJXTgffe7ilehTPtkR8hbU4CpBR5+A6Se8/JBD74ym8Z0+A2UjUd/IsY6QOOza3Luko9UEDO2UMF4CgRRE1zdxW79i6HkNEEQaEB3uLfI72LuBI4bGdnAsPLzMk1/1ExtuvuzThJq3E6SXh3RSuFn2benLfvfn7GSVS4tJwdfkWzhTX13rqSByhey8kNiKYGMAj8I+rlr5th70VeZGbRD22OZ/99sK67xGA0M5GgodKvkFR3LQFYImD4rYt9k5DZ3PtI/r+dBQWZPecUuzHj3Mkn92G5wSnhJuEPUsfJJPOFyV+bBVjTh+FSqMUgmd2lzAn/Z3MqcfW2bRsNOFXHW/+vIf+xK6JsjTEipqZCLMl4cO0WL2gcL8KGetlfO91mgnpNcfZ8fkGOfRsEueA8CiQaJN4tGcKPW/TBJdqi7sCHHtwX8BlD/tcGX4OahaARR+jouKvYkKCtYsg8vq4up3BTYeHaATXxETUDzw1GYhnSzVdkZOq6ZsefvutDzR1PYgcOYHZ4mMOBghvwks6UNZNNQlFlfkD35ThBqCPzmPKuIFvUotjtxpGr6sfHBAqA6iPqe02iWs1+36ZyYzjioXyb3Mu2BVu6RnNYABzmJdAhiDxKXIjYLlIQJ3gocy5GpPkAn16qzuA3/RN9/FTVHKck60uqSsvrQ0TCG54hCN0O8lPZ2jGyH2ok4LMhyqHV1F8O1GGTDxoFZn/z00vXhh2yTv1km6ktlXdHKQB/T10YszwkczcseQw+O6BbGZEPzB4OiYX1kLthgqzkI8JIwnMZNdz1O+va2o1TAaFL9pCzGWkQqz1X6Nup0S1rJ0UsNPPAj8fZdjKrsvACbcd+oZLyUmexrXb9k8Jq0wPLKXZ51pX0JGB57BbDpBqeeA13QdFCUPNcr1nYSFyBKkkJu1zSeCluceeIHMHhIdie7HLCDL1PR909gwd0Y59c3QGfsuqHgblTbovXwx6s6ezvwlZpKXePj2Orknm/Kgmgou4ECtr/Yw1fmkCea1j5IkMCX9MJZ/TI1kVKpMdlwN+fkjADX8FJoe+EnNfjCkQxp1xFg189iWPm3VEIw989jJygHGwfu/IV6ZPvv9LCtTrV8dR8jPuliS1k0SUHB42iZB6J5XRKc3fbuHpcoLX715XNDW9zzlD+22bIHgCekOgvrlSeoXKHbbY0V9DML3ooF8mafFscMva/qExPnKTvNx3FIuTCRMgTMr57DlnwknrYR3eHM5BfWjsb7T/ZBEMTQf3jafmCoDC+V83qtNHJxGP2ObjpW878Ljtj1NF6Sqkne22aypmyvrY1kI2xeVl8UzGM9c5Wj7S3IxiROWGiubEfVgH0MZluir2jLLDUThNTTH2PlPjQ05VklTg9PobvJqna2xrUYhI6jvBwCq+SD6yTErNqLEozmZqkBkTkV7RAkY6a8S1FBkLXQDJVJUP6Thac50Ty3TDpJ044D1xwpFbrchosgVc2a4vkunlVx1tc+Uot4IYxAlCBzTQbeTq5wbgNEZSljVnAT5V1hgdJCt4wwBh+rUvLm01I5w/l6j3r9wNY2d1MJjvz2SGh4WcxkwOmsIoac9dky8imubt5Rc1kaJ2QDgeUpWvfyPaGn/vQRPtMTp+zF7aezf4Ci/FXBUUOQPZfUN70qH92Sg1cuETRCPNMGgBVlsIY+a7f75P+Av7pRheLZ8Z5EQ8Vt93pRp0o0a9Fyia4Go9V6FeTV+jgbltY03VhEFo1SEh0HU1cV1UKu++90okOjfKNTOH81zuESXvjI+V0fRIen6lbDaF3EToZ7XWL5MPobfOsuf++3HYAdoXPjI/khji0QJ3OlaTMkCrKMlOO2IXvm0rlsMvM4yLPuNeB5vQemv9hgaEwxH2RokKG2iaBEmMQec5m58b03kFhu9SnXJvKo71k3T1Y39iiTxcjzv7Ob/BqD463ndX0POhMJneM+OqyYA9mZ9ZEit+JtOquQ18wn8gRyP6oHRBkGkR880519rnzhCNhYZQyvYw6/3QUBy4FNDugtn7ANZXXkSfNPsqUsR91USMbtSAShczLcIyI0ybDiVVUbGD3zZ97pxPKq1cMeZ+iLKrgGXuDzPBgmtcluOrctWdxFoc4WPtem6mc/V2DtjNmTPGxVbA02wGHxYPLSTebm9xqfIk/QY2E4V3vQJybfgS/Ni1y9RErbI0/k0p3kdrnYXKfey1x2LMxACmIALkpMzOsms11tLMGpEONKHlUnKbVWR4GncBDraYCNGuIrQVls5O/1+eydu+2EAgbs2GG3/30zphqgQ+RA1LOwR4dFt+WswDyMiyYikl3OBUVQZ7gJNwkMEsM4Khfk90FcyEvtToqFMYKXHODEs6XcRyZFIJn/z6p2y5M2RniDc9/nM93mHJWtor/qK2eEt8ixjKDU9475HqPZefQFtYmtPq0J/Q3PL9N5jk7uodMOho2vSka86gGSDpYFWi0pw3wUfCgmAP/4zIiPOzM3Ut5YMOGWCvj4izOlwf8dpn3NJLEMhFukxxcMevzIF6uwWWPPcA6eLByWJWI1pM4TWtCY73yAuvPz1aH5wljV1ikozh3sZxeSx6kiMri0mg3Qg2g4nDMqMu8UozlCdn4uIvFgp92MBo1uMp8cnjZ82lgftI1PG2kpdeUjJRzNW7Kp9MUeG3O18IWE0KRDLU9mbd7RXLsTM534kI48NYYMJhiWu4ckr+mPg+mRkrp387serB/paD/oftcquKvvwRQKSqsIblxIrOqzx9c9smoZtEaN0Wjo1Rp/XFxAsXa9/UPGLswA4gheAnrWMldTBmacBHKz3O5FJk2KBgssqD07Gf+HALTLtdQxcCAdMjaSP/Anw17ooEZpxgbnegZi3wJXOKZujGHlZtpnMBeIip/DwzqPFPihF3/gtAvpWwvZTfPX88tShKQfg4jetcS9EhPAFcGleQqe86F6sN/WX9DVGX6vKr8TEDV2QXti3VFo+i6/lP+yFipRlxkmhsSObIW2TCDKcprBd2snmaa/xkRRFVrseaV4xuYdzVj9A+hlaJmq7gDxapCUyprIAD58p6NG1w6Ec8EbO4PJezQ==,iv:5/2vAV0mR91A76D1eknZllR6G2CcgS1CjFzH/vgC7yM=,tag:P4+B4QMpgh+v8G67QVSBUA==,type:str] + input_sheet_id: ENC[AES256_GCM,data:QGcHsxrPb4ocTIWd8CMvtetiwmeKJ2zaJ1pixjCzvB9i7IznNiTWSfm6rOmf1nd+1oCRsTFiSjlrM+73,iv:QpcPMsNz5xghxrjYw6kkdPJvL9zBLfVtyfE/Hyo2qMM=,tag:pz4UWY5aZYDLFCDjKcyqxw==,type:str] + output_sheet_id: ENC[AES256_GCM,data:XfLR39Saza3v6xX9NRxm1Lgg++0jTUVJU7T2DG/U8wpnfDJkHBlwzyQIypIWfapR2q2JMHh5CsfR6IY2,iv:MriqJEbO4qHyRuLqmYLCGghqcLXa79W0OueQRFzdQik=,tag:pIelynMOFR+qDWNQBZb7kw==,type:str] +kind: ENC[AES256_GCM,data:YfSIF+rj,iv:GSZfu8MjRgrLoZiDd3tYMC22XSBX8hN7rx4Qc+q1Sy8=,tag:pz5hprvCEnw2Js6o40s+VQ==,type:str] +metadata: + name: ENC[AES256_GCM,data:pFg7/Zxxt1Tc9WQJVivlI8hgN5TL,iv:i/nNCn/CMrNBuRXaR7OgvADNV4vSwk0SkSwMrvzW0Xg=,tag:LBmpT+Aw2vziK13JDVOcFw==,type:str] +type: ENC[AES256_GCM,data:tcJ0TrMy,iv:bFgWgWktWvbfbQO8svO90b/6izbSTHKm4e3KdalerbU=,tag:nb7GgK5m+IjokvJAqUcDeg==,type:str] +sops: + lastmodified: "2026-01-25T22:22:08Z" + mac: ENC[AES256_GCM,data:FcISvk+RreKCwSHfvvobTXNbNbnRuvh7dPmjgTSzsW9jJGSaT9pVI1KnZO7pSwZyx9e1SxFxltM+l5lKRwEx644g8sXn4vgm5iS7hydlCaUSSG1S2Vm7QTkrc+Xd4anWt3/V9NTBgC99MbADwKUxL7SKj4auzXi2rbiJgrN2To8=,iv:bHBRrT6lFX2d9eOvS3henEqMusk3X9RbqPtqzIE1sA0=,tag:SXS5CgV6HSr+Ma0jADU/8g==,type:str] + pgp: + - created_at: "2026-01-25T22:22:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdAtKMi6CN5tPD/ZRK0uiEZ1zZzS6XVXgaun1QQn3OufDcw + fVPefvN/Fw+6DuIzyRsBOCRT10BrD+2Cb08JE6GUMOLO7bihuAitxbwbzOivPPgK + 0l4Bj8S91shsRwhqFWDBWFHxiKJIuXLVBJd2AvijI3ErEL2hrxf3BAzaFQxtuxz7 + BPb4egF5zsUIjzkwW4vzUbqTiFzZPTh6uBOq1R5C1Ux3YFxDUWtKf4/0dOjQeiYB + =w0Fd + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/integration-tests-secrets-enc.yaml b/kustomize/overlays/tests/integration-tests-secrets-enc.yaml new file mode 100644 index 00000000..35e01213 --- /dev/null +++ b/kustomize/overlays/tests/integration-tests-secrets-enc.yaml @@ -0,0 +1,27 @@ +apiVersion: ENC[AES256_GCM,data:1iQ=,iv:HLBDch8hrZ1GpuB1+poHHWUNAlcKxHayVJhEvlbxq9M=,tag:wykCE87aZrCQbIdC3YO3QA==,type:str] +data: + GHSA_API_KEY: ENC[AES256_GCM,data:U28HKEJBc0nRNzS2ok6mmGU5uragLIBDkJ+8FzkNpsimf1YhXbT0/SbYgWs3TukQTBZ4nlpx1Gw=,iv:+EUrOoUJmQ6ldIsAuxcqIGd9OkfOTs11sfmj13wH9RE=,tag:rpCbWvXRi5G1x8XF5vXR3g==,type:str] + NVD_API_KEY: ENC[AES256_GCM,data:xbcl0ZI8ul0YPfI0ALb07Jx9lwXVyk+GpiE1r18lIMcC3mmFYH+v6b27RyUfa5zO,iv:RzZjdioWQmpWtQImXOM9vo6aPOXifWALgi9gmlsRS1U=,tag:aKUXAOsbfOvhhogYx6tAVw==,type:str] + NVIDIA_API_KEY: ENC[AES256_GCM,data:LV/REkQyjf9/r5pmF6isMLIrWNy7yPOILu1a3s5g2tgs6/GRuyDQjbWQEVeIS7Ia5xHLJYLsFFhv5Bp2GsCjDONejEG0iS8E/FHvvwIWm7XvwICh3/3kAO2v5zYhqYbO,iv:6ofERGT1m2SX44keQq6pGTQ2nZMsPL2GG1+Pqebp470=,tag:O/+3KL1tivQX5qoZVrq+8A==,type:str] + SERPAPI_API_KEY: ENC[AES256_GCM,data:qp8vpoTBsQUf16xrO0SwP6NC0YXYIat17sIf2Ceqg+0ywm+t456vAPwA3BzO4Q2ShoZacI325IKS73ikSbfUt38gM9kRry7S8vc7yWOapTAxDVMepNO65w==,iv:a802YttrC+iE6KIwGnRXS0Gz0TiJWHOdLJGD+RDtON4=,tag:MzyHmEPXb7FNqX6CB2kN/g==,type:str] +kind: ENC[AES256_GCM,data:GW1La2Ea,iv:Z+yqoV/+I6ZQ3EEddouc3NhYvUg/fZPSErB16foM51E=,tag:5QDiiu/FJeE9cFTmaTC1Cg==,type:str] +metadata: + name: ENC[AES256_GCM,data:F1vRnNiwgEv3Ym5uyw6HadY=,iv:mDA/W7a2YrlMVrE3rLH14FqdmZVrp9P+csIVB+wHff4=,tag:FY7zr/T+XB6Kl94Ir95/Kw==,type:str] +type: ENC[AES256_GCM,data:3czhKxVb,iv:2YRDLhXyiAalT7BJp006tjOvY/VKhb1u1wRGHpJFRHk=,tag:NHLatir8R+Zee/+7SnIkTg==,type:str] +sops: + lastmodified: "2026-01-25T22:25:21Z" + mac: ENC[AES256_GCM,data:YQEOFODZyLaVbnZbXToqv78KH3riikik97h3PSv1Ay0xhcjdBtBRv1JTIfVWCyAuMX7jA7WdUy9VL3xw7luK6TFbQRLI9W2vwovZ5ljA0qthTBIXuU98eLEsz/FNpg1GukNPhGKw54iTokGyEbRA5+Vo2zXygi5q3Ui/F5FDLyI=,iv:1ap3lpJvQuaFqD+l7jc7MHnVaCXCNBWRl0gue80anmg=,tag:yO6vcbIrM38ufAncapYcJQ==,type:str] + pgp: + - created_at: "2026-01-25T22:25:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdAmOC1w11IvoBbzsDvMXNQXp7YzVqNEGt6xdxpgHExxjgw + h7GhiURhkbRGTA1Bd9V9JetB1ibDMv3Z2TSI0A+BS1GoNoG8BeM0t+efur3hMGNx + 0l4B/gnyReoDLZA6aaZDOMBLZe/GDaJ+FTegb5+VCTzAAsS1RgYrvPftBbCbyXbx + PdZo1yS+IMxuCQf0c3Q69FKF8Q8qy930UFjRxxHgiYdOQijJEhSyBpwiYhZK27tM + =geg9 + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/kustomization.yaml b/kustomize/overlays/tests/kustomization.yaml new file mode 100644 index 00000000..09043a87 --- /dev/null +++ b/kustomize/overlays/tests/kustomization.yaml @@ -0,0 +1,95 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../base +- sc-llm-pvc.yaml +- buildah-task.yaml +- tekton-config.yaml +- secrets/google-sheets-secrets.yaml +- secrets/integration-tests-secrets.yaml +- secrets/registry-app-creds.yaml +- secrets/server-model-config.yaml +- secrets/exploit-iq-client-build-ips.yaml +- secrets/exploit-iq-automation-token.yaml + +secretGenerator: + - name: argilla-user-feedback-ips + files: + - .dockerconfigjson=secrets/user-feedback-ips.json + type: kubernetes.io/dockerconfigjson + + - name: exploit-iq-pull-secret + files: + - .dockerconfigjson=secrets/exploit-iq-ips.json + type: kubernetes.io/dockerconfigjson + + - name: ecosystem-appeng-morpheus-quay + files: + - .dockerconfigjson=secrets/exploit-iq-ips.json + type: kubernetes.io/dockerconfigjson + + - name: exploit-iq-secret + behavior: replace + envs: + - secrets/secrets.env + + + + + - name: oauth-client-secret + behavior: replace + envs: + - secrets/oauth-secrets.env + + - name: mongodb-credentials + behavior: replace + envs: + - secrets/mongodb-credentials.env + + +configMapGenerator: + - behavior: replace + + name: nginx-cache-config + files: + - nginx.conf=nginx_cache.conf + +commonAnnotations: + deployment-variant: tests + +patches: +- path: nginx-patch.yaml + +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: exploit-iq + $patch: delete +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: exploit-iq + $patch: delete +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: exploit-iq-phoenix-tracing + $patch: delete +- patch: |- + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: exploit-iq-phoenix-tracing + $patch: delete +- target: + version: v1 + kind: PersistentVolumeClaim + name: exploit-iq-data # Use the original name to match + patch: |- + - op: replace + path: /metadata/name + value: unit-test-shared-cache diff --git a/kustomize/overlays/tests/mongodb-credentials.env2 b/kustomize/overlays/tests/mongodb-credentials.env2 new file mode 100644 index 00000000..780f2636 --- /dev/null +++ b/kustomize/overlays/tests/mongodb-credentials.env2 @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:cTEW4bqf52nVEz7nWKXJAx/5NNoG6PH+sPu6BYuhj3M/4z4GpXaqSPvWL+V2LQwQCtmP1D2/BMtxbwgak1x699wYMfPdptx1I9iFnOM2P+CrYZFbOllYrEUHA6g7Cv4RItSadLPsYpNizMDxTP8udaWbYFq/2r6rnlK/V81nZaJZdxeyxC7T1CVqnxCGS3anI1ZVPDGY4F7t,iv:nkEQJuCDVI3wKzDsjh6tEHfob9kXJEegl9MhaaDClgE=,tag:kRirr2RpmIHJHQVlmbGbSA==,type:str]", + "sops": { + "lastmodified": "2026-01-25T11:54:45Z", + "mac": "ENC[AES256_GCM,data:hICbk3dfXtva1J8jqG7uGLis+pJuwGve7tdQSeu7x3M/AjXukgZqxQoOrzE7H7WEh6R4XM8z7OfFqmIegjDtJ3RGy3VIbo2uXpHrhkAGUI9204ehhe0GG3erZKWAYxdryFA27UOddYhMEqyeezrdmXEzbMhy3eOXTQlyENb9gH8=,iv:rMqa6c70Zim0SB4oba55MYcjS332/znRVU2YX9UBhsU=,tag:Gt7FgLOjKvqPc5v0zIZYBw==,type:str]", + "pgp": [ + { + "created_at": "2026-01-25T11:54:45Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy77zzNMwU0sSAQdACeUMbw2HeFxqxL2d3+bLpJ5O8nnaixniZfOyLFNbDxUw\nudBo0dYJ5p9eSAr7/8xQBVeloOvLfO5DXBYlwZSkM4s1MPnTYM3vL6Je3qImRKzL\n0l4BPooAU/OY5y8idxBsi5gOKw/utLJ7150AhkLOCfvBVB5WP2zLLkWMx4rYMGTM\n8/hKqGkHi+8D2XfEByknn+95q92XnkGNcxZacCARXxFeDy0m+ZEeJa/KTO+5XU96\n=srjn\n-----END PGP MESSAGE-----", + "fp": "8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7" + } + ], + "version": "3.11.0" + } +} diff --git a/kustomize/overlays/tests/nginx-patch.yaml b/kustomize/overlays/tests/nginx-patch.yaml new file mode 100644 index 00000000..f8cd9dca --- /dev/null +++ b/kustomize/overlays/tests/nginx-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-cache +spec: + template: + spec: + containers: + - name: nginx + env: + - name: NGINX_UPSTREAM_NIM_EMBED + value: http://localhost:8000 diff --git a/kustomize/overlays/tests/nginx_cache.conf b/kustomize/overlays/tests/nginx_cache.conf new file mode 100644 index 00000000..33c32b01 --- /dev/null +++ b/kustomize/overlays/tests/nginx_cache.conf @@ -0,0 +1,115 @@ +pid /tmp/nginx.pid; + +worker_processes auto; + +events { + worker_connections 1024; +} + +http { + proxy_ssl_server_name on; + + proxy_cache_path /server_cache/llm levels=1:2 keys_zone=llm_cache:10m max_size=20g inactive=14d use_temp_path=off; + + proxy_cache_path /server_cache/intel levels=1:2 keys_zone=intel_cache:10m max_size=20g inactive=14d use_temp_path=off; + + log_format upstream_time '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"' + 'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'; + + log_format cache_log '[$time_local] traceId: $http_traceId - ($upstream_cache_status) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization_present'; + + log_format no_cache_log '[$time_local] traceId: $http_traceId - (BYPASSED) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization_present'; + + log_format mirror_log '[$time_local] traceId: $http_traceId - (MIRROR) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization_present'; + + log_format nvai_cache_log '[$time_local] traceId: $http_traceId - ($upstream_cache_status) "$request" $status - $body_bytes_sent bytes {$remote_addr} "$http_user_agent" $request_time - $connection_requests. Auth: $http_authorization_present. Final Auth: $http_authorization_present'; + + include /etc/nginx/conf.d/variables/*.conf; + + map $http_cache_control $cache_bypass { + no-cache 1; + } + + # Log to stdout + access_log /dev/stdout cache_log; + + error_log /dev/stdout info; + + client_max_body_size 1G; + + server { + listen 8080; + server_name localhost; + + proxy_http_version 1.1; + + # Headers to Add + # proxy_set_header Host $host; + proxy_set_header Connection ''; + + # Headers to Remove + proxy_ignore_headers Cache-Control; + proxy_ignore_headers "Set-Cookie"; + proxy_hide_header "Set-Cookie"; + + # Proxy Buffer Config + proxy_busy_buffers_size 1024k; + proxy_buffers 4 512k; + proxy_buffer_size 1024k; + + # Proxy validity + proxy_cache_valid 200 202 14d; + proxy_read_timeout 8m; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_bypass $cache_bypass; + + set $http_authorization_present '[NOT PROVIDED]'; # Default to '[NOT PROVIDED]' + + if ($http_authorization) { + set $http_authorization_present '[REDACTED]'; # Set to '[REDACTED]' when the Authorization header is present + } + + # Configure a resolver to use for DNS resolution. This uses the Docker DNS resolver + # See https://tenzer.dk/nginx-with-dynamic-upstreams/ for why this is necessary + # When considering what the "base_url" should be, consider the following: + # - The base_url should be the unchangable part of the URL for any request tho that API + # - If the API uses versioning, the version should be included in the base_url + # - If the API is a subpath of a larger API, the base_url should be the path to the API + # - Examples: + # - GET `https://api.first.org/data/v1/epss` => base_url=`https://api.first.org/data/v1` + # - GET `https://services.nvd.nist.gov/rest/json/cves/2.0` => base_url=`https://services.nvd.nist.gov/rest` + + # resolver 127.0.0.11 [::1]:5353 valid=60s; + + # rewrite_log on; + + ################ Docker Compose Services ################# + + # Include any additional routes from the routes directory + include /etc/nginx/conf.d/routes/*.conf; + + + ################### Redirect Handling #################### + + location @handle_redirects { + # store the current state of the world so we can reuse it in a minute + # We need to capture these values now, because as soon as we invoke + # the proxy_* directives, these will disappear + set $original_uri $uri; + set $orig_loc $upstream_http_location; + + # nginx goes to fetch the value from the upstream Location header + proxy_pass $orig_loc; + proxy_cache llm_cache; + + # But we store the result with the cache key of the original request URI + # so that future clients don't need to follow the redirect too + proxy_cache_key $original_uri; + proxy_cache_valid 200 206 14d; + } + } +} diff --git a/kustomize/overlays/tests/oauth-secrets.env2 b/kustomize/overlays/tests/oauth-secrets.env2 new file mode 100644 index 00000000..ae7f97eb --- /dev/null +++ b/kustomize/overlays/tests/oauth-secrets.env2 @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:JM3q6XFUVQ8XvsAWyaHAXUcxGPgB3ixEwIL6NGXTLfznS8v7FRRouw1iG7zDn+IFCk2kYhHW+wJ2fDBj23Fdh5dMPIDzMvxn2yyLLqyvYsnzM9JNVnIM1XALph/U0J0GYmzMLIJgqKnk7UexkypD8VM=,iv:6YKdj5UDd2TdPNwG4u5U1CZ3Mbi0MV82kgvNc+R4MUU=,tag:Rm3WSsiGmnmIn1NrQdZlpg==,type:str]", + "sops": { + "lastmodified": "2026-01-25T11:54:51Z", + "mac": "ENC[AES256_GCM,data:UiHjGVbr6MnTwXjpfQAba15b2dW0EeRmZ0LCqvwMfMoJlRQOgjmGDldeXBRO+jyYKvMsxfRLsGjIIDAnWE4+68NCHhH4IbDPH3gvwLijzNrUWX5wwFtQP7uXhtB5gQjt0G5e1Mwtz2oPPPRQ1BTVycHrJN8E81UANBpTN93kQFU=,iv:tnwkRwG9ChLQFudPafIGotkyjUXTedcRhT4QXiI0t80=,tag:ZEGjTCCkmRTKTboqE/GK6w==,type:str]", + "pgp": [ + { + "created_at": "2026-01-25T11:54:51Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy77zzNMwU0sSAQdABXzNXw0NPdMDlcCmVeio3d9jVFxFAr/IQkfrGkzimFMw\nt8tPnMaZfSe0ZNTtDMUhtXtYqu8Mqk+IGNANQyQXw9/pK6tL3sdctQpwES+h5SOK\n0l4B7x69zvOIlmK3yB8EoPE1Vn/0qoRjjyOk3/CWoeDGjL4hwwmOLTtAM0un/VCb\nhiEX4nEgWIaz4DWyQLZkqhJbPlRLTOvwXZI95UY1f5nQRt/zjbeKtRbXmiH+qlXy\n=X3t6\n-----END PGP MESSAGE-----", + "fp": "8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7" + } + ], + "version": "3.11.0" + } +} diff --git a/kustomize/overlays/tests/registry-app-creds-enc.yaml b/kustomize/overlays/tests/registry-app-creds-enc.yaml new file mode 100644 index 00000000..57af3b13 --- /dev/null +++ b/kustomize/overlays/tests/registry-app-creds-enc.yaml @@ -0,0 +1,25 @@ +apiVersion: ENC[AES256_GCM,data:IZw=,iv:xXXhE071qT3QN3TglSdLUY9cFsjaVyJb194zVl1Bso8=,tag:lgtA2jrDSfp5lMw6M9dMKg==,type:str] +data: + REGISTRY_REDHAT_PASSWORD: ENC[AES256_GCM,data:GquthNXj1O8624wEORBAvwpCGkG8Xv/BLAXuzTQX7RKwo3e9xdsxMbZ6QajCrwGeApCF+aQaKSkBXn4Weg7xJnKmrwN2X1fbdNeQFF9cvLaIY18VEJDtl5twsCYZlae62oHw4j1UNV124dQA6DPCtHND8GHw3rORYgMyGTnQxsCikbjcu94KVcFuiyXKPx21JUs0DT95YvzUtgkpPoKQJiexghfBH4NnunytiR/zamAfHLCgRdAcGC0qsbLEKDN3x+v4AF342oFnwT6OGfbcBaJrL27Kq6S+SO6ZlDAXvNawsiN60qZ3Ekj0DiUHSDKu9nuHOgAyyYQ8wfoZdwe3cpM8UHL0zLqQ3xvtOa1wxc5U5hiDaoC6kLzmvlGZEbBYbe4tHmaHyP0PUi4/qLou31x0xLrQbvnAsXbgn/2YEDhddSnW2B2uFpAxps7J1S4SIFrDIocaT7hdxu1k4vKDrVK3iIxNdzsbxJthUnbffsydXCHYAyorGpMicCwqY2WTHDlFu7whEoGzxx+z97c8eZcxgML3DHZ1tRexh3e/iuic8w8X8bwSDmYb3/i649ZnDSYPp8TbLbNPorneWMc4mch5ThOMyL4n434siHo8zsr64mSud+uWx2CBqcuVpR2eNGZYXJL4cimdLrugb58LAUBisPzLKnUtFxiiGsz2DfP8KgUEIlYaTq2a6Ns0LDIpxxvygMqcjLfEXblDV8zptI79zaOt75ghfUNP5CpkeOZmfkkp7KSPuyx1TLRXdW94pDiSE0rZp0VgzTkHFA/AF5S1QhINWuuAggWpB5zGqwM+uQb8+q+Ixwu/pCNCZd4xA+5hgyDhX3NZ+c+awD81WlwOLilneoT1O3VhCcBobxLdL3C//gtNOyxPFy68rzYgZD6MjHczw4aWYT3kGcr7MeVKKhqJPSRrESSythHX6AjVvg2ePKqTYScJo7qILgDMSKq3NhRu4vj3fSqQ13530mwAqrbV58N8t5XAkeciMI9GKFaxDiSSEUwbngOWd7aAgyePqFmLubfmM4jqtkKLJwcOzcE8F86cUbrKwAntm6x83+Jpt2qDZUCEOWbo/73WJAVv+l5Z91Qj7eWff70BOvg6jLNJoL0+r80x932VJPOwgrCaESBbFSs+olwfgyxkzQxrJ6tBtwX87fgzKhN0rwBSGukZsAZxzM2u9WS8trLIBOsEXFwofVP1nAcwRsexcni40TEw2DxjPrWW2aU8HOx+fVHy9xlglgNezu/ppcelDEdOcfwX0E1AflV7acIJSyU/k/R66LtUGUi5IUAEsDIWKgIcnAd3vIPTNxtjyJonStuLQ1JlqAMzRVyq7qch8uO5PS5Erxc=,iv:/zxAcdPQbS6r4iBGwUUlxShsfhuNjcCfo349uuvlhR8=,tag:y7+qHLSL0lSUcXgnH2tD8g==,type:str] + REGISTRY_REDHAT_USERNAME: ENC[AES256_GCM,data:+BCMkat0CX6ZoZbXcFVVEoBXFiPfyhxE,iv:KHaat2fMj/cDEPjbBC6enL9kCiCgWyjFw3ptCW2AuDk=,tag:ufvyd0TvLdKvCcaxz3ir/Q==,type:str] +kind: ENC[AES256_GCM,data:6E22NgYo,iv:Wi/gwNNrx0dL2/aacRKqJgKiSf9UF93Tixgc7E2pHIc=,tag:ZUbcU6fbNIgNXOQvGCeifw==,type:str] +metadata: + name: ENC[AES256_GCM,data:Myf/HsxEcMl/n0W/5vAtqA==,iv:qebrYwM4DLfYvUR/Sxin6GIDha8w4px/ybK8CGsnGAA=,tag:k7vi+9O9TBYHt7R8l7AcaA==,type:str] +type: ENC[AES256_GCM,data:X2uOhC+V,iv:dhqBwROQkhzoJM0PmjdmeOcNGj72k2Q3g5y0uPdJthI=,tag:irVym2z88svdyvJD5B1hfA==,type:str] +sops: + lastmodified: "2026-01-27T15:04:49Z" + mac: ENC[AES256_GCM,data:98VTQKDDdusGPrUqQE0l+i/pCcD8AQG9iWjYJofYAXkebsx3ABXlHuyuDS+fg7fGsLTSR2CoxyLyqjnanL8PpdXS1AFCSFUCpD9VoJ1WEadCJ4c9lgKJpb84f2TZTggsE6bH4HpHZuEDZR1/U4gbX0bE/4MXpMpkWxWc0+tOKDw=,iv:eyFLHWaY5vHRNyjp5I8tmQQyZDrc4wvDKowreOBvDJs=,tag:TfGnJOewwjbE/K1Uayrmog==,type:str] + pgp: + - created_at: "2026-01-27T15:04:49Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdAtMvASO+L3ZWyF7hGBPz2KsVM2iH/GASnzUZthLd0tR0w + aAtePRC34cc6hzeMsXGyPkU93Aq1kimzGUuzfIFaMHBEBwsJetzR78p0bedNTBhv + 0l4B0MFdxa2LKX57vMhBnjSPqnndz9c4EzT+4faM3sb16Ly3of2kYdtrsf8LdyIs + NHhoxWAiuyqlKZ3vHEL950R9NS7OjhxOYqVTPVXOaOSpC7SL+rO2vIH1GdJk51iE + =lqdO + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/sc-llm-pvc.yaml b/kustomize/overlays/tests/sc-llm-pvc.yaml new file mode 100644 index 00000000..fe5caa30 --- /dev/null +++ b/kustomize/overlays/tests/sc-llm-pvc.yaml @@ -0,0 +1,13 @@ +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gp3-csi-throughput-2000 +parameters: + encrypted: "true" + throughput: "2000" + iops: "64000" + type: gp3 +provisioner: ebs.csi.aws.com +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer diff --git a/kustomize/overlays/tests/secrets.env2 b/kustomize/overlays/tests/secrets.env2 new file mode 100644 index 00000000..df5a5048 --- /dev/null +++ b/kustomize/overlays/tests/secrets.env2 @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:qJ79PMbpPyOLezRJhCB2mRe5C+LVDHvDnv8RwbYYX2H4c2P8Ugyhcs+3uAyARQnSdzKOu2Vf57lo3eB6pyU6FZwP7rn2nNbcviPQdQZA4Z4e3S/ZPodhqzkwCU/8KlAYJUDWRt7rbtz6yRSjF+9uwu1dJXIGoFrpCo7KE8pZgaAAHvADnBT7RT6MAyQkQZQpqpGyBiF1vZ/MPnY7w1ke5/IpzY30kIepcwZ0fCdgViweYthkKu/CrBwl7h/S6FxPp/+EpjEMQimnvSaMybjoKYovQ7aNK+sE5CFHxv09Wsy2oVx7C0DDkQGJJTmDXgbNwUmwNq9OK8vteh91YvH2r3yPJT5Q2UoRSvVpOnqyQGenrYme712O5ZL1MW9qLpukUtEGQjcK7gaOANOqKFAly0yDtBg7mvHmvtqJl7mqGjqE+m931h9bNQgIdP/kxt10RxfwRatMuQUfhmpqEAQCDsEW8WUCOjE3whBCYsrY429dRRmDS4sffOnN8SQkrqNh6/+7n7WQFw71Yjy2Nak7WRdWNsPuSUAGvq2kOVjQzWUbH6LSzcuDmV5chCunDQYXvbSO4K448Zq7zU8tnL/Kq0BC51iLztUBAQgZ2mSRFimx2IIJcZs3iKHN9Rad6w03oD1vyCfUMMLWCpqN+v/o9Gdtuh54lV75ocVk/uC6WBtfkRd31KDi9rERB1lO+zufillhOcsb6ihI1xg0HLbX4N0ds5Kl142BuJ57QuTC48M3rJRhAVCHNerHlPZFIaHNCJ6XeUEPbr+Bq8GTdKLIZTT3HWzPQRid5nrvKAgOH1k+N87QM95ofmnrd/RshwtyjcvCVLY0Ua2/93JxqlhaTMR4J9u8WoN3zNQ5oPGnU1/Gf7z7HzWicNne36XBv44Apby4V0IBrnpTi7PNzqKDm6vOUyGKJvbHXlHuEBEAMcdApdGkGCMwf5vHfdk1naI/7rXWcvJtlJgAdDACDtKhOdWX7o6FvsS2qyKTWeeDV/KuUpt2IJ2v0SoYCbClSydJseKy044Yr+Q/OlNTLfoVYP6Y+qbtJtjxUqJq6aq2kg6lP7bnEpLqyo5Od6GO2pI/E/N1OifZRNvaIwildhd+BSv4cM55Syu+S4aGbyb9o3+NeVhtC6uYIJZxIxFJfxbnAG89I1Yb1rmoD5YrXOAIv/jD95B0mU/JntsblJYlKyJ8TyiOL3w5ftoWTiRKefzwnvZcoUcxQ/iO9smcWaUABFC6nBFZJblYQ1E7d/b9PAsD+KwOJBJnhMPl/3qYip3SOL8NSX7+VtfRwMgd/MQInjmnhQx96xV6UWHe1EBX+Bx/75ZCye6f+EY/4tABMHyCgfZw2rofjsANCnZqp4MxUFKBUw/gm0JVAwMPR3u+uAWWnkiekjvGeqbMGW0Y+cteKZA/b/kaw3fLASSbzAMju0Od9rEV8lJd3T4j6PJ+uXuxieUU+mD1GRn5l5ZngiL6ntSQF6UD8bZ4Gss3PgvHEmqdaY1ta5k3t1OsJF/edgwzPW2Vlzc7wSHWpkGMIUTqsMiNIIM57otjt8ox2VfoJakt0Fj1AJ6MAtUJYLgGlBzsvoQ5h+yXT1dqNOUzqra1Zl5XsdWx+gnaFN+PUG+v0pmkXl8NJInYDcpFzacEMzVT+F1nCpwJ57bLAbmJVeqQ,iv:MNFqnAFl1Ugx9oebDR66ckvZx8jksY+HeDsNFehFrk4=,tag:f6N8qxAy07EJHHwu2N5K3g==,type:str]", + "sops": { + "lastmodified": "2026-01-25T12:03:28Z", + "mac": "ENC[AES256_GCM,data:S8a8LiimwRsM2oqj6kMnG1umAXxb42GcdGLpDtcXLcbA3EewgRVCl+UIkDvFkagK8WUl2jr715wNgS/OlIWWdTBc/jAfU0iV3AHOCCz/Z1t16wQ96Pf3sEc0++l4EFlPfBPmhhCdXoAVh8TrPSpQRRKEXNY9JKcps2nZ5UDJ5tM=,iv:djGFNCf5O36+iyb+ENVdnThB749rc7PvpA8JAFJFKCg=,tag:fl7sRerdVAAXBkIATUl7zw==,type:str]", + "pgp": [ + { + "created_at": "2026-01-25T12:03:28Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy77zzNMwU0sSAQdAZGmK8TFHDd7hi+u6iK85h+tsLOTnv+cd5N5R2hmhizgw\nYGsqyjGgzxKosWdsGQw9n6RQwLookPSjLtO74CInBmSSpbL+k4NhAKs+G2vCojdN\n0lwB7TegWbha7ElzY6+MjOv+1p5EBhHFIWut+6+iV7HzrbralcDvo1Lo7b7e/4sv\n3jEf4HcelocgSLURYvL/5Cl48AVXrhkxdha+6xw4py4YRFIarIMU8ZRnL5gAqw==\n=caPs\n-----END PGP MESSAGE-----", + "fp": "8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7" + } + ], + "version": "3.11.0" + } +} diff --git a/kustomize/overlays/tests/server-model-config-enc.yaml b/kustomize/overlays/tests/server-model-config-enc.yaml new file mode 100644 index 00000000..f978b3c5 --- /dev/null +++ b/kustomize/overlays/tests/server-model-config-enc.yaml @@ -0,0 +1,32 @@ +apiVersion: ENC[AES256_GCM,data:GqM=,iv:X9ZA6MF+bye5xH0o8LL/4XFDfiVzgDeL/LJUVGNiJnA=,tag:jlRvjVgKLC66t+n/9UPxeQ==,type:str] +data: + CHECKLIST_MODEL_NAME: ENC[AES256_GCM,data:7OrZQrchux0+jlBPEuDhsyAv1Ix75Yp1/uPKdjy2g2lziSXhdwBrEtSF0U4dQWBITTYp,iv:TAd+SIFStCUd1qQDtQpD9ejlH8R6oCa4mLrwBYPh5nE=,tag:wGSMp+pww/4Zt7mvqVvwrg==,type:str] + CODE_VDB_RETRIEVER_MODEL_NAME: ENC[AES256_GCM,data:4D444ciNBzQPnhYXT0niQZWF12OtQ/stcNpdEbCXCCRbf/jUfkYoai+0u08EsYgmh+TC,iv:SehqcrF7ZA5itfSeEDMyeuFTOBrufGLlGcNxO+yKdp4=,tag:4jJ05Bitj0iVNDvSl2NeaQ==,type:str] + CVE_AGENT_EXECUTOR_MODEL_NAME: ENC[AES256_GCM,data:xtooeRKaRb2uXvEmhcq6W6M9UX1g2fk2WC9jf0cj0ReMlNZ0waj7JOY0KVfWM4n9eBEg,iv:mYGS+QzlUv3aUKQlGF3Qj++h9kg73Btpmi+mf3GUJ3w=,tag:BWLyR3yhAqEdpLE1T4lYpg==,type:str] + DOC_VDB_RETRIEVER_MODEL_NAME: ENC[AES256_GCM,data:g9DV3/7vINF2g4MPUScMedRhx4EzUn6aOHztFmAmhdqU7iaOYAMLQaGZkkMdiXsSqziu,iv:0swptAt4Hwg0/y3f28btcv2Mtq0yYB/mCTfFXjWe00k=,tag:vdgiZOimYt+5uluRtyP+cQ==,type:str] + GENERATE_CVSS_MODEL_NAME: ENC[AES256_GCM,data:uDTbwkxuuohDKJ9X+uAYHE2lJgb8BKEBkTGH5xL1YWy82R6OpWE53l9d9/KAk8JL3COi,iv:bWsmW1J1U0zmWlhj5cvLz1dFYG/NPF3PiZhWS5duT+Q=,tag:w6PCNZhOysrHW7l74X8EiQ==,type:str] + JUSTIFY_MODEL_NAME: ENC[AES256_GCM,data:ar93nbJy18x6Nb++YGHSuh6QGFnmhiyAZtq6hpRsDT6g4XSAmFAsCO5IvBEIZ7dpNprZ,iv:ks3khWQCRnz8mUrvK7B9SVz+wKOF49JU817dWglaDrM=,tag:OB3ULv2x4Ref63j/nlp8DQ==,type:str] + NVIDIA_API_BASE: ENC[AES256_GCM,data:58mO8y0qF6FBOXcc4E3jppjo3ym6A48wGZL9OxTPlHcYptR/AW6KvGdSA8TMk5DG9RE10Edx0ChXB9XsMFvxfQnfA+9OiBnCNxRUXw==,iv:OUlIO/XHdqkvpOM35JfEQSke6TmyCuMOEcvJqLSUkzE=,tag:kifU31FSIu3//q9pc7u40A==,type:str] + PYTHON_VERSION: ENC[AES256_GCM,data:OmHFTw==,iv:qsd4oNKf/oYCSpICfSE7cuUlIfRmI7VrZ+Wth/nNPvM=,tag:Hy0YNQ9lmcbqrXHEjtzfxg==,type:str] + SUMMARIZE_MODEL_NAME: ENC[AES256_GCM,data:vO8ztZTgcvg5tv5FQaKlKBsTs8ms/78Qe9OtmDS7LnibP6K9yljNbz9ai73Ph3CIn4Wu,iv:ak/afG2kXG1rvsriN21zNsjttc2Vt+VoYhoauwWA6ZI=,tag:lf0QVlghAuin8l4keWkY3A==,type:str] +immutable: ENC[AES256_GCM,data:7VHk5CM=,iv:9GuqxkAjk0XtcAHP1xJ7OjfHRDEydV2XCrNzXMzNZho=,tag:J261qozJtzdv+tOzIZYmrA==,type:bool] +kind: ENC[AES256_GCM,data:+XvGoKaqZt3d,iv:ipjdNZIC5ucrWo7Cpa3I64nKLd2eOslQjwe6R0LXsXU=,tag:ZvTEtcfLxIBMvqEw7mLqWA==,type:str] +metadata: + name: ENC[AES256_GCM,data:bIyOig0niHOw8aT3r5yg6wSZzg==,iv:FNtbtOzmrKkz4Ocb7ujgsBBg72P0ACMlS5DfT8DP4rk=,tag:beE9XVfmH2CzYoCkYJMnuQ==,type:str] +sops: + lastmodified: "2026-01-26T09:27:06Z" + mac: ENC[AES256_GCM,data:xMMv5Lrb9cRGYoEjwLHHf74gadMJfm17697zJn/UI+2bZceSBVlJZAN+4Q8yOtTDM0uC1uuGbwZC82yJuguMNuDUFo8yQJ1evU45A8WPKJXLW9GkLCIuh/8302kH08EI9GLcBR5eXuQCl1N1uKRx56rNCiu/WCFJN3WUS/gM/8A=,iv:C1KHyp68xbcOSCDpDjvoHMsPGB4YsnQ+2dHkyOo+l8g=,tag:0aFf97vxoXupUQX8kQAkRA==,type:str] + pgp: + - created_at: "2026-01-26T09:27:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4Dy77zzNMwU0sSAQdAANcbJdqeIUK1mUDG/+GglQPLSlMcvS0xt0aP0eHsakEw + EU5sQytLTMNUYH6iRp7BacACVQ8T/1rllgno7lGN5nLoEUDbg/wOtFH3ZHFus6kj + 0l4Bwe9pK+UsHDqy6I38YWHU42AsEECCZjs5fPHUnKBR2oBBpf4S/Eg9/FVnRIOY + QFkPgGIyQIOPbCVzaIo+tzuIwwT0RjQQAcnPZM3eM0ie1q82eD9UstkwAV6Upzqv + =mxQm + -----END PGP MESSAGE----- + fp: 8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/kustomize/overlays/tests/tekton-config.yaml b/kustomize/overlays/tests/tekton-config.yaml new file mode 100644 index 00000000..8183bbcf --- /dev/null +++ b/kustomize/overlays/tests/tekton-config.yaml @@ -0,0 +1,139 @@ +apiVersion: operator.tekton.dev/v1alpha1 +kind: TektonConfig +metadata: + finalizers: + - tektonconfigs.operator.tekton.dev + labels: + openshift-pipelines.tekton.dev/sa-created: "true" + operator.tekton.dev/release-version: 1.21.0 + name: config +spec: + addon: + params: + - name: communityResolverTasks + value: "true" + - name: pipelineTemplates + value: "true" + - name: resolverTasks + value: "true" + - name: resolverStepActions + value: "true" + chain: + artifacts.oci.format: simplesigning + artifacts.oci.storage: oci + artifacts.pipelinerun.format: in-toto + artifacts.pipelinerun.storage: oci + artifacts.taskrun.format: in-toto + artifacts.taskrun.storage: oci + disabled: false + options: {} + performance: + disable-ha: false + config: {} + dashboard: + options: {} + readonly: false + hub: + options: {} + pipeline: + await-sidecar-readiness: true + coschedule: pipelineruns + default-service-account: pipeline + disable-affinity-assistant: true + disable-creds-init: false + enable-api-fields: beta + enable-bundles-resolver: true + enable-cel-in-whenexpression: false + enable-cluster-resolver: true + enable-custom-tasks: true + enable-git-resolver: true + enable-hub-resolver: true + enable-param-enum: false + enable-provenance-in-status: true + enable-step-actions: true + enforce-nonfalsifiability: none + keep-pod-on-cancel: false + max-result-size: 4096 + metrics.count.enable-reason: false + metrics.pipelinerun.duration-type: histogram + metrics.pipelinerun.level: pipeline + metrics.taskrun.duration-type: histogram + metrics.taskrun.level: task + options: {} + params: + - name: enableMetrics + value: "true" + performance: + disable-ha: false + require-git-ssh-secret-known-hosts: false + results-from: termination-message + running-in-environment-with-injected-sidecars: true + send-cloudevents-for-runs: false + set-security-context: false + trusted-resources-verification-no-match-policy: ignore + platforms: + openshift: + pipelinesAsCode: + enable: true + options: {} + settings: + application-name: Pipelines as Code CI + auto-configure-new-github-repo: "false" + auto-configure-repo-namespace-template: "" + auto-configure-repo-repository-template: "" + bitbucket-cloud-additional-source-ip: "" + bitbucket-cloud-check-source-ip: "true" + custom-console-name: "" + custom-console-url: "" + custom-console-url-namespace: "" + custom-console-url-pr-details: "" + custom-console-url-pr-tasklog: "" + default-max-keep-runs: "0" + enable-cancel-in-progress-on-pull-requests: "false" + enable-cancel-in-progress-on-push: "false" + error-detection-from-container-logs: "true" + error-detection-max-number-of-lines: "50" + error-detection-simple-regexp: ^(?P[^:]*):(?P[0-9]+):(?P[0-9]+)?([ + ]*)?(?P.*) + error-log-snippet: "true" + error-log-snippet-number-of-lines: "3" + hub-catalog-type: artifacthub + hub-url: https://artifacthub.io/api/v1 + max-keep-run-upper-limit: "0" + remember-ok-to-test: "false" + remote-tasks: "true" + require-ok-to-test-sha: "false" + secret-auto-create: "true" + secret-github-app-scope-extra-repos: "" + secret-github-app-token-scoped: "true" + skip-push-event-for-pr-commits: "true" + tekton-dashboard-url: "" + scc: + default: pipelines-scc + profile: all + pruner: + disabled: false + keep: 100 + resources: + - pipelinerun + schedule: 0 8 * * * + result: + disabled: false + is_external_db: false + options: {} + performance: + disable-ha: false + route_enabled: true + route_tls_termination: edge + targetNamespace: openshift-pipelines + tektonpruner: + disabled: true + global-config: + enforcedConfigLevel: global + historyLimit: 100 + options: {} + trigger: + default-service-account: pipeline + disabled: false + enable-api-fields: stable + options: {} diff --git a/kustomize/overlays/tests/user-feedback-ips.secret b/kustomize/overlays/tests/user-feedback-ips.secret new file mode 100644 index 00000000..e0f44fb9 --- /dev/null +++ b/kustomize/overlays/tests/user-feedback-ips.secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:DTCFG/YxGdv2PUvFy4ZpUcn71vTKVE9Pq6OdqGrhThVqW5yIZFdIlEutthH9q/AbnzZZalBxf7nb7T/muOnJd+pE+uN1jlrv6kSdaEcwgViK9CQCRVhqIfWCZNFYyGVFpo90TlD8dTrvk0f1LqbnTQGbuhBIscuKmYzJB+FZuUYzBP+7YgLD34lwhRwOd3gM6IwYyptkDYL7BnZB8t7bZSeliuQwmjwJZ49oDVtG8+CZN7UlUw1hxVJPM96BR6Ob,iv:VE3imWMy9VK5IEQ0ZV+WYbHtRNNAUXPZZY3mA52P258=,tag:2UFpjo65+QUs9fvcTueiQQ==,type:str]", + "sops": { + "lastmodified": "2026-01-25T12:11:26Z", + "mac": "ENC[AES256_GCM,data:PpNa9n8COE+xLG2Kmb8U18dAUT7iqhUfsquUqJC+42DdGC5eWU9t+nxJjy2Hgpf+Gj9hZErRQDYn6LZufKl87YcOix5V8TlBx078LIw1ZFch5xvPIoRef47uedpnPZM6UDAYFljDj6VWUXj6zdqC+GypArYYt5c50iIpY31Fd0c=,iv:N/8Ie16mcQ+QnGjg9c4rXK0OSJn+KujWA7S2WFFa4jc=,tag:69iiCf7FIVmm//LrtCixcw==,type:str]", + "pgp": [ + { + "created_at": "2026-01-25T12:11:26Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy77zzNMwU0sSAQdA/VGmVQPa0NNd5tNIIEunjIeYbcNYFAytX7GStmGIWzow\nzGLovmXwgN/5IQAdqZiRovpI5nURr49xCgCjiHfvui0eI0mm05+Zhph7GlSG0FwV\n0lwB7q/kruiHG/tWCtqESzJYMfun7Jh0CWH/yl3K7N3JiwREqUsSUVG4xOdhJEEs\nus/Ov0GJd6isSwb1uLjtCNszmiQXss6Rw/tutDmRwR4nE0J26CujVwqkuSDbbg==\n=RFOe\n-----END PGP MESSAGE-----", + "fp": "8DEE2D0E1357B78C782691234A2D3B6C7E35AEF7" + } + ], + "version": "3.11.0" + } +}