Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update docs to include Generic Oidc Changes #2582

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

IsaacCalligeros95
Copy link
Contributor

@IsaacCalligeros95 IsaacCalligeros95 commented Dec 5, 2024

The existing OpenId Connect page covers most of the relevant details for Oidc accounts. Let me know if you think additional details related to the generic oidc account would fit here let me know. This change includes the CLI commands and call out on the gcloud account that generic OpenId Connect accounts can be used instead.

@@ -8,18 +8,45 @@ navOrder: 30
---

:::div{.hint}
Google Cloud Accounts were added in Octopus **2021.2**.
Google Cloud Accounts were added in Octopus **2021.2**, Generic OpenId Connect Accounts were added in **2024.4**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be 2025.1, correct me if I am wrong

1. set an audience, this should match the audience set on the Workload Identity Federation. By default this is `https://iam.googleapis.com/projects/{project-id}/locations/global/workloadIdentityPools/{pool-id}/providers/{provider-id}`
1. Click the **SAVE**, to test the account set it as the account on a gcloud script step.

See the [Google cloud documentation](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers) for instructions on creating and configuring a Workload Identity Federation. To authenticate octopus calls the gcloud cli
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this done for the user already, as per OctopusDeploy/Calamari#1399?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, in that section I'm just trying to explain the authentication process behind the scenes

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It felt like that was what the user needed to do, particularly if you don't read it closely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated that message, if you think it's better to just remove the snippet all together let me know.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is clearer, the script is fine for the moment, my concern is that these things can get stale. Perhaps @steve-fenton-octopus has an opinion here.

Copy link
Contributor

@benPearce1 benPearce1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two issues with the release version and the suppport for logging in with calamari

Copy link
Contributor

@benPearce1 benPearce1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. The CLI pieces are not required to be done manually as the CLI has a generator that you can kick off after the features have been merged which creates a docs PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants