-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update docs to include Generic Oidc Changes #2582
base: main
Are you sure you want to change the base?
Conversation
@@ -8,18 +8,45 @@ navOrder: 30 | |||
--- | |||
|
|||
:::div{.hint} | |||
Google Cloud Accounts were added in Octopus **2021.2**. | |||
Google Cloud Accounts were added in Octopus **2021.2**, Generic OpenId Connect Accounts were added in **2024.4** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be 2025.1, correct me if I am wrong
1. set an audience, this should match the audience set on the Workload Identity Federation. By default this is `https://iam.googleapis.com/projects/{project-id}/locations/global/workloadIdentityPools/{pool-id}/providers/{provider-id}` | ||
1. Click the **SAVE**, to test the account set it as the account on a gcloud script step. | ||
|
||
See the [Google cloud documentation](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers) for instructions on creating and configuring a Workload Identity Federation. To authenticate octopus calls the gcloud cli |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this done for the user already, as per OctopusDeploy/Calamari#1399?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, in that section I'm just trying to explain the authentication process behind the scenes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It felt like that was what the user needed to do, particularly if you don't read it closely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated that message, if you think it's better to just remove the snippet all together let me know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is clearer, the script is fine for the moment, my concern is that these things can get stale. Perhaps @steve-fenton-octopus has an opinion here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two issues with the release version and the suppport for logging in with calamari
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good. The CLI pieces are not required to be done manually as the CLI has a generator that you can kick off after the features have been merged which creates a docs PR.
da83e5a
to
aedb380
Compare
The existing OpenId Connect page covers most of the relevant details for Oidc accounts. Let me know if you think additional details related to the generic oidc account would fit here let me know. This change includes the CLI commands and call out on the gcloud account that generic OpenId Connect accounts can be used instead.