From b29217dc63fe6f0acebfaefbb2c1c42cbaae120a Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Wed, 17 Jun 2026 18:11:04 +0200 Subject: [PATCH 1/6] Add bypass audience and scope configuration for external services --- ods-api-service/chart/CONFIGURATION_GUIDE.md | 3 +++ ods-api-service/chart/templates/tpl/_application_yaml.tpl | 3 +++ ods-api-service/chart/templates/tpl/_env_external_services.tpl | 2 ++ ods-api-service/chart/values.yaml.template | 3 +++ 4 files changed, 11 insertions(+) diff --git a/ods-api-service/chart/CONFIGURATION_GUIDE.md b/ods-api-service/chart/CONFIGURATION_GUIDE.md index fe265dc25..139a032ef 100644 --- a/ods-api-service/chart/CONFIGURATION_GUIDE.md +++ b/ods-api-service/chart/CONFIGURATION_GUIDE.md @@ -254,6 +254,9 @@ externalServices: trustAllCertificates: true username: marketplace-user password: marketplace-password + bypass: + audience: ${MARKETPLACE_BYPASS_AUDIENCE:} + scope: ${MARKETPLACE_BYPASS_SCOPE:} ``` Generated env vars (all ConfigMap): `MARKETPLACE_DEFAULT_INSTANCE`, `MARKETPLACE_MY_MKT_PROJECT_COMPONENT_BASE_URL`, `MARKETPLACE_MY_MKT_PROVISIONER_ACTIONS_BASE_URL`, diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index 24e89064f..a9cc37a3e 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -194,6 +194,9 @@ externalservices: password: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PASSWORD:} obo-scope: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_OBO_SCOPE:} trust-all-certificates: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL:false} + bypass: + audience: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_AUDIENCE:} + scope: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_SCOPE:} {{- end }} {{- else }} instances: {} diff --git a/ods-api-service/chart/templates/tpl/_env_external_services.tpl b/ods-api-service/chart/templates/tpl/_env_external_services.tpl index ebcbbd0cb..a8bc3316e 100644 --- a/ods-api-service/chart/templates/tpl/_env_external_services.tpl +++ b/ods-api-service/chart/templates/tpl/_env_external_services.tpl @@ -87,6 +87,8 @@ MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL: MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BITBUCKET_BASE_URL: {{ $instance.bitbucketBaseUrl | quote }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ $instance.trustAllCertificates | quote }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_OBO_SCOPE: {{ $instance.oboScope | quote }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_AUDIENCE: {{ $instance.bypass.audience | default "" | quote }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_SCOPE: {{ $instance.bypass.scope | default "" | quote }} {{- end }} {{- end }} diff --git a/ods-api-service/chart/values.yaml.template b/ods-api-service/chart/values.yaml.template index 5f4473b15..6b718750f 100644 --- a/ods-api-service/chart/values.yaml.template +++ b/ods-api-service/chart/values.yaml.template @@ -275,6 +275,9 @@ externalServices: # projectComponentsBaseUrl: "$MARKETPLACE_DEV_PROJECT_COMPONENTS_BASE_URL" # provisionerActionsBaseUrl: "$MARKETPLACE_DEV_PROVISIONER_ACTIONS_BASE_URL" # oboScope: "$MARKETPLACE_DEV_OBO_SCOPE" + # bypass: + # audience: "$MARKETPLACE_DEV_BYPASS_AUDIENCE" + # scope: "$MARKETPLACE_DEV_BYPASS_SCOPE" # bitbucketBaseUrl: "$_BITBUCKET_BASE_URL" # trustAllCertificates: false # username: "" # Set in secrets.dev.enc.yaml From c8cf5b84ba9ac33c2864c4db0b2f9cec2f346700 Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Wed, 17 Jun 2026 18:12:39 +0200 Subject: [PATCH 2/6] Fix formatting in CHANGELOG for ODS API Service configuration entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 81ff8750a..b942bb0ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ - Jenkins master and agent maintenance. Add Rhel9 variant and make it default ([#1361](https://github.com/opendevstack/ods-core/pull/1361)) - Update tailor to 1.4.0 ([#1373](https://github.com/opendevstack/ods-core/pull/1373)) - Update Jenkins java version to jdk 21 ([#1374](https://github.com/opendevstack/ods-core/pull/1374)) -- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377))([1378](https://github.com/opendevstack/ods-core/pull/1378))([1379](https://github.com/opendevstack/ods-core/pull/1379))([1380](https://github.com/opendevstack/ods-core/pull/1380))([1382](https://github.com/opendevstack/ods-core/pull/1382))([1383](https://github.com/opendevstack/ods-core/pull/1383)) +- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377))([1378](https://github.com/opendevstack/ods-core/pull/1378))([1379](https://github.com/opendevstack/ods-core/pull/1379))([1380](https://github.com/opendevstack/ods-core/pull/1380))([1382](https://github.com/opendevstack/ods-core/pull/1382))([1383](https://github.com/opendevstack/ods-core/pull/1383)) ([1386](https://github.com/opendevstack/ods-core/pull/1386)) - Change the way the certificates are installed in the container of ods-api-service to update the cacert ([1381](https://github.com/opendevstack/ods-core/pull/1381)) ### Fixed From 3a29df3584523819530c871dfd44a25bcd40d1b1 Mon Sep 17 00:00:00 2001 From: Angel Martinez Date: Thu, 18 Jun 2026 16:28:15 +0200 Subject: [PATCH 3/6] Add MARKETPLACE_BYPASS_AUDIENCE to OAUTH2 audiences in application.yaml template --- ods-api-service/chart/templates/tpl/_application_yaml.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index a9cc37a3e..f317f7d41 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -20,6 +20,7 @@ spring: issuer-uri: ${OAUTH2_ISSUER:} audiences: - ${OAUTH2_AUDIENCE:} + - ${MARKETPLACE_BYPASS_AUDIENCE:} datasource: url: ${ODS_API_SERVICE_DB_DATASOURCE_URL} username: ${ODS_API_SERVICE_DB_USER:opendevstack} From b471a3abb6158f3656cb041c63b67a53af09295b Mon Sep 17 00:00:00 2001 From: Angel Martinez Date: Thu, 18 Jun 2026 16:33:56 +0200 Subject: [PATCH 4/6] Update MARKETPLACE_BYPASS_AUDIENCE reference to use dynamic naming in application.yaml template --- ods-api-service/chart/templates/tpl/_application_yaml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index f317f7d41..03ada845a 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -20,7 +20,7 @@ spring: issuer-uri: ${OAUTH2_ISSUER:} audiences: - ${OAUTH2_AUDIENCE:} - - ${MARKETPLACE_BYPASS_AUDIENCE:} + - ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_AUDIENCE:} datasource: url: ${ODS_API_SERVICE_DB_DATASOURCE_URL} username: ${ODS_API_SERVICE_DB_USER:opendevstack} From 1f8f3f280c235cb29ae25e8001846ae4b6c945b9 Mon Sep 17 00:00:00 2001 From: Angel Martinez Date: Thu, 18 Jun 2026 16:38:52 +0200 Subject: [PATCH 5/6] Add dynamic bypass audience configuration for marketplace instances in application.yaml template --- ods-api-service/chart/templates/tpl/_application_yaml.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index 03ada845a..2c2f241c0 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -20,7 +20,11 @@ spring: issuer-uri: ${OAUTH2_ISSUER:} audiences: - ${OAUTH2_AUDIENCE:} +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} + {{- range $name, $instance := .Values.externalServices.openshift.instances }} + {{ $name }}: - ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_AUDIENCE:} +{{- end }} datasource: url: ${ODS_API_SERVICE_DB_DATASOURCE_URL} username: ${ODS_API_SERVICE_DB_USER:opendevstack} From 56b9bf78702c13c94533e19b31ac714265b2dd61 Mon Sep 17 00:00:00 2001 From: Angel Martinez Date: Thu, 18 Jun 2026 16:41:47 +0200 Subject: [PATCH 6/6] Fix marketplace instance reference in application.yaml template --- ods-api-service/chart/templates/tpl/_application_yaml.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index 2c2f241c0..516f15afd 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -21,10 +21,10 @@ spring: audiences: - ${OAUTH2_AUDIENCE:} {{- if gt (len .Values.externalServices.marketplace.instances) 0 }} - {{- range $name, $instance := .Values.externalServices.openshift.instances }} - {{ $name }}: +{{- range $name, $instance := .Values.externalServices.marketplace.instances }} - ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_BYPASS_AUDIENCE:} -{{- end }} +{{- end }} +{{- end }} datasource: url: ${ODS_API_SERVICE_DB_DATASOURCE_URL} username: ${ODS_API_SERVICE_DB_USER:opendevstack}