From 9ca033479bd6397175280fcb4d9753677c028033 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 28 May 2026 11:19:24 +0200 Subject: [PATCH 1/4] Add an example for overriding the destination --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 1b3cd3f..83e14c3 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,8 @@ PATTERN_CATALOG_DOCKERFILE ?= pattern-ui-catalog.Dockerfile .PHONY: help help: ## Display this help. @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-40s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + @echo "" + @echo "Override catalog destination with: make UPLOADREGISTRY=quay.io/rhn_support_mbaldess VERSION=partnertest pattern-ui-catalog-build" ##@ Pattern Catalog From 9edaf92fef4a074e5e84a377b345d1369e793673 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 28 May 2026 11:19:42 +0200 Subject: [PATCH 2/4] Add support for catalog_logo --- catalog.schema.json | 6 ++++++ generate-catalog.sh | 2 ++ 2 files changed, 8 insertions(+) diff --git a/catalog.schema.json b/catalog.schema.json index 2a052af..69d1b19 100644 --- a/catalog.schema.json +++ b/catalog.schema.json @@ -21,6 +21,12 @@ "type": "string", "description": "Description shown in the catalog UI" }, + "catalog_logo": { + "type": "string", + "description": "URL of the logo image displayed on the catalog page", + "format": "uri", + "default": "https://validatedpatterns.io/images/logo.png" + }, "patterns": { "type": "array", "description": "List of pattern identifiers included in the catalog", diff --git a/generate-catalog.sh b/generate-catalog.sh index 7964a51..ff68a6b 100755 --- a/generate-catalog.sh +++ b/generate-catalog.sh @@ -14,6 +14,7 @@ ORGS=(${ORGS[@]:-"validatedpatterns" "validatedpatterns-sandbox"}) TOPIC=${TOPIC:-"ui-catalog-enabled"} GENERATOR_VERSION="1.0" CATALOG_DIR="catalog" +CATALOG_LOGO="https://validatedpatterns.io/images/logo.png" # Normalize a single pattern-metadata.yaml (JSON from yq) into catalog schema. # Reads JSON on stdin, writes normalized JSON on stdout. @@ -140,6 +141,7 @@ CATALOG_DESCRIPTION=${CATALOG_DESCRIPTION:-'(Tech-Preview) Additional patterns c echo "generated_at: \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"" echo "generator_version: \"${GENERATOR_VERSION}\"" echo "catalog_description: '${CATALOG_DESCRIPTION}'" + echo "catalog_logo: \"${CATALOG_LOGO}\"" echo "patterns:" for name in "${pattern_names[@]}"; do echo " - ${name}" From 37a14b8badc2da54296b4026d741722d49443247 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 28 May 2026 11:20:00 +0200 Subject: [PATCH 3/4] Regenerate catalog --- catalog/catalog.yaml | 3 +- catalog/hypershift/pattern.yaml | 2 +- .../hypershift/values-secret.yaml.template | 8 +++ .../values-secret.yaml.template | 61 +++++++++++++------ 4 files changed, 55 insertions(+), 19 deletions(-) diff --git a/catalog/catalog.yaml b/catalog/catalog.yaml index dd17025..b13441e 100644 --- a/catalog/catalog.yaml +++ b/catalog/catalog.yaml @@ -1,6 +1,7 @@ -generated_at: "2026-04-16T11:34:50Z" +generated_at: "2026-05-28T09:09:10Z" generator_version: "1.0" catalog_description: '(Tech-Preview) Additional patterns can be found here: validatedpatterns.io' +catalog_logo: "https://validatedpatterns.io/images/logo.png" patterns: - ansible-edge-gitops - layered-zero-trust diff --git a/catalog/hypershift/pattern.yaml b/catalog/hypershift/pattern.yaml index 5454bb2..97befec 100644 --- a/catalog/hypershift/pattern.yaml +++ b/catalog/hypershift/pattern.yaml @@ -40,4 +40,4 @@ external_requirements: s3_bucket: true org: validatedpatterns-sandbox spoke: null -clustergroupname: prod +clustergroupname: staging diff --git a/catalog/hypershift/values-secret.yaml.template b/catalog/hypershift/values-secret.yaml.template index a2be8ec..8755967 100644 --- a/catalog/hypershift/values-secret.yaml.template +++ b/catalog/hypershift/values-secret.yaml.template @@ -19,6 +19,14 @@ secrets: fields: - name: credentials path: ~/.aws/credentials + + - name: hypershift-iam + vaultPrefixes: + - hub + fields: + - name: role-arn + value: "arn:aws:iam:accNumber::role/hypershift_cli_role" + # Begin groupsync/oauth config # - name: oauthCreds # fields: diff --git a/catalog/layered-zero-trust/values-secret.yaml.template b/catalog/layered-zero-trust/values-secret.yaml.template index 9185fc4..a5b715c 100644 --- a/catalog/layered-zero-trust/values-secret.yaml.template +++ b/catalog/layered-zero-trust/values-secret.yaml.template @@ -16,7 +16,8 @@ version: "2.0" # Infrastructure Secrets (hub/infra/*): # hub/infra/keycloak/ - Keycloak infrastructure secrets # hub/infra/rhtpa/ - RHTPA infrastructure secrets -# hub/infra/quay/ - Quay registry credentials +# hub/infra/quay/ - Built-in Quay registry credentials (auto-generated) +# hub/infra/registry/ - BYO container registry credentials (user-provided) # hub/infra/users/ - User credentials managed by IdP # # Framework Secrets: @@ -84,6 +85,17 @@ secrets: # onMissingValue: generate # vaultPolicy: alphaNumericPolicy + # qtodo-oidc-entraid — Microsoft Entra ID (Azure AD) OIDC for QTodo + # This secret supplies the client secret for the Entra app registration + # that backs app.oidc.clientId. The value is read from a local file at 'path' + # Create the client secret in Azure Portal and store it in that file + #- name: qtodo-oidc-entraid + # vaultPrefixes: + # - apps/qtodo + # fields: + # - name: client-secret + # path: ~/.azure/ztvp-entraid-secret + - name: qtodo-truststore vaultPrefixes: - apps/qtodo @@ -151,6 +163,17 @@ secrets: onMissingValue: generate vaultPolicy: alphaNumericPolicy + # Microsoft Entra ID (Azure AD) OIDC for RHTPA + # This secret supplies the client secret for the Entra app registration + # that backs zeroTrust.oidc.clients.cli The value is read from a local file at 'path' + # Create the client secret in Azure Portal and store it in that file + #- name: rhtpa-oidc-cli + # vaultPrefixes: + # - hub/infra/rhtpa + # fields: + # - name: client-secret + # path: ~/.azure/ztvp-entraid-secret + # =========================================================================== # USER CREDENTIALS (hub/infra/users/) # User passwords managed by Keycloak for application access @@ -174,33 +197,37 @@ secrets: vaultPolicy: alphaNumericPolicy # =========================================================================== - # QUAY INFRASTRUCTURE SECRETS (hub/infra/quay/) - # Registry credentials for Quay - # Policy: hub-infra-quay-secret (read access to hub/infra/quay/*) + # BUILT-IN QUAY REGISTRY SECRETS (hub/infra/quay/) + # Auto-generated credentials for built-in Quay registry + # Used by: Quay user provisioner job, supply-chain pipeline (when quay.enabled=true) + # Policy: hub-supply-chain-jwt-secret (read access to hub/infra/quay/*) # =========================================================================== - name: quay-users vaultPrefixes: - hub/infra/quay fields: - - name: quay-admin-password - onMissingValue: generate - vaultPolicy: validatedPatternDefaultPolicy - name: quay-user-password onMissingValue: generate vaultPolicy: validatedPatternDefaultPolicy - # External Registry Credentials (e.g., Quay.io, Docker Hub, GHCR) - # Reserved for future use with container signing workflows - # Uncomment and provide your credentials when needed - #- name: external-registry + # =========================================================================== + # BYO REGISTRY SECRETS (hub/infra/registry/) + # Only needed for Option 2 (BYO/external registry, e.g. quay.io, ghcr.io). + # NOT needed for Option 1 (built-in Quay uses quay-users secret) or + # Option 3 (embedded OpenShift registry with token refresher writes to Vault + # automatically -- see docs/supply-chain.md). + # Used by: supply-chain pipeline (push), qtodo (pull) when registry enabled + # Policy: hub-supply-chain-jwt-secret (read access to hub/infra/registry/*) + # + # Uncomment and replace REPLACE_WITH_REGISTRY_TOKEN with your registry + # token/password in your local ~/values-secret-layered-zero-trust.yaml. + # =========================================================================== + #- name: registry-user # vaultPrefixes: - # - hub/infra + # - hub/infra/registry # fields: - # - name: username - # value: "your-registry-username" # Replace with your username - # onMissingValue: error - # - name: password - # value: "your-registry-token" # Replace with your token/password + # - name: registry-password + # value: "REPLACE_WITH_REGISTRY_TOKEN" # onMissingValue: error # =========================================================================== From 8c2760111cc42d3715a3b9c11ee1b10b35dbae5f Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 28 May 2026 12:24:07 +0200 Subject: [PATCH 4/4] Clarify local file support in schema --- catalog.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalog.schema.json b/catalog.schema.json index 69d1b19..fd3858a 100644 --- a/catalog.schema.json +++ b/catalog.schema.json @@ -23,7 +23,7 @@ }, "catalog_logo": { "type": "string", - "description": "URL of the logo image displayed on the catalog page", + "description": "URL or filename of the logo image displayed on the catalog page. If a filename it just needs adding to the catalog/ folder", "format": "uri", "default": "https://validatedpatterns.io/images/logo.png" },