From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 473FA2517B7 for ; Thu, 3 Apr 2025 17:55:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=205.220.165.32 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743702937; cv=fail; b=UN69s3O/6cibcPM59nmiDd0EadQnv2wN6Ew/Q0F4Itn6wRNoH2VZe+h2hSpPBTWKNKiJGpycQ1oxJfSS+HlWn5vUbaZ4iW2kOqTgLVvwdZpWgiyfyBC/+gi/4c76TgAC7mHfqVXfkC6akx2A1yFPurYUM0A5ICYRYDAdvbp9jAs= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743702937; c=relaxed/simple; bh=NrfSrOpzSPLdDjQf7kmtXU9vMyIY69AJGd+f8kltnEw=; h=Message-ID:Date:Subject:To:Cc:References:From:In-Reply-To: Content-Type:MIME-Version; b=mlfa3yCBNUWvM6YCxS5baPjL9i0+xatEURuNAB0tkO087sWcnj808toc2FoeMnAzoCYbyYcWvA+orrljVFyOgS4w4Co6+GwYXaAXMES3XW7qxmsP9VtVFxbQHdLSqtcIVoRsVObdWPOx1FGa8LuKHPHP8B7cUq/aFDULCjX48gI= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=HUT/bCM8; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com header.b=hGIUcIKM; arc=fail smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="HUT/bCM8"; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com header.b="hGIUcIKM" Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 533GJWFg031411; Thu, 3 Apr 2025 17:55:32 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s= corp-2023-11-20; bh=d8ZeQxP0+iUq9hMlzcBEEHAx7FndY5iW4GWMZCvJqcE=; b= HUT/bCM85eLDcxI1dcl0BoHjrcl9yDTG3PBVm9DW26OMw0iN0TI4hNnRj+OJ6h4s aP0OQXZIeP/V+Cd0rUBtKlBDlG2dqsWeQgdnmb5EeLVftps/idYxKvGdLwwO614y lhcs5rbP9ftqnVK1Tq8t2CWZdBG24qksKXF8jVHOTjZSYHZc/G7I9kdZ43f8UORy yZLx9vQN+hkAJNt7uGoevwFK9isB16H9pP/OkIgZbMvGyzdBQREevkaBqCGkGmhq 1ys8do36xqYnRF2XGhJL3WwloN/xrn21Q1YepTuDUmajnfsGEMaWxkKSf+ihfqWk y9BN+PWwaceKqcga1kY2fg== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 45p9dtngja-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 03 Apr 2025 17:55:31 +0000 (GMT) Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 533HYTsT004785; Thu, 3 Apr 2025 17:55:30 GMT Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2173.outbound.protection.outlook.com [104.47.58.173]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 45p7acrer4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 03 Apr 2025 17:55:30 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GczZbw2YYlNPKFXAAc7jH/qwi2OZ7vW5LFbicwbYX/6yJgbEe72mwPsO/pG0yMgNEKW+40XqcVIIiXrxImaSw/MqMQR12rABRa+ezpF9zrU8FfBr8jzClls0Fs4x8au3HVf36dhdWE3XAnhgEFUQdp/MqopwzHSEOrhtQPoCi6PjE6QXaPmTp6l1mBNNqVaceDBMG1/QIGBItwhhM6qDn9EVxlwqX6n9H/Vhl8RaRIfVymI7QeM+5EI7gtibO6E/BC29iaX7w41qHXE51VIlkjVeJrnfjYnMYVmMwgObdIribSOtW8v/5S4CmHH7gpEt1sWf9JNCN8HoUQAUVt7QWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d8ZeQxP0+iUq9hMlzcBEEHAx7FndY5iW4GWMZCvJqcE=; b=XEZtsV68e1Bfamjdou4sXCnxTMVQEZ89Tb95sYmitr+8l03r42uQS9rL7GxdMZPYuICrqBt/O2rhhQ7JZXlmksgbXf+ypqdC77LBETr5+ejOrKv454L60UTKjs/XKm4gSZHwLMGMDYXGxP3HHnimHjs3A2R1uLt+KIik1FUOi0sAD6fYsYrWnvTuNEjnk7FLRujXCaxggCFE001dzG41W9wg2iOO7cOnEIm4BiZF/DZ4i6MsbqU12aaD4rM4EiyA69sdB0Az+rNkndwSfaMsjhnP0dROkDuQb97VdPmISTK3eFZXCJrJBNWPWtXHeS4/ksnqnoB4mwVowGQAvDj0cw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d8ZeQxP0+iUq9hMlzcBEEHAx7FndY5iW4GWMZCvJqcE=; b=hGIUcIKMWmOetxzPM+vxsdIgYNA2n8qLehnM0xp3EW08MJ+/X+2QM/TQwAI3wjACjE0t2fv9lIR1VdUFydIG/0HI7/qy6hS7XA4ZOuKileKWVOXCUv/xIzm3DoV/rZFrIQFp1TfvIobL1EFLbKUXqjNHnEKvIpm/Y4UUd4YjfiQ= Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by SA6PR10MB8040.namprd10.prod.outlook.com (2603:10b6:806:447::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8583.39; Thu, 3 Apr 2025 17:55:29 +0000 Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::743a:3154:40da:cf90]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::743a:3154:40da:cf90%6]) with mapi id 15.20.8583.041; Thu, 3 Apr 2025 17:55:29 +0000 Message-ID: <7e0c498d-6838-446d-b799-276cb2dbda87@oracle.com> Date: Thu, 3 Apr 2025 13:55:27 -0400 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH] terraform/OCI: Grab secrets from ~/.oci/config To: kdevops@lists.linux.dev Cc: Luis Chamberlain , cel@kernel.org References: <20250403144906.1186015-1-cel@kernel.org> Content-Language: en-US From: Chuck Lever In-Reply-To: <20250403144906.1186015-1-cel@kernel.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH0P221CA0006.NAMP221.PROD.OUTLOOK.COM (2603:10b6:610:11c::29) To BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN0PR10MB5128:EE_|SA6PR10MB8040:EE_ X-MS-Office365-Filtering-Correlation-Id: 7cab1cc3-5aad-4310-8df8-08dd72d8b865 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|13003099007; X-Microsoft-Antispam-Message-Info: =?utf-8?B?OWw4T29tVVpyRyttcjI4TUsxOVNJSGF0SzNhSEx5TXV1RjEwUlFVeGVQVVBt?= =?utf-8?B?elJiWWdyZThONkhwTkRQUy9OT1oySVA5ZnJLaXJnNkxxN2xMSGZjb1c4a3VH?= =?utf-8?B?OHhQb054bnh1MUpnem8zZk5ZZ0QxejcycjZJdno5QlRCdHBBNncxZzlBQ2pt?= =?utf-8?B?MzBlUHppUXBSMU5iWUptSCt2MjFNUW9EN3FZZ3ZnQnJuNlZkZVEvd3pTWjM0?= =?utf-8?B?L1FVYTdGcFRIQkpUUkkwYnRqLzBnRTFacEQrcU9VY1I0TUV2ZkgyZ3NqN0pi?= =?utf-8?B?aStBTnVCWFUwY1lZd3R4dThqWVAyMmhOZmFNczFtb1RpSjZhMUQzNWc1SG5s?= =?utf-8?B?QlRYK01Qd2hRSmZTalF0VWd4Vm16ZldEbERjSjFiVXgxaHRleDVwVHdvWTRs?= =?utf-8?B?RytCQ1g0dW1ERm1tTG1KM2xCV2dVVDNxeFZWRDFwbGxLclFCRXJsVER6dms3?= =?utf-8?B?UU9vOFkxcnJUam95WjlhdHdkVThpbE9TZFUxNElXMEpmeHpVbWJ0bkNYaC84?= =?utf-8?B?TnRTcjhXWTFyOU8rZXNZcHJMYVJzdEE5UFhodWZoU3NLN04zMVoxeWdsVmNW?= =?utf-8?B?aHBVMHRYakRCOFpKby9tQXJleFhySU9velhpczFWdW5YMHVGV2RqZjJlcmlM?= =?utf-8?B?d1JIdTBPaU1BdWVpRTVpbEkrQUlYNWR2dFh6UkhWa1BlS2hidzhrdlMyTklO?= =?utf-8?B?c3JyUG1aUUJUbWl4eFVLZlJ4ZFRyb2MrU2RidHdBR3M3d3BpbmhCSlpUWVRT?= =?utf-8?B?ZHBzcUEwVE8rdHBlNldiV29NRnRoNXdDTWZPVXZSaGRRUU9PTEhJWXBSL1pV?= =?utf-8?B?bkR0UE95Vy94TThpS3M4ck5xVlE4N3haU255YW0rYWxnTitWMTRpV0FTc2VZ?= =?utf-8?B?MTlEcnEyR25lbjB0R3R1UHFtMWhZeXdxY0NRVGh5Y2VpUU5lSGpUNGdNRWFr?= =?utf-8?B?Mzgwd3VtMUs1b3VCQ0wyU3Nmek96TVFuZjFNTENGd3k5QTF0L1NBNDJDbzVM?= =?utf-8?B?cnlKTEZNamYvWlJLWDVkM2drMk54RERNR3p6UEdEUFF5T3dnamdIM1JubW1N?= =?utf-8?B?N28rRWxSUkRDTkFHUDE5R1hGek0wWHAyNzJKQTdSalEvd3htV2dCOEdHZnhn?= =?utf-8?B?dCt6cjJaNEx2cVF3THBJT3duaVNIV1A2VTljdy8vZFdnZnBtdEN4RkgrZSsx?= =?utf-8?B?UHE4TVN0cDczZDRLZzVyTUt0eVFCVjBCMDZJTGx5VXpHQU9vOW5JTElYdDdl?= =?utf-8?B?WGk0VTRydktpVlBuRHcraGVSRzcvWGVMOVQ3ZkNWSE5GY3N6cFkrZThlTzYz?= =?utf-8?B?WlVnTU1hRDBSY1F5UVU2U1ZsaE5jMkRteDM3NXF5SXRxQVFnTDh3eEh4V0dw?= =?utf-8?B?NFYwWTVoa2VKS29zWjRRTjlGRjVHMndXMDM3WWY2RjRydHE2TENDYXJ5UVhZ?= =?utf-8?B?aE1UQitReWtGcmxISlJXcmNUOWNRYjNROTQ5d01LTHF3bEx2RHJQalJiZWty?= =?utf-8?B?VVRKMVA4dlA5OFBSL2NXQ2ZYRWMrb2tJbHVUNkxicEd3N2ZVd0JCL3pFZ29k?= =?utf-8?B?QVFuQnAyejQ1R2d6RFhUM3pkRWhxTHRxRVZOUFA0RTUrSnhLZ2xaVnBCRU1O?= =?utf-8?B?S1NXTVRPVW9CdE92K1JuZm1BS2kyRVFRWXg5OEczbVJ3aStMZ2lYNUlXMFl2?= =?utf-8?B?Vk9lNnBIK2lPWnVYNDYzTkkrR0lVcHVxb2hXQ3UvditRUWYvaUhMNDdzRWVk?= =?utf-8?B?N1luVFV6SDBuTmRray83MmNiVTBQWXlQcVpYdkRQeFNVVHF5djAxaGsrc1VG?= =?utf-8?B?U2x0VCtvTXpMZmhncCt3QlhvYUNvZmhOTGpsOWdmRmNsRHJZQWRud0NhWitI?= =?utf-8?B?N1JDRlAzRnpTaEVXRTBPekdydFdPc0tpVS9ZbGdCMU1FTlE9PQ==?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR10MB5128.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(13003099007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TlUvdDVIMGtyNnFFKzlFZG9yVkpsczdOMTREdkxXeU4wVEg1OXVpK2NvQTFx?= =?utf-8?B?WFN2TDljNTMzbGRxdGM1dlFVenJPVmgwWis1enkxRGs0dkowMnlvS3RnNzRr?= =?utf-8?B?VTNPaW5mUFFNM0FpNVNQVEJWREUvZGg2UHd6UEZuOGRCdnV4MnY2dGZmelFs?= =?utf-8?B?eituaWRRTzRhZ3YzbGhSYXdjZUNCcHZnL3lKcHhTQ3pkVXZ4K1NtUGY0V1pE?= =?utf-8?B?RzIzdnlGWG41cEFLdkhFUVVQdTJsSVg2OExqUUlqbkhjNHZPVTQvVnVoYk5X?= =?utf-8?B?RTF3SWgra2xPS1JDc1FNYWVzUlZmYlc1RWlqRDRIVUZtS3RHaTVYVFdWVnda?= =?utf-8?B?OG1zRkVpdFVHTUdxeG9XQUorWGxEZkphYk93UXlLQnM5d0ZYRThaZ1BaV3pi?= =?utf-8?B?WWhiamQ5UUozOHdUSmlmWlhlK0t2dWRxZmVtYTdvRTlMMGlONGljRUtSclpo?= =?utf-8?B?d1d5L0xRalBmaXZPYzU5aVF1UzY3QWdJRmNuWHJVNEtvSXY1VG5CSWFFdnBx?= =?utf-8?B?eXpicFVwOHczTnE4cHl1NnVtYWgvdDV2QTZKZ3FNaFFqQ2xJM1VORmJyckxZ?= =?utf-8?B?S3E1OFMxNkcwT0J0N05pd0dYejRmQlFYWkZYWTZJaSsrVlQvUitRRHkxdFpL?= =?utf-8?B?ckZ1aStNTzdoU1N2U3ZFNHlNRU1MUWpKM0N3SnI3QzZLaFo4T1pFS2pOZkpH?= =?utf-8?B?cTVwbllteHZIb1FDSkI2ejZ6KzUvdlZHZlZscUhKMHpCWWwvQ3BmbVc1T0Vt?= =?utf-8?B?YjJuajVsNTBsM3RUNDRjeWtPRFpCWDJZTml0UElEMTgyeXZ2NTNidnlFVDVt?= =?utf-8?B?YXA5dU9FQjVjZ0FEbHRVb0tZR3NXNFZSRnF6YnBSZFRpVGg1TVpZS2oxc1BR?= =?utf-8?B?ODY2czdMYjJ6OEdJanI5Zm8xeWlNUWUwSFE5WjR3cDJWUkZIZmVyN3pPbUtJ?= =?utf-8?B?SC9VbWRFL0tYelFNRnpnTFF1REM4ZnY0cTdxZnYrV2JCcHdDODZuZDJyNWNr?= =?utf-8?B?dGlwSGVMbzQ3bitIQmFjcnZENTJGRzJMb2g2dHRpcy9aL0l1Z0Vid2EvSGY5?= =?utf-8?B?N1NINzM2WjJDTTVudVJPZzN4RG96UHlkU3NCV3FGb1ByYUM2V3QvcjhWYkFM?= =?utf-8?B?QnVWbGVZWTRyaW5GdWdCY2FUb1AvNmJDcmpLS2J4eno5dzYyUVhVWmN5RTEy?= =?utf-8?B?Sk8vWDZTV3VtNEgwZmwvK1h4SnBxUnUvSlR5RGYvTUxpL21KeXJHRnUrSnJK?= =?utf-8?B?bkpsWDZYOGcwTmlLNmc0Vkk1MXF1bkdIamJ6SzQxd3F3SGk2SUR3ckkxOUVk?= =?utf-8?B?Y2VsTUJGOHFiODR2REpBUDdNWXZBdkphanpjWTBldjZzcnJsWDJ6MFdoZmpX?= =?utf-8?B?blM0OUFaZzdxeUNGNTIvUnpGR3BMaitLTXl1a1ZhMFhXT1dmSUhKZkIrWExy?= =?utf-8?B?RWo5T0wramdZWVY1SFprcmJ2S2FPVG05SEt6WkJjT3VtNitZMkhidXJPc1FO?= =?utf-8?B?cFVLR0lIRHdMbFF4eWtVYmpyeE0vK3g3NG5hMlhRazZQUEFBek9LR2F4a3hn?= =?utf-8?B?b05tWXRpT29OZFh0R1JPejQ4RHFGdEltOFIreFQrRGQyRUJncUFVVWNmeHBm?= =?utf-8?B?QSthUkNjaXJ2MHNGWmdRMk5GUzAyRnB0S0poakZJazJJWllPTTkvRjgxaS9x?= =?utf-8?B?YzlYM2Y2QTB5U2V4eEd2WFNMdnhkRHZ4RlY3azNkUVQydlNJaFkydUorNXRR?= =?utf-8?B?UDRFNE5oRW1tZVdwcjNDbkhKZGswaDNnRXJXd2QvL1lxVm11Sys3UjdCbW9I?= =?utf-8?B?UGVENzMweHBkL1RMRTdpazNJNTMwTzU3THRQN1dmMlhnbWNtb1JldDRRd0wr?= =?utf-8?B?WjRQZDE1YlE5K1VGWUFBZm5SVjY1RDFZTmRjZ3dQRGN6ZmZQdUVVUHAvaUk3?= =?utf-8?B?TWxVOVRjcVN5KzdiWWllZzNRcWpXcW1sNk1wV0RWYm50WkY4STh6TS81MnBv?= =?utf-8?B?c1M2QjdtU2YzZno5U1V1cVp6clZlYk1YenZHZmJwdXVoYTNoREI5dW1oeXZ4?= =?utf-8?B?QUIwdUprelhBWVdZTHV6QlBvMVVLQVJZdmtPd0g3TUt3R2hEeTUyZENlMldy?= =?utf-8?Q?jZW05aEpWJ3OBb5IARxx4By9Q?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: /FbtLhCzaZ+KMa8mjcjQhXhxnPZjQz1hJGxNVZH6zHzayM3mrFqgqbDW+K2eW7kw5bNyquS1p/MvUgagk95p8keBnQXx7/7vmftmAieHEqjGe9FRiFatyAT9y8pyLiiF6pL36ahRTm4vpjlIf6mlnS1PA1fO1XN04tAIGwUtINuQRzNClficm8HrJb+e6CQn/8IQsZ2E2lWLU7IWsBAS3DCXIVUKiAJsgPyFSkqBhw+2UGt0rvOChtDvt09cS3Z3mnHM5td57wQEiO5LpcLQ7hNHmCnY7SCqTNroTTm2RHEXgYyUZV0a9PZYTMBmajaehrcql7wDkWkLonRkegHAwNeQFlj6FIbZk5xHPvxO15J7suxkKettJpos/qBMoMZjKGieZQaiN94mLkbeyi9aBf8DFo9n6NWrIf/dA6M7Gh4CwnlViRqtfQSoBbtIn8kIpBkdhbR8ytejjfZI2MqO3rKE+9OJWKSOnGuiFVaIGmb4+c0qg8U3oTgdArCIMfyX+weKsJVsASJFNXgmfSY+jI8nT5eOkywCRtJEZ1jgAuqSN9HrdKU4DgXbmV2PF3RNL5Zk8k+8rTh59O0sTI7BWFwVXTYGIKe/3hkY21EzneE= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7cab1cc3-5aad-4310-8df8-08dd72d8b865 X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2025 17:55:29.0173 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GUtnBapHcKwIRIHHqQSvygWHoy7so2RioldxC6Z8lludE+OEFhLt78AU4QqbX5zz5dfiw9mh7dicHyTUeVtXhw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA6PR10MB8040 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-03_08,2025-04-03_03,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504030091 X-Proofpoint-ORIG-GUID: If-Li-Yr0QSpRRuuy58MOcxVL-FGr-gG X-Proofpoint-GUID: If-Li-Yr0QSpRRuuy58MOcxVL-FGr-gG On 4/3/25 10:49 AM, cel@kernel.org wrote: > From: Chuck Lever > > Instead of storing authentication secrets in the kdevops .config > file, pull them from the authentication profiles already set up > in ~/.oci/config. This arrangement is more secure. > > terraform's API authentication is now managed outside of Kconfig, > as is done with AWS. An update to docs/kdevops-terraform.md to > follow. > > Suggested-by: Luis Chamberlain > Signed-off-by: Chuck Lever > --- > .../templates/oci/terraform.tfvars.j2 | 5 +--- > scripts/terraform.Makefile | 4 --- > terraform/oci/kconfigs/Kconfig.identity | 27 +++++++------------ > terraform/oci/provider.tf | 7 ++--- > terraform/oci/vars.tf | 25 ++++------------- > 5 files changed, 17 insertions(+), 51 deletions(-) > > The tenancy OCID, user OCID, fingerprint, and private key path > Kconfig settings would no longer be needed. This patch fits > somewhere in the middle of the 00/31 series, replacing several of > those patches. It appears that, though undocumented, terraform's azurerm provider can also pull its authentication material from a home directory dot file (~/.azure/azureProfile.json). Proof-of-concept tested and working. Google already works this way. So we can use the "secrets are stored outside of kdevops' .config file" for all four major cloud providers. > diff --git a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 > index f7b9ffb48c64..73b963230882 100644 > --- a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 > +++ b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 > @@ -1,8 +1,5 @@ > oci_region = "{{ terraform_oci_region }}" > -oci_tenancy_ocid = "{{ terraform_oci_tenancy_ocid }}" > -oci_user_ocid = "{{ terraform_oci_user_ocid }}" > -oci_user_private_key_path = "{{ terraform_oci_user_private_key_path }}" > -oci_user_fingerprint = "{{ terraform_oci_user_fingerprint }}" > +oci_config_file_profile = "{{ terraform_oci_config_file_profile }}" > oci_availablity_domain = "{{ terraform_oci_availablity_domain }}" > oci_compartment_ocid = "{{ terraform_oci_compartment_ocid }}" > oci_shape = "{{ terraform_oci_shape }}" > diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile > index 3235c1af84b9..75ba9b97b518 100644 > --- a/scripts/terraform.Makefile > +++ b/scripts/terraform.Makefile > @@ -96,10 +96,6 @@ endif > > ifeq (y,$(CONFIG_TERRAFORM_OCI)) > TERRAFORM_EXTRA_VARS += terraform_oci_region=$(subst ",,$(CONFIG_TERRAFORM_OCI_REGION)) > -TERRAFORM_EXTRA_VARS += terraform_oci_tenancy_ocid=$(subst ",,$(CONFIG_TERRAFORM_OCI_TENANCY_OCID)) > -TERRAFORM_EXTRA_VARS += terraform_oci_user_ocid=$(subst ",,$(CONFIG_TERRAFORM_OCI_USER_OCID)) > -TERRAFORM_EXTRA_VARS += terraform_oci_user_private_key_path=$(subst ",,$(CONFIG_TERRAFORM_OCI_USER_PRIVATE_KEY_PATH)) > -TERRAFORM_EXTRA_VARS += terraform_oci_user_fingerprint=$(subst ",,$(CONFIG_TERRAFORM_OCI_USER_FINGERPRINT)) > TERRAFORM_EXTRA_VARS += terraform_oci_availablity_domain=$(subst ",,$(CONFIG_TERRAFORM_OCI_AVAILABLITY_DOMAIN)) > TERRAFORM_EXTRA_VARS += terraform_oci_compartment_ocid=$(subst ",,$(CONFIG_TERRAFORM_OCI_COMPARTMENT_OCID)) > TERRAFORM_EXTRA_VARS += terraform_oci_shape=$(subst ",,$(CONFIG_TERRAFORM_OCI_SHAPE)) > diff --git a/terraform/oci/kconfigs/Kconfig.identity b/terraform/oci/kconfigs/Kconfig.identity > index 928c700d9bd4..dce8f3bb54d9 100644 > --- a/terraform/oci/kconfigs/Kconfig.identity > +++ b/terraform/oci/kconfigs/Kconfig.identity > @@ -5,23 +5,14 @@ config TERRAFORM_OCI_TENANCY_OCID > Read this: > https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm > > -config TERRAFORM_OCI_USER_OCID > - string "OCI user OCID" > +config TERRAFORM_OCI_CONFIG_FILE_PROFILE > + string "Authentication profile entry" > + output yaml > + default "DEFAULT" > help > - The OCI ID of the user to use. > - Read this: > - https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm > + Authentication secrets are stored in ~/.oci/config. That > + file may contain more than one entry/identity. Select the > + entry in ~/.oci/config that kdevops uses to > + authenticate to OCI. Examples: > > -config TERRAFORM_OCI_USER_PRIVATE_KEY_PATH > - string "OCI user private key path" > - help > - Path to the file containing the private key of the user. > - Read this: > - https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm > - > -config TERRAFORM_OCI_USER_FINGERPRINT > - string "OCI user fingerprint" > - help > - Fingerprint for the key pair being used. > - Read this: > - https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm > + https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm > diff --git a/terraform/oci/provider.tf b/terraform/oci/provider.tf > index 80361d3ac562..c4619e244d73 100644 > --- a/terraform/oci/provider.tf > +++ b/terraform/oci/provider.tf > @@ -2,9 +2,6 @@ terraform { > } > > provider "oci" { > - tenancy_ocid = var.oci_tenancy_ocid > - user_ocid = var.oci_user_ocid > - private_key_path = var.oci_user_private_key_path > - fingerprint = var.oci_user_fingerprint > - region = var.oci_region > + config_file_profile = var.oci_config_file_profile > + region = var.oci_region > } > diff --git a/terraform/oci/vars.tf b/terraform/oci/vars.tf > index 4c6383d9b231..9e67ee9a8959 100644 > --- a/terraform/oci/vars.tf > +++ b/terraform/oci/vars.tf > @@ -1,28 +1,13 @@ > +variable "oci_config_file_profile" { > + description = "Entry in ~/.oci/config to use for API authentication" > + type = string > +} > + > variable "oci_region" { > description = "An OCI region" > type = string > } > > -variable "oci_tenancy_ocid" { > - description = "OCID of your tenancy" > - type = string > -} > - > -variable "oci_user_ocid" { > - description = "OCID of the user calling the API" > - type = string > -} > - > -variable "oci_user_private_key_path" { > - description = "The path of the private key stored on your computer" > - type = string > -} > - > -variable "oci_user_fingerprint" { > - description = "Fingerprint for the key pair being used" > - type = string > -} > - > variable "oci_availablity_domain" { > description = "Name of availability domain" > type = string -- Chuck Lever