From f73fc0f01997818f9472e818ab55c52a64c2e033 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbyn=C4=9Bk=20Dr=C3=A1pela?=
 <61500440+zdrapela@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:26:37 +0200
Subject: [PATCH] Manual cherry-pick of #1731 and #1741 (#1746)

* Fix `droute` limiting attachment size (#1741)

* Update KEYCLOAK_BASE_URL secret handling (#1731)

The KEYCLOAK_BASE_URL is now fetched from a file instead of being hard-coded. This change enhances security by avoiding the storage of sensitive URLs directly in the configuration files. Additionally, the corresponding base64 value in the secrets YAML has been updated to a placeholder.

Signed-off-by: Gustavo Lira <guga.java@gmail.com>

---------

Signed-off-by: Gustavo Lira <guga.java@gmail.com>
Co-authored-by: Gustavo Lira e Silva <guga.java@gmail.com>
---
 .ibm/pipelines/auth/secrets-rhdh-secrets.yaml | 2 +-
 .ibm/pipelines/env_variables.sh               | 2 +-
 .ibm/pipelines/utils.sh                       | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml b/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml
index 4afd45aec..10844c9ca 100644
--- a/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml
+++ b/.ibm/pipelines/auth/secrets-rhdh-secrets.yaml
@@ -23,7 +23,7 @@ data:
   K8S_CLUSTER_TOKEN_ENCODED: dGVtcA==
   OCM_CLUSTER_URL: dGVtcA==
   OCM_CLUSTER_TOKEN: dGVtcA==
-  KEYCLOAK_BASE_URL: aHR0cHM6Ly9rZXljbG9hay1rZXljbG9hay5yaGRoLXByLW9zLWE5ODA1NjUwODMwYjIyYzNhZWUyNDNlNTFkNzk1NjVkLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZA==
+  KEYCLOAK_BASE_URL: dGVtcA==
   KEYCLOAK_LOGIN_REALM: bXlyZWFsbQ==
   KEYCLOAK_REALM: bXlyZWFsbQ==
   KEYCLOAK_CLIENT_ID: bXljbGllbnQ=
diff --git a/.ibm/pipelines/env_variables.sh b/.ibm/pipelines/env_variables.sh
index 68fad3383..195093a33 100755
--- a/.ibm/pipelines/env_variables.sh
+++ b/.ibm/pipelines/env_variables.sh
@@ -45,7 +45,7 @@ K8S_CLUSTER_API_SERVER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n
 K8S_SERVICE_ACCOUNT_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
 OCM_CLUSTER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
 OCM_CLUSTER_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
-KEYCLOAK_BASE_URL='https://keycloak-keycloak.rhdh-pr-os-a9805650830b22c3aee243e51d79565d-0000.us-east.containers.appdomain.cloud'
+KEYCLOAK_BASE_URL=$(cat /tmp/secrets/KEYCLOAK_BASE_URL)
 KEYCLOAK_LOGIN_REALM='myrealm'
 KEYCLOAK_REALM='myrealm'
 KEYCLOAK_CLIENT_ID='myclient'
diff --git a/.ibm/pipelines/utils.sh b/.ibm/pipelines/utils.sh
index c5360f71d..da481239e 100755
--- a/.ibm/pipelines/utils.sh
+++ b/.ibm/pipelines/utils.sh
@@ -90,7 +90,6 @@ droute_send() {
     --username '${DATA_ROUTER_USERNAME}' \
     --password '${DATA_ROUTER_PASSWORD}' \
     --results '/tmp/droute/${JUNIT_RESULTS}' \
-    --attachments '/tmp/droute/attachments' \
     --verbose"
 
 }
\ No newline at end of file