fips stemcells when published in the pipeline
will be put in a private bucket called bosh-core-stemcells-fips
if a working groups needs these fips stemcell the can retrieve them with the bosh-io-stemcell concourse resource => 1.2.1
by setting
resources:
- name: stemcell
type: bosh-io-stemcell
source:
name: bosh-aws-xen-hvm-ubuntu-jammy-fips-go_agent
auth:
access_key: ((access_key-credhub_ref))
secret_key: ((secret_key-credhub_ref))for this you need a service account setup with hmac keys https://cloud.google.com/storage/docs/authentication/hmackeys
setup access permissions for the bosh-core-stemcells-fips bucket
a service account should be setup in the working group that want to access the fips stemcells. this account should then be enabled with hmac keys
requirements:
Login to the cloud-foundry-310819 GCP project gcloud auth login and setup
access for cross-project buckets. In the example below replace PLACEHOLDER with
the service account that is created in the previous steps.
Ex: test-dev@myproject.iam.gserviceaccount.com
gsutil defacl ch -u PLACEHOLDER:READER gs://bosh-core-stemcells-fips
gsutil acl ch -u PLACEHOLDER:READER gs://bosh-core-stemcells-fips
gsutil -m acl ch -r -u PLACEHOLDER:READER gs://bosh-core-stemcells-fipsReference: https://cloud.google.com/dataprep/docs/concepts/gcs-buckets