mbp-1020: Add UC02 Secure Supply Chain to layered-zero-trust

[mlorenzofr]

This PR adds documentation for Use Case 2 (Supply Chain) of the layered-zero-trust (ZTVP) pattern

[openshift-ci-robot]

@mlorenzofr: This pull request references mbp-1020 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.21.0" version, but no target version was set.

Details

In response to this:

This PR adds documentation for Use Case 2 (Supply Chain) of the layered-zero-trust (ZTVP) pattern

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hi @mlorenzofr. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[gaurav-nelson]

/ok-to-test

[gaurav-nelson]

Need minor language updates. [@gaurav-nelson to fix]

[gaurav-nelson]

@mlorenzofr I'll fix the minor language issue once I get the technical approval from other reviewers.

[sabre1041]

Looking really good. A number of comments, suggestions and recommendations

[sabre1041]

Should we obtain a fresh OIDC token from Keycloak? The token that I obtained originally expired during my testing

[mlorenzofr]

I don't know, the OIDC token expiration depends on how long the user takes to run the tasks, or the environment in which they run them. It's difficult to say whether that will happen in this step or any other.

If the error isn't too cryptic, I think we could rely on the user's expertise to figure out what's happening and generate a new one, the instructions are already in the documentation.

If necessary, I would add a warning to the token generation step explaining that this step may be required several times throughout the process.

[openshift-ci]

@sabre1041: changing LGTM is restricted to collaborators

Details

In response to this:

Looking really good. A number of comments, suggestions and recommendations

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@mlorenzofr: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/build-preview	267592b	link	true	/test build-preview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.