chore: use new Auth0 app for CI

Store client ID and domain encrypted.

Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>

.secrets.yaml

@@ -1,6 +1,8 @@
 secrets:
     AUTH0_TEST_USERNAME: ENC[AES256_GCM,data:lPddHbDVfWxaEW7ujLDnWdhIBMFj2hcp,iv:oG3Ebn8ym7g/Z7L3A3BTHRHIk+zzblZKvzMKYMPSfWI=,tag:wV7xJWbnLrj/UWj0fGGQCw==,type:str]
     AUTH0_TEST_PASSWORD: ENC[AES256_GCM,data:3tgQjqv5ktdnnGUQw5Lpuw==,iv:F8zYxqk5P0tV1Pvt6QBlho8H0wuX+K91pgwLzF+4kC8=,tag:HJ4s14d/u2KyP780wFDk/w==,type:str]
+    AUTH0_CLIENT_ID: ENC[AES256_GCM,data:HevA8uFKCOPF8W/FRjSo/pyUFN66eXwvAxaqT5LdnT0=,iv:qpWNjsRSZ28lWQJGfMoGQvLY8KRKWv1dhR07vCgIvIU=,tag:x5BS26iacdBMv2ZkdCdr3A==,type:str]
+    AUTH0_DOMAIN: ENC[AES256_GCM,data:2vv9ay+hC1kN46MG8E0v1Z3G7Dm0hMmLx1/AWg==,iv:9thZflFQ1yhf0jH3u6Om7RV7Y/qYzrTf82hoYrDvyG0=,tag:BUNuHJobt/NoR5FFQBIbIQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +18,8 @@ sops:
             NXI3VkxLU0htQUZ0Ry8rYUpLTnNXYlkKzfLUus7SkKBEj+oG3f7NBe+6UVidpxRd
             OvOSqsACIUJJnRdfs8/X5Jbvruz38Zt3dYR436NFo2IHtYUdHIHO3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-18T17:04:12Z"
-    mac: ENC[AES256_GCM,data:5/rb0mtPxV7llLsWZYKpRw6EZptcLCcBCl9g5De1z7IBfvFnvs/kiZr2Q/mZtewveVACEuy9K+cy4hPuf1o1QjdVhrLh+nMj5rb0WQtuHDMhEI8Jz/BEJoXvkg29UE3Ow09n4BCo3aQ0y9v+Lep5Y16HlYzo5HLHvU+vuGXL+zw=,iv:YQyTbs0E8sylUP4nAnDCVn452Cw44YSD5vGJeNngHzc=,tag:hSVilzB800vvjv7bb12klg==,type:str]
+    lastmodified: "2024-05-06T09:52:57Z"
+    mac: ENC[AES256_GCM,data:4qmhG/liKJdnEBxvvnxnpb9xJpS8GGjCAHGUVM4dGtYY5+TkfgnSQyvVdg88Ag16nMDTBEeRJO6VfOYD/Wx/PfIYnajhxRm3ZYuPPSJ5t0LGqRryUtR9vJTtHuTew5gjX8FCTvjiGJzqcfTiq11HhN3Xyu7VNwwan50QUvz5oKY=,iv:Rc0/1kH74ahBkNygwFrOZymWMnPj3VCQZ7wBi1d7Rzc=,tag:Cgdjhlc24S2gklSKYe5mPw==,type:str]
     pgp:
         - created_at: "2024-04-18T18:21:00Z"
           enc: |-

hack/generate-certs.example.yml

@@ -7,9 +7,13 @@ email: test-user@siderolabs.com
 host: localhost
 additional-hosts: []
 bind_addr: 0.0.0.0:443
-client-id: jS47T064CfFE1IqqIYZ8HfYLkZhFoa1Y
-auth0-domain: sidero-omni-dev.us.auth0.com
 pprof-bind-addr: 0.0.0.0:2135
+
+# auth0 client id and domain is used to enable authentication flow
+# you can create a free dev account in Auth0 and create an app there
+# client-id: <client-id>
+# auth0-domain: <auth0-domain>
+
 # registry-mirrors: # optional, but speeds up deployments a lot
 #   docker.io: http://172.20.0.1:5000
 #   k8s.gcr.io: http://172.20.0.1:5001

hack/test/integration.sh

@@ -86,6 +86,8 @@ export AUTH_USERNAME="${AUTH0_TEST_USERNAME}"
 export AUTH_PASSWORD="${AUTH0_TEST_PASSWORD}"
 export BASE_URL=https://localhost:8099/
 export VIDEO_DIR=""
+export AUTH0_CLIENT_ID="${AUTH0_CLIENT_ID}"
+export AUTH0_DOMAIN="${AUTH0_DOMAIN}"
 
 # Create omnictl downloads directory (required by the server) and copy the omnictl binaries in it.
 mkdir -p omnictl
@@ -97,8 +99,8 @@ nice -n 10 ${ARTIFACTS}/omni-linux-amd64 \
     --siderolink-api-advertised-url "grpc://$LOCAL_IP:8090" \
     --auth-auth0-enabled true \
     --advertised-api-url "${BASE_URL}" \
-    --auth-auth0-client-id jS47T064CfFE1IqqIYZ8HfYLkZhFoa1Y \
-    --auth-auth0-domain sidero-omni-dev.us.auth0.com \
+    --auth-auth0-client-id "${AUTH0_CLIENT_ID}" \
+    --auth-auth0-domain "${AUTH0_DOMAIN}" \
     --initial-users "${AUTH_USERNAME}" \
     --private-key-source "vault://secret/omni-private-key" \
     --public-key-files "internal/backend/runtime/omni/testdata/pgp/new_key.public" \