update the script based on latest login behavior#726
Conversation
There was a problem hiding this comment.
⚠️ Not ready to approve
The updated script still logs sensitive login responses (token exposure) and has reliability edge cases (infinite wait, overly strict HTTP status handling) that should be fixed before approval.
Pull request overview
This PR updates the Harvester E2E Jenkins pipeline script to align the Harvester/Rancher login and password initialization flow with the latest supported behavior, addressing a broken login flow observed during debugging.
Changes:
- Hardened the bash login/password setup script (
set -euo pipefail) and added explicit token/user-id validation. - Updated login calls to send JSON with the proper
Content-Typeheader and useAuthorization: Bearerfor authenticated API calls. - Added basic HTTP-status handling for the password-set step and improved logging structure.
File summaries
| File | Description |
|---|---|
| validation/pipeline/tfp/Jenkinsfile.harvester.e2e | Updates the Harvester/Rancher local-provider login + token usage + password initialization logic used by the Jenkins E2E pipeline. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 3
Note
Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.
| # Wait for Rancher's local auth provider to come up | ||
| until [[ "$(curl -s -L --insecure -o /dev/null -w "%{http_code}\n" "https://$inode/v3-public/localproviders/local")" == "200" ]]; do sleep 5; done | ||
| echo "https://$inode is healthy" |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
70c869b to
11e504c
Compare
There was a problem hiding this comment.
⚠️ Not ready to approve
The updated health-check loop can still hang indefinitely without a bounded timeout/retry cap, which is a reliability risk for CI execution.
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 4
Note
Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.
| sh '''#!/bin/bash | ||
| set -euo pipefail | ||
|
|
||
| export inode=$(cat host.txt) |
| # Wait for Rancher's local auth provider to come up | ||
| until [[ "$(curl -s -L --insecure -o /dev/null -w "%{http_code}\n" "https://$inode/v3-public/localproviders/local")" == "200" ]]; do sleep 5; done | ||
| echo "https://$inode is healthy" |
| jsonOutput=$(curl --insecure -X GET -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $token" "https://$inode/v3/users?me=true") | ||
|
|
||
| echo $jsonOutput | ||
| token=$(echo "$jsonOutput" | jq -cr '.token // empty' || true) |
| echo "$jsonOutput" | ||
|
|
||
| jsonData=$( jq -n --arg password "password1234" '{"newPassword" : $password}') | ||
| userID=$(echo "$jsonOutput" | jq -cr '.data[0].id // empty' || true) |
after doing some debugging, it appears the login flow is broken in the jenkinsfile scripts. This PR resolves that based on the latest supported login flow from qa-infra-automation.