diff --git a/validation/pipeline/tfp/Jenkinsfile.harvester.e2e b/validation/pipeline/tfp/Jenkinsfile.harvester.e2e index 7ae00d982..67e7488aa 100644 --- a/validation/pipeline/tfp/Jenkinsfile.harvester.e2e +++ b/validation/pipeline/tfp/Jenkinsfile.harvester.e2e @@ -159,34 +159,44 @@ node("harvester-vpn-1") { // extract user info from harvester using v3 user api sh '''#!/bin/bash + set -euo pipefail + export inode=$(cat host.txt) - until [[ "$(curl -s -L --insecure -o /dev/null -w "%{http_code}\n" "https://$inode/v3-public/localproviders/local")" == "200" ]]; do sleep 5; done; echo "https://$inode is healthy" - - jsonOutput="" + # Wait for Rancher's local auth provider to come up + until [[ "$(curl -s -L --insecure -o /dev/null -w "%{http_code}\n" "https://$inode/v3-public/localproviders/local")" == "200" ]]; do sleep 5; done + echo "https://$inode is healthy" - if [[ -z "$EXISTING_HARVESTER_IP" ]]; then + # Log in (fresh install uses admin/admin, existing Harvester uses admin/password1234) + if [[ -z "${EXISTING_HARVESTER_IP:-}" ]]; then sleep 120 - - jsonOutput=$(curl --insecure -d '{"username" : "admin", "password" : "admin", "responseType" : "json"}' "https://$inode/v3-public/localproviders/local?action=login") + jsonOutput=$(curl -s --insecure -H "Content-Type: application/json" -d '{"username":"admin","password":"admin","responseType":"json"}' "https://$inode/v3-public/localproviders/local?action=login") else - jsonOutput=$(curl --insecure -d '{"username" : "admin", "password" : "password1234", "responseType" : "json"}' "https://$inode/v3-public/localproviders/local?action=login") + jsonOutput=$(curl -s --insecure -H "Content-Type: application/json" -d '{"username":"admin","password":"password1234","responseType":"json"}' "https://$inode/v3-public/localproviders/local?action=login") fi - echo $jsonOutput - - token=$(echo $jsonOutput | jq -cr .token) - - jsonOutput=$(curl --insecure -X GET -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $token" "https://$inode/v3/users?me=true") - - echo $jsonOutput + token=$(echo "$jsonOutput" | jq -cr '.token // empty' || true) + if [[ -z "$token" ]]; then + echo "ERROR: Rancher login failed"; exit 1 + fi - userID=$(echo $jsonOutput | jq -cr .data[0].id) + # Look up the admin user id + jsonOutput=$(curl -s --insecure -X GET -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $token" "https://$inode/v3/users?me=true") + echo "$jsonOutput" - jsonData=$( jq -n --arg password "password1234" '{"newPassword" : $password}') + userID=$(echo "$jsonOutput" | jq -cr '.data[0].id // empty' || true) + if [[ -z "$userID" ]]; then + echo "ERROR: could not determine admin user id"; exit 1 + fi - if [[ -z "$EXISTING_HARVESTER_IP" ]]; then - curl --insecure --user "$token" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -d "$jsonData" "https://$inode/v3/users/$userID?action=setpassword" + # On a fresh install, set the permanent password + if [[ -z "${EXISTING_HARVESTER_IP:-}" ]]; then + jsonData=$(jq -n --arg password "password1234" '{"newPassword": $password}') + status=$(curl -s --insecure -o /dev/null -w "%{http_code}" -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' -H "Authorization: Bearer $token" -d "$jsonData" "https://$inode/v3/users/$userID?action=setpassword") + if [[ ! "$status" =~ ^2[0-9]{2}$ ]]; then + echo "ERROR: setpassword failed (HTTP $status)"; exit 1 + fi + echo "Permanent password set" fi echo "$token" > login.token @@ -197,7 +207,7 @@ node("harvester-vpn-1") { returnStdout: true ).trim() sh "yq e '.harvester.adminToken = \"${TOKEN}\"' -i ${filename}" - + def HOST = sh ( script: "cat host.txt", returnStdout: true