The E2E workflow test scripts in this repo are designed to run either authn-k8s applications exclusively, or jwt authentication applications exclusively (depending upon whether the --jwt flag is selected or not). If an authn-k8s application is being deployed (e.g. summon-sidecar), and its equivalent jwt authentication based application is also deployed (e.g. summon-sidecar-jwt), then there will be K8s resource name conflicts for resources in the app-test Namespace.
The Jenkins CI runs for OpenShift "next" platform version was not using the --ci-apps flag, and was not explicitly selecting applications to be deployed via the --apps flag. Because of this, both authn-k8s applications and jwt based applications were being deployed, resulting in K8s resource name conflicts.
To fix this, the following changes are made:
For the OpenShift "next" Jenkins CI runs, added a --ci-apps flag to the start command. This should run authn-k8s based applications exclusively.
Modified the start script to only allow authn-k8s based applications if the --jwt flag is NOT set, and to only allow jwt authentication based applications if the --jwt flag is set.
Modified the start script so that the --jwt, --apps, and --ci-apps flags can appear in any order on the command line.
Connected Issue/Story
N/A
Definition of Done
[x] Jenkins builds pass
Changelog
[ ] The CHANGELOG has been updated, or
[x] This PR does not include user-facing changes and doesn't require a
CHANGELOG update
Test coverage
[ ] This PR includes new unit and integration tests to go with the code
changes, or
[x] The changes in this PR do not require tests
Documentation
[ ] Docs (e.g. READMEs) were updated in this PR
[ ] A follow-up issue to update official docs has been filed here: [insert issue ID]()
[x] This PR does not require updating any documentation
Behavior
[ ] This PR changes product behavior and has been reviewed by a PO, or
[ ] These changes are part of a larger initiative that will be reviewed later, or
[x] No behavior was changed with this PR
Security
[ ] Security architect has reviewed the changes in this PR,
[ ] These changes are part of a larger initiative with a separate security review, or
[x] There are no security aspects to these changes
Desired Outcome
Builds on Conjur OSS in OpenShift v(next) don't fail with the following error:
Implemented Changes
The E2E workflow test scripts in this repo are designed to run either
authn-k8sapplications exclusively, orjwtauthentication applications exclusively (depending upon whether the--jwtflag is selected or not). If anauthn-k8sapplication is being deployed (e.g.summon-sidecar), and its equivalentjwtauthentication based application is also deployed (e.g.summon-sidecar-jwt), then there will be K8s resource name conflicts for resources in theapp-testNamespace.The Jenkins CI runs for OpenShift "next" platform version was not using the
--ci-appsflag, and was not explicitly selecting applications to be deployed via the--appsflag. Because of this, bothauthn-k8sapplications andjwtbased applications were being deployed, resulting in K8s resource name conflicts.To fix this, the following changes are made:
--ci-appsflag to the start command. This should runauthn-k8sbased applications exclusively.authn-k8sbased applications if the--jwtflag is NOT set, and to only allowjwtauthentication based applications if the--jwtflag is set.--jwt,--apps, and--ci-appsflags can appear in any order on the command line.Connected Issue/Story
N/A
Definition of Done
Changelog
Test coverage
Documentation
READMEs) were updated in this PRBehavior
Security