Skip to content

fix(tests): Smoke/ldap tests on openshift #800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adwk67 merged 1 commit into from
Jan 22, 2026
Merged

fix(tests): Smoke/ldap tests on openshift #800

adwk67 merged 1 commit into from
Jan 22, 2026
+222 −176

Conversation

@adwk67
Copy link
Member

@adwk67 adwk67 commented Jan 20, 2026
edited
Loading

Description

Tested on Openshift:

--- PASS: kuttl (266.22s)
    --- PASS: kuttl/harness (0.00s)
        --- PASS: kuttl/harness/resources_opa-latest-1.12.2_openshift-true (31.17s)
        --- PASS: kuttl/harness/logging_opa-1.12.2_openshift-true (71.07s)
        --- PASS: kuttl/harness/openldap-user-info_opa-latest-1.12.2_openshift-true (69.98s)
        --- PASS: kuttl/harness/cluster-operation_opa-latest-1.12.2_openshift-true (48.42s)
        --- PASS: kuttl/harness/aas-user-info_opa-latest-1.12.2_openshift-true (50.18s)
        --- PASS: kuttl/harness/keycloak-user-info_opa-latest-1.12.2_keycloak-23.0.1_openshift-true (179.07s)
        --- PASS: kuttl/harness/smoke_opa-1.12.2_openshift-true_use-tls-false (56.77s)
PASS

Tested on KinD:

--- PASS: kuttl (430.66s)
    --- PASS: kuttl/harness (0.00s)
        --- PASS: kuttl/harness/cluster-operation_opa-latest-1.12.2_openshift-false (92.95s)
        --- PASS: kuttl/harness/smoke_opa-1.12.2_openshift-false_use-tls-false (32.25s)
        --- PASS: kuttl/harness/aas-user-info_opa-latest-1.12.2_openshift-false (145.85s)
        --- PASS: kuttl/harness/openldap-user-info_opa-latest-1.12.2_openshift-false (41.88s)
        --- PASS: kuttl/harness/resources_opa-latest-1.12.2_openshift-false (10.74s)
        --- PASS: kuttl/harness/logging_opa-1.12.2_openshift-false (78.59s)
        --- PASS: kuttl/harness/keycloak-user-info_opa-latest-1.12.2_keycloak-23.0.1_openshift-false (232.02s)
PASS

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

  • Changes are OpenShift compatible
  • CRD changes approved
  • CRD documentation for all fields, following the style guide.
  • Helm chart can be installed and deployed operator works
  • Integration tests passed (for non trivial changes)
  • Changes need to be "offline" compatible
  • Links to generated (nightly) docs added
  • Release note snippet added

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added
  • Links to generated (nightly) docs added
  • Release note snippet added
  • Add type/deprecation label & add to the deprecation schedule
  • Add type/experimental label & add to the experimental features tracker

@adwk67 adwk67 self-assigned this Jan 20, 2026
@adwk67 adwk67 moved this to Development: Waiting for Review in Stackable Engineering Jan 20, 2026
@adwk67 adwk67 changed the title fix: smoke/ldap tests on openshift fix: Smoke/ldap tests on openshift Jan 20, 2026
@adwk67 adwk67 changed the title fix: Smoke/ldap tests on openshift fix(tests): Smoke/ldap tests on openshift Jan 20, 2026
@maltesander maltesander self-requested a review January 22, 2026 15:00
@maltesander maltesander moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering Jan 22, 2026
maltesander
maltesander approved these changes Jan 22, 2026
View reviewed changes
Copy link
Member

@maltesander maltesander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@adwk67 adwk67 added this pull request to the merge queue Jan 22, 2026
Merged via the queue into main with commit 055b258 Jan 22, 2026
10 checks passed
@adwk67 adwk67 deleted the fix/openshift-tests branch January 22, 2026 15:10
@adwk67 adwk67 moved this from Development: In Review to Development: Done in Stackable Engineering Jan 22, 2026
sbernauer
sbernauer reviewed Jan 26, 2026
View reviewed changes
tests/templates/kuttl/smoke/20-install-test-opa.yaml.j2
Comment on lines -24 to -25
securityContext:
fsGroup: 1000
Copy link
Member

@sbernauer sbernauer Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adwk67 this sadly broke the integration tests in https://testing.stackable.tech/job/opa-operator-it-weekly/109/consoleFull:

    logger.go:42: 08:44:45 | smoke_opa-1.12.2_openshift-false_use-tls-true/30-prepare-test-opa |   File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 303, in cert_verify
    logger.go:42: 08:44:45 | smoke_opa-1.12.2_openshift-false_use-tls-true/30-prepare-test-opa |     raise OSError(
    logger.go:42: 08:44:45 | smoke_opa-1.12.2_openshift-false_use-tls-true/30-prepare-test-opa | OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /tls/ca.crt
    logger.go:42: 08:44:45 | smoke_opa-1.12.2_openshift-false_use-tls-true/30-prepare-test-opa | command terminated with exit code 1

It's actually a permission problem:

bash-5.2$ ls -la /tls/
ls: cannot open directory '/tls/': Permission denied

Copy link
Member Author

@adwk67 adwk67 Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for highlighting this. PR is here: #802

Copy link
Member Author

@adwk67 adwk67 Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Omitting that permission caused the issue on k3s for some reason, but not elsewhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbernauer sbernauer sbernauer left review comments

@maltesander maltesander maltesander approved these changes

Assignees

@adwk67 adwk67

Labels

None yet

Projects

Stackable Engineering
Status: Development: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@adwk67 @maltesander @sbernauer