Uploaded image for project: 'FlightPath'
  1. FlightPath
  2. FLPATH-2933

Allow OAuth2 token to be provided via environment variable in test-ocp-dataflow-jwt.sh

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • v0.2.1
    • insights-on-prem
    • False
    • Hide

      None

      Show
      None
    • False

      User Story

      As a QE engineer or automation user, I want to optionally provide an OAuth2 token via an environment variable when running the test-ocp-dataflow-jwt.sh script, so that I can use service account tokens or pre-generated tokens without requiring an active `oc login` session.

      Current Behavior

      The test-ocp-dataflow-jwt.sh script currently retrieves the OAuth2 token exclusively from the user's active OpenShift session using oc whoami -t. This approach works well for interactive testing but creates limitations for:

      • Service account authentication scenarios
      • Automated testing pipelines
      • CI/CD environments where interactive login is not available
      • Testing with specific tokens for validation purposes

      The script initializes OAUTH2_TOKEN="" and always overwrites it with oc whoami -t, ignoring any pre-existing environment variable.

      Desired Behavior

      The script should check for an existing OAUTH2_TOKEN environment variable before attempting to retrieve a token via oc whoami -t. This allows users to:

      • Export a service account token: export OAUTH2_TOKEN="<service-account-token>"
      • Run the script with the provided token: ./test-ocp-dataflow-jwt.sh
      • Maintain backward compatibility: if OAUTH2_TOKEN is not set, fall back to oc whoami -t as before

      Use Cases

      1. Service Account Testing: QE needs to validate that service accounts with specific RBAC permissions can access the backend API
      2. Automated Pipelines: CI/CD systems need to run data flow tests without interactive OpenShift login
      3. Token Validation: Testing different token types, expiration scenarios, or permission levels
      4. Cross-cluster Testing: Using tokens from different clusters without switching oc context

      Version Information

      • Helm Chart Version: cost-onprem-0.2.1
      • Script: scripts/test-ocp-dataflow-jwt.sh
      • Repository: cost-onprem-chart
      • Git Commit: fa3c0cd (latest on main branch)

      Acceptance Criteria

      • Script checks for OAUTH2_TOKEN environment variable before calling oc whoami -t
      • If OAUTH2_TOKEN is set and non-empty, use it instead of retrieving from session
      • If OAUTH2_TOKEN is not set or empty, fall back to oc whoami -t (existing behavior)
      • Error message should mention both options: login via oc login OR export OAUTH2_TOKEN
      • No breaking changes to existing usage patterns
      • Help documentation updated to reflect the new option

      Impact

      This enhancement improves automation capabilities and flexibility without affecting existing interactive workflows.

              chadcrum Chad Crum
              chadcrum Chad Crum
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: