Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-42408

Verify that feature flags token is updated for all ClowdApps in stage/prod

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • Unset
    • None

      We need to verify that all pods have the newest feature flags token in their cdappconfig before revoking an old token.

      I had Claude cook up a script for this and ran it against stage and prod to verify that we are safe to revoke the old token:

      #!/bin/bash

# Expected clientAccessToken value
EXPECTED_TOKEN="TOKEN_HERE"

echo "Checking clientAccessToken across pods with 'app' label..."
echo "Expected value: $EXPECTED_TOKEN"
echo "==========================================="

# Get all pods across all namespaces that have an 'app' label
pods=$(oc get pods --all-namespaces -o jsonpath='{range .items[?(@.metadata.labels.app)]}{.metadata.namespace}{" "}{.metadata.name}{"\n"}{end}')

# Count total pods for progress tracking
total_pods=$(echo "$pods" | wc -l)
current_pod=0
checked_pods=0

while IFS=' ' read -r namespace pod_name; do
    if [[ -z "$namespace" || -z "$pod_name" ]]; then
        continue
    fi

    ((current_pod++))
    echo "[$current_pod/$total_pods] Checking pod: $namespace/$pod_name"

    # Skip if pod is not running
    pod_status=$(oc get pod "$pod_name" -n "$namespace" -o jsonpath='{.status.phase}' 2>/dev/null)
    if [[ "$pod_status" != "Running" ]]; then
        echo "  -> Skipping (not running, status: $pod_status)"
        continue
    fi

    # Check if the config file exists first
    if ! oc exec -n "$namespace" "$pod_name" -- test -f /cdapp/cdappconfig.json 2>/dev/null; then
        echo "  -> Skipping (no config file found)"
        continue
    fi

    ((checked_pods++))
    echo "  -> Checking token..."

    # Try to get the clientAccessToken value
    token_value=$(oc exec -n "$namespace" "$pod_name" -- cat /cdapp/cdappconfig.json 2>/dev/null | jq -r '.featureFlags.clientAccessToken' 2>/dev/null)

    # Check if the command was successful and if the token matches
    if [[ $? -eq 0 && "$token_value" != "null" ]]; then
        if [[ "$token_value" != "$EXPECTED_TOKEN" ]]; then
            echo "  -> MISMATCH: Token: $token_value"
        else
            echo "  -> Token matches expected value"
        fi
    else
        echo "  -> No token found or error reading config"
    fi

done <<< "$pods"

echo "==========================================="
echo "Check complete. Processed $current_pod pods, checked $checked_pods with config files."

              bsquizza@redhat.com Brandon Squizzato
              bsquizza@redhat.com Brandon Squizzato
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: