Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuring container groups using credentials fails on initial run #890

Open
homeski opened this issue Aug 6, 2024 · 2 comments
Open
Labels
bug Something isn't working inactive No movement has happened in 30 days

Comments

@homeski
Copy link

homeski commented Aug 6, 2024

Summary

When configuring an instance group referencing a credential, the `dispatch`` role will fail on the initial run because the credential does not exist.

Instance groups tied to custom OCP container groups rely on credentials of `OpenShift or Kubernetes API Bearer Token`` type. So this will pop up more as adoption of this role against AAP on OCP increases.

Issue Type

  • Bug Report

Desired Behavior

The instance group should be created without failure with the proper credential attached.

Actual Behavior

e.g.

controller_instance_groups:
  - name: default
    is_container_group: true
    credential: Container Groups Credential
    ...

Will fail on the initial run because the order of creation is:

controller_configuration_dispatcher_roles:
  - role: settings
    var: controller_settings
    tags: settings
  - role: instances
    var: controller_instances
    tags: instances
  - role: instance_groups
    var: controller_instance_groups
    tags: instance_groups
  - role: organizations
    var: controller_organizations
    tags: organizations
    assign_galaxy_credentials_to_org: false
    assign_default_ee_to_org: false
    assign_notification_templates_to_org: false
  - role: labels
    var: controller_labels
    tags: labels
  - role: users
    var: controller_user_accounts
    tags: users
  - role: teams
    var: controller_teams
    tags: teams
  - role: credential_types
    var: controller_credential_types
    tags: credential_types
  - role: credentials
    var: controller_credentials
    tags: credentials
  - role: credential_input_sources
    var: controller_credential_input_sources
    tags: credential_input_sources

STEPS TO REPRODUCE

  • Create a instance_group using a credential
  • Run the dispatch role for the first time
  • The dispatch role will fail because the credential does not exist at the time of instance_group creation
@homeski homeski added bug Something isn't working new New issue, this should be removed once reviewed labels Aug 6, 2024
@djdanielsson
Copy link
Collaborator

so the question is do we change where instance_groups get called to after creds which would require us to be able to skip instance_groups when creating orgs or do we need to keep where it is being created and skip adding creds and apply the creds to them after they are created similarly like we have to do for orgs. I am not sure if there are any other dependencies to instance_groups

@djdanielsson djdanielsson removed the new New issue, this should be removed once reviewed label Nov 14, 2024
@djdanielsson
Copy link
Collaborator

I am not sure if this got addressed with all the changes we made for 2.5 or not

@github-actions github-actions bot added the inactive No movement has happened in 30 days label Dec 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working inactive No movement has happened in 30 days
Projects
None yet
Development

No branches or pull requests

2 participants