[release-4.21] OCPBUGS-91985: fall back to kube-system/global-pull-secret for Insights token#1310
Conversation
On ARO HCP clusters, openshift-config/pull-secret only contains the ACR registry credential — no cloud.openshift.com token. Customers add their Red Hat pull secret (including cloud.openshift.com) day-2 via the additional-pull-secret method, which HCCO merges into kube-system/global-pull-secret. This change makes updateToken() check kube-system/global-pull-secret as a fallback when openshift-config/pull-secret has no cloud.openshift.com token, enabling Insights reporting on HCP clusters without requiring platform-level changes. Changes: - Generalize fetchSecret() to accept a namespace parameter - Add fallback lookup to kube-system/global-pull-secret in updateToken() - Add read-only RBAC (Role+RoleBinding) for global-pull-secret in kube-system - Include namespace in fetchSecret log/error messages for debuggability - Add tests for fallback and primary-wins-over-fallback precedence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Addresses review feedback to replace hardcoded string literals with named constants for better readability and maintainability. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
/cc @judexzhu |
|
@openshift-cherrypick-robot: Jira Issue OCPBUGS-87889 has been cloned as Jira Issue OCPBUGS-91985. Will retitle bug to link to clone. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
Bot
changed the title
openshift-ci-robot
added
jira/valid-reference
|
@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-91985, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
|
@opokornyy: This pull request references Jira Issue OCPBUGS-91985, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test insights-runtime-extractor-tests |
|
/retest |
1 similar comment
|
/retest |
|
/lgtm |
|
/retest-required |
|
/retest |
|
/override ci/prow/e2e-gcp-ovn-techpreview Failures are caused by a known issue in the python kubernetes client |
|
/override ci/prow/insights-operator-e2e-tests Failures are caused by a known issue in the python kubernetes client |
|
@opokornyy: Overrode contexts on behalf of opokornyy: ci/prow/e2e-gcp-ovn-techpreview DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@opokornyy: Overrode contexts on behalf of opokornyy: ci/prow/insights-operator-e2e-tests DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@openshift-cherrypick-robot: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/lgtm |
|
/approve |
|
/verified later @judexzhu |
openshift-ci-robot
added
verified-later
verified
|
@opokornyy: This PR has been marked to be verified later by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: openshift-cherrypick-robot, opokornyy The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
4 participants
This is an automated cherry-pick of #1302
/assign opokornyy