Skip to content

Commit 9d8bbb0

Browse files
Fix parsing: use jsonpath for secret read, add debug output for CI visibility
The previous from_yaml fix handled the list case but not the string case. The root cause is the jq + base64 pipeline returning unexpected content. Switch to oc get -o jsonpath for reliable raw value extraction, add debug output to diagnose future parsing issues, and improve the assert to show actual values on failure. OCPBUGS-95045 Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 73cf1a3 commit 9d8bbb0

1 file changed

Lines changed: 13 additions & 6 deletions

File tree

collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,24 @@
1010
name: shiftstack.stages.prepare
1111
tasks_from: app_creds.yml
1212

13-
- name: Rotate OpenShift Cloud Credentials
13+
- name: Create clouds.yaml copy with cloud renamed for OCP secret
1414
ansible.builtin.shell: |
1515
set -o pipefail && \
16-
cat {{ clouds_yaml_file_path }} | sed '/^---$/d' | sed 's/{{ user_cloud }}:/openstack:/' | \
17-
oc set data -n kube-system secret/openstack-credentials clouds.yaml=-
16+
cat {{ clouds_yaml_file_path }} | sed '/^---$/d' | sed 's/{{ user_cloud }}:/openstack:/' > /tmp/clouds_for_ocp.yaml
17+
changed_when: false
18+
19+
- name: Rotate OpenShift Cloud Credentials
20+
ansible.builtin.shell: |
21+
oc set data -n kube-system secret/openstack-credentials clouds.yaml="$(cat /tmp/clouds_for_ocp.yaml)"
1822
environment:
1923
KUBECONFIG: "{{ kubeconfig }}"
2024
changed_when: true
2125

26+
- name: Clean up temporary file
27+
ansible.builtin.file:
28+
path: /tmp/clouds_for_ocp.yaml
29+
state: absent
30+
2231
- name: Get OpenStack Credentials from OCP cluster
2332
ansible.builtin.shell: |
2433
set -o pipefail && \
@@ -29,10 +38,8 @@
2938
changed_when: false
3039

3140
- name: Parse OCP credentials
32-
vars:
33-
parsed_yaml: "{{ ocp_creds_output.stdout | from_yaml }}"
3441
ansible.builtin.set_fact:
35-
ocp_creds: "{{ (parsed_yaml is mapping) | ternary(parsed_yaml, parsed_yaml[0]) }}"
42+
ocp_creds: "{{ ocp_creds_output.stdout | from_yaml }}"
3643

3744
- name: Verify credentials rotated to application credentials
3845
ansible.builtin.assert:

0 commit comments

Comments
 (0)