Integrate OSAC plugin branch into main#547
Conversation
…d var (#510) The OSAC plugin checked `enclave_deployment_mode` to gate /etc/hosts entries for Keycloak and AAP routes, but this Ansible variable is never set. The deploy scripts translate the shell env var ENCLAVE_DEPLOYMENT_MODE into the Ansible variable `disconnected` (true/false). Use `disconnected` instead so the tasks actually run in connected mode. Assisted-by: Claude Code <noreply@anthropic.com>
…511) The AAP operator labels gateway resources with app.kubernetes.io/managed-by=aap-operator (route) and app.kubernetes.io/component=aap-gateway (deployment), not managed-by=automationgateway. The wrong selectors caused the deploy-plugin playbook to hang for 45 minutes then fail finding the gateway deployment, and would also fail to locate the route for /etc/hosts and AAP token creation. Assisted-by: Claude Code <noreply@anthropic.com>
The bootstrap job check used label selector app=osac-aap-bootstrap which doesn't exist on the job. Use the job name directly instead. Also remove the failed == 0 assertion since the bootstrap job retries while waiting for EDA to sync, making failed > 0 normal for a successful job. Assisted-by: Claude Code <noreply@anthropic.com>
Replace the monolithic osac and aiaas experiences with three service-oriented experiences aligned to OSAC fulfillment types. All three share the base plugin stack (trust-manager, rhbk, authorino, aap, osac); VMaaS adds gpu-passthrough for GPU passthrough to virtual machines. Assisted-by: Claude Code <noreply@anthropic.com>
… token (#516) * OSAC-1597: Use JSON patch to configure OSAC operator with AAP URL and token kubernetes.core.k8s with state: present validates all required fields including image, causing the deployment patch to fail. Strategic merge patch also fails with the same validation. Use k8s_json_patch with RFC 6902 add operations to append env vars without touching other container fields. Assisted-by: Claude Code <noreply@anthropic.com> * OSAC-1597: Make operator patch idempotent and container-index safe Address CodeRabbit review: - Query deployment first and skip patch if OSAC_AAP_URL and OSAC_AAP_TOKEN env vars already exist (idempotency) - Assert single container instead of hardcoding index by name (fails clearly if sidecar injection changes container layout) - Remove AAP URL from debug log message (no-sensitive-data check) Assisted-by: Claude Code <noreply@anthropic.com> * OSAC-1597: Use strategic merge patch for operator env vars Replace JSON Patch with strategic merge patch (state: patched). Addresses CodeRabbit review: - Idempotent by design (env vars merge by name, no duplicates) - Targets container by name instead of hardcoded index - Remove AAP URL from debug log message (no-sensitive-data check) Assisted-by: Claude Code <noreply@anthropic.com>
* OSAC-1572: Replace osacProfile with osacProfilesList Replace single-value osacProfile (development/vmaas/caas) with osacProfilesList array so multiple profiles can be enabled simultaneously. Aligns with the VMaaS/CaaS/BMaaS experience split. - Add bmaas profile (same controllers as caas) - Drop development profile, default to [caas] - Remove HyperConverged CRD pre-validate check - Update Helm values template to check list membership - Update docs and config example Assisted-by: Claude Code <noreply@anthropic.com> * OSAC-1572: Address review comments on osacProfilesList - Add minItems: 1 and uniqueItems: true to schema - Add vmaas to default profiles list for consistency with previous development profile behavior - Fix VMaaS prerequisites in docs table Assisted-by: Claude Code <noreply@anthropic.com> * OSAC-1572: Fix default profiles comment to match defaults.yaml The inline comment said default was [caas] but defaults.yaml has [caas, vmaas]. Updated both osac.example.yaml and OSAC_DEPLOYMENT.md to show the correct default. Assisted-by: Claude Code <noreply@anthropic.com> * OSAC-1572: Add docs reference and ellipsis to example profiles list Assisted-by: Claude Code <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 52 minutes and 19 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (15)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
3 participants
Summary
integration/osac-pluginbranch intomainafter freeze liftTest plan
integration/osac-plugin🤖 Generated with Claude Code