Skip to content

test(8.10): run bitnami→companion migration hook for MT and document-store modular upgrades#6427

Merged
eamonnmoloney merged 1 commit into
mainfrom
fix/nightly-mt-upgrade-missing-bitnami-migration-hook
Jun 22, 2026
Merged

test(8.10): run bitnami→companion migration hook for MT and document-store modular upgrades#6427
eamonnmoloney merged 1 commit into
mainfrom
fix/nightly-mt-upgrade-missing-bitnami-migration-hook

Conversation

@eamonnmoloney

@eamonnmoloney eamonnmoloney commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Which problem does the PR fix?

The SM Nightly 8.10 Upgrade Minor MT run fails: after the 8.9→8.10 modular
upgrade, demo/bart/lisa hit "You don't have access to this component" in
Operate, and /v2/authentication/me returns empty roles and tenants.

Originating nightly run:
https://github.com/camunda/c8-cross-component-e2e-tests/actions/runs/27930811972

Root cause: the post-infra-bitnami-migration hook — which migrates the bundled
(Bitnami) Keycloak realm and the Elasticsearch authorization indices onto the
companion services before the chart upgrade removes the bundled subcharts —
was wired only to qa-elasticsearch-upg-modular when it was introduced in #6343.
The MT and document-store modular-upgrade scenarios were left without it, so the
companion Elasticsearch is never seeded with the 8.9 authorization data. After
the upgrade the orchestration reads an effectively empty authorization store.

This is why the plain ES modular upgrade is green while MT / document-store are red.

What's in this PR?

Adds post-infra: post-infra-bitnami-migration to the Elasticsearch-backed
modular-upgrade scenarios that were missing it:

  • qa-elasticsearch-mt-upg-modular.yaml
  • qa-document-store-upg-modular-gke.yaml
  • qa-document-store-upg-modular-eks.yaml

Registry snapshot regenerated via make go.update-registry-golden.

OpenSearch modular upgrade is intentionally out of scope here: the hook is
Elasticsearch-specific, and that scenario shows a separate /identity login
failure that needs its own fix.

Verification (live GKE repro): installed 8.9-MT (bundled), ran the
modular-upgrade-minor flow, and inspected the companion Elasticsearch. Without
the hook the companion ES had 0 authorizations / 0 tenants and the admin
role kept only the newly-seeded mapping rules (demo and the 8.9 members were
absent) — reproducing the nightly failure. The plain ES modular scenario, which
already carries the hook, is green.

Checklist

Please make sure to follow our Contributing Guide.

Before opening the PR:

  • In the repo's root dir, run make go.update-golden-only.
  • There is no other open pull request for the same update/change.
  • Tests for charts are added (if needed).
  • In-repo documentation are updated (if needed).

After opening the PR:

  • Did you sign our CLA (Contributor License Agreement)? It will show once you open the PR.
  • Did all checks/tests pass in the PR?

@eamonnmoloney @claude
test(8.10): run bitnami→companion migration hook for MT and document-…
5e86611 
…store modular upgrades

The post-infra `post-infra-bitnami-migration` hook migrates the bundled
(Bitnami) Keycloak realm and the Elasticsearch authorization indices onto the
companion services before the chart upgrade removes the bundled subcharts.
When the migration was moved to this hook (#6343) it was wired only to
`qa-elasticsearch-upg-modular`; the MT and document-store modular-upgrade
scenarios were left without it.

Without the hook the companion Elasticsearch is never populated with the 8.9
authorization data, so after the 8.10 upgrade `camunda-authorization`/`tenant`
are empty and `camunda-role` keeps only the newly-seeded entries. demo/bart/lisa
come back with no roles or tenants and Operate shows "You don't have access to
this component" — the failure seen in the SM Nightly 8.10 Upgrade Minor MT run.

Verified on a live GKE repro: with the hook absent the companion ES had 0
authorizations / 0 tenants post-upgrade; the plain ES modular scenario (which
already has the hook) is green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added the version/8.10 Camunda applications/cycle version label Jun 22, 2026
@eamonnmoloney eamonnmoloney marked this pull request as ready for review June 22, 2026 14:39
@eamonnmoloney eamonnmoloney requested a review from a team as a code owner June 22, 2026 14:39
@eamonnmoloney eamonnmoloney requested review from Ian-wang-liyang, Copilot and hisImminence and removed request for a team and hisImminence June 22, 2026 14:39
@eamonnmoloney eamonnmoloney enabled auto-merge June 22, 2026 14:40
Copilot AI reviewed Jun 22, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes missing lifecycle wiring in Camunda Platform Helm 8.10 CI scenario registry so that modular upgrade scenarios that start from bundled Bitnami services properly run the Bitnami → companion migration before the chart upgrade removes the bundled subcharts.

Changes:

  • Add post-infra: post-infra-bitnami-migration to the MT and document-store modular-upgrade-minor Elasticsearch-backed QA scenarios.
  • Regenerate the test/ci/registry-snapshot.yaml golden to reflect the added post-infra hook blocks for those scenarios.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
charts/camunda-platform-8.10/test/ci/registry/scenarios/qa-elasticsearch-mt-upg-modular.yaml Adds the post-infra migration hook to the MT modular-upgrade scenario.
charts/camunda-platform-8.10/test/ci/registry/scenarios/qa-document-store-upg-modular-gke.yaml Adds the post-infra migration hook to the document-store modular-upgrade scenario on GKE.
charts/camunda-platform-8.10/test/ci/registry/scenarios/qa-document-store-upg-modular-eks.yaml Adds the post-infra migration hook to the document-store modular-upgrade scenario on EKS.
charts/camunda-platform-8.10/test/ci/registry-snapshot.yaml Updates the registry snapshot to include the new post-infra hook entries for the affected scenarios.

@eamonnmoloney eamonnmoloney added this pull request to the merge queue Jun 22, 2026
Merged via the queue into main with commit 5f91fd5 Jun 22, 2026
103 checks passed
@eamonnmoloney eamonnmoloney deleted the fix/nightly-mt-upgrade-missing-bitnami-migration-hook branch June 22, 2026 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@Ian-wang-liyang Ian-wang-liyang Ian-wang-liyang approved these changes

Assignees

No one assigned

Labels

version/8.10 Camunda applications/cycle version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eamonnmoloney @Ian-wang-liyang