Skip to content

Commit 588bb84

Browse files
committed
fix(disconnected): parse proxy credentials and fix nested podman
Three issues fixed: 1. Playwright proxy credentials not parsed: HTTPS_PROXY is http://user:pass@host:3128 (credentials in URL). Playwright requires credentials as separate username/password fields, not embedded in the server URL. Add parseProxy() helper that extracts them via URL parsing. 2. Operator podman build fails with nested user namespaces: 'newuidmap: open of uid_map failed: Permission denied' BUILDAH_ISOLATION=chroot alone is insufficient — the error occurs during podman's rootless storage setup before build isolation applies. Set _CONTAINERS_USERNS_CONFIGURED=1 to skip newuidmap and force vfs storage driver to avoid fuse-overlayfs userns ops. 3. Added debug logging for proxy config and podman environment to aid future CI troubleshooting. Assisted-by: OpenCode
1 parent c63a371 commit 588bb84

3 files changed

Lines changed: 37 additions & 7 deletions

File tree

.ci/pipelines/jobs/ocp-disconnected-helm.sh

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,10 @@ handle_ocp_disconnected_helm() {
220220

221221
log::section "Smoke Test"
222222

223+
if [[ -n "${HTTPS_PROXY:-}" ]]; then
224+
log::info "HTTPS_PROXY is set (Playwright will use it): ${HTTPS_PROXY%%@*}@***"
225+
fi
226+
223227
local url="https://${RELEASE_NAME}-developer-hub-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
224228
testing::check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${PW_PROJECT_SMOKE_TEST}" "${url}"
225229

.ci/pipelines/jobs/ocp-disconnected-operator.sh

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,10 +52,21 @@ handle_ocp_disconnected_operator() {
5252
fi
5353

5454
# The CI pod runs with nested_podman: true (hostUsers: false), placing it
55-
# inside a Linux user namespace. podman build tries to create another user
56-
# namespace, which fails with "newuidmap: open of uid_map failed: Permission
57-
# denied". BUILDAH_ISOLATION=chroot uses chroot instead of nested namespaces.
55+
# inside a Linux user namespace. podman's rootless setup calls newuidmap to
56+
# create a nested user namespace, which fails with:
57+
# newuidmap: open of uid_map failed: Permission denied
58+
# Fix:
59+
# _CONTAINERS_USERNS_CONFIGURED=1 — skip newuidmap (userns already set up)
60+
# BUILDAH_ISOLATION=chroot — chroot instead of user namespace for builds
61+
# storage driver=vfs — avoid fuse-overlayfs which may need userns ops
62+
export _CONTAINERS_USERNS_CONFIGURED=1
5863
export BUILDAH_ISOLATION=chroot
64+
mkdir -p "${HOME}/.config/containers"
65+
printf '[storage]\ndriver = "vfs"\n' > "${HOME}/.config/containers/storage.conf"
66+
67+
log::info "Podman environment: uid=$(id -u), BUILDAH_ISOLATION=${BUILDAH_ISOLATION}"
68+
log::info "Storage config: $(cat "${HOME}/.config/containers/storage.conf" | tr '\n' ' ')"
69+
log::info "subuid: $(cat /etc/subuid 2> /dev/null || echo 'not found')"
5970

6071
bash "${DISCONNECTED_TMPDIR}/prepare-restricted-environment.sh" "${prepare_args[@]}" \
6172
|| {

e2e-tests/playwright.config.ts

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,24 @@ import { PW_PROJECT } from "./playwright/projects";
66
process.env.JOB_NAME = process.env.JOB_NAME ?? "";
77
process.env.IS_OPENSHIFT = process.env.IS_OPENSHIFT ?? "";
88

9+
// Parse HTTPS_PROXY (http://user:pass@host:port) into Playwright's proxy
10+
// config with separate username/password fields. No-op for connected envs.
11+
function parseProxy(
12+
proxyUrl: string | undefined,
13+
): { server: string; username?: string; password?: string } | undefined {
14+
if (proxyUrl === undefined || proxyUrl === "") return undefined;
15+
try {
16+
const u = new URL(proxyUrl);
17+
return {
18+
server: `${u.protocol}//${u.host}`,
19+
...(u.username !== "" && { username: decodeURIComponent(u.username) }),
20+
...(u.password !== "" && { password: decodeURIComponent(u.password) }),
21+
};
22+
} catch {
23+
return { server: proxyUrl };
24+
}
25+
}
26+
927
// Set LOCALE based on which project is being run
1028
const args = process.argv;
1129

@@ -60,10 +78,7 @@ export default defineConfig({
6078
ignoreHTTPSErrors: true,
6179
// Proxy for disconnected environments where the CI runner reaches the
6280
// cluster through a squid proxy (HTTPS_PROXY set by proxy-conf.sh).
63-
proxy:
64-
process.env.HTTPS_PROXY !== undefined && process.env.HTTPS_PROXY !== ""
65-
? { server: process.env.HTTPS_PROXY }
66-
: undefined,
81+
proxy: parseProxy(process.env.HTTPS_PROXY),
6782
trace: "on",
6883
screenshot: "on",
6984
...devices["Desktop Chrome"],

0 commit comments

Comments
 (0)