Skip to content

fix: fix prod dashboard SSO login for recent CI failures - Playwright login#1298

Merged
fbm3307 merged 5 commits into
codeready-toolchain:masterfrom
fbm3307:fix/prod-dashboard-login-hardening
Jul 14, 2026
Merged

fix: fix prod dashboard SSO login for recent CI failures - Playwright login#1298
fbm3307 merged 5 commits into
codeready-toolchain:masterfrom
fbm3307:fix/prod-dashboard-login-hardening

Conversation

@fbm3307

@fbm3307 fbm3307 commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Fixes flaky ci-daily-prod Playwright login. Video analysis showed #1287 (60s Password wait) addressed the wrong root cause: Mode A failures were TrustArc mid-login clearing the username before Next ("Red Hat login is required"), not a slow password field. Mode B is an SSO profile-completion gate after login.

This change:

  • Auto-dismisses TrustArc whenever it appears (AddLocatorHandler) and covers Accept default / Accept all / Required Cookies only
  • Retries username Fill until the value sticks after SSO remount
  • Fails fast on "Red Hat login is required"; detects the profile gate after login
  • Asserts SSO credentials; redacts failure URL; screenshots on login failure

CI failures

Mode A — TrustArc race / "Red Hat login is required" (looked like Password timeout)

Mode B — SSO profile completion gate after login

Assisted by: Cursor

Summary by CodeRabbit

Summary by CodeRabbit

  • Bug Fixes
    • Improved SSO sign-in reliability with better handling of validation messages and the “additional information” profile gate.
    • Added stronger navigation timing and checks to ensure username is filled correctly and to prevent empty credential attempts.
    • Hard-fails early when sign-in configuration is missing to provide clearer error feedback.
    • Enhanced sign-in failure diagnostics with redacted URLs, additional page context, and automatically captured screenshots.
    • Improved cookie-consent dismissal during login with a bounded wait and broader “accept” button support, reducing overlay interference.

- Assert username Fill stuck before Next; fail fast on SSO login-required error
- Detect profile-completion gate after login and dump URL/screenshot on failure
- Accept TrustArc "Accept all" cookie variant with shorter optional wait

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Feny Mehta <fbm3307@gmail.com>
@openshift-ci openshift-ci Bot requested review from metlos and xcoulon July 13, 2026 07:20
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 1c932bdb-d450-46aa-9594-7cfc3752fec3

📥 Commits

Reviewing files that changed from the base of the PR and between 42ebf85 and 9f2eb35.

📒 Files selected for processing (1)
  • testsupport/devsandbox-dashboard/setup.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • codeready-toolchain/api (manual)
  • codeready-toolchain/toolchain-common (manual)
  • codeready-toolchain/host-operator (manual)
  • codeready-toolchain/toolchain-e2e (manual)
🚧 Files skipped from review as they are similar to previous changes (1)
  • testsupport/devsandbox-dashboard/setup.go
📜 Recent review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: Build & push operator bundles & dashboard image for e2e tests

Walkthrough

Updates DevSandbox setup and login helpers with required configuration checks, resilient TrustArc consent dismissal, explicit SSO synchronization, profile-gate completion, dashboard verification, and expanded failure diagnostics.

Changes

DevSandbox authentication flow

Layer / File(s) Summary
Configuration and consent orchestration
testsupport/devsandbox-dashboard/setup.go
Validates required settings and coordinates bounded, multi-label TrustArc consent handling before, during, and after login.
SSO synchronization and dashboard flow
testsupport/devsandbox-dashboard/login.go
Adds shared timeouts, credential validation, stable username filling, SSO state polling, profile-gate completion, and dashboard verification.
Login failure diagnostics
testsupport/devsandbox-dashboard/login.go
Logs redacted URLs and conditionally captures body snippets and labeled screenshots on failure.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Setup
  participant TrustArc
  participant LoginPage
  participant SSO
  participant Dashboard
  Setup->>TrustArc: install dismissal handler
  Setup->>LoginPage: navigate and start login
  LoginPage->>SSO: fill credentials and submit
  TrustArc-->>SSO: dismiss consent overlay when present
  SSO-->>LoginPage: password, validation error, dashboard, or profile gate
  LoginPage->>SSO: complete profile gate when present
  SSO->>Dashboard: display Developer Sandbox
  LoginPage->>Dashboard: verify dashboard header
Loading

Possibly related PRs

Suggested labels: regression, test

Suggested reviewers: metlos, xcoulon

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 62.50% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: hardening prod dashboard Playwright SSO login to address recent CI failures.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot added bug Something isn't working test Work that adds, fixes, or maintains automated tests or coverage (unit, integration, e2e, flakiness) labels Jul 13, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@testsupport/devsandbox-dashboard/login.go`:
- Around line 198-221: Update the login failure diagnostics around the URL, page
text, and screenshot capture to avoid exposing SSO data: log only the URL
origin/path with query and fragment removed, and gate page-text logging and
screenshot creation on the explicitly approved artifact-retention policy used by
Setup. Ensure sensitive diagnostics are omitted or redacted when that policy is
not enabled.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 5cd17005-f756-4dd6-8aba-0483bab3597d

📥 Commits

Reviewing files that changed from the base of the PR and between 49206ef and 9d92136.

📒 Files selected for processing (2)
  • testsupport/devsandbox-dashboard/login.go
  • testsupport/devsandbox-dashboard/setup.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • codeready-toolchain/api (manual)
  • codeready-toolchain/toolchain-common (manual)
  • codeready-toolchain/host-operator (manual)
  • codeready-toolchain/toolchain-e2e (manual)
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: govulncheck
  • GitHub Check: Build & push operator bundles & dashboard image for e2e tests
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • testsupport/devsandbox-dashboard/setup.go
  • testsupport/devsandbox-dashboard/login.go
🔇 Additional comments (10)
testsupport/devsandbox-dashboard/setup.go (3)

48-50: LGTM!


120-143: LGTM!


146-158: 🎯 Functional Correctness

Verify the combined locator is always single-match.

Locator.Or is strict: if a consent variant exposes more than one of these actions, IsVisible or Click can fail rather than choosing one. Confirm the buttons are mutually exclusive; otherwise apply an explicit priority (for example, .First()) or probe candidates sequentially.

testsupport/devsandbox-dashboard/login.go (7)

4-24: LGTM!


76-79: LGTM!


81-106: LGTM!


115-123: LGTM!


125-142: LGTM!


152-163: 🎯 Functional Correctness

Verify dashboard readiness before the generic header check.

lp.Header is page.Locator("header"). If the SSO profile page has any <header>, this returns success before detecting the profile gate, so the completion click and failure screenshot are skipped. Use a dashboard-specific selector/text condition, or check the profile gate first.


175-191: LGTM!

Comment thread testsupport/devsandbox-dashboard/login.go Outdated
- Log origin/path only; skip page text/screenshots in CI (ARTIFACT_DIR)
- Check profile gate before dashboard markers to avoid SSO header false positives
- Probe TrustArc accept buttons sequentially instead of Locator.Or

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Feny Mehta <fbm3307@gmail.com>
@coderabbitai coderabbitai Bot removed the bug Something isn't working label Jul 13, 2026
- Auto-dismiss TrustArc mid-login via Page.AddLocatorHandler
- Retry username Fill until the value sticks after SSO remount
- Cover Accept default / Accept all / Required Cookies only buttons

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Feny Mehta <fbm3307@gmail.com>
@fbm3307 fbm3307 changed the title fix: harden prod dashboard SSO login diagnostics for recent CI failures fix: fix prod dashboard SSO login for recent CI failures - Playwright login Jul 13, 2026
@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fbm3307, rajivnathan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [fbm3307,rajivnathan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

- Deduplicate div[name=trustarc_cm] literal flagged by SonarCloud

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Feny Mehta <fbm3307@gmail.com>
@sonarqubecloud

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot added the regression Something that worked before label Jul 14, 2026
@fbm3307 fbm3307 merged commit 016a456 into codeready-toolchain:master Jul 14, 2026
8 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved regression Something that worked before test Work that adds, fixes, or maintains automated tests or coverage (unit, integration, e2e, flakiness)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants