scality · SylvainSenechal · Feb 17, 2026 · Feb 17, 2026 · Feb 19, 2026 · Feb 19, 2026
diff --git a/.devcontainer/README.md b/.devcontainer/README.md
@@ -69,8 +69,12 @@ Now you can use aws cli to interact with the S3 service
 
 ### Inspecting Codespace creation logs
 
-You can inspect the logs of the Codespace creation this way:
-1. Press `Ctrl+Shift+P` (or `Cmd+Shift+P` on Mac)
-2. Type "Codespaces: Export Logs" and select it
-3. A zip file will be downloaded to your local machine
-4. In the zip, look at the `creation.log` file
+You can inspect the logs of the Codespace creation in 2 ways way:
+1. When Codespace creation is still running : 
+Use Cmd/Ctrl + Shift + P -> View Creation Log to see full logs 
+
+2. When the setup is finished, dump the logs : 
+a. Press `Ctrl+Shift+P` (or `Cmd+Shift+P` on Mac)
+b. Type "Codespaces: Export Logs" and select it
+c. A zip file will be downloaded to your local machine
+d. In the zip, look at the `creation.log` file
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -13,6 +13,7 @@
         "ghcr.io/devcontainers/features/docker-in-docker": {},
         "ghcr.io/devcontainers/features/github-cli:1": {},
         "ghcr.io/devcontainers/features/node:1": {},
+        "ghcr.io/devcontainers/features/python:1": {},
         "ghcr.io/devcontainers/features/sshd:1": {},
         "ghcr.io/devcontainers-extra/features/kind:1": {},
         "ghcr.io/devcontainers/features/aws-cli:1": {},
@@ -95,6 +96,7 @@
         "vscode": {
             "extensions": [
                 "ms-kubernetes-tools.vscode-kubernetes-tools",
+                "cucumberopen.cucumber-official"
             ]
         }
     },

diff --git a/.github/scripts/end2end/common.sh b/.github/scripts/end2end/common.sh
@@ -1,11 +1,11 @@
 get_token() {
     curl -k -H "Host: keycloak.zenko.local" \
-        -d "client_id=${OIDC_CLIENT_ID}" \
-        -d "username=${OIDC_USERNAME}" \
-        -d "password=${OIDC_PASSWORD}" \
+        -d "client_id=${KEYCLOAK_TEST_CLIENT_ID}" \
+        -d "username=${KEYCLOAK_TEST_USER}" \
+        -d "password=${KEYCLOAK_TEST_PASSWORD}" \
         -d "grant_type=password" \
         -d "scope=openid" \
-        https://localhost/auth/realms/${OIDC_REALM}/protocol/openid-connect/token | \
+        https://localhost/auth/realms/${KEYCLOAK_TEST_REALM_NAME}/protocol/openid-connect/token | \
         jq -cr '.id_token'
 }
 

diff --git a/.github/scripts/end2end/configs/keycloak_config.json b/.github/scripts/end2end/configs/keycloak_config.json
@@ -1,5 +1,5 @@
 {
-  "realm" : "${OIDC_REALM}",
+  "realm" : "${KEYCLOAK_TEST_REALM_NAME}",
   "enabled" : true,
   "defaultRoles" : [ "uma_authorization", "offline_access" ],
   "roles": {
@@ -9,46 +9,46 @@
         "name": "StorageManager",
         "composite": false,
         "clientRole": false,
-        "containerId": "${OIDC_REALM}",
+        "containerId": "${KEYCLOAK_TEST_REALM_NAME}",
         "attributes": {}
       },
       {
         "id": "f3b3b3b4-1b3b-4b3b-8b3b-3b3b3b3b3b3b",
         "name": "AccountTest::DataAccessor",
         "composite": false,
         "clientRole": false,
-        "containerId": "${OIDC_REALM}",
+        "containerId": "${KEYCLOAK_TEST_REALM_NAME}",
         "attributes": {}
       },
       {
         "id": "3500844c-c325-422d-a010-b674617c99f3",
         "name": "AccountTest::DataConsumer",
         "composite": false,
         "clientRole": false,
-        "containerId": "${OIDC_REALM}",
+        "containerId": "${KEYCLOAK_TEST_REALM_NAME}",
         "attributes": {}
       },
       {
         "id": "7bf3a4e1-3cc3-49bc-a871-a7c3cd43e9f0",
         "name": "AccountTest::StorageAccountOwner",
         "composite": false,
         "clientRole": false,
-        "containerId": "${OIDC_REALM}",
+        "containerId": "${KEYCLOAK_TEST_REALM_NAME}",
         "attributes": {}
       }
     ]
   },
   "requiredCredentials" : [ "password" ],
   "users" : [
     {
-      "username": "${OIDC_USERNAME}-norights",
+      "username": "${KEYCLOAK_TEST_USER}-norights",
       "enabled": true,
       "totp": false,
       "emailVerified": false,
       "email": "e2e-norights@zenko.local",
       "attributes": {
         "instanceIds": [
-            "${INSTANCE_ID}"
+            "${ZENKO_INSTANCE_ID}"
         ],
         "role": [
           "user"
@@ -85,7 +85,7 @@
       "email": "storage_manager@zenko.local",
       "attributes": {
         "instanceIds": [
-            "${INSTANCE_ID}"
+            "${ZENKO_INSTANCE_ID}"
         ],
         "role": [
           "user"
@@ -123,7 +123,7 @@
       "email": "data_consumer@zenko.local",
       "attributes": {
         "instanceIds": [
-            "${INSTANCE_ID}"
+            "${ZENKO_INSTANCE_ID}"
         ],
         "role": [
           "user"
@@ -161,7 +161,7 @@
       "email": "storage_account_owner@zenko.local",
       "attributes": {
         "instanceIds": [
-            "${INSTANCE_ID}"
+            "${ZENKO_INSTANCE_ID}"
         ],
         "role": [
           "user"
@@ -193,7 +193,7 @@
     }
   ],
   "clients" : [ {
-    "clientId" : "${OIDC_CLIENT_ID}",
+    "clientId" : "${KEYCLOAK_TEST_CLIENT_ID}",
     "rootUrl": "http://keycloack.zenko.local",
     "adminUrl": "/",
     "surrogateAuthRequired" : false,

diff --git a/.github/scripts/end2end/configs/keycloak_user.json b/.github/scripts/end2end/configs/keycloak_user.json
@@ -1,5 +1,5 @@
 {
-  "username": "${OIDC_USERNAME}",
+  "username": "${KEYCLOAK_TEST_USER}",
   "enabled": true,
   "totp": false,
   "emailVerified": true,
@@ -8,7 +8,7 @@
   "email": "${OIDC_EMAIL}",
   "attributes": {
     "instanceIds": [
-        "${INSTANCE_ID}"
+        "${ZENKO_INSTANCE_ID}"
     ],
     "role": [
       "user"

diff --git a/.github/scripts/end2end/configs/zenko.yaml b/.github/scripts/end2end/configs/zenko.yaml
@@ -87,10 +87,10 @@ spec:
   management:
     provider: InCluster
     oidc:
-      provider: '${OIDC_ENDPOINT}/auth/realms/${OIDC_REALM}'
+      provider: '${KEYCLOAK_TEST_ENDPOINT}/auth/realms/${KEYCLOAK_TEST_REALM_NAME}'
       federatedProviders:
-        - '${OIDC_ENDPOINT}/auth/realms/${OIDC_REALM}'
-      vaultClientId: ${OIDC_CLIENT_ID}
+        - '${KEYCLOAK_TEST_ENDPOINT}/auth/realms/${KEYCLOAK_TEST_REALM_NAME}'
+      vaultClientId: ${KEYCLOAK_TEST_CLIENT_ID}
     api:
       ingress:
         hostname: ${ZENKO_MANAGEMENT_INGRESS}

diff --git a/.github/scripts/end2end/enable-https.sh b/.github/scripts/end2end/enable-https.sh
@@ -60,8 +60,8 @@ kubectl patch zenko/${ZENKO_NAME} --type=merge -p '{
 kubectl wait --for condition=Available --timeout 5m zenko/${ZENKO_NAME}
 
 # Update environment variables to use HTTPS URLs
-echo "OIDC_ENDPOINT=https://keycloak.zenko.local" >> $GITHUB_ENV
-echo "OIDC_HOST=keycloak.zenko.local" >> $GITHUB_ENV
+echo "KEYCLOAK_TEST_ENDPOINT=https://keycloak.zenko.local" >> $GITHUB_ENV
+echo "KEYCLOAK_TEST_HOST=keycloak.zenko.local" >> $GITHUB_ENV
 echo "ENABLE_KEYCLOAK_HTTPS=true" >> $GITHUB_ENV
 
 # Set the HTTPS ingress options for Keycloak

diff --git a/.github/scripts/end2end/keycloak-helper.sh b/.github/scripts/end2end/keycloak-helper.sh
@@ -29,34 +29,34 @@ case $COMMAND in
     "add-user")
         refresh_creds
 
-        export INSTANCE_ID=`kubectl -n ${NAMESPACE} get zenko ${ZENKO_NAME} -o jsonpath='{.status.instanceID}'`
+        export ZENKO_INSTANCE_ID=`kubectl -n ${NAMESPACE} get zenko ${ZENKO_NAME} -o jsonpath='{.status.instanceID}'`
 
         export OIDC_EMAIL=${OIDC_EMAIL:-"e2e@zenko.local"}
 
         envsubst < $DIR/configs/keycloak_user.json | \
-            ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh create users -r ${OIDC_REALM} -f -
+            ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh create users -r ${KEYCLOAK_TEST_REALM_NAME} -f -
 
         ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh set-password \
-            -r ${OIDC_REALM} \
-            --username ${OIDC_USERNAME} \
-            --new-password ${OIDC_PASSWORD}
+            -r ${KEYCLOAK_TEST_REALM_NAME} \
+            --username ${KEYCLOAK_TEST_USER} \
+            --new-password ${KEYCLOAK_TEST_PASSWORD}
 
         # attach StorageManager role to user
         ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh add-roles \
-          -r ${OIDC_REALM} \
-          --uusername ${OIDC_USERNAME} \
+          -r ${KEYCLOAK_TEST_REALM_NAME} \
+          --uusername ${KEYCLOAK_TEST_USER} \
           --rolename "StorageManager"
         ;;
 
     "set-user-instance-ids")
         refresh_creds
 
-        export INSTANCE_ID=`kubectl -n ${NAMESPACE} get zenko -o jsonpath='{.items[0].status.instanceID}'`
+        export ZENKO_INSTANCE_ID=`kubectl -n ${NAMESPACE} get zenko -o jsonpath='{.items[0].status.instanceID}'`
 
         # get user id
-        USER_ID=$(${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh get users -r ${OIDC_REALM} -q "username=${OIDC_USERNAME}" | jq -r '.[0].id')
+        USER_ID=$(${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh get users -r ${KEYCLOAK_TEST_REALM_NAME} -q "username=${KEYCLOAK_TEST_USER}" | jq -r '.[0].id')
         # set instanceIds array attribute for user
-        ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh update users/${USER_ID} -r ${OIDC_REALM} -s 'attributes={"instanceIds":["'"${INSTANCE_ID}"'"],"role":"user"}'
+        ${KEYCLOAK_EXEC} /opt/jboss/keycloak/bin/kcadm.sh update users/${USER_ID} -r ${KEYCLOAK_TEST_REALM_NAME} -s 'attributes={"instanceIds":["'"${ZENKO_INSTANCE_ID}"'"],"role":"user"}'
 
 
         ;;