Integrate BYOIP with Cluster Profile Sets

[danilo-gemoli]

The "Bring Your Own IP Pool" feature assumes a cluster profile to be defined at configuration time:

tests:
- as: e2e
  steps:
    cluster_profile: aws

but it doesn't work as intended when a Cluster Profile Set is used.

The following depicts a scenario in which a test uses the Cluster Profile Set functionality that breaks BYOIP.

ci-operator test's configuration:

tests:
- as: e2e
  steps:
    cluster_profile: openhishift-org-aws

1. ci-operator acquires a lease of type openhishift-org-aws and it gets aws--us-east-1--quota-slice-001
2. The lease name at (1) is parsed and the cluster profile aws is load
   a. The cluster profile aws is a legitimate profile for using BYOIP
3. ci-operator tries to acquire some leases for BYOIP but it considers the profile openhishift-org-aws (statically defined) rather than aws
4. No IP pool is claimed
5. Test fails

This PR addresses the issue above by taking into account the cluster profile defined at runtime aws rather than the static one openshift-org-aws.
If no Cluster Profile Set is in use, it falls back to the old behaviour.

BYOIP Integration with Cluster Profile Sets

This PR fixes a BYOIP (Bring Your Own IP Pool) integration bug in ci-operator so IP pools are claimed using the runtime cluster profile when Cluster Profile Sets are used.

What changed, in practical terms

• Component affected: ci-operator (lease/IP-pool handling and multi-stage step wiring).
• Problem fixed: When ci-operator acquired a lease whose name encodes a runtime profile (e.g., lease "aws--us-east-1--quota-slice-001" ⇒ runtime profile "aws"), BYOIP continued to use the static cluster_profile from test config (e.g., "openshift-org-aws"). That mismatch prevented claiming the correct IP pool and caused tests to fail.
• Behavior change: BYOIP now uses the cluster profile determined at runtime (parsed from the acquired lease / present in job parameters) when Cluster Profile Sets are in use; when no Cluster Profile Set is involved it falls back to previous static behavior.

Key implementation points

• IPPoolLeaseForTest signature changed to accept an explicit ClusterProfile and branch so callers can pass either the static or the runtime profile.
• New helper ClusterProfileFromParams(params) extracts the runtime profile from job parameters so downstream steps can read the profile chosen when the lease was acquired.
• IPPoolStep now accepts profile and branch inputs and re-initializes its lease using the profile found in params at run-time; if no IP-pool lease is applicable it skips acquiring/releasing leases and simply runs the wrapped step.
• Multi-stage test setup and defaults were adjusted so IP-pool handling is applied based on actual leases present and the runtime profile is resolved inside multi-stage steps.
• Tests updated to exercise the new function shapes and the "no IP-pool available" path.

Impact

• CI users: Tests that use Cluster Profile Sets and require BYOIP will now successfully claim the correct IP pools and avoid failures caused by using the wrong (static) profile.
• CI operators: Runtime profile selection is now honored for IP-pool acquisition while keeping backward compatibility for jobs that use a static cluster_profile. The change is internal to ci-operator lease/step wiring and should be transparent to job authors.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactors IP-pool lease initialization to accept an explicit ClusterProfile and branch instead of deriving them from test configuration. Introduces ClusterProfileFromParams. Propagates signature and behavior changes through IPPoolStep, multi-stage wiring, defaults, and tests; runtime profile extraction and conditional lease acquisition were adjusted.

Changes

IP Pool Lease Refactoring

Layer / File(s)	Summary
API Signature / Behavior pkg/api/leases.go	IPPoolLeaseForTest signature changed to IPPoolLeaseForTest(profile ClusterProfile, branch string); early-return when profile == ""; branch validation now uses provided branch.
API Helper pkg/api/types.go	Added ClusterProfileFromParams(params Parameters) (ClusterProfile, error) that returns empty profile for nil params or reads ClusterProfileParam via params.Get.
Step Constructor / Fields pkg/steps/ip_pool.go	IPPoolStep constructor updated to accept profile and branch; stores ipPoolLeaseFunc (callable by profile/branch) instead of a fixed StepLease.
Runtime Lease Init & Run pkg/steps/ip_pool.go	run() derives cluster profile from s.params, updates s.profile when present, reinitializes s.ipPoolLease via s.ipPoolLeaseFunc, and skips acquire/release when no ResourceType is present (centralized via ipPoolLeaseAvailable()).
Provides / Env Reporting pkg/steps/ip_pool.go	Provides() now always sets api.DefaultIPPoolLeaseEnv to the stringified len(s.ipPoolLease.resources).
Defaults / Wiring pkg/defaults/defaults.go	Deferred parameters are enabled only when api.LeasesForTest(c) returns non-empty leases; steps.IPPoolStep is applied only when len(leases) != 0 (removed previous ipPoolLease.ResourceType gating).
Multi-stage Runner pkg/steps/multi_stage/multi_stage.go	Multi-stage step now obtains clusterProfile via api.ClusterProfileFromParams(s.params) (local helper removed).
Tests pkg/api/leases_test.go, pkg/steps/ip_pool_test.go	Tests updated to call IPPoolLeaseForTest with ClusterProfile and branch; ip_pool tests use an ipPoolLeaseFunc adapter and add a case where an empty api.StepLease{} causes the wrapped step to run without lease acquire/release calls.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 27.27% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main purpose of the PR—integrating BYOIP functionality with Cluster Profile Sets—which is confirmed by the changes refactoring lease and profile handling throughout the codebase.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/api/leases.go`:
- Around line 30-45: The exported function signature for IPPoolLeaseForTest was
changed and will break downstream callers; restore the original exported
entrypoint IPPoolLeaseForTest(s *MultiStageTestConfigurationLiteral, metadata
Metadata) as a compatibility wrapper that adapts its parameters to the new
ClusterProfile+branch form and calls the new helper (e.g.,
ipPoolLeaseForTestFromProfile or IPPoolLeaseForTestProfile) which contains the
current logic that uses profile.IPPoolLeaseType(),
profile.IPPoolLeaseShouldValidateBranch(), and
branchValidForIPPoolLease(branch); keep the new logic in that helper and ensure
the wrapper returns the same StepLease type so existing vendored code continues
to compile.

In `@pkg/api/types.go`:
- Around line 2611-2616: ClusterProfileFromParams currently returns the error
from params.Get(ClusterProfileParam) which surfaces missing-parameter errors and
prevents callers from falling back to the static cluster_profile; change it so
that after calling params.Get(ClusterProfileParam) you detect the "parameter not
found" / missing-parameter error (e.g., parameters.ErrNotFound or the
package-specific not-found sentinel returned by Get) and treat that case as "no
override" by returning ClusterProfile("") and nil, while still returning any
other non-nil errors from params.Get unchanged.

In `@pkg/defaults/defaults.go`:
- Around line 366-367: The PR unconditionally wraps every multi-stage step with
steps.IPPoolStep which causes ipPoolStep.Validate to return
NoLeaseClientForIPErr when cfg.LeaseClient is nil; update the wrapping so
IPPoolStep is only applied when a lease client is available (or when the test is
actually IP-pool-eligible). Concretely, after creating the step via
multi_stage.MultiStageTestStep(*c, ...), guard the call to steps.IPPoolStep with
a check for cfg.LeaseClient != nil (or the existing IP-pool eligibility
predicate) so that IPPoolStep is not constructed/validated when cfg.LeaseClient
is nil; reference symbols: multi_stage.MultiStageTestStep, steps.IPPoolStep,
ipPoolStep.Validate, and NoLeaseClientForIPErr.
- Around line 358-367: The branch only wraps cfg.params into a per-test
DeferredParameters when leases exist, which lets later multi-stage tests
overwrite the shared provider; to fix, always clone cfg.params for each
multi-stage test by creating a per-test DeferredParameters unconditionally (use
api.NewDeferredParameters on cfg.params or otherwise assign params :=
api.NewDeferredParameters(cfg.params)) before calling
multi_stage.MultiStageTestStep and steps.IPPoolStep so IPPoolStep's provided
IP_POOL_AVAILABLE cannot leak between tests; update the code around params,
api.NewDeferredParameters, multi_stage.MultiStageTestStep and steps.IPPoolStep
accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 83e1126b-e78c-4ad0-b7ba-b77a8b25be07

📥 Commits

Reviewing files that changed from the base of the PR and between 582d460 and 6ab95fd.

📒 Files selected for processing (7)

• pkg/api/leases.go
• pkg/api/leases_test.go
• pkg/api/types.go
• pkg/defaults/defaults.go
• pkg/steps/ip_pool.go
• pkg/steps/ip_pool_test.go
• pkg/steps/multi_stage/multi_stage.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Keep the old IPPoolLeaseForTest entrypoint until downstream repos migrate.

This exported signature change will break the vendored callers in openshift/release-controller and openshift/ci-chat-bot, which still compile against IPPoolLeaseForTest(s *MultiStageTestConfigurationLiteral, metadata Metadata). Please keep a compatibility wrapper and move the new logic behind a differently named helper, or land the downstream updates in lockstep.

As per coding guidelines, pkg/api/**: Changes here affect every repository that uses OpenShift CI.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/api/leases.go` around lines 30 - 45, The exported function signature for
IPPoolLeaseForTest was changed and will break downstream callers; restore the
original exported entrypoint IPPoolLeaseForTest(s
*MultiStageTestConfigurationLiteral, metadata Metadata) as a compatibility
wrapper that adapts its parameters to the new ClusterProfile+branch form and
calls the new helper (e.g., ipPoolLeaseForTestFromProfile or
IPPoolLeaseForTestProfile) which contains the current logic that uses
profile.IPPoolLeaseType(), profile.IPPoolLeaseShouldValidateBranch(), and
branchValidForIPPoolLease(branch); keep the new logic in that helper and ensure
the wrapper returns the same StepLease type so existing vendored code continues
to compile.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Clone params for every multi-stage test now that IPPoolStep always provides a parameter.

IPPoolStep.Provides() now always registers IP_POOL_AVAILABLE, but this branch only creates a per-test DeferredParameters when standard leases exist. That lets later multi-stage tests overwrite the shared provider in cfg.params, so an AWS test without normal leases can read another test’s lease count instead of its own.

Suggested fix

 	if test := c.MultiStageTestConfigurationLiteral; test != nil {
-		params := cfg.params
+		params := api.NewDeferredParameters(cfg.params)
 
 		leases := api.LeasesForTest(c)
-		if len(leases) != 0 {
-			params = api.NewDeferredParameters(params)
-		}
 
 		var ret []api.Step

As per coding guidelines, pkg/steps/**: Changes here directly affect how CI jobs execute for all OpenShift repos.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	params := cfg.params
	leases := api.LeasesForTest(c)
	ipPoolLease := api.IPPoolLeaseForTest(test, cfg.CIConfig.Metadata)
	if len(leases) != 0 || ipPoolLease.ResourceType != "" {
	if len(leases) != 0 {
	params = api.NewDeferredParameters(params)
	}
	var ret []api.Step
	step := multi_stage.MultiStageTestStep(*c, cfg.CIConfig, params, cfg.podClient, cfg.JobSpec, leases, cfg.NodeName, cfg.TargetAdditionalSuffix, nil, cfg.GSMConfig != nil, cfg.GSMConfig, isLeaseProxyServerAvailable(cfg), retry.DefaultRetry)
	if ipPoolLease.ResourceType != "" {
	step = steps.IPPoolStep(cfg.LeaseClient, cfg.podClient, ipPoolLease, step, params, cfg.JobSpec.Namespace, cfg.MetricsAgent)
	}
	step = steps.IPPoolStep(cfg.LeaseClient, cfg.podClient, step, params, cfg.JobSpec.Namespace, cfg.MetricsAgent, test.ClusterProfile, cfg.CIConfig.Metadata.Branch)
	params := api.NewDeferredParameters(cfg.params)
	leases := api.LeasesForTest(c)
	var ret []api.Step
	step := multi_stage.MultiStageTestStep(*c, cfg.CIConfig, params, cfg.podClient, cfg.JobSpec, leases, cfg.NodeName, cfg.TargetAdditionalSuffix, nil, cfg.GSMConfig != nil, cfg.GSMConfig, isLeaseProxyServerAvailable(cfg), retry.DefaultRetry)
	step = steps.IPPoolStep(cfg.LeaseClient, cfg.podClient, step, params, cfg.JobSpec.Namespace, cfg.MetricsAgent, test.ClusterProfile, cfg.CIConfig.Metadata.Branch)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/defaults/defaults.go` around lines 358 - 367, The branch only wraps
cfg.params into a per-test DeferredParameters when leases exist, which lets
later multi-stage tests overwrite the shared provider; to fix, always clone
cfg.params for each multi-stage test by creating a per-test DeferredParameters
unconditionally (use api.NewDeferredParameters on cfg.params or otherwise assign
params := api.NewDeferredParameters(cfg.params)) before calling
multi_stage.MultiStageTestStep and steps.IPPoolStep so IPPoolStep's provided
IP_POOL_AVAILABLE cannot leak between tests; update the code around params,
api.NewDeferredParameters, multi_stage.MultiStageTestStep and steps.IPPoolStep
accordingly.

[coderabbitai]

♻️ Duplicate comments (1)

pkg/defaults/defaults.go (1)

361-370: ⚠️ Potential issue | 🟠 Major

BYOIP acquisition is skipped when no standard leases are requested

Conditioning IPPoolStep on len(leases) != 0 removes the prior BYOIP path for tests that need an IP pool but do not request regular leases. That regresses the fallback behavior.

Suggested fix

 		leases := api.LeasesForTest(c)
-		if len(leases) != 0 {
+		ipPoolLease := api.IPPoolLeaseForTest(test.ClusterProfile, cfg.CIConfig.Metadata.Branch)
+		needsIPPool := ipPoolLease.ResourceType != ""
+		if len(leases) != 0 || needsIPPool {
 			params = api.NewDeferredParameters(params)
 		}
@@
-		if len(leases) != 0 {
+		if len(leases) != 0 || needsIPPool {
 			step = steps.IPPoolStep(cfg.LeaseClient, cfg.podClient, step, params, cfg.JobSpec.Namespace, cfg.MetricsAgent, test.ClusterProfile, cfg.CIConfig.Metadata.Branch)
+		}
+		if len(leases) != 0 {
 			step = steps.LeaseStep(cfg.LeaseClient, leases, step, cfg.JobSpec.Namespace, cfg.MetricsAgent, cfg.kubeClient, cfg.ClusterProfileGetter)
 		}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/defaults/defaults.go` around lines 361 - 370, The conditional wrapping
that only adds IPPoolStep when len(leases) != 0 erroneously skips the BYOIP/IP
pool fallback for tests that need a pool but request no regular leases; update
the logic in defaults.go so that steps.IPPoolStep(cfg.LeaseClient,
cfg.podClient, step, params, cfg.JobSpec.Namespace, cfg.MetricsAgent,
test.ClusterProfile, cfg.CIConfig.Metadata.Branch) is applied regardless of
leases length (or guard it with a specific “needs IP pool” condition), leaving
steps.LeaseStep(...) still conditional on len(leases) != 0; locate the code
around multi_stage.MultiStageTestStep, the variable leases, and the
IPPoolStep/LeaseStep calls to make this change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@pkg/defaults/defaults.go`:
- Around line 361-370: The conditional wrapping that only adds IPPoolStep when
len(leases) != 0 erroneously skips the BYOIP/IP pool fallback for tests that
need a pool but request no regular leases; update the logic in defaults.go so
that steps.IPPoolStep(cfg.LeaseClient, cfg.podClient, step, params,
cfg.JobSpec.Namespace, cfg.MetricsAgent, test.ClusterProfile,
cfg.CIConfig.Metadata.Branch) is applied regardless of leases length (or guard
it with a specific “needs IP pool” condition), leaving steps.LeaseStep(...)
still conditional on len(leases) != 0; locate the code around
multi_stage.MultiStageTestStep, the variable leases, and the
IPPoolStep/LeaseStep calls to make this change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 049df236-0941-4ad1-b8d6-341f3631808b

📥 Commits

Reviewing files that changed from the base of the PR and between 6ab95fd and 976745e.

📒 Files selected for processing (7)

• pkg/api/leases.go
• pkg/api/leases_test.go
• pkg/api/types.go
• pkg/defaults/defaults.go
• pkg/steps/ip_pool.go
• pkg/steps/ip_pool_test.go
• pkg/steps/multi_stage/multi_stage.go

🚧 Files skipped from review as they are similar to previous changes (6)

• pkg/api/leases_test.go
• pkg/steps/multi_stage/multi_stage.go
• pkg/steps/ip_pool_test.go
• pkg/api/leases.go
• pkg/steps/ip_pool.go
• pkg/api/types.go

[danilo-gemoli]

/test e2e

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danilo-gemoli, jmguzik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [danilo-gemoli,jmguzik]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 582d460 and 2 for PR HEAD 976745e in total

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[danilo-gemoli]

/test e2e

[openshift-ci]

@danilo-gemoli: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/breaking-changes	976745e	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.