API-1835: fix integration tests

[p0lyn0mial]

pick up openshift/multi-operator-manager#63

fixes: mame: cluster

[openshift-ci-robot]

@p0lyn0mial: This pull request references API-1835 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.21.0" version, but no target version was set.

In response to this:

pick up openshift/multi-operator-manager#63

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Many YAML test fixtures corrected: repeated metadata key typo "mame" → "name" across numerous manifests. Two Event body files were removed and two Event body files added; one Event metadata name value changed. One CSR body’s base64 request content changed. go.mod dependency versions were bumped.

Changes

Cohort / File(s)	Summary
Cluster-scoped authentications metadata key fix test-data/.../cluster-scoped-resources/operator.openshift.io/authentications/*-metadata-cluster.yaml	Rename YAML key mame → name (ApplyStatus / Update files); values unchanged.
Authentication-operator events (metadata & bodies) test-data/.../Management/Create/namespaces/openshift-authentication-operator/core/events/*-metadata-*.yaml, .../*-body-*.yaml	Many event metadata files: mame → name; in .../6471-metadata-...57eb8535.yaml the name value also changed. Two event body files removed (2e46-body-*, 86b1-body-*); two event body files added (de10-body-*, 6471-body-*).
Other cluster-scoped resource metadata fixes test-data/.../cluster-scoped-resources/config.openshift.io/clusteroperators/*.yaml, .../apiextensions.k8s.io/customresourcedefinitions/*.yaml, .../certificates.k8s.io/certificatesigningrequests/*-metadata-*.yaml, .../rbac.authorization.k8s.io/clusterrolebindings/*-metadata-*.yaml, .../rbac.authorization.k8s.io/clusterroles/*.yaml	Rename YAML key mame → name; values unchanged.
Namespace-scoped resource metadata fixes test-data/.../namespaces/openshift-authentication/.../core/{configmaps,secrets,serviceaccounts,services}/*-metadata-*.yaml, test-data/.../namespaces/openshift-config-managed/.../rolebindings/*.yaml, .../roles/*.yaml, .../openshift-oauth-apiserver/.../policy/poddisruptionbudgets/*.yaml, .../openshift-oauth-apiserver/.../serviceaccounts/*.yaml, .../services/*.yaml	Rename YAML key mame → name across many namespace-scoped manifests; values unchanged.
Event metadata / miscellaneous event files (other namespaces) test-data/.../Management/Create/namespaces/.../core/events/*-metadata-*.yaml	Numerous mame → name fixes in other event metadata files.
CSR request content change test-data/.../certificates.k8s.io/certificatesigningrequests/64b2-body-*.yaml	Base64-encoded request content changed; other CSR fields unchanged.
go.mod dependency bumps go.mod	Updated versions for library-go and multiple golang.org/x/* modules; no module path additions/removals.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title “API-1835: fix integration tests” succinctly describes the PR’s primary purpose of resolving failing integration tests by incorporating the upstream multi-operator-manager fix and correcting the “mame: cluster” typo in expected outputs, aligning clearly with the actual changes.
Description Check	✅ Passed	The description notes the upstream pull request being picked up and explicitly references fixing the “mame: cluster” typo, which directly corresponds to the modifications in the test-data expected-output YAML files, making it clearly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[p0lyn0mial]

/assign @bertinatto @benluddy

[openshift-ci-robot]

@p0lyn0mial: This pull request references API-1835 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.21.0" version, but no target version was set.

In response to this:

pick up openshift/multi-operator-manager#63

fixes: mame: cluster

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[p0lyn0mial]

/assign @liouk

for approval

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between a5be73c and b85be47.

⛔ Files ignored due to path filters (92)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/library-go/pkg/manifestclient/mutation_tracker.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/networking.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/library-go/pkg/operator/v1helpers/informers.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/bcrypt/bcrypt.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/cryptobyte/asn1.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/internal/poly1305/sum_asm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_loong64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/parse.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/plan9/pwd_plan9.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/registry/key.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/registry/value.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/security_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/term_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod (2 hunks)

🔇 Additional comments (1)

go.mod (1)

13-13: library-go update has no known security vulnerabilities. GitHub security scan returned no advisories for v0.0.0-20250922131550-42e91dd47fe3; proceed provided CI/integration tests pass to validate compatibility.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify golang.org/x/ dependency updates for security advisories.*

Multiple golang.org/x/* packages have been updated (net, crypto, sync, sys, term, text). These updates may include important security fixes or compatibility improvements for the integration tests.

Run the following script to check for known security vulnerabilities in these Go extended libraries:

Also applies to: 102-108

---

🏁 Script executed:

#!/bin/bash
# Description: Check for security advisories for golang.org/x/* dependencies.

packages=("golang.org/x/net" "golang.org/x/crypto" "golang.org/x/sync" "golang.org/x/sys" "golang.org/x/term" "golang.org/x/text")

for pkg in "${packages[@]}"; do
  echo "Checking $pkg..."
  gh api graphql -f query="
  {
    securityVulnerabilities(first: 5, ecosystem: GO, package: \"$pkg\") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }"
  echo ""
done

Length of output: 3948

---

Upgrade golang.org/x/text to ≥ v0.3.8. All other golang.org/x/* updates (net v0.43.0, crypto v0.42.0, sync v0.17.0, sys v0.36.0, term v0.35.0) exceed their first-patched versions for known security advisories; however, x/text v0.29.0 remains vulnerable to multiple high-severity issues fixed in v0.3.7 and v0.3.8. Bump it to at least v0.3.8.

🤖 Prompt for AI Agents

In go.mod around line 19, the project still requires golang.org/x/text at a
vulnerable version (v0.29.0); update the module requirement to at least v0.3.8
to pick up security fixes, e.g. run `go get golang.org/x/text@v0.3.8` (or a
newer compatible patch), then run `go mod tidy` and run tests/linters to ensure
nothing breaks.

[liouk]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liouk, p0lyn0mial

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [liouk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[p0lyn0mial]

/verify by @p0lyn0mial

(ci/prow/test-operator-integration was green)

[p0lyn0mial]

/verified by @p0lyn0mial

(ci/prow/test-operator-integration was green)

[openshift-ci-robot]

@p0lyn0mial: This PR has been marked as verified by @p0lyn0mial.

In response to this:

/verified by @p0lyn0mial

(ci/prow/test-operator-integration was green)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.