CNTRLPLANE-2789: add StatefulSet test case to controlplane-component reconcile tests by hypershift-jira-solve-ci[bot] · Pull Request #7764 · openshift/hypershift

hypershift-jira-solve-ci · 2026-02-20T01:54:39Z

What this PR does / why we need it:

Adds StatefulSet test coverage to the controlplane-component reconcile tests. The reconcile logic handles both Deployment and StatefulSet workloads, but only the Deployment path was previously covered. This resolves the TODO in controlplane-component_test.go requesting a StatefulSet test case.

Key changes:

Add a statefulset.yaml asset manifest for the test-component fixture, mirroring the existing deployment.yaml
Refactor the test table to be parameterized with newComponent and getWorkload functions so the same builtin HyperShift opinion validations (labels, affinity, volume permissions, image pull policy, service account kubeconfig injection, etc.) are exercised for both Deployment and StatefulSet workload types
Add a workloadResult struct to extract common fields (labels, PodTemplateSpec, replicas) from either workload kind
Follow Go conventions: context.Context as first parameter, nil guards before pointer dereference, unexported test helper names

Which issue(s) this PR fixes:

Fixes https://issues.redhat.com/browse/CNTRLPLANE-2789

Special notes for your reviewer:

The existing Deployment tests are unchanged in behavior — they are simply restructured into the parameterized table alongside the new StatefulSet test case.

Checklist:

Subject and description added to both, commit and PR.
Relevant issues have been referenced.
This change includes docs.
This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2789](https://issues.redhat.com/browse/CNTRLPLANE-2789)

Summary by CodeRabbit

Tests
- Enhanced test infrastructure to validate both Deployment and StatefulSet workloads with a unified reconciliation and verification flow, consolidating shared workload checks (labels, pod template, replicas, probes, volumes, affinity).
Chores
- Added a new single-instance StatefulSet manifest for the test component with health checks, resource requests, and secret/config-based volumes.
- Made the test component's ConfigMap reference explicit (named) in the existing deployment asset.

openshift-ci-robot · 2026-02-20T01:54:41Z

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

openshift-ci-robot · 2026-02-20T01:54:43Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

hypershift-jira-solve-ci · 2026-02-20T01:54:43Z

/auto-cc

openshift-ci-robot · 2026-02-20T01:54:46Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-02-20T01:55:02Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 7ca4ffa and 397c6c0.

📒 Files selected for processing (3)

control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/deployment.yaml
control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml
support/controlplane-component/controlplane-component_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml

Walkthrough

Adds a new StatefulSet YAML asset for a test component, makes a small Deployment volume metadata change, and refactors tests to support both Deployment and StatefulSet workloads with per-kind constructors and a shared workload extraction.

Changes

Cohort / File(s)	Summary
New StatefulSet asset `control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml`	Adds a new StatefulSet manifest for `test-component` (replicas: 1) with pod spec, container command/args, imagePullPolicy: Always, tightened container securityContext, liveness/readiness HTTP probes on /health-check:8085, resource requests, and Secret/ConfigMap volumes (placeholders for builtin reconciliation).
Deployment volume metadata tweak `control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/deployment.yaml`	Adds `name: my-configmap` to the existing ConfigMap volume entry to explicitly reference the ConfigMap.
Test refactor & additions `support/controlplane-component/controlplane-component_test.go`	Reworks tests: replaces single constructor with `newDeploymentComponentForTest` and `newStatefulSetComponentForTest`, introduces `workloadResult` and per-kind `getWorkload` extraction, updates TestReconcile to validate shared workload fields (labels, podTemplate, replicas, volumes, affinity, kubeconfig/serviceaccount), and removes the old `NewComponent()` export.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Test violates Single Responsibility Principle by testing 13+ distinct concerns in one block and lacks assertion messages on 15+ critical assertions.	Refactor into focused test cases and add descriptive failure messages to all assertions following existing patterns from lines 263-264, 313, 323.
Stable And Deterministic Test Names	❓ Inconclusive	Test files referenced in PR summary could not be located in repository to verify test name stability.	Verify that PR changes have been properly pulled into the repository and provide access to the modified test file or specific test names for review.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main objective: adding StatefulSet test case coverage to controlplane-component reconcile tests, which is the primary purpose of the changes.

✨ Finishing Touches

📝 Generate docstrings (stacked PR)
📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-02-20T01:55:18Z

Hi @hypershift-jira-solve-ci[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

bryan-cox · 2026-02-20T02:01:09Z

/test unit
/test verify

openshift-ci-robot · 2026-02-20T02:02:14Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai

🧹 Nitpick comments (3)

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml`:
- Around line 18-62: The container spec for the container named "test-component"
in statefulset.yaml lacks a container-level securityContext; add a
securityContext block under the container (the item with name: test-component)
that explicitly sets allowPrivilegeEscalation: false and enforces non-root
(e.g., runAsNonRoot: true and a safe runAsUser like 1000) to satisfy baseline
pod-security checks and prevent privilege escalation.

In `@support/controlplane-component/controlplane-component_test.go`:
- Around line 261-262: The test accesses nested fields
result.podTemplate.Spec.Affinity.NodeAffinity and .PodAffinity without verifying
Affinity is non-nil; add a nil guard by asserting
result.podTemplate.Spec.Affinity is not nil (e.g.,
g.Expect(result.podTemplate.Spec.Affinity).NotTo(BeNil())) before asserting on
NodeAffinity and PodAffinity, then keep the existing equality checks for
NodeAffinity and PodAffinity to avoid panics and produce clear test failures.
- Line 215: Add a nil-guard assertion before dereferencing
AutomountServiceAccountToken in the test: first assert that
result.podTemplate.Spec.AutomountServiceAccountToken is not nil (e.g.
g.Expect(result.podTemplate.Spec.AutomountServiceAccountToken).ToNot(BeNil())),
then assert its boolean value
(g.Expect(*result.podTemplate.Spec.AutomountServiceAccountToken).To(BeFalse())).
This ensures clearer test failures if AutomountServiceAccountToken is
unexpectedly nil while keeping the existing check on its value.

hypershift-jira-solve-ci · 2026-02-20T08:05:12Z

@coderabbitai Thanks for the nitpick suggestions — all three have been addressed:

Container securityContext in test statefulset.yaml: Added allowPrivilegeEscalation: false, runAsNonRoot: true, and capabilities.drop: ["ALL"] to the container spec.
Nil guard for Affinity: Added g.Expect(result.podTemplate.Spec.Affinity).NotTo(BeNil()) before accessing nested fields.
Nil guard for AutomountServiceAccountToken: Added nil assertion before dereferencing the pointer.

AI-assisted response via Claude Code

hypershift-jira-solve-ci · 2026-02-20T08:06:28Z

Addressed all three nitpick suggestions from the latest review:

statefulset.yaml: Added container-level securityContext with allowPrivilegeEscalation: false, runAsNonRoot: true, and capabilities.drop: ["ALL"] to satisfy baseline pod-security checks.
controlplane-component_test.go: Added nil guard for AutomountServiceAccountToken before dereferencing.
controlplane-component_test.go: Added nil guard for Affinity before accessing .NodeAffinity and .PodAffinity.

All changes amended into the existing review-fixes commit. Tests pass.

AI-assisted response via Claude Code

openshift-ci-robot · 2026-02-20T08:12:26Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml`:
- Around line 82-87: The ConfigMap volume definition for the volume named
"my-configmap" is missing the required configMap.name field; update the
configMap block under that volume (the volume with name: my-configmap) to
include a name: "<your-configmap-resource-name>" entry that points to the
ConfigMap resource to mount (e.g., add name: my-configmap or the actual
ConfigMap's metadata.name).

control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml

openshift-ci-robot · 2026-02-20T11:21:12Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

hypershift-jira-solve-ci · 2026-02-23T08:26:02Z

@coderabbitai Thanks for catching the missing configMap.name field. This was already addressed in commit a13d1d8 — the name: my-configmap field is now present in the configMap volume definition at line 84 of statefulset.yaml.

AI-assisted response via Claude Code

bryan-cox · 2026-02-23T11:08:31Z

/ok-to-test

openshift-ci · 2026-02-23T11:13:06Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, hypershift-jira-solve-ci[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

bryan-cox · 2026-02-23T17:06:25Z

/lgtm cancel

bryan-cox · 2026-02-23T17:11:22Z

hypershift-jira-solve-ci - please squash all three commits together

bryan-cox · 2026-02-23T17:11:32Z

/test address-review-comments

…ests Resolve the TODO at controlplane-component_test.go requesting a StatefulSet test case. The reconcile logic handles both Deployment and StatefulSet workloads, but only the Deployment path was covered. The test table is refactored to be parameterized with newComponent and getWorkload functions so the same builtin hypershift opinion validations (labels, affinity, volume permissions, image pull policy, service account kubeconfig injection, etc.) are exercised for both workload types. A workloadResult struct extracts the common fields (labels, PodTemplateSpec, replicas) from either workload kind. Also adds a statefulset.yaml asset manifest for the test-component fixture, mirroring the existing deployment.yaml, required for the StatefulSet reconcile test case to load its workload manifest via LoadStatefulSetManifest. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

hypershift-jira-solve-ci · 2026-02-23T17:14:21Z

Done. All three commits have been squashed into a single commit: test: add StatefulSet test case to controlplane-component reconcile tests.

AI-assisted response via Claude Code

enxebre · 2026-02-23T17:18:58Z

/lgtm

openshift-ci-robot · 2026-02-23T17:20:11Z

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

cwbotbot · 2026-02-23T17:57:36Z

Test Results

e2e-aws

Status: ❌ FAIL
Started: 2026-02-23T11:13:36Z
View Job
View Job History

Failed Tests

Total failed tests: 2

TestCreateClusterPrivateWithRouteKAS
TestCreateClusterPrivateWithRouteKAS/Teardown

e2e-aks

Status: ✅ PASS
Started: 2026-02-23T11:13:30Z
View Job
View Job History

bryan-cox · 2026-02-23T17:59:16Z

/verified by UTs

openshift-ci-robot · 2026-02-23T17:59:35Z

@bryan-cox: This PR has been marked as verified by UTs.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2026-02-24T08:57:14Z

@hypershift-jira-solve-ci[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws	`7ca4ffa`	link	true	`/test e2e-aws`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

enxebre · 2026-02-24T21:33:48Z

/retest

bryan-cox · 2026-02-25T12:50:10Z

/retest

bryan-cox · 2026-02-26T10:57:39Z

/override "Red Hat Konflux / hypershift-operator-main-enterprise-contract / hypershift-operator-main"

bryan-cox · 2026-02-26T10:57:54Z

/override "Red Hat Konflux / hypershift-operator-enterprise-contract / hypershift-operator-main"

openshift-ci · 2026-02-26T10:58:03Z

@bryan-cox: Overrode contexts on behalf of bryan-cox: Red Hat Konflux / hypershift-operator-main-enterprise-contract / hypershift-operator-main

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci · 2026-02-26T10:58:20Z

@bryan-cox: Overrode contexts on behalf of bryan-cox: Red Hat Konflux / hypershift-operator-enterprise-contract / hypershift-operator-main

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

bryan-cox · 2026-02-26T13:18:42Z

/test address-review-comments

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 20, 2026

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 20, 2026

openshift-ci bot added the do-not-merge/needs-area label Feb 20, 2026

openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Feb 20, 2026

openshift-ci bot requested review from csrwng and sjenning February 20, 2026 01:55

coderabbitai bot reviewed Feb 20, 2026

View reviewed changes

hypershift-jira-solve-ci bot force-pushed the fix-CNTRLPLANE-2789 branch from 1dd580d to e73f81b Compare February 20, 2026 08:04

coderabbitai bot reviewed Feb 20, 2026

View reviewed changes

control-plane-operator/controllers/hostedcontrolplane/v2/assets/test-component/statefulset.yaml Show resolved Hide resolved

hypershift-jira-solve-ci bot force-pushed the fix-CNTRLPLANE-2789 branch 2 times, most recently from a13d1d8 to 7ca4ffa Compare February 20, 2026 11:05

openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 23, 2026

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 23, 2026

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Feb 23, 2026

hypershift-jira-solve-ci bot force-pushed the fix-CNTRLPLANE-2789 branch from 7ca4ffa to 397c6c0 Compare February 23, 2026 17:14

openshift-ci bot assigned enxebre Feb 23, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 23, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Feb 23, 2026

enxebre marked this pull request as ready for review February 24, 2026 08:21

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 24, 2026

openshift-ci bot requested review from devguyio and muraee February 24, 2026 08:27

enxebre added the acknowledge-critical-fixes-only Indicates if the issuer of the label is OK with the policy. label Feb 24, 2026

Conversation

hypershift-jira-solve-ci bot commented Feb 20, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented Feb 20, 2026

Uh oh!

openshift-ci-robot commented Feb 20, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Uh oh!

hypershift-jira-solve-ci bot commented Feb 20, 2026

Uh oh!

openshift-ci-robot commented Feb 20, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Uh oh!

coderabbitai bot commented Feb 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Pre-merge checks failed

❌ Failed checks (2 warnings, 1 inconclusive)

Uh oh!

openshift-ci bot commented Feb 20, 2026

Uh oh!

bryan-cox commented Feb 20, 2026

Uh oh!

openshift-ci-robot commented Feb 20, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

hypershift-jira-solve-ci bot commented Feb 20, 2026

Uh oh!

hypershift-jira-solve-ci bot commented Feb 20, 2026

Uh oh!

openshift-ci-robot commented Feb 20, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

openshift-ci-robot commented Feb 20, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

hypershift-jira-solve-ci bot commented Feb 23, 2026

Uh oh!

bryan-cox commented Feb 23, 2026

Uh oh!

openshift-ci bot commented Feb 23, 2026

Uh oh!

hypershift-jira-solve-ci bot commented Feb 20, 2026 •

edited by coderabbitai bot

Loading

openshift-ci-robot commented Feb 20, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Feb 20, 2026 •

edited by openshift-ci bot

Loading

coderabbitai bot commented Feb 20, 2026 •

edited

Loading

openshift-ci-robot commented Feb 20, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Feb 20, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Feb 20, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Feb 23, 2026 •

edited by openshift-ci bot

Loading