Skip to content

Split TLS observed config tests into OCP and HyperShift suites #31046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gangwgr wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Split TLS observed config tests into OCP and HyperShift suites #31046

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions hack/run-tls-tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
#!/usr/bin/env bash
#
# Runs all TLSObservedConfig tests one by one and reports results.
# Usage: ./hack/run-tls-tests.sh [--skip-disruptive]

SKIP_DISRUPTIVE=false
if [[ "${1:-}" == "--skip-disruptive" ]]; then
SKIP_DISRUPTIVE=true
fi

OPENSHIFT_TESTS="./openshift-tests"
PASSED=0
FAILED=0
SKIPPED=0
FAILURES=""

TESTLIST=$(mktemp)
TESTOUT=$(mktemp)
trap "rm -f $TESTLIST $TESTOUT" EXIT

$OPENSHIFT_TESTS list tests \
| grep -o '"name": "[^"]*TLSObservedConfig[^"]*"' \
| sed 's/"name": "//;s/"$//' > "$TESTLIST"

TOTAL=$(wc -l < "$TESTLIST" | tr -d ' ')

echo "=========================================="
echo " TLSObservedConfig Test Runner"
echo " Found $TOTAL tests"
echo "=========================================="
echo ""

NUM=0
while IFS= read -r TEST; do
NUM=$((NUM + 1))

if $SKIP_DISRUPTIVE && echo "$TEST" | grep -q '\[Disruptive\]'; then
echo "[$NUM/$TOTAL] SKIP (disruptive): $TEST"
SKIPPED=$((SKIPPED + 1))
continue
fi

echo "----------------------------------------"
echo "[$NUM/$TOTAL] Running: $TEST"
echo "----------------------------------------"

$OPENSHIFT_TESTS run-test "$TEST" < /dev/null > "$TESTOUT" 2>&1 || true

if grep -q '\[SKIPPED\]' "$TESTOUT"; then
echo ">>> SKIPPED"
SKIPPED=$((SKIPPED + 1))
elif grep -q '"result": "passed"' "$TESTOUT" || grep -q '1 Passed' "$TESTOUT"; then
echo ">>> PASSED"
PASSED=$((PASSED + 1))
else
grep -E '(FAIL|occurred)' "$TESTOUT" | tail -3
echo ">>> FAILED"
FAILED=$((FAILED + 1))
FAILURES="$FAILURES
- $TEST"
fi
echo ""
done < "$TESTLIST"

echo "=========================================="
echo " RESULTS"
echo "=========================================="
echo " Total: $TOTAL"
echo " Passed: $PASSED"
echo " Failed: $FAILED"
echo " Skipped: $SKIPPED"
echo "=========================================="

if [[ -n "$FAILURES" ]]; then
echo ""
echo "Failed tests:$FAILURES"
exit 1
fi
29 changes: 22 additions & 7 deletions pkg/testsuites/standard_suites.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,17 +493,32 @@ var staticSuites = []ginkgo.TestSuite{
ClusterStabilityDuringTest: ginkgo.Disruptive,
},
{
Name: "openshift/tls-observed-config",
Name: "openshift/tls-observed-config-ocp",
Description: templates.LongDesc(`
Tests that verify TLS configuration is properly propagated from the cluster
APIServer to operator workloads. This includes ObservedConfig verification,
deployment env var checks, and wire-level TLS enforcement for services that
adopt the TLS config sync pattern (e.g. image-registry, controller-manager).
The suite includes a disruptive config-change test that switches the cluster
to Modern TLS profile and validates all targets.
APIServer to operator workloads on standalone OCP. This includes
ObservedConfig verification, deployment env var checks, wire-level TLS
enforcement, and disruptive config-change tests that switch the cluster to
Modern and Custom TLS profiles.
`),
Qualifiers: []string{
withStandardEarlyOrLateTests(`name.contains("[Suite:openshift/tls-observed-config]")`),
withStandardEarlyOrLateTests(`name.contains("[Suite:openshift/tls-observed-config-ocp]")`),
},
Parallelism: 1,
TestTimeout: 90 * time.Minute,
ClusterStabilityDuringTest: ginkgo.Disruptive,
},
{
Name: "openshift/tls-observed-config-hypershift",
Description: templates.LongDesc(`
Tests that verify TLS configuration propagation on HyperShift clusters.
These tests modify the HostedCluster TLS profile on the management cluster,
wait for HCP pods and guest operators to stabilize, then verify TLS
propagation to guest-side workloads including ObservedConfig, ConfigMaps,
deployment env vars, and wire-level TLS enforcement.
`),
Qualifiers: []string{
withStandardEarlyOrLateTests(`name.contains("[Suite:openshift/tls-observed-config-hypershift]")`),
},
Parallelism: 1,
TestTimeout: 90 * time.Minute,
Expand Down
2 changes: 2 additions & 0 deletions test/extended/include.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ import (
_ "github.com/openshift/origin/test/extended/tbr_health"
_ "github.com/openshift/origin/test/extended/templates"
_ "github.com/openshift/origin/test/extended/tls"
_ "github.com/openshift/origin/test/extended/tls/hypershift"
_ "github.com/openshift/origin/test/extended/tls/ocp"
_ "github.com/openshift/origin/test/extended/user"
_ "github.com/openshift/origin/test/extended/windows"
)
13 changes: 13 additions & 0 deletions test/extended/tls/hypershift/OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md

reviewers:
- csrwng
- celebdor
- jiezhao16
- mehabhalodiya

approvers:
- csrwng
- celebdor
- jiezhao16
- mehabhalodiya
Loading