CNTRLPLANE-3364: removed the jobs that executed the go std lib cases and renamed the kms-ote to kms by sandeepknd · Pull Request #79485 · openshift/release

sandeepknd · 2026-05-19T15:54:27Z

removed the jobs that executed the go std test cases for kms and renamed the kms-ote to kms for oas-o and auth

Summary

This PR removes outdated KMS encryption test jobs and consolidates KMS testing across OpenShift component CI configurations. Specifically:

For cluster-authentication-operator (master branch):

Removed the e2e-gcp-operator-encryption-kms job that executed Go standard test cases via the make test-e2e-encryption-kms command
Renamed the e2e-aws-operator-encryption-kms-ote job to e2e-aws-operator-encryption-kms, consolidating job naming conventions
The renamed AWS job retains its reference-based test execution approach with the TEST_SUITE: openshift/cluster-authentication-operator/encryption-kms environment variable

For cluster-openshift-apiserver-operator (main branch):

Removed the e2e-gcp-operator-encryption-kms job that used direct Go test invocation
Removed the e2e-gcp-operator-encryption-kms-ote job entirely
Consolidated to a single e2e-gcp-operator-encryption-kms job using the reference-based testing pattern with TEST_SUITE: openshift/cluster-openshift-apiserver-operator/encryption-kms

These changes modernize the KMS encryption testing infrastructure by removing Go standard test invocations in favor of the more flexible reference-based test execution pattern, and eliminate the -ote variant jobs in favor of unified job names across both operators.

coderabbitai · 2026-05-19T15:55:01Z

Walkthrough

This PR updates encryption KMS test job definitions in the CI operator configuration for two OpenShift operators. It renames an AWS test job in the authentication operator and restructures a GCP test job in the apiserver operator to use a standardized reference-based test approach, while removing the OTE variant jobs.

Changes

Encryption KMS test job consolidation across operators

Layer / File(s)	Summary
AWS encryption KMS job rename in authentication operator `ci-operator/config/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-master.yaml`	AWS `e2e-aws-operator-encryption-kms-ote` job renamed to `e2e-aws-operator-encryption-kms` while preserving all configuration.
GCP encryption KMS job refactor and OTE removal in apiserver operator `ci-operator/config/openshift/cluster-openshift-apiserver-operator/openshift-cluster-openshift-apiserver-operator-main.yaml`	GCP `e2e-gcp-operator-encryption-kms` job converted from command-based to reference-based execution using `openshift-e2e-test` with `TEST_SUITE` environment variable and `ipi-gcp` workflow, and `e2e-gcp-operator-encryption-kms-ote` job removed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

rehearsals-ack

Suggested reviewers

flavianmissi
ingvagabund

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only YAML CI configuration files, not Ginkgo test code. The check for stable test names applies to test definitions not present in this repository.
Test Structure And Quality	✅ Passed	Check is not applicable. The custom check targets Ginkgo test code quality, but this PR only modifies CI/CD YAML configurations with no test code changes.
Microshift Test Compatibility	✅ Passed	PR contains only YAML CI config changes (job renaming/updates) in openshift/release. No new Ginkgo test code is added. Custom check applies only to new test code, not CI configuration.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Custom check not applicable. PR only modifies CI configuration (YAML files), not test code. No new Ginkgo e2e tests are being added.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies CI-operator test configuration files only. No deployment manifests, operator code, or pod scheduling constraints are affected. Check does not apply.
Ote Binary Stdout Contract	✅ Passed	PR only changes CI configuration YAML files in openshift/release repo. OTE Binary Stdout Contract check applies to operator source code, not CI configs.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR modifies CI/CD YAML configuration files only, removing and renaming KMS test jobs. No new Ginkgo test code is added. Check applies only to new test additions, so not applicable.
Title check	✅ Passed	The title accurately describes the main changes: removing certain KMS-related jobs and renaming 'kms-ote' to 'kms' across multiple OpenShift operator configurations.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci-robot · 2026-05-19T15:55:22Z

@sandeepknd: This pull request references CNTRLPLANE-3364 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

removed the jobs that executed the go std test cases for kms and renamed the kms-ote to kms for oas-o and auth

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

sandeepknd · 2026-05-19T15:59:11Z

/assign @p0lyn0mial
/assign @gangwgr

sandeepknd · 2026-05-19T16:08:00Z

/pj-rehearse pull-ci-openshift-cluster-openshift-apiserver-operator-main-e2e-gcp-operator-encryption-kms

openshift-merge-bot · 2026-05-19T16:08:03Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

sandeepknd · 2026-05-19T16:08:33Z

/pj-rehearse pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-operator-encryption-kms

openshift-merge-bot · 2026-05-19T16:08:36Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

sandeepknd · 2026-05-19T18:49:18Z

Please find the success log of authentication-operator-master-e2e-aws-operator-encryption-kms. It has correctly picked up and executed the tests under the suite kms ote.

sandeepknd · 2026-05-19T19:30:27Z

/retest

sandeepknd · 2026-05-20T01:44:11Z

/retest

sandeepknd · 2026-05-20T05:52:50Z

monitoring test continues to fail

{  1 events happened too frequently

event happened 106 times, something is wrong: namespace/openshift-oauth-apiserver deployment/apiserver hmsg/f800f536ef - reason/ScalingReplicaSet (combined from similar events): Scaled down replica set apiserver-6c7974dc95 from 1 to 0 (18:49:54Z) result=reject }

reruning

sandeepknd · 2026-05-20T05:53:12Z

/retest

sandeepknd · 2026-05-20T06:47:49Z

/pj-rehearse ci/rehearse/openshift/cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms

openshift-merge-bot · 2026-05-20T06:47:53Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-merge-bot · 2026-05-20T06:51:24Z

@sandeepknd: job(s): ci/rehearse/openshift/cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms either don't exist or were not found to be affected, and cannot be rehearsed

sandeepknd · 2026-05-20T07:20:23Z

/pj-rehearse ci/rehearse/openshift/cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms

openshift-merge-bot · 2026-05-20T07:20:25Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-merge-bot · 2026-05-20T07:23:56Z

@sandeepknd: job(s): ci/rehearse/openshift/cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms either don't exist or were not found to be affected, and cannot be rehearsed

sandeepknd · 2026-05-20T08:44:38Z

@gangwgr ,
Could you PTAL.
This job cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms doesn't seem to be affected.

sandeepknd · 2026-05-20T08:47:03Z

/pj-rehearse abort

sandeepknd · 2026-05-20T08:47:33Z

/pj-rehearse ack

openshift-merge-bot · 2026-05-20T08:51:15Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-merge-bot · 2026-05-20T08:51:16Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

sandeepknd · 2026-05-22T04:41:53Z

/pj-rehearse pull-ci-openshift-cluster-openshift-apiserver-operator-main-e2e-gcp-operator-encryption-kms

openshift-merge-bot · 2026-05-22T04:41:56Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

gangwgr · 2026-05-22T05:02:42Z

/lgtm

sandeepknd · 2026-05-22T06:45:44Z

/hold

sandeepknd · 2026-05-22T06:58:04Z

the prow test c/prow/config failure has been cleared after rebasing this PR,
but currently KMS tests have failed with below error.

operator/vendor/github.com/onsi/ginkgo/v2/internal/suite.go:949
	            				/usr/lib/golang/src/runtime/asm_amd64.s:1693
	Error:      	Received unexpected error:
	            	APIServer.config.openshift.io "cluster" is invalid: [spec.encryption.kms.vault.transitMount: Required value, <nil>: Invalid value: null: some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]

sandeepknd · 2026-05-22T08:37:59Z

/pj-rehearse pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-operator-encryption-kms

openshift-merge-bot · 2026-05-22T08:38:02Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-ci · 2026-05-22T10:31:51Z

@sandeepknd: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/cluster-openshift-apiserver-operator/main/e2e-gcp-operator-encryption-kms	`134187e`	link	unknown	`/pj-rehearse pull-ci-openshift-cluster-openshift-apiserver-operator-main-e2e-gcp-operator-encryption-kms`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

sandeepknd · 2026-05-22T12:05:56Z

both the jobs have failed with same errors (TestKMSEncryptionProvidersMigration and TestKMSEncryptionOnOff),

	Error Trace:	github.com/openshift/library-go@v0.0.0-20260520123929-8dbb42ebf1e9/test/library/encryption/helpers.go:79
	            				github.com/openshift/library-go@v0.0.0-20260520123929-8dbb42ebf1e9/test/library/encryption/scenarios.go:81
	            				github.com/openshift/cluster-authentication-operator/test/e2e-encryption-kms/encryption_kms.go:19
	            				github.com/onsi/ginkgo/v2@v2.27.2/internal/node.go:472
	            				github.com/onsi/ginkgo/v2@v2.27.2/internal/suite.go:901
	            				runtime/asm_amd64.s:1693
	Error:      	Received unexpected error:
	            	APIServer.config.openshift.io "cluster" is invalid: [spec.encryption.kms.vault.transitMount: Required value, <nil>: Invalid value: null: some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]

related to
https://redhat-internal.slack.com/archives/C0A0DMK3N7K/p1779474285457809
cc @gangwgr

…te to kms

openshift-merge-bot · 2026-05-28T05:57:27Z

[REHEARSALNOTIFIER]
@sandeepknd: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cluster-authentication-operator-master-e2e-agnostic	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-agnostic-upgrade	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-operator-encryption-kms	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-console-login	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-gcp-operator-disruptive	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-gcp-operator-encryption-perf	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-gcp-operator-encryption-rotation	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-oidc	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-oidc-techpreview	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-operator	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-e2e-operator-encryption	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-images	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-okd-scos-images	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-test-operator-integration	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-unit	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-verify	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-verify-bindata	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-authentication-operator-master-verify-deps	openshift/cluster-authentication-operator	presubmit	Presubmit changed
pull-ci-openshift-cluster-openshift-apiserver-operator-main-e2e-gcp-operator-encryption-kms	openshift/cluster-openshift-apiserver-operator	presubmit	Presubmit changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

sandeepknd · 2026-05-28T06:31:37Z

/pj-rehearse pull-ci-openshift-cluster-authentication-operator-master-e2e-aws-operator-encryption-kms

openshift-merge-bot · 2026-05-28T06:31:39Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

ardaguclu · 2026-05-28T07:16:03Z

So we agree that kms-ote will only stay in cluster-kube-apiserver-operator?. If yes,
/lgtm

openshift-ci · 2026-05-28T07:16:43Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, gangwgr, sandeepknd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~ci-operator/config/openshift/cluster-authentication-operator/OWNERS~~ [ardaguclu,gangwgr]
~~ci-operator/config/openshift/cluster-openshift-apiserver-operator/OWNERS~~ [ardaguclu,gangwgr]
~~ci-operator/jobs/openshift/cluster-authentication-operator/OWNERS~~ [ardaguclu,gangwgr]
~~ci-operator/jobs/openshift/cluster-openshift-apiserver-operator/OWNERS~~ [ardaguclu,gangwgr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sandeepknd · 2026-05-28T08:34:20Z

/unhold

sandeepknd · 2026-05-28T09:04:15Z

/pj-rehearse ack

openshift-merge-bot · 2026-05-28T09:04:18Z

@sandeepknd: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

sandeepknd · 2026-05-28T19:10:33Z

So we agree that kms-ote will only stay in cluster-kube-apiserver-operator?. If yes, /lgtm

openshift/cluster-openshift-apiserver-operator#690 (comment)

sandeepknd changed the title ~~removed the jobs that executed the go std cases and renamed the kms-ote to kms~~ CNTRLPLANE-3364: removed the jobs that executed the go std cases and renamed the kms-ote to kms May 19, 2026

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 19, 2026

sandeepknd changed the title ~~CNTRLPLANE-3364: removed the jobs that executed the go std cases and renamed the kms-ote to kms~~ CNTRLPLANE-3364: removed the jobs that executed the go std lib cases and renamed the kms-ote to kms May 19, 2026

openshift-ci Bot requested review from benluddy and ibihim May 19, 2026 15:56

openshift-ci Bot assigned gangwgr and p0lyn0mial May 19, 2026

openshift-ci Bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 22, 2026

openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 22, 2026

removed the jobs that executed the go std cases and renamed the kms-o…

d872579

…te to kms

sandeepknd force-pushed the remove-old-kms-jobs branch from 134187e to d872579 Compare May 28, 2026 05:54

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label May 28, 2026

openshift-ci Bot assigned ardaguclu May 28, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 28, 2026

openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 28, 2026

openshift-merge-bot Bot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label May 28, 2026

openshift-merge-bot Bot merged commit b261bc9 into openshift:main May 28, 2026
16 of 17 checks passed

sandeepknd mentioned this pull request Jun 1, 2026

CNTRLPLANE-3364: remove the old go lib std tests openshift/cluster-authentication-operator#906

Open

Conversation

sandeepknd commented May 19, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Uh oh!

coderabbitai Bot commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Suggested labels

Suggested reviewers

Uh oh!

openshift-ci-robot commented May 19, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sandeepknd commented May 19, 2026

Uh oh!

sandeepknd commented May 19, 2026

Uh oh!

openshift-merge-bot Bot commented May 19, 2026

Uh oh!

sandeepknd commented May 19, 2026

Uh oh!

openshift-merge-bot Bot commented May 19, 2026

Uh oh!

sandeepknd commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sandeepknd commented May 19, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

sandeepknd commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

openshift-merge-bot Bot commented May 20, 2026

Uh oh!

sandeepknd commented May 22, 2026

Uh oh!

openshift-merge-bot Bot commented May 22, 2026

Uh oh!

gangwgr commented May 22, 2026

Uh oh!

sandeepknd commented May 22, 2026

Uh oh!

sandeepknd commented May 22, 2026

Uh oh!

sandeepknd commented May 22, 2026

Uh oh!

openshift-merge-bot Bot commented May 22, 2026

Uh oh!

openshift-ci Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sandeepknd commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-merge-bot Bot commented May 28, 2026

sandeepknd commented May 19, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 19, 2026 •

edited

Loading

openshift-ci-robot commented May 19, 2026 •

edited by atlassian Bot

Loading

sandeepknd commented May 19, 2026 •

edited

Loading

openshift-ci Bot commented May 22, 2026 •

edited

Loading

sandeepknd commented May 22, 2026 •

edited

Loading