Skip to content

ROSAENG-60386 | test: Fixing id:84981#3280

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:masterfrom
jerichokeyne:ROSAENG-60386
Jun 26, 2026
Merged

ROSAENG-60386 | test: Fixing id:84981#3280
openshift-merge-bot[bot] merged 1 commit into
openshift:masterfrom
jerichokeyne:ROSAENG-60386

Conversation

@jerichokeyne

@jerichokeyne jerichokeyne commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

PR Summary

Fixes id:84981 by creating properly configured IAM roles and policies for autonode support

Detailed Description of the Issue

Related Issues and PRs

Type of Change

  • feat - adds a new user-facing capability.
  • fix - resolves an incorrect behavior or bug.
  • docs - updates documentation only.
  • style - formatting or naming changes with no logic impact.
  • refactor - code restructuring with no behavior change.
  • test - adds or updates tests only.
  • chore - maintenance work (tooling, housekeeping, non-product code).
  • build - changes build system, packaging, or dependencies for build output.
  • ci - changes CI pipelines, jobs, or automation workflows.
  • perf - improves performance without changing intended behavior.

Previous Behavior

id:84981 would always fail, and describing a cluster (which is done during the cleanup phase) would also fail to parse the output when autonode is properly enabled

Behavior After This Change

id:84891 creates 2 IAM roles and policies and passes. You can also delete a cluster after running this test since the code can properly parse the autonode description now

How to Test (Step-by-Step)

Preconditions

Test Steps

Expected Results

Proof of the Fix

test case passing

TEST_PROFILE="rosa-hcp-basic" go run github.com/onsi/ginkgo/v2/ginkgo run --timeout 2h --focus "id:84981" tests/e2e/
Running Suite: ROSA CLI e2e tests suite - /home/jericho/work/repos/rosa/tests/e2e
=================================================================================
Random Seed: 1782396173

Will run 1 of 282 specs
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSStime="2026-06-25 10:02:57" level=info msg="Got file path: /home/jericho/.aws/credentials from env variable AWS_SHARED_CREDENTIALS_FILE\n"
time="2026-06-25 10:03:02" level=info msg="Got file path: /home/jericho/.aws/credentials from env variable AWS_SHARED_CREDENTIALS_FILE\n"
time="2026-06-25 10:03:14" level=info msg="Got file path: /home/jericho/.aws/credentials from env variable AWS_SHARED_CREDENTIALS_FILE\n"
time="2026-06-25 10:03:15" level=info msg="Got file path: /home/jericho/.aws/credentials from env variable AWS_SHARED_CREDENTIALS_FILE\n"
•SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Ran 1 of 282 Specs in 20.045 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 281 Skipped
PASS

Ginkgo ran 1 suite in 23.02350855s
Test Suite Passed

running the test case again

  • The test is skipped cause you can't disable autonode support on a cluster, so you can't test enabling it if it's already enabled
TEST_PROFILE="rosa-hcp-basic" go run github.com/onsi/ginkgo/v2/ginkgo run --timeout 2h --focus "id:84981" tests/e2e/
Running Suite: ROSA CLI e2e tests suite - /home/jericho/work/repos/rosa/tests/e2e
=================================================================================
Random Seed: 1782319488

Will run 1 of 282 specs
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Ran 0 of 282 Specs in 1.246 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 282 Skipped
PASS

Ginkgo ran 1 suite in 3.220235106s
Test Suite Passed

Can delete cluster

TEST_PROFILE="rosa-hcp-basic" go run github.com/onsi/ginkgo/v2/ginkgo run --label-filter destroy --timeout 2h tests/e2e/
Running Suite: ROSA CLI e2e tests suite - /home/jericho/work/repos/rosa/tests/e2e
=================================================================================
Random Seed: 1782319495

Will run 1 of 282 specs
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSStime="2026-06-24 12:57:22" level=info msg="Got aws shared credential file path: /home/jericho/.aws/credentials "
time="2026-06-24 12:57:22" level=info msg="Going to delete the vpc and follow resources by ID: vpc-0f6e7acf6832f02f2"
time="2026-06-24 12:57:22" level=info msg="Going to terminate proxy instances if exists"
time="2026-06-24 12:57:22" level=info msg="Got no instances to terminate."
time="2026-06-24 12:57:22" level=info msg="Terminating instances  successfully"
time="2026-06-24 12:57:22" level=info msg="No key pairs found for VPC vpc-0f6e7acf6832f02f2"
time="2026-06-24 12:57:22" level=info msg="Delete vpc instances successfully"
time="2026-06-24 12:57:22" level=info msg="Going to delete proxy security group"
time="2026-06-24 12:57:23" level=info msg="Delete vpc proxy security group successfully"
time="2026-06-24 12:57:23" level=info msg="Got custom rt rtb-05b7eed5cda8c2b88 "
time="2026-06-24 12:57:23" level=info msg="Got custom rt rtb-0178939ba85d65ccf "
time="2026-06-24 12:57:23" level=info msg="Got main association for rt rtb-00f12e762b71a6f45"
time="2026-06-24 12:57:23" level=info msg="Disassociate route table success rtbassoc-0044eaa86877532fe"
time="2026-06-24 12:57:24" level=info msg="Disassociate route table success rtbassoc-0a0d2c96ae1f2c3c3"
time="2026-06-24 12:57:24" level=info msg="Delete vpc route tables successfully"
time="2026-06-24 12:57:24" level=info msg="Deleting nat gateway nat-03cc50a492bcf9090"
time="2026-06-24 12:57:25" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:27" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:29" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:31" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:33" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:36" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:38" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:40" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:42" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:44" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:46" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:48" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:50" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:53" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:55" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:57" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:57:59" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:01" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:03" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:05" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:07" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:09" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:12" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:14" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:16" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:18" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:20" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:22" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleting"
time="2026-06-24 12:58:24" level=info msg="Current NAT gateway 'nat-03cc50a492bcf9090' status: deleted"
time="2026-06-24 12:58:24" level=info msg="Delete Nat Gateway success nat-03cc50a492bcf9090"
time="2026-06-24 12:58:25" level=info msg="Release EIP eipalloc-063e445d3da8c62a6 successsully "
time="2026-06-24 12:58:25" level=info msg="Delete vpc nat gateways successfully"
time="2026-06-24 12:58:25" level=info msg="Got total clean set, going to delete other possible resource leak"
time="2026-06-24 12:58:25" level=info msg="Going to terminate the leak instances if exist"
time="2026-06-24 12:58:25" level=info msg="Got no instances to terminate."
time="2026-06-24 12:58:25" level=info msg="Terminating instances  successfully"
time="2026-06-24 12:58:25" level=info msg="No key pairs found for VPC vpc-0f6e7acf6832f02f2"
time="2026-06-24 12:58:26" level=info msg="Release rules successfully for SG sg-0c99f8d6054642c55"
time="2026-06-24 12:58:27" level=info msg="Delete security group sg-0c99f8d6054642c55 success "
time="2026-06-24 12:58:27" level=info msg="Detach igw igw-09356c735363c12b4 success from vpc vpc-0f6e7acf6832f02f2"
time="2026-06-24 12:58:28" level=info msg="Delete igw success: igw-09356c735363c12b4"
time="2026-06-24 12:58:28" level=info msg="Delete subnet subnet-06b14597990c5df7c successfully "
time="2026-06-24 12:58:29" level=info msg="Delete subnet subnet-02a582092d0d39fec successfully "
time="2026-06-24 12:58:29" level=info msg="Delete vpc vpc-0f6e7acf6832f02f2 successfuly "
•SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Ran 1 of 282 Specs in 823.976 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 281 Skipped
PASS

Ginkgo ran 1 suite in 13m45.991731593s
Test Suite Passed

Breaking Changes

  • No breaking changes
  • Yes, this PR introduces a breaking change (describe impact and migration plan below)

Breaking Change Details / Migration Plan

Developer Verification Checklist

  • Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
  • PR description clearly explains both what changed and why.
  • Relevant Jira/GitHub issues and related PRs are linked.
  • make install-hooks has been run in this clone.
  • Tests were added/updated where appropriate.
  • I manually tested the change.
  • make test passes.
  • make lint passes.
  • make rosa passes.
  • Documentation or repo-local agent guidance was added/updated where appropriate.
  • Any risk, limitation, or follow-up work is documented.

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features
    • Enhanced AutoNode configuration handling to support richer IAM role details when present.
  • Bug Fixes
    • Improved OIDC provider extraction and error handling when preparing AutoNode-related cluster create settings.
  • Tests
    • Updated end-to-end coverage and CI test resources to provision per-prefix AutoNode IAM roles/policies and validate role updates reflected in cluster configuration.

@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: a6ea808e-80ff-45f5-9d79-1f44ec55d758

📥 Commits

Reviewing files that changed from the base of the PR and between 9af185c and 511f38d.

📒 Files selected for processing (6)
  • tests/ci/data/resources/autonode_policy.json
  • tests/ci/data/resources/autonode_trust_policy_template.json
  • tests/e2e/hcp_cluster_test.go
  • tests/utils/config/autonode.go
  • tests/utils/exec/rosacli/cluster_service.go
  • tests/utils/handler/cluster_handler.go
✅ Files skipped from review due to trivial changes (1)
  • tests/ci/data/resources/autonode_trust_policy_template.json
🚧 Files skipped from review as they are similar to previous changes (5)
  • tests/utils/exec/rosacli/cluster_service.go
  • tests/utils/handler/cluster_handler.go
  • tests/ci/data/resources/autonode_policy.json
  • tests/e2e/hcp_cluster_test.go
  • tests/utils/config/autonode.go

📝 Walkthrough

Walkthrough

This PR adds AutoNode IAM test resources, helper functions to create and delete IAM roles and policies, structured YAML parsing for AutoNode cluster data, and e2e test updates that use newly prepared AutoNode role ARNs instead of reusing existing cluster role ARNs.

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning The new autonode e2e test provisions IAM roles/policies via AWS SDK and OIDC issuer URLs, so it depends on external AWS connectivity and isn’t skipped for disconnected jobs. Add a disconnected-safe guard: mark the spec [Skipped:Disconnected] or skip it in disconnected CI, and avoid direct AWS/public internet dependencies in this test.
✅ Passed checks (13 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and directly tied to the main change, using the required ticket/type format.
Description check ✅ Passed The required sections are present and validation is documented, though the issue details and test steps are sparse.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All modified Ginkgo titles are static strings; the autonode spec title uses a fixed issue id and no runtime interpolation.
Test Structure And Quality ✅ Passed The autonode spec uses deferred IAM cleanup plus cluster AfterEach, and all waits are bounded; no leak or indefinite-wait issues found.
Microshift Test Compatibility ✅ Passed The updated autonode Ginkgo spec only uses ROSA CLI and AWS IAM flows; it չի touch unsupported OpenShift APIs/namespaces or HA assumptions, so no MicroShift guard is needed.
Single Node Openshift (Sno) Test Compatibility ✅ Passed The new id:84981 spec only edits/describes autonode IAM settings; it doesn’t count/schedule/drain nodes or assume HA, so it’s SNO-safe.
Topology-Aware Scheduling Compatibility ✅ Passed PR only adds test/IAM helper code and YAML parsing; no manifests, controllers, or pod scheduling/topology constraints were added.
Ote Binary Stdout Contract ✅ Passed Changed code only uses a logger that writes to GinkgoWriter; no stdout writes were added in main/TestMain/BeforeSuite/RunSpecs setup or top-level initializers.
No-Weak-Crypto ✅ Passed No MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret/token comparisons were added in the changed files.
Container-Privileges ✅ Passed No changed K8s/container manifests or privilege flags were found in the touched JSON/Go files.
No-Sensitive-Data-In-Logs ✅ Passed No added logs emit passwords, tokens, PII, or hostnames; new autonode logs only role/policy names and ARNs.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 24, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Nitpick comments (1)
tests/utils/config/autonode.go (1)

35-128: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap returned errors with operation context.

Most AWS/template failures are returned raw, which makes E2E cleanup/setup failures hard to diagnose. Wrap them with the operation and resource name using %w. As per coding guidelines, “Wrap returned errors with context using %w; do not drop the original error.”

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/utils/config/autonode.go` around lines 35 - 128, Most failures in
PrepareAutonodeRoleAndPolicy and DeleteAutonodeRoleAndPolicy are returned
directly, which drops useful setup/cleanup context. Update the error returns
around CreateAWSClient, helper.ReadFileContent, CreateIAMPolicy/GetIAMPolicy,
WaitForResourceExisting, CreateRoleAndAttachPolicy/GetRole, DetachIAMPolicy,
DeleteIAMPolicy, and DeleteRole to wrap the original error with the operation
and resource name using %w. Keep the existing function names and resource
identifiers (policyName, roleName, policyARN, region) in the wrapped messages so
E2E failures are easier to trace.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/ci/data/resources/autonode_trust_policy_template.json`:
- Around line 10-13: The trust policy in autonode_trust_policy_template.json is
missing an audience restriction, so it currently trusts the service account
without pinning the token audience. Update the Condition block in the policy
template to require both the existing {OIDC_PROVIDER_URL}:sub match and
{OIDC_PROVIDER_URL}:aud = sts.amazonaws.com, using the same
Condition/StringEquals structure already present in the template.

In `@tests/e2e/hcp_cluster_test.go`:
- Around line 788-791: Reset the runner format before the DescribeCluster
assertion so a failure does not skip cleanup and leave subsequent commands in
JSON mode. In the hcp cluster test around rosaClient.Runner.JsonFormat(),
clusterService.DescribeCluster(clusterID), and rosaClient.Runner.UnsetFormat(),
make sure the runner is restored immediately after the JSON-mode command or via
a deferred restore before Expect(err).To(BeNil()) can abort the test. Keep the
cleanup tied to the same test flow so later commands always run with the default
format.
- Around line 804-807: The deferred AutoNode IAM cleanup in the e2e test is
ignoring returned errors, so failures in DeleteAutonodeRoleAndPolicy go
unnoticed. Update the cleanup around PrepareAutonodeRoleAndPolicy and defer
calls to capture and assert the error from
utilConfig.DeleteAutonodeRoleAndPolicy for both autonodePrefix1 and
autonodePrefix2, so leaked IAM roles/policies fail the test instead of being
silently ignored.

In `@tests/utils/config/autonode.go`:
- Around line 49-101: The AutoNode IAM setup currently leaves partially created
resources behind when later steps fail. Update the CreateAutoNode IAM flow in
autonode.go so that validation for the trust-policy template and OIDC
substitutions happens before creating AWS resources, then add a rollback defer
after successful policy creation and role creation using the existing
awsclient.CreateIAMPolicy, awsclient.CreateRoleAndAttachPolicy, GetIAMPolicy,
and GetRole paths to clean up any created policy/role if a later wait or
substitution step returns an error. Ensure the defer is cleared only once the
function is fully successful so failures during waiting or role setup still
trigger cleanup.
- Around line 115-125: Make autonode cleanup best-effort in the cleanup flow
around DetachIAMPolicy, DeleteIAMPolicy, and DeleteRole: treat expected
NoSuchEntity and “not attached” detach failures as non-fatal, continue
attempting the remaining deletes, and only surface unexpected failures. Update
the cleanup logic in the autonode teardown path to accumulate errors from
awsclient.DetachIAMPolicy, awsclient.DeleteIAMPolicy, and awsclient.DeleteRole,
then return a combined error at the end if any unexpected issues occurred.

In `@tests/utils/exec/rosacli/cluster_service.go`:
- Around line 81-90: AutoNodeDescription.UnmarshalYAML currently ignores
unsupported YAML node kinds and returns nil, which silently leaves AutoNode
zero-valued. Update UnmarshalYAML to fail fast by returning an error for any
value.Kind other than yaml.ScalarNode or yaml.MappingNode, while keeping the
existing Decode behavior for the supported shapes. Use the UnmarshalYAML method
on AutoNodeDescription as the fix point so rosa describe cluster parsing
surfaces invalid AutoNode YAML immediately.

---

Nitpick comments:
In `@tests/utils/config/autonode.go`:
- Around line 35-128: Most failures in PrepareAutonodeRoleAndPolicy and
DeleteAutonodeRoleAndPolicy are returned directly, which drops useful
setup/cleanup context. Update the error returns around CreateAWSClient,
helper.ReadFileContent, CreateIAMPolicy/GetIAMPolicy, WaitForResourceExisting,
CreateRoleAndAttachPolicy/GetRole, DetachIAMPolicy, DeleteIAMPolicy, and
DeleteRole to wrap the original error with the operation and resource name using
%w. Keep the existing function names and resource identifiers (policyName,
roleName, policyARN, region) in the wrapped messages so E2E failures are easier
to trace.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8ec23d47-74d9-4433-af3c-8f4d26e8ae0c

📥 Commits

Reviewing files that changed from the base of the PR and between 0c8b7ed and 054e669.

📒 Files selected for processing (5)
  • tests/ci/data/resources/autonode_policy.json
  • tests/ci/data/resources/autonode_trust_policy_template.json
  • tests/e2e/hcp_cluster_test.go
  • tests/utils/config/autonode.go
  • tests/utils/exec/rosacli/cluster_service.go

Comment thread tests/ci/data/resources/autonode_trust_policy_template.json
Comment thread tests/e2e/hcp_cluster_test.go
Comment thread tests/e2e/hcp_cluster_test.go Outdated
Comment thread tests/utils/config/autonode.go
Comment thread tests/utils/config/autonode.go Outdated
Comment thread tests/utils/exec/rosacli/cluster_service.go

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
tests/utils/config/autonode.go (3)

84-86: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Avoid shadowing err in the role reuse path.

Line 84 introduces a scoped err inside the alreadyExists branch. Use a named error such as getRoleErr to keep this helper consistent and avoid accidental use of the wrong error variable during future edits.

As per coding guidelines, “Avoid variable shadowing, especially err, ctx, and AWS or OCM clients.”

Suggested change
-	roleTemp, err := awsclient.GetRole(roleName)
-	if err != nil {
-		return "", err
+	roleTemp, getRoleErr := awsclient.GetRole(roleName)
+	if getRoleErr != nil {
+		return "", getRoleErr
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/utils/config/autonode.go` around lines 84 - 86, The role reuse path in
the helper introduces a shadowed err variable when calling awsclient.GetRole,
which should be avoided for consistency and future safety. Rename the scoped
error to a distinct name like getRoleErr in the alreadyExists branch, and update
the subsequent check and return in the same helper so the original err variable
is not shadowed anywhere in that path.

Source: Coding guidelines


35-35: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add doc comments for the exported helpers.

PrepareAutonodeRoleAndPolicy and DeleteAutonodeRoleAndPolicy are new exported functions without doc comments, which can trip Go linting and makes the test utility API less clear.

As per coding guidelines, “Use exported symbol doc comments when new public types or functions are introduced.”

Also applies to: 104-104

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/utils/config/autonode.go` at line 35, Add Go doc comments for the new
exported helpers in the autonode test utilities so linting passes and the API is
clear. Document both PrepareAutonodeRoleAndPolicy and
DeleteAutonodeRoleAndPolicy with comments that start with the function name and
briefly state what each helper does, keeping the comments adjacent to the
function declarations.

Source: Coding guidelines


44-95: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap returned errors with operation context.

Most setup failures return the raw err, so e2e logs won’t show whether the failure came from AWS client creation, resource file loading, policy creation, role creation, or waiter calls. Wrap these with %w like the delete path already does.

As per coding guidelines, “Wrap returned errors with context using %w; do not drop the original error.”

Suggested pattern
 awsclient, err := aws_client.CreateAWSClient("", region)
 if err != nil {
-	return "", err
+	return "", fmt.Errorf("create AWS client for region %s: %w", region, err)
 }

Also applies to: 109-111

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/utils/config/autonode.go` around lines 44 - 95, Several setup paths in
the AutoNode helper return bare errors, so update the error handling in the IAM
policy and role creation flow to wrap failures with operation context using %w
instead of returning err directly. In the function that creates the AWS client,
reads the policy files, calls CreateIAMPolicy, GetIAMPolicy,
WaitForResourceExisting, CreateRoleAndAttachPolicy, and GetRole, make each
returned error include a short message that identifies the failing step while
preserving the original error.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@tests/utils/config/autonode.go`:
- Around line 84-86: The role reuse path in the helper introduces a shadowed err
variable when calling awsclient.GetRole, which should be avoided for consistency
and future safety. Rename the scoped error to a distinct name like getRoleErr in
the alreadyExists branch, and update the subsequent check and return in the same
helper so the original err variable is not shadowed anywhere in that path.
- Line 35: Add Go doc comments for the new exported helpers in the autonode test
utilities so linting passes and the API is clear. Document both
PrepareAutonodeRoleAndPolicy and DeleteAutonodeRoleAndPolicy with comments that
start with the function name and briefly state what each helper does, keeping
the comments adjacent to the function declarations.
- Around line 44-95: Several setup paths in the AutoNode helper return bare
errors, so update the error handling in the IAM policy and role creation flow to
wrap failures with operation context using %w instead of returning err directly.
In the function that creates the AWS client, reads the policy files, calls
CreateIAMPolicy, GetIAMPolicy, WaitForResourceExisting,
CreateRoleAndAttachPolicy, and GetRole, make each returned error include a short
message that identifies the failing step while preserving the original error.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 10306a23-9051-485c-bee5-25df27ac968d

📥 Commits

Reviewing files that changed from the base of the PR and between 054e669 and 52c950e.

📒 Files selected for processing (5)
  • tests/ci/data/resources/autonode_policy.json
  • tests/ci/data/resources/autonode_trust_policy_template.json
  • tests/e2e/hcp_cluster_test.go
  • tests/utils/config/autonode.go
  • tests/utils/exec/rosacli/cluster_service.go
✅ Files skipped from review due to trivial changes (1)
  • tests/ci/data/resources/autonode_trust_policy_template.json
🚧 Files skipped from review as they are similar to previous changes (3)
  • tests/utils/exec/rosacli/cluster_service.go
  • tests/ci/data/resources/autonode_policy.json
  • tests/e2e/hcp_cluster_test.go

@codecov

codecov Bot commented Jun 24, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.17%. Comparing base (0c8b7ed) to head (9af185c).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #3280   +/-   ##
=======================================
  Coverage   26.17%   26.17%           
=======================================
  Files         334      334           
  Lines       36704    36704           
=======================================
  Hits         9608     9608           
  Misses      26359    26359           
  Partials      737      737           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Comment thread tests/ci/data/resources/autonode_policy.json
Comment thread tests/e2e/hcp_cluster_test.go Outdated
Comment thread tests/utils/config/autonode.go
Comment thread tests/utils/config/autonode.go Outdated
@amandahla

Copy link
Copy Markdown
Contributor

The PR description has

Ran 0 of 282 Specs in 1.246 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 282 Skipped
PASS

Shouldnt show 1 Passed?

Comment thread tests/utils/exec/rosacli/cluster_service.go
@jerichokeyne

Copy link
Copy Markdown
Contributor Author

The PR description has

Ran 0 of 282 Specs in 1.246 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 282 Skipped
PASS

Shouldnt show 1 Passed?

Whoops. I guess I accidentally included the text for a second test run, and not the first test run. (I added code to skip if autonode is already enabled since you can't disable it yet). I updated the description now

@jerichokeyne

Copy link
Copy Markdown
Contributor Author

@amandahla I just pushed some changes to address some of your comments. Please take another look when you get a chance

@amandahla

Copy link
Copy Markdown
Contributor

/approve
/lgtm
(for some reason I cant mark my reviews as resolved, the button is not available)

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 26, 2026
@openshift-ci

openshift-ci Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla, jerichokeyne

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit 80fd9fb into openshift:master Jun 26, 2026
11 of 13 checks passed
@jerichokeyne jerichokeyne deleted the ROSAENG-60386 branch June 26, 2026 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants