Skip to content

ROSAENG-60640 | test: Fixing day1-negative test cases#3317

Open
jerichokeyne wants to merge 1 commit into
openshift:masterfrom
jerichokeyne:ROSAENG-60640
Open

ROSAENG-60640 | test: Fixing day1-negative test cases#3317
jerichokeyne wants to merge 1 commit into
openshift:masterfrom
jerichokeyne:ROSAENG-60640

Conversation

@jerichokeyne

@jerichokeyne jerichokeyne commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Summary

Fixing day1-negative test failures

Detailed Description of the Issue

Related Issues and PRs

Type of Change

  • feat - adds a new user-facing capability.
  • fix - resolves an incorrect behavior or bug.
  • docs - updates documentation only.
  • style - formatting or naming changes with no logic impact.
  • refactor - code restructuring with no behavior change.
  • test - adds or updates tests only.
  • chore - maintenance work (tooling, housekeeping, non-product code).
  • build - changes build system, packaging, or dependencies for build output.
  • ci - changes CI pipelines, jobs, or automation workflows.
  • perf - improves performance without changing intended behavior.

Previous Behavior

Behavior After This Change

How to Test (Step-by-Step)

Preconditions

Test Steps

Expected Results

Proof of the Fix

Breaking Changes

  • No breaking changes
  • Yes, this PR introduces a breaking change (describe impact and migration plan below)

Breaking Change Details / Migration Plan

Developer Verification Checklist

  • Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
  • PR description clearly explains both what changed and why.
  • Relevant Jira/GitHub issues and related PRs are linked.
  • make install-hooks has been run in this clone.
  • Tests were added/updated where appropriate.
  • I manually tested the change.
  • make test passes.
  • make lint passes.
  • make rosa passes.
  • Documentation or repo-local agent guidance was added/updated where appropriate.
  • Any risk, limitation, or follow-up work is documented.

Summary by CodeRabbit

  • Bug Fixes

    • Improved cluster creation validation for negative test scenarios, including more consistent handling of cluster settings and command arguments.
    • Fixed dry-run command construction so cluster creation checks include the expected automatic mode and confirmation flags.
  • Tests

    • Updated test labels and logging to make test selection and debugging more reliable.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jerichokeyne

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

No new commits to review since the last review.

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: fb677ed8-7988-4860-8a08-248285b3e555

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR updates e2e test files for rosacli account roles and cluster tests, plus the cluster_service utility. Changes include adding an Exclude label to a test case, replacing random HCP profile loading with an explicit custom profile configuration in BeforeEach setup, adjusting channel-group and flag handling in an external-auth negative test, updating debug log statements to log parsed CLI commands instead of profile names, and modifying CreateDryRun to include --mode=auto and --yes flags.

Sequence Diagram(s)

sequenceDiagram
  participant BeforeEach
  participant customProfile
  participant TempClusterHandler
  participant CreateDryRun
  BeforeEach->>customProfile: construct HCP+MultiAZ+STS+OIDC+BYO VPC config
  BeforeEach->>TempClusterHandler: initialize with customProfile
  TempClusterHandler->>CreateDryRun: build create cluster command with --dry-run --mode=auto --yes
Loading

Possibly related PRs

  • openshift/rosa#3270: Modifies the same e2e test files (test_rosacli_account_roles.go and test_rosacli_cluster.go), adjusting account-role test selection and cluster negative-test assertion/flag handling.

Suggested reviewers: davidleerh

🚥 Pre-merge checks | ✅ 12 | ❌ 3

❌ Failed checks (3 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description has the summary, Jira link, proof, and checklist, but key sections like issue details, behavior changes, and test steps are empty. Fill in the problem statement, before/after behavior, and step-by-step test validation so reviewers can understand the change and its impact.
Single Node Openshift (Sno) Test Compatibility ⚠️ Warning New e2e tests in test_rosacli_cluster.go assume multi-node topology by indexing control plane/infra/compute nodes and creating 3-replica machine pools, with no SNO skip. Add a [Skipped:SingleReplicaTopology] label or runtime SNO guard around the cluster-description and machine-pool/availability-zone tests, or verify them in an SNO CI job.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning New e2e cases hardcode IPv4-only CIDRs/IPs (192.168.1.0/23, 10.0.0.1, 2.0.0.0/25) in test_rosacli_cluster.go, which breaks IPv6/disconnected compatibility. Use family-aware CIDRs/hosts or skip IPv4-only cases on IPv6/disconnected jobs; avoid external-service assumptions where possible.
✅ Passed checks (12 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise, specific, and matches the main change: fixing day1-negative test cases for ROSAENG-60640.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Touched Ginkgo titles are static literals with fixed IDs; the PR only changes labels/flags and CreateDryRun args, not dynamic test names.
Test Structure And Quality ✅ Passed PASS: the touched tests preserve setup/cleanup patterns, add no new waits, and the edits are limited to labels and CLI-flag setup.
Microshift Test Compatibility ✅ Passed No unsupported OpenShift APIs/resources or MicroShift-only assumptions were added; the changes are ROSA CLI/OCM/AWS test logic only.
Topology-Aware Scheduling Compatibility ✅ Passed The PR only updates e2e tests and a rosacli test helper; no deployment manifests, operators, or controllers were modified, so no topology-aware scheduling risk.
Ote Binary Stdout Contract ✅ Passed No process-level stdout writes were added; the only fmt.Println calls are inside It blocks, and the changed files have no main/TestMain/BeforeSuite/RunSpecs setup.
No-Weak-Crypto ✅ Passed Touched files only adjust test labels/CLI flags; no MD5/SHA1/DES/RC4/3DES/ECB, custom crypto, or secret comparisons found.
Container-Privileges ✅ Passed Only Go test/helper files changed; scans found no privileged/hostPID/hostNetwork/allowPrivilegeEscalation or securityContext settings in touched or manifest files.
No-Sensitive-Data-In-Logs ✅ Passed The new logs print HCP test commands without password/token/proxy flags, and CreateDryRun only adds --mode=auto and --yes.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
tests/utils/exec/rosacli/cluster_service.go (1)

247-253: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Drop the extra -y from CreateDryRun call sites that already pass a value-taking flag. CreateDryRun already prepends --yes, so -y after --audit-log-arn or the registry-config flags is consumed as that flag’s value, not as a confirm flag. Remove it from those call sites (tests/e2e/test_rosacli_cluster.go:2818, 2861, 2971).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/utils/exec/rosacli/cluster_service.go` around lines 247 - 253, The
extra -y at the affected CreateDryRun call sites is being parsed as the value
for a preceding value-taking flag instead of as a confirmation flag. Update the
test call sites that invoke clusterService.CreateDryRun so they no longer append
-y after --audit-log-arn or the registry-config flags, since CreateDryRun
already injects --yes itself. Use the CreateDryRun helper and the ROSA CLI
cluster test cases as the locations to adjust.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tests/utils/exec/rosacli/cluster_service.go`:
- Around line 247-253: The extra -y at the affected CreateDryRun call sites is
being parsed as the value for a preceding value-taking flag instead of as a
confirmation flag. Update the test call sites that invoke
clusterService.CreateDryRun so they no longer append -y after --audit-log-arn or
the registry-config flags, since CreateDryRun already injects --yes itself. Use
the CreateDryRun helper and the ROSA CLI cluster test cases as the locations to
adjust.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 05cf9d22-2ac4-4622-96e5-c70a3b06f2a2

📥 Commits

Reviewing files that changed from the base of the PR and between dc110e6 and 394b6f5.

📒 Files selected for processing (3)
  • tests/e2e/test_rosacli_account_roles.go
  • tests/e2e/test_rosacli_cluster.go
  • tests/utils/exec/rosacli/cluster_service.go

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@jerichokeyne: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 394b6f5 link false /test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

rosalCommand.AddFlags("--dry-run", "--external-auth-providers-enabled", "-y")
} else {
rosalCommand.AddFlags("--dry-run", "-y")
rosalCommand.AddFlags("--external-auth-providers-enabled")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--dry-run was removed here during refactoring but rosalCommand doesn't include it by default (unlike CreateDryRun). Without it, this runs a real create cluster command. Should be re-added for safety.

clusterHandler, err = handler.NewTempClusterHandler(rosaClient, customProfile)
Expect(err).To(BeNil())

By("Init the cluster id and testing cluster name")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This By has no code between it and the next By -- looks like a leftover from removing the random profile logic.

})
It("create/delete classic account roles with managed policies - [id:57408]",
labels.Critical, labels.Runtime.OCMResources,
labels.Critical, labels.Runtime.OCMResources, labels.Exclude,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a brief comment or link to a tracking issue explaining why this critical-labeled test is being excluded?

@olucasfreitas

Copy link
Copy Markdown
Contributor

Replying to @coderabbitai's review:

Agree with this observation. Lines 2861 and 2971 should drop the -y since CreateDryRun now includes --yes. In both cases -y is actually consumed as the value of the preceding flag (--audit-log-arn and the registry config flags respectively), not as a confirmation flag. The tests pass today only because the HCP-only validation fires first, but it's fragile. Line 2818 is fine since --additional-allowed-principals already has its value zzzz, so -y is parsed as a standalone flag (just redundant).

Specific call sites (outside the diff, so noted here):

tests/e2e/test_rosacli_cluster.go:2861: CreateDryRun already adds --yes. Here -y is positionally consumed as the value of --audit-log-arn, not as a confirmation flag. Removing it avoids the ambiguity.

tests/e2e/test_rosacli_cluster.go:2971: Same issue: -y is consumed as the value for the registry config flag, not as confirmation. Remove it since CreateDryRun now includes --yes.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants