🐛 override local pull policy with permissive policy #2339
Conversation
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
|
||
| return &types.SystemContext{ | ||
| SystemRegistriesConfPath: registriesConfPath, | ||
| SignaturePolicyPath: policyPath, |
There was a problem hiding this comment.
I think we need to here like we here: https://github.com/openshift/operator-framework-operator-controller/blob/main/openshift/default-catalog-consistency/pkg/extract/extract.go#L231-L251
There was a problem hiding this comment.
Thanks for the review @camilamacedo86!
What's the concern here? Is it that we're dropping a file in t.TempDir() for use in this test scenario?
That's the only difference I see between the approaches.
There was a problem hiding this comment.
While I would love to avoid the temp file generation, this is just a different API than the app uses, and an attempt to avoid writing the overriding signature policy file results in uglier shenanigans.
There was a problem hiding this comment.
The delta is that we are trying to solve it with the signature if not be possible then we let it go instead of fixed se "default": [{"type": "insecureAcceptAnything"}].
There was a problem hiding this comment.
I'm not following you.
Right now this test fails on users' machines with a restrictive signing policy, but the test should not be sensitive to users' environments.
Here creates an insecure signing policy for the scoped tests to be used instead of detecting the users' policies.
There was a problem hiding this comment.
I think it is fine
/lgtm
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a test reliability issue by ensuring image pull tests use a permissive signature policy instead of relying on the user's system-level policy. This prevents test failures when developers have restrictive image signing policies configured on their machines.
Key changes:
- Added creation of an
insecureAcceptAnythingpolicy file in the test's temporary directory - Configured the
SystemContextto use this test-specific policy file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2339 +/- ##
==========================================
- Coverage 74.30% 74.23% -0.07%
==========================================
Files 91 91
Lines 7083 7239 +156
==========================================
+ Hits 5263 5374 +111
- Misses 1405 1433 +28
- Partials 415 432 +17
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Signed-off-by: grokspawn <jordan@nimblewidget.com>
grokspawn
force-pushed
the
permissive-pull-policy
branch
from
bf1b6d2 to
9a09a4b
Compare
|
/approve |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: grokspawn, tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
openshift-merge-bot
bot
merged commit 1355ff7
into
operator-framework:main
3 participants
Description
The image pull test requires that the user running it has a permissive image pull policy in place to be successful. However, I run a restrictive policy on my machine, so I get test failures.
Ideally, the unit test should not be dependent on the user's environment, so here's a change which specifies a test-specific, permissive pull policy which will be used instead of the user's environment.
Reviewer Checklist