Skip to content

🌱 OPRUN-4574: test: add TLS profile unit and e2e tests#2653

Merged
openshift-merge-bot[bot] merged 1 commit intooperator-framework:mainfrom
tmshort:tls-profile-tests
Apr 17, 2026
Merged

🌱 OPRUN-4574: test: add TLS profile unit and e2e tests#2653
openshift-merge-bot[bot] merged 1 commit intooperator-framework:mainfrom
tmshort:tls-profile-tests

Conversation

@tmshort
Copy link
Copy Markdown
Contributor

@tmshort tmshort commented Apr 15, 2026
edited
Loading

Explicitly tests the --tls-custom arguments, so that we can be sure that they work as expected.

  • Unit tests in tlsprofiles package verify cipher negotiation, cipher rejection, min-version enforcement, and curve acceptance/rejection by starting a local TLS server with a custom profile and connecting to it with a restricted client config.
  • e2e feature (tls.feature) patches the catalogd deployment with specific custom TLS settings for each scenario, asserts the expected connection behaviour, then restores the original args on cleanup. Covers min-version enforcement (TLSv1.3), cipher negotiation and rejection (TLS 1.2 + ECDHE_ECDSA), and curve enforcement (prime256v1 accepted, secp521r1 rejected).

Description

Reviewer Checklist

  • API Go Documentation
  • Tests: Unit Tests (and E2E Tests, if appropriate)
  • Comprehensive Commit Messages
  • Links to related GitHub Issue(s)

Copilot AI review requested due to automatic review settings April 15, 2026 19:01
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 15, 2026
edited
Loading

Deploy Preview for olmv1 ready!

Name Link
🔨 Latest commit d92c0f6
🔍 Latest deploy log https://app.netlify.com/projects/olmv1/deploys/69e130c150a3490008f70ff5
😎 Deploy Preview https://deploy-preview-2653--olmv1.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds explicit test coverage (unit + e2e) for custom TLS profile flags (--tls-custom-*) to validate version, cipher, and curve enforcement.

Changes:

  • Added tlsprofiles unit tests that stand up a local TLS server and validate negotiation/enforcement behaviors.
  • Added new e2e Godog steps + a tls.feature file that patches the catalogd deployment TLS args and asserts expected connection outcomes.
  • Extended the make test-e2e target to accept GODOG_ARGS for running a subset of features/scenarios.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
test/e2e/steps/tls_steps.go Implements e2e step helpers for patching deployments and asserting TLS negotiation/rejection against metrics endpoints.
test/e2e/steps/steps.go Registers new TLS-related Godog steps.
test/e2e/steps/hooks.go Adds scenario cleanup support to restore modified deployment args after each scenario.
test/e2e/features/tls.feature New e2e feature scenarios covering TLS min-version, cipher enforcement, and curve enforcement.
internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go New unit tests validating custom TLS profile behavior via real TLS handshakes.
Makefile Adds GODOG_ARGS passthrough to the e2e test runner.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread test/e2e/steps/tls_steps.go Outdated
Comment thread test/e2e/steps/tls_steps.go Outdated
Comment thread test/e2e/steps/hooks.go
@tmshort tmshort force-pushed the tls-profile-tests branch from 1459482 to 6fd8bd1 Compare April 15, 2026 19:13
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.89%. Comparing base (29debc7) to head (d92c0f6).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2653   +/-   ##
=======================================
  Coverage   68.89%   68.89%           
=======================================
  Files         141      141           
  Lines       10009    10009           
=======================================
  Hits         6896     6896           
  Misses       2596     2596           
  Partials      517      517
Flag Coverage Δ
e2e 37.37% <ø> (+0.02%) ⬆️
experimental-e2e 52.51% <ø> (+0.02%) ⬆️
unit 53.67% <ø> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI review requested due to automatic review settings April 15, 2026 21:40
@tmshort tmshort force-pushed the tls-profile-tests branch from 6fd8bd1 to daed167 Compare April 15, 2026 21:40
Copilot AI reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go Outdated
Comment thread internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go
Comment thread internal/shared/util/tlsprofiles/tlsprofiles_connection_test.go
Comment thread test/e2e/steps/tls_steps.go
@tmshort tmshort force-pushed the tls-profile-tests branch from daed167 to 3b5ceb3 Compare April 16, 2026 13:34
Copilot AI review requested due to automatic review settings April 16, 2026 13:43
@tmshort tmshort force-pushed the tls-profile-tests branch from 3b5ceb3 to c780b52 Compare April 16, 2026 13:43
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@tmshort @claude
test: add TLS profile unit and e2e tests
d92c0f6 
- Unit tests in tlsprofiles package verify cipher negotiation, cipher
  rejection, min-version enforcement, and curve acceptance/rejection
  by starting a local TLS server with a custom profile and connecting
  to it with a restricted client config.
- e2e feature (tls.feature) patches the catalogd deployment with
  specific custom TLS settings for each scenario, asserts the expected
  connection behaviour, then restores the original args on cleanup.
  Covers min-version enforcement (TLSv1.3), cipher negotiation and
  rejection (TLS 1.2 + ECDHE_ECDSA), and curve enforcement (prime256v1
  accepted, secp521r1 rejected).
- GODOG_ARGS variable added to the e2e Makefile target so a single
  feature file can be run with: make test-e2e GODOG_ARGS=features/tls.feature

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Todd Short <tshort@redhat.com>
@tmshort tmshort force-pushed the tls-profile-tests branch from c780b52 to d92c0f6 Compare April 16, 2026 18:55
@tmshort tmshort changed the title 🌱 test: add TLS profile unit and e2e tests 🌱 OPRUN-4574: test: add TLS profile unit and e2e tests Apr 16, 2026
camilamacedo86
camilamacedo86 reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @tmshort

/approve

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 17, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 17, 2026
@perdasilva
Copy link
Copy Markdown
Contributor

perdasilva commented Apr 17, 2026

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit e20da75 into operator-framework:main Apr 17, 2026
27 checks passed
@tmshort tmshort deleted the tls-profile-tests branch April 17, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@camilamacedo86 camilamacedo86 camilamacedo86 left review comments

Copilot code review Copilot Copilot left review comments

@ankitathomas ankitathomas Awaiting requested review from ankitathomas

@grokspawn grokspawn Awaiting requested review from grokspawn

Assignees

@perdasilva perdasilva

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tmshort @perdasilva @camilamacedo86