From d04410fba7fa89dbf29bbf797b0a454f320128f2 Mon Sep 17 00:00:00 2001 From: Jonathan West Date: Tue, 4 Nov 2025 20:29:23 -0500 Subject: [PATCH 1/2] Update to latest commit of argo-rollouts-manager '4619e3168941619f554e3f987ad440589838c7a3' (#994) * Update to latest commit of argo-rollouts-manager '4619e3168941619f554e3f987ad440589838c7a3' Signed-off-by: Jonathan West * Log additional debug logs on failure of 1-040 Signed-off-by: Jonathan West * chore: Move parallelizable tests to parallel Signed-off-by: Jonathan West * chore: increase Ginkgo sequential timeout slightly: Signed-off-by: Jonathan West --------- Signed-off-by: Jonathan West Signed-off-by: NAVEENA S --- Makefile | 2 +- .../argoproj.io_rolloutmanagers.yaml | 39 +++++++++---------- ...gitops-operator.clusterserviceversion.yaml | 2 +- .../bases/argoproj.io_rolloutmanagers.yaml | 39 +++++++++---------- go.mod | 2 +- go.sum | 4 +- hack/upgrade-rollouts-manager/main.go | 4 +- scripts/run-rollouts-e2e-tests.sh | 3 +- test/openshift/e2e/ginkgo/fixture/fixture.go | 5 +++ .../1-005_validate_metrics_test.go | 6 +-- .../1-041_validate_argocd_sync_alert_test.go | 6 +-- .../1-050_validate_sso_test.go | 6 +-- .../1-104_validate_prometheus_alert_test.go | 6 +-- ...idate_reencrypt_termination_policy_test.go | 6 +-- ...0_validate_quoted_RBAC_group_names_test.go | 4 ++ 15 files changed, 70 insertions(+), 64 deletions(-) rename test/openshift/e2e/ginkgo/{sequential => parallel}/1-005_validate_metrics_test.go (96%) rename test/openshift/e2e/ginkgo/{sequential => parallel}/1-041_validate_argocd_sync_alert_test.go (94%) rename test/openshift/e2e/ginkgo/{sequential => parallel}/1-050_validate_sso_test.go (96%) rename test/openshift/e2e/ginkgo/{sequential => parallel}/1-104_validate_prometheus_alert_test.go (93%) rename test/openshift/e2e/ginkgo/{sequential => parallel}/1-109_validate_reencrypt_termination_policy_test.go (95%) diff --git a/Makefile b/Makefile index 7fa9b95a5..bb6bbd8df 100644 --- a/Makefile +++ b/Makefile @@ -169,7 +169,7 @@ e2e-tests-ginkgo: e2e-tests-sequential-ginkgo e2e-tests-parallel-ginkgo ## Runs .PHONY: e2e-tests-sequential-ginkgo e2e-tests-sequential-ginkgo: ginkgo ## Runs kuttl e2e sequential tests @echo "Running GitOps Operator sequential Ginkgo E2E tests..." - $(GINKGO_CLI) -v --trace --timeout 120m -r ./test/openshift/e2e/ginkgo/sequential + $(GINKGO_CLI) -v --trace --timeout 150m -r ./test/openshift/e2e/ginkgo/sequential .PHONY: e2e-tests-parallel-ginkgo ## Runs kuttl e2e parallel tests, (Defaults to 5 runs at a time) e2e-tests-parallel-ginkgo: ginkgo diff --git a/bundle/manifests/argoproj.io_rolloutmanagers.yaml b/bundle/manifests/argoproj.io_rolloutmanagers.yaml index d684f7a00..9bdbcf0da 100644 --- a/bundle/manifests/argoproj.io_rolloutmanagers.yaml +++ b/bundle/manifests/argoproj.io_rolloutmanagers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 creationTimestamp: null name: rolloutmanagers.argoproj.io spec: @@ -61,11 +61,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -76,6 +74,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -140,10 +144,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -202,10 +209,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -369,16 +379,8 @@ spec: description: Conditions is an array of the RolloutManager's status conditions items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -419,12 +421,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index db9e859fe..4b8327a7b 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -180,7 +180,7 @@ metadata: capabilities: Deep Insights console.openshift.io/plugins: '["gitops-plugin"]' containerImage: quay.io/redhat-developer/gitops-operator - createdAt: "2025-10-29T14:30:25Z" + createdAt: "2025-11-03T15:21:29Z" description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" diff --git a/config/crd/bases/argoproj.io_rolloutmanagers.yaml b/config/crd/bases/argoproj.io_rolloutmanagers.yaml index e9818563b..c99be7f20 100644 --- a/config/crd/bases/argoproj.io_rolloutmanagers.yaml +++ b/config/crd/bases/argoproj.io_rolloutmanagers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: rolloutmanagers.argoproj.io spec: group: argoproj.io @@ -61,11 +61,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -76,6 +74,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -140,10 +144,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -202,10 +209,13 @@ spec: be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -369,16 +379,8 @@ spec: description: Conditions is an array of the RolloutManager's status conditions items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -419,12 +421,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/go.mod b/go.mod index fe25d4240..825019736 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/redhat-developer/gitops-operator go 1.24.6 require ( - github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251020065637-7f928e52c0d9 + github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251029155400-4619e3168941 github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251024105544-f7c3f5b0cc95 github.com/argoproj/argo-cd/v3 v3.1.8 github.com/argoproj/gitops-engine v0.7.1-0.20250905160054-e48120133eec diff --git a/go.sum b/go.sum index 34854cd8c..426f698b7 100644 --- a/go.sum +++ b/go.sum @@ -29,8 +29,8 @@ github.com/alicebob/miniredis/v2 v2.35.0 h1:QwLphYqCEAo1eu1TqPRN2jgVMPBweeQcR21j github.com/alicebob/miniredis/v2 v2.35.0/go.mod h1:TcL7YfarKPGDAthEtl5NBeHZfeUQj6OXMm/+iu5cLMM= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= -github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251020065637-7f928e52c0d9 h1:WcUWvh0qIqUaY+JfVIUfBV0ACv9ep2by3YEi04dRNr4= -github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251020065637-7f928e52c0d9/go.mod h1:iVIrf0/GJPZR3NMtJvpo1Ui6qqPjpY34Lp+5RmZo9vY= +github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251029155400-4619e3168941 h1:uqkUVemiOX050ktlgbyYs4jef38HRU17C9sTzHTL9JU= +github.com/argoproj-labs/argo-rollouts-manager v0.0.7-0.20251029155400-4619e3168941/go.mod h1:WPyZkNHZjir/OTt8mrRwcUZKe1euHrHPJsRv1Wp/F/0= github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251024105544-f7c3f5b0cc95 h1:v2J4IPd8Fab5udUD7nMZsYflqGDhkVGx30q5uenMBbE= github.com/argoproj-labs/argocd-operator v0.14.0-rc1.0.20251024105544-f7c3f5b0cc95/go.mod h1:LTBNqNbKk9Us5xiCrK612HLOr8SJFfyxlMJQErzMghg= github.com/argoproj/argo-cd/v3 v3.1.8 h1:NkLPiRI5qGkV+q1EN3O7/0Wb9O/MVl62vadKteZqMUw= diff --git a/hack/upgrade-rollouts-manager/main.go b/hack/upgrade-rollouts-manager/main.go index 3cd300c7d..9ec6f1f32 100644 --- a/hack/upgrade-rollouts-manager/main.go +++ b/hack/upgrade-rollouts-manager/main.go @@ -267,9 +267,11 @@ func regenerateE2ETestScript(commitID string, pathToGitRepo string) error { } else { res += line + "\n" } - } + // Trim trailing space + res = strings.TrimSpace(res) + if err := os.WriteFile(path, []byte(res), 0600); err != nil { return err } diff --git a/scripts/run-rollouts-e2e-tests.sh b/scripts/run-rollouts-e2e-tests.sh index 919408ad7..ddab86d04 100755 --- a/scripts/run-rollouts-e2e-tests.sh +++ b/scripts/run-rollouts-e2e-tests.sh @@ -217,7 +217,7 @@ cd "$ROLLOUTS_TMP_DIR/argo-rollouts-manager" # This commit value will be automatically updated by calling 'hack/upgrade-rollouts-manager/go-run.sh': # - It should always point to the same argo-rollouts-manager commit that is referenced in go.mod of gitops-operator (which will usually be the most recent argo-rollouts-manager commit) -TARGET_ROLLOUT_MANAGER_COMMIT=7f928e52c0d9e9bac93058b0e564f6f15217c92d +TARGET_ROLLOUT_MANAGER_COMMIT=4619e3168941619f554e3f987ad440589838c7a3 # This commit value will be automatically updated by calling 'hack/upgrade-rollouts-manager/go-run.sh': # - It should always point to the same argo-rollouts-manager commit that is referenced in the version of argo-rollouts-manager that is in go.mod @@ -291,3 +291,4 @@ make test-e2e + diff --git a/test/openshift/e2e/ginkgo/fixture/fixture.go b/test/openshift/e2e/ginkgo/fixture/fixture.go index dc95dcb86..891a5fa75 100644 --- a/test/openshift/e2e/ginkgo/fixture/fixture.go +++ b/test/openshift/e2e/ginkgo/fixture/fixture.go @@ -634,6 +634,11 @@ func WaitForAllDeploymentsInTheNamespaceToBeReady(ns string, k8sClient client.Cl }, "3m", "1s").Should(BeTrue()) + // The above logic will successfully wait for Deployments to be ready. However, this does not mean that the operator's controller logic has completed it's initial cluster reconciliation logic (starting a watch then reconciling existing resources) + // - I'm not aware of a way to detect when this has completed, so instead I am inserting a 15 second pause. + // - If anyone has a better way of doing this, let us know. + // time.Sleep(15 * time.Second) + // TODO: Uncomment this once the sequential test suite timeout has increased. } func WaitForAllStatefulSetsInTheNamespaceToBeReady(ns string, k8sClient client.Client) { diff --git a/test/openshift/e2e/ginkgo/sequential/1-005_validate_metrics_test.go b/test/openshift/e2e/ginkgo/parallel/1-005_validate_metrics_test.go similarity index 96% rename from test/openshift/e2e/ginkgo/sequential/1-005_validate_metrics_test.go rename to test/openshift/e2e/ginkgo/parallel/1-005_validate_metrics_test.go index 1e4e46240..af90db34f 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-005_validate_metrics_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-005_validate_metrics_test.go @@ -1,4 +1,4 @@ -package sequential +package parallel import ( . "github.com/onsi/ginkgo/v2" @@ -11,12 +11,12 @@ import ( "k8s.io/utils/ptr" ) -var _ = Describe("GitOps Operator Sequential E2E Tests", func() { +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-005_validate_metrics_test", func() { BeforeEach(func() { - fixture.EnsureSequentialCleanSlate() + fixture.EnsureParallelCleanSlate() }) It("verifies that default ServiceMonitors exist in openshift-gitops and PrometheusRule ArgoCDSyncAlert exists", func() { diff --git a/test/openshift/e2e/ginkgo/sequential/1-041_validate_argocd_sync_alert_test.go b/test/openshift/e2e/ginkgo/parallel/1-041_validate_argocd_sync_alert_test.go similarity index 94% rename from test/openshift/e2e/ginkgo/sequential/1-041_validate_argocd_sync_alert_test.go rename to test/openshift/e2e/ginkgo/parallel/1-041_validate_argocd_sync_alert_test.go index 6ec5df654..ceefffbeb 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-041_validate_argocd_sync_alert_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-041_validate_argocd_sync_alert_test.go @@ -1,4 +1,4 @@ -package sequential +package parallel import ( . "github.com/onsi/ginkgo/v2" @@ -12,12 +12,12 @@ import ( "k8s.io/utils/ptr" ) -var _ = Describe("GitOps Operator Sequential E2E Tests", func() { +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-041_validate_argocd_sync_alert", func() { BeforeEach(func() { - fixture.EnsureSequentialCleanSlate() + fixture.EnsureParallelCleanSlate() }) It("verifying PrometheusRule gitops-operator-argocd-alerts exists and has expected values", func() { diff --git a/test/openshift/e2e/ginkgo/sequential/1-050_validate_sso_test.go b/test/openshift/e2e/ginkgo/parallel/1-050_validate_sso_test.go similarity index 96% rename from test/openshift/e2e/ginkgo/sequential/1-050_validate_sso_test.go rename to test/openshift/e2e/ginkgo/parallel/1-050_validate_sso_test.go index 8249a5ecc..8ef203925 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-050_validate_sso_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-050_validate_sso_test.go @@ -1,4 +1,4 @@ -package sequential +package parallel import ( "context" @@ -18,7 +18,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -var _ = Describe("GitOps Operator Sequential E2E Tests", func() { +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-050_validate_sso", func() { @@ -31,7 +31,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { BeforeEach(func() { - fixture.EnsureSequentialCleanSlate() + fixture.EnsureParallelCleanSlate() k8sClient, _ = utils.GetE2ETestKubeClient() ctx = context.Background() }) diff --git a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go similarity index 93% rename from test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go rename to test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go index c99ce0e88..60152062b 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go @@ -1,4 +1,4 @@ -package sequential +package parallel import ( . "github.com/onsi/ginkgo/v2" @@ -9,13 +9,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var _ = Describe("GitOps Operator Sequential E2E Tests", func() { +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-104_validate_prometheus_alert", func() { BeforeEach(func() { - fixture.EnsureSequentialCleanSlate() + fixture.EnsureParallelCleanSlate() }) It("verify that openshift gitops operator servicemonitor exists in openshift-gitops-operator namespace, and has the expected values", func() { diff --git a/test/openshift/e2e/ginkgo/sequential/1-109_validate_reencrypt_termination_policy_test.go b/test/openshift/e2e/ginkgo/parallel/1-109_validate_reencrypt_termination_policy_test.go similarity index 95% rename from test/openshift/e2e/ginkgo/sequential/1-109_validate_reencrypt_termination_policy_test.go rename to test/openshift/e2e/ginkgo/parallel/1-109_validate_reencrypt_termination_policy_test.go index 9c2f11cd6..c836d64c6 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-109_validate_reencrypt_termination_policy_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-109_validate_reencrypt_termination_policy_test.go @@ -1,4 +1,4 @@ -package sequential +package parallel import ( . "github.com/onsi/ginkgo/v2" @@ -11,12 +11,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var _ = Describe("GitOps Operator Sequential E2E Tests", func() { +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-109_validate_reencrypt_termination_policy", func() { BeforeEach(func() { - fixture.EnsureSequentialCleanSlate() + fixture.EnsureParallelCleanSlate() }) It("ensure the openshift-gitops default argo cd server route has expected TLS Config values: insecure redirect and reencrypt, and the route ingress is sucessfully admitted", func() { diff --git a/test/openshift/e2e/ginkgo/sequential/1-040_validate_quoted_RBAC_group_names_test.go b/test/openshift/e2e/ginkgo/sequential/1-040_validate_quoted_RBAC_group_names_test.go index 507d12fea..3263a162e 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-040_validate_quoted_RBAC_group_names_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-040_validate_quoted_RBAC_group_names_test.go @@ -15,6 +15,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { fixture.EnsureSequentialCleanSlate() }) + AfterEach(func() { + fixture.OutputDebugOnFail() + }) + It("creates a project role 'somerole' and group claim, and verifies group claim contains the expected data", func() { By("logging in to Argo CD instance") From 90a4905ec4bce85b6f5f09ecee2f7d5373a3c43f Mon Sep 17 00:00:00 2001 From: NAVEENA S Date: Wed, 5 Nov 2025 15:23:28 +0530 Subject: [PATCH 2/2] Convert Kuttl test 1-098_validate_dex_clientsecret to Ginkgo test format Signed-off-by: NAVEENA S --- ...98_validate_dex_clientsecret_deprecated.go | 154 ++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 test/openshift/e2e/ginkgo/parallel/1-098_validate_dex_clientsecret_deprecated.go diff --git a/test/openshift/e2e/ginkgo/parallel/1-098_validate_dex_clientsecret_deprecated.go b/test/openshift/e2e/ginkgo/parallel/1-098_validate_dex_clientsecret_deprecated.go new file mode 100644 index 000000000..2de2bb64c --- /dev/null +++ b/test/openshift/e2e/ginkgo/parallel/1-098_validate_dex_clientsecret_deprecated.go @@ -0,0 +1,154 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package parallel + +import ( + "context" + "fmt" + "strings" + + argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" + argocdFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/argocd" + k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { + + Context("1-098_validate_dex_clientsecret_deprecated", func() { + + var ( + k8sClient client.Client + ctx context.Context + ) + + BeforeEach(func() { + fixture.EnsureParallelCleanSlate() + + k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() + ctx = context.Background() + }) + + It("validates that dex client secret is properly copied from service account token to argocd-secret", func() { + + // Create namespace for this test and ensure cleanup + namespace, cleanupFunc := fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() + defer cleanupFunc() + + By("creating ArgoCD CR with dex SSO enabled using openShiftOAuth") + argoCD := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: namespace.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SSO: &argov1beta1api.ArgoCDSSOSpec{ + Provider: argov1beta1api.SSOProviderTypeDex, + Dex: &argov1beta1api.ArgoCDDexSpec{ + OpenShiftOAuth: true, + }, + }, + }, + } + Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) + + By("verifying ArgoCD instance reaches Available phase") + Eventually(argoCD, "3m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying dex server service account exists") + dexServiceAccount := &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-argocd-dex-server", + Namespace: namespace.Name, + }, + } + Eventually(dexServiceAccount, "2m", "5s").Should(k8sFixture.ExistByName()) + + By("validating that the Dex Client Secret was copied from dex serviceaccount token secret to argocd-secret, by the operator") + Eventually(func() error { + // Get the service account and find its token secret + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(dexServiceAccount), dexServiceAccount) + if err != nil { + return err + } + + // Find the token secret from the service account secrets + var tokenSecretName string + for _, secret := range dexServiceAccount.Secrets { + if secret.Name != "" && strings.Contains(secret.Name, "token") { + tokenSecretName = secret.Name + break + } + } + + if tokenSecretName == "" { + return fmt.Errorf("no token secret found for service account %s", dexServiceAccount.Name) + } + + // Get the token secret and extract the token + tokenSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: tokenSecretName, + Namespace: namespace.Name, + }, + } + err = k8sClient.Get(ctx, client.ObjectKeyFromObject(tokenSecret), tokenSecret) + if err != nil { + return err + } + + expectedClientSecret, exists := tokenSecret.Data["token"] + if !exists { + return fmt.Errorf("token not found in secret %s", tokenSecretName) + } + + // Get the argocd-secret and extract the oidc.dex.clientSecret + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: namespace.Name, + }, + } + err = k8sClient.Get(ctx, client.ObjectKeyFromObject(argoCDSecret), argoCDSecret) + if err != nil { + return err + } + + actualClientSecret, exists := argoCDSecret.Data["oidc.dex.clientSecret"] + if !exists { + return fmt.Errorf("oidc.dex.clientSecret not found in argocd-secret") + } + + // Compare the two secrets + if string(expectedClientSecret) != string(actualClientSecret) { + return fmt.Errorf("dex client secret mismatch: expected length %d, actual length %d", + len(expectedClientSecret), len(actualClientSecret)) + } + + return nil + }, "3m", "5s").Should(Succeed()) + + }) + + }) +})