Skip to content

MULTIARCH-5550: add vault test for ppc64le#134

Open
raja-0940 wants to merge 1 commit into
openshift:mainfrom
raja-0940:eso-e2e-clean
Open

MULTIARCH-5550: add vault test for ppc64le#134
raja-0940 wants to merge 1 commit into
openshift:mainfrom
raja-0940:eso-e2e-clean

Conversation

@raja-0940

@raja-0940 raja-0940 commented Apr 7, 2026

Copy link
Copy Markdown

Summary

Adds e2e test suite for vault with IBM power.

Description

Platform:Vault - ESO CR-based flow:

  • Enabled Hashicorp Vault in ExternalSecretsConfig
  • Created a secret in P specific vault instance during BeforeAll
  • Verified the secret value through:
    • ClusterSecretStore
    • ExternalSecret
  • Cleaned up cretaed resources in AfterAll

Testing

  • Verified e2e flow locally
  • Confirmed secret creation and retrieval
  • Conformed cleanup after execution

Summary by CodeRabbit

  • New Features

    • Added an end-to-end Vault-backed secret sync scenario to verify secrets can be fetched into Kubernetes.
    • Added support for applying test manifests with template replacements and architecture-aware image selection.
    • Introduced helpers for executing commands in pods and applying manifests dynamically during tests.
  • Bug Fixes

    • Improved handling for terminating namespaces and manifest updates during test setup.
    • Ensured Vault egress network access is configured for the integration test environment.

@coderabbitai

coderabbitai Bot commented Apr 7, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

The PR adds a Vault-backed end-to-end scenario that provisions Vault in vault-test, initializes and unseals it, seeds Vault data, configures egress access, creates a SecretStore and ExternalSecret, and verifies the resulting Kubernetes Secret. Supporting helpers add manifest replacement, pod exec, and architecture-aware manifest handling.

Changes

Vault Secret Manager e2e flow

Layer / File(s) Summary
Manifest and pod utilities
test/utils/dynamic_resources.go, test/utils/kube_client.go, test/go.mod
Dynamic resource loading adds replacement support, and kube helpers add pod exec, manifest apply, architecture detection, image selection, and image-substitution utilities; test/go.mod adds indirect SPDY exec dependencies.
Vault manifests
test/e2e/testdata/vault/vault.yaml, test/e2e/testdata/vault/secret_store.yaml, test/e2e/testdata/vault/external_secret.yaml, test/e2e/testdata/vault/externalsecretsconfig.yaml
New embedded manifests define the Vault namespace, deployment, service, SecretStore, ExternalSecret, and Vault egress policy.
Vault Secret Manager scenario
test/e2e/e2e_test.go
The new Ginkgo context provisions Vault, runs Vault CLI setup in the pod, seeds KV data, patches ExternalSecretsConfig egress policies when needed, applies the secret resources, verifies the resulting Secret, and cleans up the namespace.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

Suggested reviewers: mytreya-rh


Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 3 warnings)

Check name Status Explanation Resolution
No-Sensitive-Data-In-Logs ❌ Error test/utils/kube_client.go logs config.Host via t.Logf, which can expose internal API-server hostnames in e2e output. Replace host logging with a redacted or generic message (e.g. "kubeconfig loaded") and avoid printing any token/host values in test logs.
Test Structure And Quality ⚠️ Warning Vault e2e still has quality issues: missing assertion messages, unquoted shell args, root-token login, 5m delete wait under 2m ctx, and no ESC restore. Add failure messages to Vault assertions, quote shell args, remove root-token login, align namespace-delete timeout with ctx, and restore ExternalSecretsConfig after the test.
Microshift Test Compatibility ⚠️ Warning New Vault e2e test is unguarded and reads/writes operator.openshift.io/v1alpha1 ExternalSecretsConfig, an OpenShift API unsupported on MicroShift. Add a [Skipped:MicroShift] or matching [apigroup:...] tag, or guard with exutil.IsMicroShiftCluster() and g.Skip() before using ExternalSecretsConfig.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning FAIL: test/e2e/testdata/vault/vault.yaml hardcodes 0.0.0.0:8200 and 127.0.0.1:8200, which are IPv4-only; the Vault image also comes from icr.io, a public registry. Use IPv6-safe listener/loopback settings and mirror the Vault image to an internal registry; verify with the IPv6 disconnected e2e job.
✅ Passed checks (11 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly reflects the main change: adding a Vault end-to-end test for ppc64le.
Docstring Coverage ✅ Passed Docstring coverage is 85.19% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Scanned all Ginkgo titles in test/e2e/e2e_test.go; the new Vault scenario uses static literal names and no titles interpolate dynamic values.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Vault e2e is single-replica and namespace-scoped; no anti-affinity, spread, multi-node counts, drain, or failover assumptions were found.
Topology-Aware Scheduling Compatibility ✅ Passed PASS: Added scheduling is only arch-based nodeAffinity for a 1-replica Vault pod; no control-plane/worker selectors, anti-affinity, or spread constraints were introduced.
Ote Binary Stdout Contract ✅ Passed BeforeSuite/TestE2E only write to GinkgoWriter; no fmt.Print/log-to-stdout was found in process-level code.
No-Weak-Crypto ✅ Passed No MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or token-secret constant-time issues appear in the changed files; imports also lack crypto packages.
Container-Privileges ✅ Passed Vault manifest sets runAsNonRoot:true, allowPrivilegeEscalation:false, and drops all capabilities; no privileged/hostNetwork/hostPID/hostIPC/SYS_ADMIN found.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from TrilokGeer and mytreya-rh April 7, 2026 06:22

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
test/e2e/e2e_test.go (2)

726-727: Remove unused constants.

clusterSecretStoreFile and externalSecretFile are declared but never used. The actual file paths are defined locally in the test function (lines 790-792).

 	Context("Vault Secret Manager", Label("Platform:Vault"), func() {
 		const (
-			clusterSecretStoreFile = "testdata/vault/secret_store.yaml"
-			externalSecretFile     = "testdata/vault/external_secret.yaml"
 			vaultSecretName        = "foo"
 			vaultSecretKey         = "my-value"
 			vaultSecretValue       = "bar"
 		)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 726 - 727, Remove the unused constants
clusterSecretStoreFile and externalSecretFile from the top-level declarations in
the test file; they are never referenced and duplicate the local paths that are
used inside the test function (where the actual file paths are defined around
lines ~790-792). Locate and delete the constant definitions named
clusterSecretStoreFile and externalSecretFile so only the locally scoped
variables remain.

1031-1037: Shell command construction may break with special characters.

The fmt.Sprintf constructs a shell command with direct string interpolation. If secretname, key, or value contain shell metacharacters (quotes, backticks, $), the command could fail or behave unexpectedly.

For test code with controlled inputs this is low risk, but consider using separate arguments to vault kv put to avoid shell interpretation issues.

Alternative: pass key-value without shell quoting
 	cmd := exec.Command(
-		"oc", "exec", "-n", vaultNamespace, podName, "--", "sh", "-c",
-		fmt.Sprintf(
-			"vault kv put secret/%s %s=\"%s\"",
-			secretname, key, value,
-		),
+		"oc", "exec", "-n", vaultNamespace, podName, "--",
+		"vault", "kv", "put", fmt.Sprintf("secret/%s", secretname),
+		fmt.Sprintf("%s=%s", key, value),
 	)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 1031 - 1037, The test builds a shell
command via fmt.Sprintf and sh -c which allows shell metacharacters in
secretname/key/value to break behavior; update the exec.Command invocation (the
cmd := exec.Command(...) that currently uses "sh", "-c" and fmt.Sprintf("vault
kv put secret/%s %s=\"%s\"")) to call vault kv put with separate arguments
instead of a shell string—e.g., remove "sh", "-c" and pass "vault","kv","put",
fmt.Sprintf("secret/%s", secretname), fmt.Sprintf("%s=%s", key, value) (or
construct the key=value arg safely) so that exec.Command handles argument
quoting and no shell interpolation occurs.
Makefile (1)

219-230: Inconsistencies with existing test-e2e target may cause issues.

The new e2e-test-vault target differs from test-e2e in several ways that could cause problems:

  1. Missing GOFLAGS= override — line 182 sets this for test-e2e to avoid conflicts with go.work, but e2e-test-vault is not included
  2. Missing @ prefix to suppress command echo
  3. Missing -ginkgo.trace flag
  4. Different working directory approach (./test/e2e vs -C $(PROJECT_ROOT)/test ./e2e)
Suggested fix for consistency
-	
-.PHONY: e2e-test-vault  # Run the e2e tests against a Kind k8s instance that is spun up.
+
+# Targets that need Go workspace mode (CI sets GOFLAGS=-mod=vendor which conflicts with go.work)
+fmt vet test test-unit test-e2e e2e-test-vault run update-vendor update-dep: GOFLAGS=
+
+.PHONY: e2e-test-vault
 e2e-test-vault:
-	go test \
+	`@go` test -C $(PROJECT_ROOT)/test \
 	-timeout $(E2E_TIMEOUT) \
 	-count 1 \
 	-v \
 	-p 1 \
 	-tags e2e \
-	./test/e2e \
+	./e2e \
 	-ginkgo.v \
+	-ginkgo.trace \
 	-ginkgo.show-node-events \
 	-ginkgo.label-filter="$(E2E_GINKGO_LABEL_FILTER)"

Note: Update line 182 to include e2e-test-vault in the GOFLAGS override list.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 219 - 230, The new e2e-test-vault Make target is
inconsistent with test-e2e; update e2e-test-vault to match: ensure it's covered
by the GOFLAGS override (add e2e-test-vault to the existing GOFLAGS= override
that prevents go.work conflicts), prefix the go test invocation with @ to
suppress echo, add the -ginkgo.trace flag to the ginkgo flags, and run the tests
from the same directory style as test-e2e (use -C $(PROJECT_ROOT)/test ./e2e
rather than ./test/e2e) while keeping the same flags (-timeout $(E2E_TIMEOUT)
-count 1 -v -p 1 -tags e2e -ginkgo.v -ginkgo.show-node-events
-ginkgo.label-filter="$(E2E_GINKGO_LABEL_FILTER)").
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/e2e_test.go`:
- Around line 762-785: The AfterEach cleanup currently removes Vault
namespace/networkpolicy and also deletes the global ExternalSecretsConfig
"cluster"; change this block to run in AfterAll (replace AfterEach with
AfterAll) so cleanup runs once, and remove the deletion of the shared
ExternalSecretsConfig "cluster" (do not call safeDelete for
ExternalSecretsConfig "cluster"); if you need to revert Vault-specific config
changes, instead restore the ExternalSecretsConfig to its prior state (or delete
only Vault-scoped resources) using the same safeDelete helper and referencing
vaultNamespace, networkpolicy name "allow-to-vault-test", and the
ExternalSecretsConfig resource only when scoped to Vault-specific changes.
- Around line 1044-1069: In createVaultTokenSecret, don’t assume any Get() error
means “not found”: use the Kubernetes API error helper
(apierrors.IsNotFound(err)) to distinguish a missing secret from other errors;
keep the existing update path when err == nil, call Create only when
apierrors.IsNotFound(err), and for any other non-nil error return it immediately
(adjust imports to include k8s.io/apimachinery/pkg/api/errors as apierrors).

In `@test/e2e/testdata/vault/externalsecretsconfig.yaml`:
- Around line 10-14: The network policy for ExternalSecretsCoreController is
overly permissive because the egress entry `- {}` (in the policy named
`allow-external-secrets-egress`) allows all outbound traffic; update the
`networkPolicies` for componentName `ExternalSecretsCoreController` to either
remove this empty egress rule if redundant with `vault-networkpolicy.yaml` or
replace it with explicit egress rules (e.g., allow TCP/UDP port 53 for DNS and
TCP port 8200 to the Vault namespace) so only required destinations/ports are
permitted.

---

Nitpick comments:
In `@Makefile`:
- Around line 219-230: The new e2e-test-vault Make target is inconsistent with
test-e2e; update e2e-test-vault to match: ensure it's covered by the GOFLAGS
override (add e2e-test-vault to the existing GOFLAGS= override that prevents
go.work conflicts), prefix the go test invocation with @ to suppress echo, add
the -ginkgo.trace flag to the ginkgo flags, and run the tests from the same
directory style as test-e2e (use -C $(PROJECT_ROOT)/test ./e2e rather than
./test/e2e) while keeping the same flags (-timeout $(E2E_TIMEOUT) -count 1 -v -p
1 -tags e2e -ginkgo.v -ginkgo.show-node-events
-ginkgo.label-filter="$(E2E_GINKGO_LABEL_FILTER)").

In `@test/e2e/e2e_test.go`:
- Around line 726-727: Remove the unused constants clusterSecretStoreFile and
externalSecretFile from the top-level declarations in the test file; they are
never referenced and duplicate the local paths that are used inside the test
function (where the actual file paths are defined around lines ~790-792). Locate
and delete the constant definitions named clusterSecretStoreFile and
externalSecretFile so only the locally scoped variables remain.
- Around line 1031-1037: The test builds a shell command via fmt.Sprintf and sh
-c which allows shell metacharacters in secretname/key/value to break behavior;
update the exec.Command invocation (the cmd := exec.Command(...) that currently
uses "sh", "-c" and fmt.Sprintf("vault kv put secret/%s %s=\"%s\"")) to call
vault kv put with separate arguments instead of a shell string—e.g., remove
"sh", "-c" and pass "vault","kv","put", fmt.Sprintf("secret/%s", secretname),
fmt.Sprintf("%s=%s", key, value) (or construct the key=value arg safely) so that
exec.Command handles argument quoting and no shell interpolation occurs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf609882-7f2b-4bc5-a693-4dddaa3125dc

📥 Commits

Reviewing files that changed from the base of the PR and between 2a65cb8 and 57fdb31.

📒 Files selected for processing (7)
  • Makefile
  • test/e2e/e2e_test.go
  • test/e2e/testdata/vault/cluster_secret_store.yaml
  • test/e2e/testdata/vault/external_secret.yaml
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/vault-networkpolicy.yaml
  • test/e2e/testdata/vault/vault.yaml

Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go
Comment thread test/e2e/testdata/vault/externalsecretsconfig.yaml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
test/e2e/e2e_test.go (3)

725-731: Remove unused constants.

clusterSecretStoreFile and externalSecretFile are declared but never used. The test instead defines local variables vaultSecretStoreFile and vaultExternalSecretFile at lines 784-785.

Suggested fix
 	Context("Vault Secret Manager", Label("Platform:Vault"), func() {
 		const (
-			clusterSecretStoreFile = "testdata/vault/secret_store.yaml"
-			externalSecretFile     = "testdata/vault/external_secret.yaml"
-			vaultSecretName        = "foo"
-			vaultSecretKey         = "my-value"
-			vaultSecretValue       = "bar"
+			vaultSecretName  = "foo"
+			vaultSecretKey   = "my-value"
+			vaultSecretValue = "bar"
 		)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 725 - 731, Remove the unused constants
clusterSecretStoreFile and externalSecretFile from the constants block (they are
shadowed by local variables vaultSecretStoreFile and vaultExternalSecretFile
later in the test), leaving only the actually used constants vaultSecretName,
vaultSecretKey, and vaultSecretValue; update the constants declaration near the
top of the test in e2e_test.go so there are no unused variables left.

874-874: Remove unused loader parameter.

The loader parameter is passed to applyVault but never used within the function.

Suggested fix
-func applyVault(ctx context.Context, loader utils.DynamicResourceLoader) error {
+func applyVault(ctx context.Context) error {

And update the call site at line 735:

-		Expect(applyVault(ctx, loader)).To(Succeed())
+		Expect(applyVault(ctx)).To(Succeed())
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` at line 874, The applyVault function signature includes
an unused parameter loader; remove the unused parameter from the applyVault
declaration (change func applyVault(ctx context.Context, loader
utils.DynamicResourceLoader) to func applyVault(ctx context.Context)) and update
all call sites that pass a loader to call applyVault with only the ctx argument
(i.e., remove the extra argument where applyVault is invoked) so the function
and its callers remain consistent.

1004-1014: Consider more granular error handling in enableKVEngine.

The || true at line 1007 masks all errors, including authentication failures or Vault unavailability. While this is intentional for idempotent KV engine enabling, consider checking only for the "already enabled" error.

Alternative approach
 	cmd := exec.Command(
 		"oc", "exec", "-n", vaultNamespace, podName, "--", "sh", "-c",
 		fmt.Sprintf(
-			"vault status && vault login %s && vault secrets enable -path=secret kv-v2 || true",
+			"vault status && vault login %s && (vault secrets enable -path=secret kv-v2 2>&1 || echo 'KV engine may already be enabled')",
 			token,
 		),
 	)

Alternatively, check the exit code explicitly and only ignore the "path is already in use" error.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/e2e_test.go` around lines 1004 - 1014, The current command uses "||
true" which masks all errors; in the enableKVEngine logic replace the blanket
ignore with targeted handling: run the same exec.Command via utils.Run (the
existing cmd, podName, vaultNamespace, token) but if it returns an error inspect
the output/error string or exit code and only suppress the error when it
indicates the KV engine is already enabled (e.g., message like "path is already
in use" or equivalent); for any other error (authentication failure, vault
unavailable, etc.) propagate/return the error so failures are not silently
ignored.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/e2e/e2e_test.go`:
- Around line 725-731: Remove the unused constants clusterSecretStoreFile and
externalSecretFile from the constants block (they are shadowed by local
variables vaultSecretStoreFile and vaultExternalSecretFile later in the test),
leaving only the actually used constants vaultSecretName, vaultSecretKey, and
vaultSecretValue; update the constants declaration near the top of the test in
e2e_test.go so there are no unused variables left.
- Line 874: The applyVault function signature includes an unused parameter
loader; remove the unused parameter from the applyVault declaration (change func
applyVault(ctx context.Context, loader utils.DynamicResourceLoader) to func
applyVault(ctx context.Context)) and update all call sites that pass a loader to
call applyVault with only the ctx argument (i.e., remove the extra argument
where applyVault is invoked) so the function and its callers remain consistent.
- Around line 1004-1014: The current command uses "|| true" which masks all
errors; in the enableKVEngine logic replace the blanket ignore with targeted
handling: run the same exec.Command via utils.Run (the existing cmd, podName,
vaultNamespace, token) but if it returns an error inspect the output/error
string or exit code and only suppress the error when it indicates the KV engine
is already enabled (e.g., message like "path is already in use" or equivalent);
for any other error (authentication failure, vault unavailable, etc.)
propagate/return the error so failures are not silently ignored.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 92efc958-9b30-428c-b949-6e886bc8d253

📥 Commits

Reviewing files that changed from the base of the PR and between 57fdb31 and 78f70d7.

📒 Files selected for processing (1)
  • test/e2e/e2e_test.go

@raja-0940

raja-0940 commented Apr 8, 2026

Copy link
Copy Markdown
Author

/retitle MULTIARCH-5550: add vault test for ppc64le

@openshift-ci openshift-ci Bot changed the title feat: e2e for vault with ibm power MULTIARCH-5550: add vault test for ppc64le Apr 8, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 8, 2026
@openshift-ci-robot

openshift-ci-robot commented Apr 8, 2026

Copy link
Copy Markdown

@raja-0940: This pull request references MULTIARCH-5550 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target either version "4.22." or "openshift-4.22.", but it targets "openshift-4.21" instead.

Details

In response to this:

e2e test suite for vault with IBM power.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
test/e2e/testdata/vault/vault.yaml (1)

53-84: Consider adding resource requests/limits.

The container lacks resource requests and limits. While acceptable for e2e tests, defining them can prevent resource contention and improve scheduling predictability in shared test clusters.

💡 Optional: Add resource constraints
           ports:
             - containerPort: 8200          
           securityContext:            
             allowPrivilegeEscalation: false            
             capabilities:
               drop:
                 - ALL              
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
           volumeMounts:
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/testdata/vault/vault.yaml` around lines 53 - 84, The vault container
spec (container name "vault") is missing resources; add a resources block under
the container to set requests and limits (e.g., resources.requests.cpu,
resources.requests.memory and resources.limits.cpu, resources.limits.memory) so
the "vault" container has both minimal guaranteed resources and caps; update the
same container entry that contains command/args/readinessProbe/volumeMounts to
include these fields with appropriate values for the e2e environment.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Around line 219-230: The Makefile target e2e-test-vault is missing from the
target-specific GOFLAGS reset list, causing exported GOFLAGS (e.g. -mod=vendor)
to be applied and break workspace mode; update the GOFLAGS override list (the
target-specific GOFLAGS= reset block) to include e2e-test-vault so that the
e2e-test-vault target uses a clean GOFLAGS environment when invoking go test.
- Line 230: Remove the extraneous double quotes around E2E_GINKGO_LABEL_FILTER
so the ginkgo.label-filter uses the already-quoted variable (match the pattern
used by test-e2e for E2E_GINKGO_LABEL_FILTER), and update the GOFLAGS reset list
to include the e2e-test-vault target so it does not inherit CI's -mod=vendor
(add e2e-test-vault to the list where GOFLAGS is cleared/reset).

In `@test/e2e/testdata/vault/vault.yaml`:
- Around line 1-5: The YAML file defining a Namespace (kind: Namespace,
metadata.name: vault-test) uses incorrect line endings; convert the file
test/e2e/testdata/vault/vault.yaml to use Unix-style LF line endings (\n)
throughout (ensure no CRLF sequences), then re-save/commit the file so CI and
parsers read the manifest correctly.

---

Nitpick comments:
In `@test/e2e/testdata/vault/vault.yaml`:
- Around line 53-84: The vault container spec (container name "vault") is
missing resources; add a resources block under the container to set requests and
limits (e.g., resources.requests.cpu, resources.requests.memory and
resources.limits.cpu, resources.limits.memory) so the "vault" container has both
minimal guaranteed resources and caps; update the same container entry that
contains command/args/readinessProbe/volumeMounts to include these fields with
appropriate values for the e2e environment.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 12c742d1-a59f-434a-b8d0-27caf760dca9

📥 Commits

Reviewing files that changed from the base of the PR and between 78f70d7 and 3343ffa.

📒 Files selected for processing (7)
  • Makefile
  • test/e2e/e2e_test.go
  • test/e2e/testdata/vault/cluster_secret_store.yaml
  • test/e2e/testdata/vault/external_secret.yaml
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/vault-networkpolicy.yaml
  • test/e2e/testdata/vault/vault.yaml
✅ Files skipped from review due to trivial changes (3)
  • test/e2e/testdata/vault/external_secret.yaml
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/vault-networkpolicy.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
  • test/e2e/testdata/vault/cluster_secret_store.yaml
  • test/e2e/e2e_test.go

Comment thread Makefile Outdated
Comment thread Makefile Outdated
Comment thread test/e2e/testdata/vault/vault.yaml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
test/e2e/testdata/vault/vault.yaml (1)

1-5: ⚠️ Potential issue | 🟡 Minor

Fix newline character format.

Static analysis indicates the file uses incorrect line endings (CRLF). Convert to Unix-style line endings (\n) for CI compatibility.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/testdata/vault/vault.yaml` around lines 1 - 5, The YAML file
defining the Namespace (look for the block with "apiVersion: v1", "kind:
Namespace", and "name: vault-test") uses CRLF line endings and must be converted
to Unix-style LF; open that vault.yaml, normalize line endings to "\n" (e.g.,
use your editor's EOL conversion, run dos2unix, or git's core.autocrlf
settings), verify there are no trailing CR (\r) characters, and recommit the
file.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@test/e2e/testdata/vault/vault.yaml`:
- Around line 1-5: The YAML file defining the Namespace (look for the block with
"apiVersion: v1", "kind: Namespace", and "name: vault-test") uses CRLF line
endings and must be converted to Unix-style LF; open that vault.yaml, normalize
line endings to "\n" (e.g., use your editor's EOL conversion, run dos2unix, or
git's core.autocrlf settings), verify there are no trailing CR (\r) characters,
and recommit the file.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 58ce074d-3ad7-4f54-bfdf-f62ae51dcb00

📥 Commits

Reviewing files that changed from the base of the PR and between 3343ffa and 84f811c.

📒 Files selected for processing (4)
  • Makefile
  • test/e2e/e2e_test.go
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/vault.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • test/e2e/testdata/vault/externalsecretsconfig.yaml

@raja-0940

raja-0940 commented Apr 8, 2026

Copy link
Copy Markdown
Author

/retitle MULTIARCH-5550: add vault test for ppc64le

@raja-0940

Copy link
Copy Markdown
Author

/test verify

Comment thread Makefile Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
test/e2e/testdata/vault/vault.yaml (1)

1-115: ⚠️ Potential issue | 🟡 Minor

Re-save this manifest with LF line endings.

YAMLlint is still reporting CRLF here, so CI will keep failing until the file is saved with Unix newlines.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@test/e2e/testdata/vault/vault.yaml` around lines 1 - 115, The manifest uses
CRLF endings; re-save vault.yaml with Unix LF line endings so YAML lint passes
(affects resources like the Namespace named "vault-test",
Deployment/ServiceAccount/Deployment named "vault", and ConfigMap
"vault-config"); open the file in your editor or run a tool (e.g., convert line
endings or dos2unix) to normalize to LF, commit the updated file, and ensure
your local git autocrlf setting won't reintroduce CRLF.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/e2e_test.go`:
- Around line 918-924: The test currently prints the raw Vault command outputs
(initOut from utils.Run(initCmd) and similarly login output) via
By(fmt.Sprintf(...)), leaking unseal keys and tokens; change the test to NOT
print raw command output to logs/artifacts—keep capturing initOut/loginOut for
error handling but replace the By(fmt.Sprintf(...)) calls with sanitized status
messages like "Vault operator init completed" and "Vault login completed", and
if you must log details, redact sensitive fields from initOut/loginOut before
logging or only log non-sensitive status lines; ensure functions/variables
initOut, initCmd, and the By(...) calls are updated accordingly.
- Around line 762-767: The test suite currently spawns oc subprocesses with
exec.Command which can hang; change calls in functions that accept a context
(setupVault, enableKVEngine, createVaultTestSecret) to use
exec.CommandContext(ctx, ...) so they respect the caller's timeout, and update
all cleanup invocations to create a short deadline context (context.WithTimeout)
and call a modified safeDelete(ctx, cmd) that uses exec.CommandContext
internally; specifically update safeDelete to accept a context.Context and run
the oc delete/apply/exec commands via exec.CommandContext, and replace the
listed direct exec.Command usages (around the safeDelete calls and the lines for
setupVault/enableKVEngine/createVaultTestSecret) to use the context-aware
variants so subprocesses are bounded by deadlines.

---

Duplicate comments:
In `@test/e2e/testdata/vault/vault.yaml`:
- Around line 1-115: The manifest uses CRLF endings; re-save vault.yaml with
Unix LF line endings so YAML lint passes (affects resources like the Namespace
named "vault-test", Deployment/ServiceAccount/Deployment named "vault", and
ConfigMap "vault-config"); open the file in your editor or run a tool (e.g.,
convert line endings or dos2unix) to normalize to LF, commit the updated file,
and ensure your local git autocrlf setting won't reintroduce CRLF.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 16992a33-62aa-4ee9-93a4-e0710accdc67

📥 Commits

Reviewing files that changed from the base of the PR and between 84f811c and e6f51b2.

📒 Files selected for processing (3)
  • Makefile
  • test/e2e/e2e_test.go
  • test/e2e/testdata/vault/vault.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
  • Makefile

Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated

@prb112 prb112 left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 10, 2026
@raja-0940

Copy link
Copy Markdown
Author

@swghosh Could you please review this PR?

@prb112

prb112 commented May 3, 2026

Copy link
Copy Markdown

/retest-required

@prb112

prb112 commented May 13, 2026

Copy link
Copy Markdown

Hi @swghosh - our tests are passing on IBM Power. We'd appreciate a merge so we can start testing it. Thank you, Paul

@mytreya-rh

Copy link
Copy Markdown
Contributor

Hi @swghosh - our tests are passing on IBM Power. We'd appreciate a merge so we can start testing it. Thank you, Paul

hey @prb112 cc: @bharath-b-rh as he is leading the ESO efforts now.

@prb112

prb112 commented May 14, 2026

Copy link
Copy Markdown

Thank you @mytreya-rh

Hi @bharath-b-rh happy to take feedback, many thanks in advance, Paul

@bharath-b-rh

Copy link
Copy Markdown
Contributor

Thank you @prb112 ! I will take a look tomorrow or early next week.

@bharath-b-rh bharath-b-rh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the PR description with more details to help with the reviews.

Comment thread test/e2e/testdata/vault/vault-networkpolicy.yaml Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread Makefile Outdated
@openshift-ci-robot

openshift-ci-robot commented May 18, 2026

Copy link
Copy Markdown

@raja-0940: This pull request references MULTIARCH-5550 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target either version "5.0." or "openshift-5.0.", but it targets "openshift-4.21" instead.

Details

In response to this:

Summary

Adds e2e test suite for vault with IBM power.

Description

Platform:Vault - ESO CR-based flow:

  • Enabled Hashicorp Vault in ExternalSecretsConfig
  • Created a secret in P specific vault instance during BeforeAll
  • Verified the secret value through:
  • ClusterSecretStore
  • ExternalSecret
  • Cleaned up cretaed resources in AfterAll

Testing

  • Verified e2e flow locally
  • Confirmed secret creation and retrieval
  • Conformed cleanup after execution

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label May 18, 2026
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

New changes are detected. LGTM label has been removed.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

♻️ Duplicate comments (1)
test/e2e/e2e_test.go (1)

994-997: 🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

Match custom NetworkPolicy entries by the full list key.

networkPolicies is keyed by both name and componentName; checking only Name can skip adding the CoreController policy if another component already has the same policy name.

Suggested fix
 				for _, np := range currentCR.Spec.ControllerConfig.NetworkPolicies {
-					if np.Name == testPolicyName {
+					if np.Name == testPolicyName && np.ComponentName == operatorv1alpha1.CoreController {
 						return nil
 					}
 				}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/e2e_test.go` around lines 994 - 997, The NetworkPolicy lookup in
currentCR.Spec.ControllerConfig.NetworkPolicies only checks np.Name, which can
incorrectly treat different component entries as the same policy. Update the
matching logic in the NetworkPolicies loop to use the full key for custom
entries, including both Name and ComponentName, so the CoreController policy is
added when a different component has the same policy name.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/e2e_test.go`:
- Around line 2293-2297: The vault setup command in e2e_test.go is masking all
failures from vault secrets enable in the command built around
escapeShellString, which can hide real permission or CLI errors. Update the
logic around the vault status/vault secrets enable flow so it only suppresses
the error when secret/ is already present, and otherwise lets failures
propagate; use the existing vault status check and the secret path context to
gate the “already enabled” fallback instead of a blanket || echo.
- Around line 2378-2379: The namespace cleanup wait is using a longer timeout
than the cleanup context, so `deleteNamespace` can keep polling after
`safeDelete` has already canceled. Update the timeout handling around
`deleteNamespace` to use the same deadline as the cleanup context (or stop
polling immediately when `ctx.Done()` is closed), and apply the same fix in the
matching cleanup path that reuses this pattern.
- Around line 1889-1903: Add meaningful failure messages to the new Ginkgo
assertions in the Vault e2e flow so setup/sync failures are easier to triage.
Update the Expect calls around applyVault, waitForVaultPod, setupVault,
enableKVEngine, and createVaultTokenSecret (and the other affected Vault
assertions in the same test) to include descriptive messages that explain which
step failed and what was being attempted. Keep the existing test logic unchanged
and use the nearby helper names to locate each assertion consistently.
- Around line 2321-2325: The Vault command construction in the e2e test is
unsafe because `secretname`, `key`, and `value` are interpolated directly into
the `fmt.Sprintf` string used for `sh -c`. Update the command-building logic
around `vault kv put` to quote or otherwise safely pass these fields without
shell interpretation, using the existing `escapeShellString` approach
consistently so `command` cannot be altered by whitespace or metacharacters.
- Around line 2241-2253: The Step 4 login in the e2e Vault flow is redundant and
exposes rootToken as a command argument. Remove the vault login call from the
test path in e2e_test.go, and keep the later helpers that already accept
rootToken explicitly (for example, the surrounding Vault setup helpers in this
test flow) so the test no longer performs an unnecessary exec with the root
token.

---

Duplicate comments:
In `@test/e2e/e2e_test.go`:
- Around line 994-997: The NetworkPolicy lookup in
currentCR.Spec.ControllerConfig.NetworkPolicies only checks np.Name, which can
incorrectly treat different component entries as the same policy. Update the
matching logic in the NetworkPolicies loop to use the full key for custom
entries, including both Name and ComponentName, so the CoreController policy is
added when a different component has the same policy name.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2574515a-111f-4352-8f41-b49ff4e31a9c

📥 Commits

Reviewing files that changed from the base of the PR and between a7905fa and ff22770.

⛔ Files ignored due to path filters (72)
  • go.work.sum is excluded by !**/*.sum
  • test/go.sum is excluded by !**/*.sum
  • vendor/github.com/gorilla/websocket/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/AUTHORS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/client.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/compression.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/conn.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/join.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/json.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/mask.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/mask_safe.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/prepared.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/server.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/MAINTAINERS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/handlers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/priority.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/stream.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/utils.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/internal/socks/client.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/internal/socks/socks.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/proxy/dial.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/proxy/direct.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/proxy/per_host.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/proxy/proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/proxy/socks5.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/proxy/dial.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/proxy/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/proxy/transport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/OWNERS is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/errorstream.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/fallback.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/reader.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/resize.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/spdy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/v1.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/v2.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/v3.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/v4.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/v5.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/tools/remotecommand/websocket.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/transport/spdy/spdy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/transport/websocket/roundtripper.go is excluded by !**/vendor/**, !vendor/**
  • vendor/k8s.io/client-go/util/exec/exec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (8)
  • test/e2e/e2e_test.go
  • test/e2e/testdata/vault/external_secret.yaml
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/secret_store.yaml
  • test/e2e/testdata/vault/vault.yaml
  • test/go.mod
  • test/utils/dynamic_resources.go
  • test/utils/kube_client.go
✅ Files skipped from review due to trivial changes (1)
  • test/e2e/testdata/vault/external_secret.yaml
🚧 Files skipped from review as they are similar to previous changes (6)
  • test/e2e/testdata/vault/secret_store.yaml
  • test/go.mod
  • test/e2e/testdata/vault/externalsecretsconfig.yaml
  • test/e2e/testdata/vault/vault.yaml
  • test/utils/dynamic_resources.go
  • test/utils/kube_client.go

Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go Outdated
Comment thread test/e2e/e2e_test.go
@raja-0940

Copy link
Copy Markdown
Author

/test fips-image-scan-operator

@raja-0940

Copy link
Copy Markdown
Author

/test e2e-operator

1 similar comment
@raja-0940

Copy link
Copy Markdown
Author

/test e2e-operator

@raja-0940

Copy link
Copy Markdown
Author

@bharath-b-rh I have rebased the PR with the latest main branch. I also re-verified the tests in my local environment, and they passed successfully. Thanks!

@bharath-b-rh

Copy link
Copy Markdown
Contributor

Thanks for the update @raja-0940 !
/approve

no user facing changes hence adding below labels
/label doc-approved
/label qe-approved

/hold till the CIs are green.

@openshift-ci openshift-ci Bot added qe-approved Signifies that QE has signed off on this PR do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

@bharath-b-rh: The label(s) /label doc-approved cannot be applied. These labels are supported: acknowledge-critical-fixes-only, platform/aws, platform/azure, platform/baremetal, platform/google, platform/libvirt, platform/openstack, ga, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, px-approved, docs-approved, qe-approved, ux-approved, no-qe, rebase/manual, cluster-config-api-changed, run-integration-tests, verified, ready-for-human-review, approved, backport-risk-assessed, bugzilla/valid-bug, cherry-pick-approved, jira/skip-dependent-bug-check, jira/valid-bug, ok-to-test, stability-fix-approved, staff-eng-approved. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?

Details

In response to this:

Thanks for the update @raja-0940 !
/approve

no user facing changes hence adding below labels
/label doc-approved
/label qe-approved

/hold till the CIs are green.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bharath-b-rh

Copy link
Copy Markdown
Contributor

/label docs-approved

@openshift-ci openshift-ci Bot added the docs-approved Signifies that Docs has signed off on this PR label Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bharath-b-rh, prb112, raja-0940

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 1, 2026
@prb112

prb112 commented Jul 1, 2026

Copy link
Copy Markdown

/test e2e-operator

2 similar comments
@raja-0940

Copy link
Copy Markdown
Author

/test e2e-operator

@raja-0940

Copy link
Copy Markdown
Author

/test e2e-operator

Comment thread test/e2e/testdata/vault/vault.yaml Outdated
@raja-0940

Copy link
Copy Markdown
Author

/test unit

1 similar comment
@raja-0940

Copy link
Copy Markdown
Author

/test unit

@raja-0940

Copy link
Copy Markdown
Author

/test e2e-operator

@raja-0940 raja-0940 force-pushed the eso-e2e-clean branch 3 times, most recently from 97e1288 to a2a0d13 Compare July 3, 2026 14:39
Signed-off-by: Rajakumar Battula <rbattula@redhat.com>
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

@raja-0940: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. docs-approved Signifies that Docs has signed off on this PR jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants