CNTRLPLANE-2247:Add Test encryption provider migration

[gangwgr]

CNTRLPLANE-2247:Add Test encryption provider migration
This PR brings TestEncryptionProvidersMigration scenario in https://github.com/openshift/library-go/blob/7bced6e899b65175945fc309a2e125de49cac3dc/test/library/encryption/scenarios.go#L161 in here.

[openshift-ci-robot]

@gangwgr: This pull request references CNTRLPLANE-2247 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

CNTRLPLANE-2247:Add Test encryption provider migration
This PR brings TestEncryptionProvidersMigration scenario in https://github.com/openshift/library-go/blob/7bced6e899b65175945fc309a2e125de49cac3dc/test/library/encryption/scenarios.go#L161 in here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Bumps github.com/openshift/library-go version in go.mod, removes an unused fmt import, and adds a new end-to-end test TestKMSEncryptionProvidersMigration in test/e2e-encryption-kms/encryption_kms_test.go.

Changes

Cohort / File(s)	Summary
Module dependency go.mod	Updated github.com/openshift/library-go version (single-version bump). (Lines changed: +1/-1)
E2E encryption KMS tests test/e2e-encryption-kms/encryption_kms_test.go	Removed fmt import, replaced formatted EncryptionConfigSecretName with a literal, removed a trailing cleanup comment, and added TestKMSEncryptionProvidersMigration which deploys the upstream mock KMS plugin, creates a TokenOfLife, selects a random AES provider, and migrates between KMS and AES providers while asserting token encryption state. (Lines changed: +33/-3)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

test/e2e-encryption-kms/encryption_kms_test.go (1)

61-81: Consider logging the randomly selected provider for test reproducibility.

If this test fails in CI, diagnosing the failure requires knowing which AES provider was randomly selected. Currently, the selection on line 80 isn't logged, making it harder to reproduce failures.

♻️ Suggested improvement

 func TestKMSEncryptionProvidersMigration(t *testing.T) {
 	librarykms.DeployUpstreamMockKMSPlugin(context.Background(), t, library.GetClients(t).Kube, librarykms.WellKnownUpstreamMockKMSPluginNamespace, librarykms.WellKnownUpstreamMockKMSPluginImage)
+	secondProvider := library.SupportedStaticEncryptionProviders[rand.IntN(len(library.SupportedStaticEncryptionProviders))]
+	t.Logf("Selected second encryption provider: %s", secondProvider)
 	library.TestEncryptionProvidersMigration(t, library.ProvidersMigrationScenario{
 		BasicScenario: library.BasicScenario{
 			...
 		},
 		...
-		EncryptionProviders:            library.ShuffleEncryptionProviders([]configv1.EncryptionType{configv1.EncryptionTypeKMS, library.SupportedStaticEncryptionProviders[rand.IntN(len(library.SupportedStaticEncryptionProviders))]}),
+		EncryptionProviders:            library.ShuffleEncryptionProviders([]configv1.EncryptionType{configv1.EncryptionTypeKMS, secondProvider}),
 	})
 }

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@gangwgr: This pull request references CNTRLPLANE-2247 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

CNTRLPLANE-2247:Add Test encryption provider migration
This PR brings TestEncryptionProvidersMigration scenario in https://github.com/openshift/library-go/blob/7bced6e899b65175945fc309a2e125de49cac3dc/test/library/encryption/scenarios.go#L161 in here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[gangwgr]

hold until openshift/cluster-kube-apiserver-operator#2028 is reviewed/tagged
/hold

[ardaguclu]

@gangwgr openshift/cluster-kube-apiserver-operator#2028 has merged. You can update this PR with the latest changes.

[gangwgr]

@gangwgr openshift/cluster-kube-apiserver-operator#2028 has merged. You can update this PR with the latest changes.

updated

[gangwgr]

/retest

[gangwgr]

/retest

[ardaguclu]

This is not needed anymore

[ardaguclu]

This is changed

[ardaguclu]

https://github.com/openshift/cluster-kube-apiserver-operator/blob/cee7acb6c820b707fbb1e1dc01cef6c1971f146d/test/e2e-encryption-kms/encryption_kms_test.go#L77

[ardaguclu]

/lgtm

[gangwgr]

/test e2e-operator-encryption

[gangwgr]

/test e2e-operator-encryption

[gangwgr]

/test e2e-console-login

[gangwgr]

/retest

[openshift-ci]

@gangwgr: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-operator-serial-ote	d023a47	link	false	/test e2e-aws-operator-serial-ote
ci/prow/e2e-aws-operator-parallel-ote	d023a47	link	false	/test e2e-aws-operator-parallel-ote
ci/prow/e2e-gcp-operator-encryption-kms	d023a47	link	false	/test e2e-gcp-operator-encryption-kms

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[gangwgr]

/verified by ci runs

[openshift-ci-robot]

@gangwgr: This PR has been marked as verified by ci runs.

Details

In response to this:

/verified by ci runs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[liouk]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, gangwgr, liouk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [liouk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ardaguclu]

@gangwgr that would be great if we can add this into cluster-openshift-apiserver-operator too.