Skip to content

CNTRLPLANE-2247:Adding KMS TestKMSEncryptionOnOff test for Routes #644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 3 commits into from
Feb 5, 2026
Merged

CNTRLPLANE-2247:Adding KMS TestKMSEncryptionOnOff test for Routes #644

openshift-merge-bot merged 3 commits into from
Feb 5, 2026

Conversation

@ardaguclu
Copy link
Member

@ardaguclu ardaguclu commented Feb 5, 2026

This PR is mirror of;

in order to enable KMS on/off test scenario in aggregated apiserver operators.

Until openshift/library-go#2086 is landed, tests will fail. However, since the test is marked as option, this won't create any issues.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 5, 2026
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 5, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 5, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 5, 2026
edited by openshift-ci bot
Loading

@ardaguclu: This pull request references CNTRLPLANE-2247 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This PR is mirror of;

in order to enable KMS on/off test scenario in aggregated apiserver operators.

Until openshift/library-go#2086 is landed, tests will fail. However, since the test is marked as option, this won't create any issues.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@ardaguclu ardaguclu marked this pull request as ready for review February 5, 2026 07:13
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 5, 2026
@openshift-ci openshift-ci bot requested review from benluddy and sanchezl February 5, 2026 07:13
p0lyn0mial
p0lyn0mial reviewed Feb 5, 2026
View reviewed changes
test/e2e-encryption-kms/encryption_kms_test.go
ctx := context.TODO()
cs := operatorencryption.GetClients(t)

ns := fmt.Sprintf("test-kms-encryption-on-off-%s", rand.String(4))
Copy link
Contributor

@p0lyn0mial p0lyn0mial Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this required ?

Copy link
Member Author

@ardaguclu ardaguclu Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

E2E framework in this repo is designed that way

cluster-openshift-apiserver-operator/test/e2e-encryption/encryption_test.go

Lines 52 to 74 in 3f56d50

ns := fmt.Sprintf("test-encryption-on-off-%s", rand.String(4))
_, err := cs.KubeClient.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: ns}}, metav1.CreateOptions{})
require.NoError(t, err)
defer cs.KubeClient.CoreV1().Namespaces().Delete(ctx, ns, metav1.DeleteOptions{})
library.TestEncryptionTurnOnAndOff(t, library.OnOffScenario{
BasicScenario: library.BasicScenario{
Namespace: operatorclient.GlobalMachineSpecifiedConfigNamespace,
LabelSelector: "encryption.apiserver.operator.openshift.io/component" + "=" + operatorclient.TargetNamespace,
EncryptionConfigSecretName: fmt.Sprintf("encryption-config-%s", operatorclient.TargetNamespace),
EncryptionConfigSecretNamespace: operatorclient.GlobalMachineSpecifiedConfigNamespace,
OperatorNamespace: operatorclient.OperatorNamespace,
TargetGRs: operatorencryption.DefaultTargetGRs,
AssertFunc: operatorencryption.AssertRoutes,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return operatorencryption.CreateAndStoreRouteOfLife(context.TODO(), t, operatorencryption.GetClients(t), ns)
},
AssertResourceEncryptedFunc: operatorencryption.AssertRouteOfLifeEncrypted,
AssertResourceNotEncryptedFunc: operatorencryption.AssertRouteOfLifeNotEncrypted,
ResourceFunc: func(t testing.TB, _ string) runtime.Object { return operatorencryption.RouteOfLife(t, ns) },
ResourceName: "RouteOfLife",
EncryptionProvider: configv1.EncryptionType(*provider),
. Therefore, CreateAndStoreRouteOfLife and RouteOfLife functions expect ns.

Copy link
Contributor

@p0lyn0mial p0lyn0mial Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, ic, thanks.

@p0lyn0mial
Copy link
Contributor

p0lyn0mial commented Feb 5, 2026

/approve

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 5, 2026
@gangwgr
Copy link
Contributor

gangwgr commented Feb 5, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 5, 2026
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, gangwgr, p0lyn0mial

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ardaguclu
Copy link
Member Author

ardaguclu commented Feb 5, 2026

Failure of e2e-gcp-operator-encryption-kms is expected. Because controllers are not ready to handle KMS encryption type yet (i.e. openshift/library-go#2086).
/verified by openshift/cluster-kube-apiserver-operator#2018

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Feb 5, 2026
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 5, 2026

@ardaguclu: This PR has been marked as verified by https://github.com/openshift/cluster-kube-apiserver-operator/pull/2018.

Details

In response to this:

Failure of e2e-gcp-operator-encryption-kms is expected. Because controllers are not ready to handle KMS encryption type yet (i.e. openshift/library-go#2086).
/verified by openshift/cluster-kube-apiserver-operator#2018

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-merge-bot openshift-merge-bot bot merged commit cc1d7ad into openshift:main Feb 5, 2026
11 of 12 checks passed
@ardaguclu ardaguclu deleted the kms-test branch February 5, 2026 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benluddy benluddy Awaiting requested review from benluddy

@sanchezl sanchezl Awaiting requested review from sanchezl

1 more reviewer

@p0lyn0mial p0lyn0mial p0lyn0mial left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@gangwgr gangwgr

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ardaguclu @openshift-ci-robot @p0lyn0mial @gangwgr