feat: add STORAGE_SKIP_SSL_VERIFICATION for copy-offload

[rgolangh]

Summary

• Add optional STORAGE_SKIP_SSL_VERIFICATION field to the copy-offload storage secret, configurable via .providers.json (storage_skip_ssl_verification) or env var (COPYOFFLOAD_STORAGE_SKIP_SSL_VERIFICATION)
• Extend CLI get_storage_credentials() with SSL config (reuses existing _get_ssl_config("STORAGE") pattern), writing storage_skip_ssl_verification: "true" into the generated config when SSL verification is disabled
• Update docs and .providers.json.example to document the new option

Test plan

• Set COPYOFFLOAD_STORAGE_SKIP_SSL_VERIFICATION=true and verify the storage secret includes the STORAGE_SKIP_SSL_VERIFICATION key
• Verify default behavior (no env var / no config key) does not add the field to the secret
• Run CLI generate flow with STORAGE_VERIFY_SSL=false and confirm storage_skip_ssl_verification: "true" appears in the generated .providers.json

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Optional skip of SSL verification for copy-offload storage connections, configurable and emitted into job/test configs when enabled.

• Documentation

  • Setup and copy-offload guides updated to document the new SSL verification toggle, environment variable, and fallback behavior.

• Tests

  • Test fixtures updated to include and honor the new SSL verification flag.

• Chores

  • Example provider config updated to show the new optional setting (commented).

[redhat-qe-bot]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: Disabled for this repository
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: All label categories are enabled (default configuration)

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest conventional-title - Validate commit message format
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. Status Checks: All required status checks must pass
3. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
4. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• myakove
• solenoci

Reviewers:

• krcmarik
• myakove
• solenoci

Available Labels

• hold
• verified
• wip
• lgtm
• approve
• automerge

AI Features

• Conventional Title: Mode: fix (claude/claude-opus-4-6[1m])
• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])
• Test Oracle: Triggers: approved (cursor/gpt-5.4-xhigh-fast); /test-oracle can be used anytime

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ab7f255d-dab9-4505-8058-4cf9d308b994

📥 Commits

Reviewing files that changed from the base of the PR and between 4d37e60 and 7caa3a5.

📒 Files selected for processing (1)

• tests/copyoffload/conftest.py

---

Walkthrough

Adds optional skip-SSL-verification for copy-offload storage: an example .providers.json key, propagation of an SSL config from credential retrieval, conditional insertion of storage_skip_ssl_verification = "true" into generated configs, test fixture support, and documentation of the new environment variable.

Changes

Copy-offload storage: add optional skip-SSL verification

Layer / File(s)	Summary
Configuration example .providers.json.example	Added a commented storage_skip_ssl_verification example key next to existing storage credential fields.
Data Shape / API cli/mtv_api_tests/common.py	get_storage_credentials() return signature changed from (hostname, username, password) to (hostname, username, password, ssl_config) where ssl_config is a dict from _get_ssl_config("STORAGE").
Core wiring / Config generation cli/mtv_api_tests/generate.py	_gather_copyoffload_config() now unpacks storage_ssl and conditionally sets storage_skip_ssl_verification = "true" in the generated copy-offload config when storage_ssl.get("verify_ssl") == "false".
Tests / Fixtures tests/copyoffload/conftest.py	copyoffload_storage_secret fixture now conditionally inserts STORAGE_SKIP_SSL_VERIFICATION: "true" into the Kubernetes Secret when storage_skip_ssl_verification is provided and matches `"true"
Documentation docs/container-and-openshift-job-execution.md, docs/copy-offload-migrations.md, docs/installation-and-local-setup.md, docs/optional-integrations-and-secrets.md	Documented COPYOFFLOAD_STORAGE_SKIP_SSL_VERIFICATION as an additional environment-variable override for copy-offload storage credentials and mapped it to .providers.json storage_skip_ssl_verification.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: adding STORAGE_SKIP_SSL_VERIFICATION capability for copy-offload, which is reflected across the codebase changes including config, CLI, tests, and documentation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/copyoffload/conftest.py`:
- Around line 183-186: The current truthy check on skip_ssl (value from
get_copyoffload_credential) treats any non-empty string like "false" as enabled;
update the branch that sets secret_data["STORAGE_SKIP_SSL_VERIFICATION"] to
explicitly parse/normalize the string instead of relying on Python truthiness —
e.g., call or mirror the project's SSL parsing logic used in
_get_ssl_config/generate.py (normalize to lower() and compare against
("true","1","yes") or reuse _get_ssl_config) and only set the secret when the
parsed boolean is True, leaving it unset for "false"/"0"/"no".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b3d1235f-6991-4b85-94dc-442708580e3d

📥 Commits

Reviewing files that changed from the base of the PR and between a53669e and cff0905.

📒 Files selected for processing (8)

• .providers.json.example
• cli/mtv_api_tests/common.py
• cli/mtv_api_tests/generate.py
• docs/container-and-openshift-job-execution.md
• docs/copy-offload-migrations.md
• docs/installation-and-local-setup.md
• docs/optional-integrations-and-secrets.md
• tests/copyoffload/conftest.py

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/copyoffload/conftest.py`:
- Around line 183-187: The fixture normalizes skip_ssl with skip_ssl.lower()
which misses leading/trailing whitespace and is inconsistent with
cli/mtv_api_tests/common.py::_get_ssl_config; update the handling where skip_ssl
is obtained via get_copyoffload_credential so you call .strip().lower() (e.g.,
normalize skip_ssl = get_copyoffload_credential(...); if skip_ssl and
skip_ssl.strip().lower() in ("true","1","yes") then set
secret_data["STORAGE_SKIP_SSL_VERIFICATION"]="true") to match _get_ssl_config
and avoid false negatives from values like " true\n".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 733c247c-7697-433b-99a1-fc4581dd2c60

📥 Commits

Reviewing files that changed from the base of the PR and between cff0905 and 61de275.

📒 Files selected for processing (1)

• tests/copyoffload/conftest.py

[redhat-qe-bot]

Clean rebase detected — no code changes compared to previous head (61de275).
The following labels were preserved: changes-requested-coderabbitai[bot].

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/copyoffload/conftest.py`:
- Around line 183-186: The code calls .lower() on skip_ssl (value from
get_copyoffload_credential) which may be a non-string (e.g., bool) and crash;
change the guard to ensure skip_ssl is a string before calling .lower() — e.g.,
check isinstance(skip_ssl, str) and then compare skip_ssl.lower() in
("true","1","yes") or coerce via str(skip_ssl).lower(); update the block that
sets secret_data["STORAGE_SKIP_SSL_VERIFICATION"] accordingly and keep using the
same symbols skip_ssl, get_copyoffload_credential, secret_data, and
STORAGE_SKIP_SSL_VERIFICATION to locate the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0a1fd2bc-9287-4ffe-9d83-4a1cfb5c2f78

📥 Commits

Reviewing files that changed from the base of the PR and between 61de275 and 4d37e60.

📒 Files selected for processing (8)

• .providers.json.example
• cli/mtv_api_tests/common.py
• cli/mtv_api_tests/generate.py
• docs/container-and-openshift-job-execution.md
• docs/copy-offload-migrations.md
• docs/installation-and-local-setup.md
• docs/optional-integrations-and-secrets.md
• tests/copyoffload/conftest.py

[myakove]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.