Skip to content

fake bump test #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
gangwgr wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

fake bump test #917

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,3 +133,5 @@ require (
)

replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20251001123353-fd5b1fb35db1

replace github.com/openshift/library-go => github.com/ardaguclu/library-go v0.0.0-20260618055608-feb27829a74c
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ github.com/RangelReale/osincli v0.0.0-20160924135400-fababb0555f2 h1:x8Brv0YNEe6
github.com/RangelReale/osincli v0.0.0-20160924135400-fababb0555f2/go.mod h1:XyjUkMA8GN+tOOPXvnbi3XuRxWFvTJntqvTFnjmhzbk=
github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
github.com/ardaguclu/library-go v0.0.0-20260618055608-feb27829a74c h1:wCyA9uDne5jqE8Lv7p6Gk2tHyTfpJ+7weCCnHPZcr4I=
github.com/ardaguclu/library-go v0.0.0-20260618055608-feb27829a74c/go.mod h1:/HBhy6jm/igWI3Y1vYFwFG3ZCcXmnNsKUT6VBpPyM9A=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
Expand Down Expand Up @@ -152,8 +154,6 @@ github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af h1:Ui
github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/openshift/client-go v0.0.0-20260512113608-deb4dc54551a h1:EKx2XhOKehd1C5ptY7IrLl4WV35E8kP0pRPnG5BUZXk=
github.com/openshift/client-go v0.0.0-20260512113608-deb4dc54551a/go.mod h1:V933kvY/cb/Un7UCEOhXHUySNX327u7Epe8g9KNqg2Q=
github.com/openshift/library-go v0.0.0-20260615113748-bc9d4056464b h1:fmTTzoHLhRf4QsMKw4cEbnvUeUcgcaNesh5mueWnaVs=
github.com/openshift/library-go v0.0.0-20260615113748-bc9d4056464b/go.mod h1:/HBhy6jm/igWI3Y1vYFwFG3ZCcXmnNsKUT6VBpPyM9A=
github.com/openshift/multi-operator-manager v0.0.0-20241205181422-20aa3906b99d h1:Rzx23P63JFNNz5D23ubhC0FCN5rK8CeJhKcq5QKcdyU=
github.com/openshift/multi-operator-manager v0.0.0-20241205181422-20aa3906b99d/go.mod h1:iVi9Bopa5cLhjG5ie9DoZVVqkH8BGb1FQVTtecOLn4I=
github.com/openshift/oauth-apiserver v0.0.0-20260430140618-160ac7fb4ea6 h1:WvXToDt/IVTXb4NxbqEjY0cuPpVadTK6ATu75mlVM/s=
Expand Down
64 changes: 60 additions & 4 deletions test/e2e-encryption-kms/encryption_kms.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,20 @@ import (
)

var _ = g.Describe("[sig-auth] cluster-authentication-operator", func() {
g.It("TestKMSEncryptionOnOff [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
testKMSEncryptionOnOff(ctx, g.GinkgoTB())
//g.It("TestKMSEncryptionOnOff [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
// testKMSEncryptionOnOff(ctx, g.GinkgoTB())
//})

//g.It("TestKMSEncryptionProvidersMigration [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
// testKMSEncryptionProvidersMigration(ctx, g.GinkgoTB())
//})

g.It("TestKMSToKMSMigration [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
testKMSToKMSMigration(ctx, g.GinkgoTB())
})

g.It("TestKMSEncryptionProvidersMigration [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
testKMSEncryptionProvidersMigration(ctx, g.GinkgoTB())
g.It("TestKMSToKMSOnOff [OCPFeatureGate:KMSEncryption][Serial][Timeout:120m]", func(ctx context.Context) {
testKMSToKMSOnOff(ctx, g.GinkgoTB())
})
})

Expand Down Expand Up @@ -88,3 +96,51 @@ func testKMSEncryptionProvidersMigration(ctx context.Context, t testing.TB) {
}),
})
}

// testKMSToKMSMigration tests KMS-to-KMS migration (primary → secondary → primary → identity).
func testKMSToKMSMigration(ctx context.Context, t testing.TB) {
library.TestKMSToKMSMigration(ctx, t, library.KMSToKMSMigrationScenario{
BasicScenario: library.BasicScenario{
Namespace: "openshift-config-managed",
LabelSelector: "encryption.apiserver.operator.openshift.io/component" + "=" + "openshift-oauth-apiserver",
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: operatorencryption.DefaultTargetGRs,
AssertFunc: operatorencryption.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return operatorencryption.CreateAndStoreTokenOfLife(context.TODO(), t, operatorencryption.GetClients(t))
Comment on lines +112 to +113

@coderabbitai coderabbitai Bot Jun 16, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check if the file exists and examine the relevant lines
head -n 150 test/e2e-encryption-kms/encryption_kms.go | tail -n 50

Repository: openshift/cluster-authentication-operator

Length of output: 3184

🏁 Script executed:

# Get the full context around lines 112-113 and 136-137
cat -n test/e2e-encryption-kms/encryption_kms.go | sed -n '100,150p'

Repository: openshift/cluster-authentication-operator

Length of output: 3506

🏁 Script executed:

# Check the function signature of CreateAndStoreTokenOfLife
rg -A 5 "func CreateAndStoreTokenOfLife" test/

Repository: openshift/cluster-authentication-operator

Length of output: 668

🏁 Script executed:

# Look at the enclosing function to understand the scope and whether ctx is available
cat -n test/e2e-encryption-kms/encryption_kms.go | sed -n '1,120p' | tail -n 50

Repository: openshift/cluster-authentication-operator

Length of output: 3842

Use ctx instead of context.TODO() in resource creation closures.

At lines 113, 137, and 87, the closures use context.TODO() instead of the available ctx parameter from their enclosing functions (testKMSToKMSMigration, testKMSToKMSOnOff, and testKMSEncryptionProvidersMigration). For long-running serial encryption tests, this bypasses proper cancellation and timeout propagation.

Suggested fix 
-        CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
-            return operatorencryption.CreateAndStoreTokenOfLife(context.TODO(), t, operatorencryption.GetClients(t))
-        },
+        CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
+            return operatorencryption.CreateAndStoreTokenOfLife(ctx, t, operatorencryption.GetClients(t))
+        },

Also applies to: 86-88, 136-137

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e-encryption-kms/encryption_kms.go` around lines 112 - 113, Replace
all instances of context.TODO() with the available ctx parameter from the
enclosing function scope to enable proper cancellation and timeout propagation
in the encryption test closures. In file
test/e2e-encryption-kms/encryption_kms.go, make the following changes: at lines
112-113 in the CreateResourceFunc closure within testKMSToKMSMigration, replace
context.TODO() with ctx; at lines 86-88 in the closure within
testKMSEncryptionProvidersMigration, replace context.TODO() with ctx; and at
lines 136-137 in the closure within testKMSToKMSOnOff, replace context.TODO()
with ctx. Each enclosing function has a ctx parameter available in its scope
that should be used instead of creating a new TODO context.

Source: Coding guidelines

},
AssertResourceEncryptedFunc: operatorencryption.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: operatorencryption.AssertTokenOfLifeNotEncrypted,
ResourceFunc: func(t testing.TB, _ string) runtime.Object { return operatorencryption.TokenOfLife(t) },
ResourceName: "TokenOfLife",
PrimaryProvider: librarykms.DefaultVaultEncryptionProvider(ctx, t),
SecondaryProvider: librarykms.SecondaryVaultEncryptionProvider(ctx, t),
})
}

// testKMSToKMSOnOff tests KMS on/off cycle with two distinct KMS providers.
func testKMSToKMSOnOff(ctx context.Context, t testing.TB) {
library.TestKMSToKMSOnOff(ctx, t, library.KMSToKMSMigrationScenario{
BasicScenario: library.BasicScenario{
Namespace: "openshift-config-managed",
LabelSelector: "encryption.apiserver.operator.openshift.io/component" + "=" + "openshift-oauth-apiserver",
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: operatorencryption.DefaultTargetGRs,
AssertFunc: operatorencryption.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return operatorencryption.CreateAndStoreTokenOfLife(context.TODO(), t, operatorencryption.GetClients(t))
},
AssertResourceEncryptedFunc: operatorencryption.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: operatorencryption.AssertTokenOfLifeNotEncrypted,
ResourceFunc: func(t testing.TB, _ string) runtime.Object { return operatorencryption.TokenOfLife(t) },
ResourceName: "TokenOfLife",
PrimaryProvider: librarykms.DefaultVaultEncryptionProvider(ctx, t),
SecondaryProvider: librarykms.SecondaryVaultEncryptionProvider(ctx, t),
})
}
76 changes: 61 additions & 15 deletions vendor/github.com/openshift/library-go/pkg/operator/encryption/controllers/key_controller.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading