Skip to content

bump library-go funcs #935

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gangwgr wants to merge 1 commit into
base: master
Choose a base branch
from
+336 −17
Open

bump library-go funcs #935

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,3 +142,5 @@ require (
)

replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20251001123353-fd5b1fb35db1

replace github.com/openshift/library-go => github.com/gangwgr/library-go v0.0.0-20260629123509-160942988b8b
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
github.com/gangwgr/library-go v0.0.0-20260629123509-160942988b8b h1:ROkduY0k6MlsbLzJqA/r3RSUP60/xs64OJ42VqEr1xc=
github.com/gangwgr/library-go v0.0.0-20260629123509-160942988b8b/go.mod h1:8d0qQEDq2kpIZmaE1tKpvZ4pLeQZT+mW2JpqAh3iZIc=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
Expand Down Expand Up @@ -178,8 +180,6 @@ github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af h1:Ui
github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/openshift/client-go v0.0.0-20260622130833-df412d4d283e h1:NrVmCwy3vBk6UTY+cNNFHbnB40FyusJmeUIInQod/v8=
github.com/openshift/client-go v0.0.0-20260622130833-df412d4d283e/go.mod h1:lMQvYPtn6LrPO/YX2j5xdv2h6BRWgYVq1tMA3qA3N9k=
github.com/openshift/library-go v0.0.0-20260625074842-d80d43df888c h1:VqRxJg5ipu/TqDA0UXBc2O8SKVnUVh20cRUoec7J1dw=
github.com/openshift/library-go v0.0.0-20260625074842-d80d43df888c/go.mod h1:8d0qQEDq2kpIZmaE1tKpvZ4pLeQZT+mW2JpqAh3iZIc=
github.com/openshift/multi-operator-manager v0.0.0-20241205181422-20aa3906b99d h1:Rzx23P63JFNNz5D23ubhC0FCN5rK8CeJhKcq5QKcdyU=
github.com/openshift/multi-operator-manager v0.0.0-20241205181422-20aa3906b99d/go.mod h1:iVi9Bopa5cLhjG5ie9DoZVVqkH8BGb1FQVTtecOLn4I=
github.com/openshift/oauth-apiserver v0.0.0-20260520145010-97a820bd5412 h1:oDB0GmUXLp8y85fWz+LGRE0hM5JqbXTfNPi5GjEqiX0=
Expand Down
73 changes: 60 additions & 13 deletions test/e2e-encryption-kms/encryption_kms.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
g "github.com/onsi/ginkgo/v2"
"k8s.io/apimachinery/pkg/runtime"

operatorencryption "github.com/openshift/cluster-authentication-operator/test/library/encryption"
library "github.com/openshift/library-go/test/library/encryption"
librarykms "github.com/openshift/library-go/test/library/encryption/kms"
)
Expand Down Expand Up @@ -42,15 +41,15 @@ func testKMSEncryptionOnOff(ctx context.Context, t testing.TB) {
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: operatorencryption.DefaultTargetGRs,
AssertFunc: operatorencryption.AssertTokens,
TargetGRs: library.AuthTargetGRs,
AssertFunc: library.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return operatorencryption.CreateAndStoreTokenOfLife(context.TODO(), t, operatorencryption.GetClients(t))
return library.CreateAndStoreTokenOfLife(context.TODO(), t, library.GetClients(t))
},
Comment on lines 47 to 49

@coderabbitai coderabbitai Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== file outline ==\n'
ast-grep outline test/e2e-encryption-kms/encryption_kms.go --view expanded || true

printf '\n== relevant lines ==\n'
nl -ba test/e2e-encryption-kms/encryption_kms.go | sed -n '1,220p'

printf '\n== search for CreateAndStoreTokenOfLife ==\n'
rg -n "CreateAndStoreTokenOfLife|CreateResourceFunc|context.TODO\(\)" test/e2e-encryption-kms test -g '*.go'

printf '\n== inspect function definition ==\n'
rg -n "func .*CreateAndStoreTokenOfLife|CreateAndStoreTokenOfLife\\(" -g '*.go'

Repository: openshift/cluster-authentication-operator

Length of output: 665

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== encryption_kms.go lines 30-150 ==\n'
sed -n '30,150p' test/e2e-encryption-kms/encryption_kms.go | cat -n

printf '\n== CreateAndStoreTokenOfLife definition and usages ==\n'
rg -n "func .*CreateAndStoreTokenOfLife|CreateAndStoreTokenOfLife\\(" -g '*.go' .

printf '\n== related helper signatures near library package ==\n'
rg -n "type .*ClientSet|CreateAndStoreTokenOfLife|GetClients\\(" test pkg -g '*.go'

Repository: openshift/cluster-authentication-operator

Length of output: 9902

Pass the test context through the token-creation callbacks.
context.TODO() drops the outer ctx’s timeout/cancellation, so these paths can outlive the test. Use ctx in all four CreateResourceFunc closures.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e-encryption-kms/encryption_kms.go` around lines 47 - 49, The token
creation callbacks are ignoring the test’s cancellation and timeout by calling
context.TODO(), which can let resource setup outlive the test. Update all four
CreateResourceFunc closures in encryption_kms.go to pass through the surrounding
ctx instead of using context.TODO(), and keep the existing
library.CreateAndStoreTokenOfLife call structure unchanged.

Sources: Coding guidelines, Path instructions

AssertResourceEncryptedFunc: operatorencryption.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: operatorencryption.AssertTokenOfLifeNotEncrypted,
ResourceFunc: func(t testing.TB, _ string) runtime.Object { return operatorencryption.TokenOfLife(t) },
AssertResourceEncryptedFunc: library.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: library.AssertTokenOfLifeNotEncrypted,
ResourceFunc: library.TokenOfLife,
ResourceName: "TokenOfLife",
EncryptionProvider: librarykms.DefaultVaultEncryptionProvider(ctx, t),
})
Expand All @@ -72,19 +71,67 @@ func testKMSEncryptionProvidersMigration(ctx context.Context, t testing.TB) {
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: operatorencryption.DefaultTargetGRs,
AssertFunc: operatorencryption.AssertTokens,
TargetGRs: library.AuthTargetGRs,
AssertFunc: library.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return operatorencryption.CreateAndStoreTokenOfLife(context.TODO(), t, operatorencryption.GetClients(t))
return library.CreateAndStoreTokenOfLife(context.TODO(), t, library.GetClients(t))
},
AssertResourceEncryptedFunc: operatorencryption.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: operatorencryption.AssertTokenOfLifeNotEncrypted,
ResourceFunc: func(t testing.TB, _ string) runtime.Object { return operatorencryption.TokenOfLife(t) },
AssertResourceEncryptedFunc: library.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: library.AssertTokenOfLifeNotEncrypted,
ResourceFunc: library.TokenOfLife,
ResourceName: "TokenOfLife",
EncryptionProviders: library.ShuffleEncryptionProviders([]library.EncryptionProvider{
librarykms.DefaultVaultEncryptionProvider(ctx, t),
library.SupportedStaticEncryptionProviders[rand.IntN(len(library.SupportedStaticEncryptionProviders))],
}),
})
}

// testKMSToKMSMigration tests KMS-to-KMS migration (primary → secondary → primary → identity).
func testKMSToKMSMigration(ctx context.Context, t testing.TB) {
library.TestKMSToKMSMigration(ctx, t, library.KMSToKMSMigrationScenario{
BasicScenario: library.BasicScenario{
Namespace: "openshift-config-managed",
LabelSelector: "encryption.apiserver.operator.openshift.io/component" + "=" + "openshift-oauth-apiserver",
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: library.AuthTargetGRs,
AssertFunc: library.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return library.CreateAndStoreTokenOfLife(context.TODO(), t, library.GetClients(t))
},
AssertResourceEncryptedFunc: library.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: library.AssertTokenOfLifeNotEncrypted,
ResourceFunc: library.TokenOfLife,
ResourceName: "TokenOfLife",
PrimaryProvider: librarykms.DefaultVaultEncryptionProvider(ctx, t),
SecondaryProvider: librarykms.SecondaryVaultEncryptionProvider(ctx, t),
})
}

// testKMSToKMSOnOff tests KMS on/off cycle with two distinct KMS providers.
func testKMSToKMSOnOff(ctx context.Context, t testing.TB) {
library.TestKMSToKMSOnOff(ctx, t, library.KMSToKMSMigrationScenario{
BasicScenario: library.BasicScenario{
Namespace: "openshift-config-managed",
LabelSelector: "encryption.apiserver.operator.openshift.io/component" + "=" + "openshift-oauth-apiserver",
EncryptionConfigSecretName: "encryption-config-openshift-oauth-apiserver",
EncryptionConfigSecretNamespace: "openshift-config-managed",
OperatorNamespace: "openshift-authentication-operator",
TargetGRs: library.AuthTargetGRs,
AssertFunc: library.AssertTokens,
},
CreateResourceFunc: func(t testing.TB, _ library.ClientSet, namespace string) runtime.Object {
return library.CreateAndStoreTokenOfLife(context.TODO(), t, library.GetClients(t))
},
AssertResourceEncryptedFunc: library.AssertTokenOfLifeEncrypted,
AssertResourceNotEncryptedFunc: library.AssertTokenOfLifeNotEncrypted,
ResourceFunc: library.TokenOfLife,
ResourceName: "TokenOfLife",
PrimaryProvider: librarykms.DefaultVaultEncryptionProvider(ctx, t),
SecondaryProvider: librarykms.SecondaryVaultEncryptionProvider(ctx, t),
})
}
Comment on lines +91 to +137

@coderabbitai coderabbitai Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Wire these new scenarios into the test entrypoint.

Line 92 and Line 116 add helper functions that nothing invokes, so the new KMS-to-KMS migration/on-off paths never execute. Please register them alongside the existing encryption scenarios; otherwise this PR adds dead test code instead of coverage.

🧰 Tools
🪛 golangci-lint (2.12.2)

[error] 92-92: func testKMSToKMSMigration is unused

(unused)

[error] 116-116: func testKMSToKMSOnOff is unused

(unused)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e-encryption-kms/encryption_kms.go` around lines 91 - 137, The new
KMS-to-KMS helper scenarios in testKMSToKMSMigration and testKMSToKMSOnOff are
currently dead code because nothing calls them from the test entrypoint. Update
the existing encryption test registration/dispatch path to invoke these helpers
alongside the other scenarios so the new coverage actually runs, keeping the
wiring consistent with the surrounding test functions in this package.

Source: Linters/SAST tools

57 changes: 57 additions & 0 deletions vendor/github.com/openshift/library-go/test/library/encryption/assertion_auth.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

55 changes: 55 additions & 0 deletions vendor/github.com/openshift/library-go/test/library/encryption/assertion_oas.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion vendor/github.com/openshift/library-go/test/library/encryption/helpers.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

80 changes: 80 additions & 0 deletions vendor/github.com/openshift/library-go/test/library/encryption/helpers_auth.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading