Skip to content

ROSAENG-60112 | test: add tests for OIDC commands#3316

Open
olucasfreitas wants to merge 1 commit into
openshift:masterfrom
olucasfreitas:ROSAENG-60112-3E
Open

ROSAENG-60112 | test: add tests for OIDC commands#3316
olucasfreitas wants to merge 1 commit into
openshift:masterfrom
olucasfreitas:ROSAENG-60112-3E

Conversation

@olucasfreitas

@olucasfreitas olucasfreitas commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Summary

Add focused tests for 4 OIDC-related commands, all previously at 0% coverage. Tests target functions that return errors or are pure, without needing to refactor the legacy os.Exit pattern.

Detailed Description of the Issue

The OIDC commands are required for the STS cluster creation flow and had no automated test coverage. This PR adds tests for the testable internals: strategy factory functions, exported helpers that return errors, and pure command builders.

Related Issues and PRs

Type of Change

  • test

Previous Behavior

No automated test coverage for cmd/create/oidcconfig, cmd/create/oidcprovider, cmd/dlt/oidcconfig, or cmd/dlt/oidcprovider.

Behavior After This Change

15 new test cases across 4 commands:

Command Tests What's covered
cmd/create/oidcconfig 7 getOidcConfigStrategy factory (5 cases), ManagedAutoStrategy.executeNoExit (2 cases)
cmd/create/oidcprovider 3 CreateOIDCProvider exported function with OCM + AWS mocks
cmd/dlt/oidcconfig 4 getOidcConfigStrategy factory (4 cases)
cmd/dlt/oidcprovider 1 buildCommand pure function

Intentionally skipped: cmd/register/oidcconfig (no extracted helpers that return errors).

How to Test (Step-by-Step)

Test Steps

  1. go test ./cmd/create/oidcconfig/... ./cmd/create/oidcprovider/... ./cmd/dlt/oidcconfig/... ./cmd/dlt/oidcprovider/... -count=1
  2. go vet ./cmd/create/oidcconfig/... ./cmd/create/oidcprovider/... ./cmd/dlt/oidcconfig/... ./cmd/dlt/oidcprovider/...

Expected Results

  • All tests pass
  • go vet clean

Breaking Changes

  • No breaking changes

Developer Verification Checklist

  • Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
  • PR description clearly explains both what changed and why.
  • Relevant Jira/GitHub issues and related PRs are linked.
  • make install-hooks has been run in this clone.
  • Tests were added/updated where appropriate.
  • make test passes.
  • make lint passes.
  • Any risk, limitation, or follow-up work is documented.

Summary by CodeRabbit

  • Tests
    • Added new test suites for OIDC config and OIDC provider create/delete flows.
    • Covered strategy selection for auto/manual modes, including invalid-mode error handling.
    • Added success and failure cases for creating OIDC configs and OIDC providers, with mocked API and cloud responses.
    • Introduced suite entry points so the new specs run with go test.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: a3b4e443-a4d9-4f4f-abaf-b25e14c6449d

📥 Commits

Reviewing files that changed from the base of the PR and between 0862aee and dcc52c6.

📒 Files selected for processing (6)
  • cmd/create/oidcconfig/cmd_test.go
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
  • cmd/create/oidcprovider/cmd_test.go
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
✅ Files skipped from review due to trivial changes (1)
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
🚧 Files skipped from review as they are similar to previous changes (5)
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/create/oidcprovider/cmd_test.go
  • cmd/create/oidcconfig/cmd_test.go

📝 Walkthrough

Walkthrough

This pull request adds new Ginkgo/Gomega test files and suite entrypoints across three packages: cmd/create/oidcconfig, cmd/create/oidcprovider, and cmd/dlt/oidcconfig. The tests cover strategy selection logic (getOidcConfigStrategy) for auto/manual and managed/unmanaged modes, execution behavior of CreateManagedOidcConfigAutoStrategy.executeNoExit, and CreateOIDCProvider scenarios using mocked API-server responses and a gomock AWS client. No exported or public entity declarations are altered aside from the new test entrypoint functions.

Sequence Diagram(s)

Included above within the hidden review stack artifact per layer.

Possibly related PRs

  • openshift/rosa#3299: Adds related Ginkgo/Gomega tests around OIDC provider creation exercising the same mocked AWS CreateOpenIDConnectProvider operation.

Suggested reviewers: marcolan018, davidleerh

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning Several new Ginkgo specs use bare Expect(err).NotTo(HaveOccurred())/To(HaveOccurred()) without diagnostic messages, violating the test-quality requirement. Add meaningful messages to the bare expectations (e.g. Expect(err).NotTo(HaveOccurred(), "...")). No timeout/cleanup changes are needed for these helper tests.
✅ Passed checks (14 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise, follows the required ticket/type format, and accurately summarizes the new OIDC test coverage.
Description check ✅ Passed The description matches the template well, covering summary, issue context, related links, test steps, and verification details.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All new Ginkgo titles are static strings; no timestamps, UUIDs, names, or generated identifiers appear in Describe/Context/It names.
Microshift Test Compatibility ✅ Passed Added tests only exercise local strategy helpers and mocked API-server/AWS clients; no MicroShift-unsupported OpenShift APIs, namespaces, or cluster assumptions found.
Single Node Openshift (Sno) Test Compatibility ✅ Passed The new Ginkgo specs are unit tests using mock runtimes/API stubs and only exercise strategy selection/provider creation; they make no SNO/HA node-topology assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed The PR only adds OIDC test files and suite entrypoints; no manifests, controllers, or scheduling constraints were changed.
Ote Binary Stdout Contract ✅ Passed PASS: The added suite entrypoints only register Ginkgo and RunSpecs; no stdout writes appear in init/TestMain/suite setup, and existing fmt.Println calls are in normal command paths.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Added Ginkgo unit tests only; no IPv4 literals, IPv4-only parsing, or external/public network calls were found in the new specs.
No-Weak-Crypto ✅ Passed Scanned the added OIDC test/suite files and found no weak ciphers, hash use, custom crypto, or non-constant-time secret/token comparisons.
Container-Privileges ✅ Passed The PR diff only adds tests and updates Tekton bundle digests; no changed manifest sets privileged, hostPID/Network/IPC, allowPrivilegeEscalation, or SYS_ADMIN.
No-Sensitive-Data-In-Logs ✅ Passed Scanned the added OIDC test files; found no log/print calls or secret-like data, only fake example URLs and one expected error string.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: olucasfreitas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 1, 2026
@olucasfreitas olucasfreitas changed the title ROSAENG-60112 | test: add tests for OIDC commands (Phase 3E) ROSAENG-60112 | test: add tests for OIDC commands Jul 1, 2026
@olucasfreitas

Copy link
Copy Markdown
Contributor Author

/test all

@olucasfreitas olucasfreitas marked this pull request as ready for review July 1, 2026 23:14
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 1, 2026
@openshift-ci openshift-ci Bot requested review from amandahla and marcolan018 July 1, 2026 23:14

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
cmd/create/oidcprovider/cmd_test.go (1)

25-51: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Minor duplication in mock response setup.

The OidcConfig/OidcThumbprint responder setup (Lines 30-40) is duplicated verbatim in the failure spec (Lines 72-82). Could be extracted into a small helper to reduce repetition.

Also applies to: 67-94

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/create/oidcprovider/cmd_test.go` around lines 25 - 51, The OidcConfig and
OidcThumbprint responder setup in the CreateOIDCProvider test is duplicated
across the success and failure specs, so extract that repeated mock setup into a
small helper and reuse it from the CreateOIDCProvider test cases. Keep the
helper close to the existing test code and have it encapsulate the shared
t.ApiServer.AppendHandlers calls while preserving the existing oidcConfigId and
issuerUrl inputs used by CreateOIDCProvider.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@cmd/create/oidcprovider/cmd_test.go`:
- Around line 25-51: The OidcConfig and OidcThumbprint responder setup in the
CreateOIDCProvider test is duplicated across the success and failure specs, so
extract that repeated mock setup into a small helper and reuse it from the
CreateOIDCProvider test cases. Keep the helper close to the existing test code
and have it encapsulate the shared t.ApiServer.AppendHandlers calls while
preserving the existing oidcConfigId and issuerUrl inputs used by
CreateOIDCProvider.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0e4f8200-6bca-4860-b279-b612113584af

📥 Commits

Reviewing files that changed from the base of the PR and between dc110e6 and 0862aee.

📒 Files selected for processing (8)
  • cmd/create/oidcconfig/cmd_test.go
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
  • cmd/create/oidcprovider/cmd_test.go
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
  • cmd/dlt/oidcprovider/cmd_test.go
  • cmd/dlt/oidcprovider/oidcprovider_suite_test.go

Comment thread cmd/create/oidcprovider/cmd_test.go
Comment thread cmd/dlt/oidcprovider/cmd_test.go Outdated
Comment thread cmd/dlt/oidcprovider/cmd_test.go Outdated
Add focused tests for 3 OIDC-related commands, all previously at 0%
coverage. Tests target functions that return errors or are pure, without
needing to refactor the legacy os.Exit pattern.

- cmd/create/oidcconfig: getOidcConfigStrategy factory (5 cases) and
  ManagedAutoStrategy.executeNoExit (2 cases via OCM mock)
- cmd/create/oidcprovider: CreateOIDCProvider exported function (4 cases
  with OCM + AWS mocks, including FetchOidcThumbprint failure)
- cmd/dlt/oidcconfig: getOidcConfigStrategy factory (4 cases)

Skip cmd/dlt/oidcprovider (buildCommand is a commandbuilder pass-through
already covered by pkg/aws/commandbuilder tests) and
cmd/register/oidcconfig (no extracted helpers that return errors).
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@olucasfreitas: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security dcc52c6 link false /test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@olucasfreitas olucasfreitas requested a review from amandahla July 3, 2026 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants