NO-JIRA: remove old mock plugin deployment#902
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
WalkthroughRemoves explicit ChangesKMS E2E Test Cleanup
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ardaguclu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retitle NO-JIRA: remove old mock plugin deployment |
|
/verified by ci |
|
@gangwgr: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@tjungblu: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/hold |
|
/testwith openshift/cluster-authentication-operator/master/e2e-aws-operator-encryption-kms-ote openshift/origin#31228 |
|
@gangwgr, |
|
/test e2e-operator |
|
/test ? |
|
/test e2e-aws-operator-encryption-kms |
|
/test e2e-gcp-operator-encryption-kms |
|
/test e2e-aws-operator-encryption-kms-ote |
|
/test e2e-aws-operator-encryption-kms |
|
/test e2e-aws-operator-encryption-kms-ote |
There was a problem hiding this comment.
don't you have to use the DefaultVaultEncryptionProvider instead?
There was a problem hiding this comment.
not sure about the I see one @ardaguclu pr not merged
@ardaguclu @bertinatto can we use the DefaultVaultEncryptionProvider?
There was a problem hiding this comment.
which PR do we need from Arda?
There was a problem hiding this comment.
There was a problem hiding this comment.
There is no prerequisite pr for using original vault instance. But it has no relation with the purpose of this pr
There was a problem hiding this comment.
I think we can begin the process of switching to original vault
There was a problem hiding this comment.
I would like to get off the mock as soon as possible, but we can have this as a separate PR.
@bertinatto just mentioned that we have to wait for a new nightly/CI build for the changes to be effective across all operators. Then the tests should also clear.
There was a problem hiding this comment.
@gangwgr you can open a pr to test original vault image more changes are needed, see openshift/cluster-kube-apiserver-operator#2169
|
@gangwgr: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
test/e2e-encryption-kms/encryption_kms.go (1)
59-67:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winUpdate stale migration test steps comment
Line 61 says the test deploys the mock KMS plugin, but that setup was removed in this PR. Please update the numbered steps so they match current behavior and avoid confusion during failures/triage.
Suggested doc-only patch
// testKMSEncryptionProvidersMigration tests migration between KMS and AES encryption providers. // This test: -// 1. Deploys the mock KMS plugin -// 2. Creates a test OAuth access token (TokenOfLife) -// 3. Randomly picks one AES encryption provider (AESGCM or AESCBC) -// 4. Shuffles the selected AES provider with KMS to create a randomized migration order -// 5. Migrates between the providers in the shuffled order -// 6. Verifies token is correctly encrypted after each migration +// 1. Creates a test OAuth access token (TokenOfLife) +// 2. Randomly picks one AES encryption provider (AESGCM or AESCBC) +// 3. Shuffles the selected AES provider with KMS to create a randomized migration order +// 4. Migrates between the providers in the shuffled order +// 5. Verifies token is correctly encrypted after each migration🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/e2e-encryption-kms/encryption_kms.go` around lines 59 - 67, The comment above the testKMSEncryptionProvidersMigration function is outdated because the mock KMS plugin deployment was removed; update the numbered steps in that block (the comment starting "// testKMSEncryptionProvidersMigration tests migration between KMS and AES encryption providers.") to reflect current behavior—remove or modify step 1 about deploying the mock KMS plugin and renumber/clarify remaining steps (creating TokenOfLife, selecting/shuffling AES provider, performing migrations, and verifying token encryption) so the comment matches what testKMSEncryptionProvidersMigration actually does.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@test/e2e-encryption-kms/encryption_kms.go`:
- Around line 59-67: The comment above the testKMSEncryptionProvidersMigration
function is outdated because the mock KMS plugin deployment was removed; update
the numbered steps in that block (the comment starting "//
testKMSEncryptionProvidersMigration tests migration between KMS and AES
encryption providers.") to reflect current behavior—remove or modify step 1
about deploying the mock KMS plugin and renumber/clarify remaining steps
(creating TokenOfLife, selecting/shuffling AES provider, performing migrations,
and verifying token encryption) so the comment matches what
testKMSEncryptionProvidersMigration actually does.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: c424b5ac-799a-4f06-b5a2-108630fc1e6a
📒 Files selected for processing (1)
test/e2e-encryption-kms/encryption_kms.go
ployment
|
Actionable comments posted: 0 |
|
/lgtm |
|
/retest |
|
@gangwgr: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/hold cancel |
|
@bertinatto: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Remove old mock plugin deployment
Summary by CodeRabbit