Skip to content

[gNSI][TBRotate] Add a base framework for rotating trustbundles.#5409

Open
morrowc wants to merge 8 commits intomainfrom
gnsiTests
Open

[gNSI][TBRotate] Add a base framework for rotating trustbundles.#5409
morrowc wants to merge 8 commits intomainfrom
gnsiTests

Conversation

@morrowc
Copy link
Copy Markdown
Contributor

@morrowc morrowc commented May 4, 2026

Add a base set of tests for the rotate-trustbundle process.

Ideally we can expand these once we have some that are working :)
Robotic change here... btw.

@morrowc morrowc requested a review from marcushines May 4, 2026 03:40
@morrowc morrowc requested a review from a team as a code owner May 4, 2026 03:40
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented May 4, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes a foundational testing framework for the gNSI trust bundle rotation feature. It provides automated test cases to verify successful trust bundle updates and ensures that invalid rotation attempts are correctly rejected by the system, maintaining overall service integrity.

Highlights

  • New Test Framework: Introduced a base test suite for the gNSI trust bundle rotation process, covering both positive and negative scenarios.
  • Test Data Generation: Implemented helper functions to dynamically create combined trust bundles and manage certificate rotation states for RSA and ECDSA types.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@OpenConfigBot
Copy link
Copy Markdown

OpenConfigBot commented May 4, 2026
edited
Loading

Pull Request Functional Test Report for #5409 / b3fad7e

Virtual Devices

Device Test Test Documentation Job Raw Log
Arista cEOS status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 cf92ffe7 Log
Cisco 8000E status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 4560ba2b Log
Cisco XRd status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 77e189bf Log
Juniper ncPTX status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 1d51b6f8 Log
Nokia SR Linux status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 79ee8c31 Log
Openconfig Lemming status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
 ef9c0c79 Log

Hardware Devices

Device Test Test Documentation Raw Log
Arista 7808 status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
Cisco 8808 status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
Juniper PTX10008 status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation
Nokia 7250 IXR-10e status
status
 Certz-4: Trust Bundle
Certz-5: Trust Bundle Rotation

Help

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new test suite for gNSI certz trust bundle rotation, implementing both positive and negative test cases for RSA and ECDSA certificate types. The feedback identifies an unused import that would cause a compilation error and suggests improvements for test isolation by using temporary directories for generated files. Additionally, it recommends using context timeouts for network operations to ensure the tests do not hang indefinitely.

Comment thread feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_rotation_test.go Outdated
Comment thread feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_rotation_test.go Outdated
Comment thread feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_rotation_test.go Outdated
morrowc and others added 6 commits May 4, 2026 00:28
@morrowc @gemini-code-assist
Update feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_ro…
d35b7e6 
…tation_test.go


Write files out to temp location, not back into the testdata.

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@morrowc @gemini-code-assist
Update feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_ro…
dcc71fc 
…tation_test.go


Safer timeout on context seems safe.

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@morrowc
Merge branch 'main' into gnsiTests
664b65b
gofmt should have been run but was not? #robots
95c8b66
gnsi: Fix trust bundle rotation test completeness
a7c1a47 
Explicitly implement Probe, Finalize, and Post-verification steps
in Certz-5.1 positive test case to satisfy automated completeness checks.

CONV=06139096-e783-4e45-b803-aa5e9e9c7a25
gnsi: Fix trust bundle rotation gap analysis failures
dbee5e2 
Address FNT Gap Analysis failures:
1. Make service validations explicit in Step 6 (gNOI, gRIBI, P4RT, gNMI, gNSI).
2. Implement explicit Probe RPC call in Step 4 using authzpb.NewAuthzClient and Probe method.

CONV=06139096-e783-4e45-b803-aa5e9e9c7a25
marcushines
marcushines reviewed May 4, 2026
View reviewed changes
Comment thread feature/gnsi/certz/tests/trust_bundle_rotation/trust_bundle_rotation_test.go Outdated
@morrowc
Copy link
Copy Markdown
Contributor Author

morrowc commented May 6, 2026

I believe this is ready for @mihirpitale-googler to review/etc.

@morrowc morrowc requested a review from ram-mac May 6, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcushines marcushines marcushines left review comments

@mihirpitale-googler mihirpitale-googler Awaiting requested review from mihirpitale-googler

@ram-mac ram-mac Awaiting requested review from ram-mac

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@morrowc @OpenConfigBot @marcushines