OTA-1604: migrate ocp-46922 from otp to cvo repo

[jiajliu]

This PR refactors test case OCP-46922 with client-go and migrated it from the openshift-tests-private repository to the CVO repository as an openshift-tests-extension test.

[openshift-ci-robot]

@jiajliu: This pull request references OTA-1604 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

/uncc

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Adds a new payload JSON test entry and implements a cluster-live Cluster Version Operator test plus supporting utilities for REST/kube/config clients and HyperShift detection/skipping.

Changes

Cohort / File(s)	Summary
Test configuration ​.openshift-tests-extension/openshift_payload_cluster-version-operator.json	Appends a new test object named "[Jira:\"Cluster Version Operator\"] cluster-version-operator should have correct runlevel and scc" with labels, resources.isolation, source, lifecycle, and environmentSelector fields mirroring existing entries.
Cluster test implementation test/cvo/cvo.go	Adds a cluster-live test: sets up REST and kube clients in BeforeEach, skips if HyperShift, verifies openshift-cluster-version namespace has openshift.io/run-level label (empty value), finds running CVO pods (k8s-app=cluster-version-operator, phase Running), asserts exactly one pod, and checks pod annotation openshift.io/scc == hostaccess.
Test utilities test/cvo/util.go	Adds exported helpers: GetRestConfig(), GetKubeClient(restConfig), GetConfigClient(restConfig), IsHypershift(ctx, restConfig), and SkipIfHypershift(ctx, restConfig) for kubeconfig loading, client construction, and HyperShift detection/skipping.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 72a6c34 and 204dd75.

📒 Files selected for processing (3)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json
• test/cvo/cvo.go
• test/cvo/util.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test/cvo/util.go
• test/cvo/cvo.go

🧬 Code graph analysis (1)

test/cvo/cvo.go (1)

test/cvo/util.go (3)

• GetRestConfig (44-46)
• GetKubeClient (49-51)
• SkipIfHypershift (32-41)

🔇 Additional comments (7)

.openshift-tests-extension/openshift_payload_cluster-version-operator.json (1)

21-31: LGTM!

The new test entry follows the established structure and naming convention. The test name correctly maps to the implementation in cvo.go.

test/cvo/cvo.go (3)

3-15: LGTM!

The imports are well-organized with appropriate groupings (standard library, k8s dependencies, then local packages).

---

37-52: LGTM!

The live cluster test structure is well-organized with proper client initialization in BeforeEach. The utility functions from util.go are used appropriately.

---

54-80: LGTM!

The test logic is correct and well-structured:

• HyperShift check with proper error handling
• Label existence and value checks are appropriately separated
• Pod selection uses both label and field selectors for precision
• Error messages are clear and actionable

test/cvo/util.go (3)

1-13: LGTM!

Imports are well-organized and appropriate for the utility functions provided.

---

15-41: LGTM!

The HyperShift detection utilities are well-implemented with proper error propagation. The reference to the origin framework implementation is helpful for traceability.

---

43-56: LGTM!

The client factory functions are clean, reusable utilities that properly delegate to client-go. The documentation comments adequately explain their purpose.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@jiajliu: This pull request references OTA-1604 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

/uncc

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

test/cvo/cvo.go (2)

16-16: Consider removing or relocating GinkgoRecover.

The defer GinkgoRecover() at the Describe block level executes during test registration, not during test execution. It would only catch panics during the registration phase. Ginkgo v2 already handles panics in test specs automatically, making this defer unnecessary. If you need to recover from panics in spawned goroutines within tests, move GinkgoRecover() into those goroutines instead.

🔎 Proposed change

 var _ = Describe(`[Jira:"Cluster Version Operator"] cluster-version-operator-tests`, func() {
-	defer GinkgoRecover()
-
 	const cvoNamespace = "openshift-cluster-version"

---

24-40: Consider using consistent error handling.

The BeforeEach block mixes two error handling styles: Fail() at line 35 and Expect().NotTo(HaveOccurred()) at line 39. For consistency and better integration with Ginkgo/Gomega patterns, consider using Expect().NotTo(HaveOccurred()) throughout.

🔎 Proposed change for consistency

 		restCfg, err = rest.InClusterConfig()
 		if err != nil {
 			// Fall back to kubeconfig (respects KUBECONFIG env var for local execution)
 			loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
 			cfg := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
 			restCfg, err = cfg.ClientConfig()
-			if err != nil {
-				Fail("Failed to load Kubernetes configuration. Please ensure KUBECONFIG environment variable is set or running in-cluster.")
-			}
+			Expect(err).NotTo(HaveOccurred(), "Failed to load Kubernetes configuration. Please ensure KUBECONFIG environment variable is set or running in-cluster.")
 		}
 		kubeClient, err = kubernetes.NewForConfig(restCfg)
 		Expect(err).NotTo(HaveOccurred(), "Failed to create Kubernetes client")

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 381275d and df298e2.

📒 Files selected for processing (2)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json
• test/cvo/cvo.go

🚧 Files skipped from review as they are similar to previous changes (1)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test/cvo/cvo.go

🔇 Additional comments (3)

test/cvo/cvo.go (3)

4-9: LGTM! Appropriate imports for Kubernetes client setup.

The added imports correctly support the test's requirements: context for test lifecycle, k8s.io client libraries for cluster interaction, and clientcmd for kubeconfig fallback.

---

18-22: LGTM! Well-structured test setup variables.

The constant for the CVO namespace and variables for the REST config and Kubernetes client are appropriately scoped and typed.

---

48-69: LGTM! Well-structured test with clear validation logic.

The test correctly validates:

• CVO namespace has no explicit run-level label (empty string = default early-start priority)
• Exactly one running CVO pod exists with the expected label
• CVO pod uses the "hostaccess" SCC for necessary host-level privileges

The use of By() statements, descriptive assertions, and reference comments to the migration source all contribute to maintainability.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

test/cvo/cvo.go (1)

22-33: Consider using BeforeAll for efficiency.

The BeforeEach creates a new Kubernetes client before every test, including the trivial "should support passing tests" which doesn't need one. Since the client configuration doesn't change between tests, consider using Ginkgo's BeforeAll (or wrapping the client-dependent test in its own Context with a dedicated BeforeEach).

This is a minor efficiency concern given the small number of tests.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 160d2ac and 221cf46.

📒 Files selected for processing (2)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json
• test/cvo/cvo.go

🚧 Files skipped from review as they are similar to previous changes (1)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test/cvo/cvo.go

🔇 Additional comments (1)

test/cvo/cvo.go (1)

41-62: LGTM!

The migrated test logic is correct:

• Properly retrieves the namespace and checks the openshift.io/run-level label (empty string check works correctly even if label is absent, since Go maps return zero value).
• Pod listing with label and field selectors is appropriate.
• Single pod assertion and SCC annotation check are well-structured.

The migration preserves the original test intent while using idiomatic client-go patterns.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

test/cvo/cvo.go (1)

46-49: Consider distinguishing "not found" from other errors for clearer debugging.

If a network or API error occurs (not just NotFound), the skip message "CVO deployment not found!" may be misleading. For better debuggability in CI logs, consider checking specifically for NotFound errors:

🔎 Suggested improvement

+	"k8s.io/apimachinery/pkg/api/errors"

 		cvoDeployment, err := kubeClient.AppsV1().Deployments(cvoNamespace).Get(ctx, "cluster-version-operator", metav1.GetOptions{})
-		if err != nil || cvoDeployment == nil {
+		if errors.IsNotFound(err) {
 			Skip("Skipping test: CVO deployment not found!")
 		}
+		Expect(err).NotTo(HaveOccurred(), "Failed to get CVO deployment")

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 221cf46 and 56162c0.

📒 Files selected for processing (2)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json
• test/cvo/cvo.go

🚧 Files skipped from review as they are similar to previous changes (1)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test/cvo/cvo.go

🔇 Additional comments (3)

test/cvo/cvo.go (3)

4-10: LGTM!

The imports are appropriate for the Kubernetes client-go operations being performed.

---

27-38: LGTM!

The Kubernetes client setup follows idiomatic patterns for client-go. Using NewDefaultClientConfigLoadingRules correctly respects the KUBECONFIG environment variable, and error messages are descriptive.

---

51-68: LGTM!

The test assertions are well-structured with clear By() statements for documentation. The runlevel and SCC verification logic is correct, and error messages are descriptive for debugging test failures.

[openshift-ci-robot]

@jiajliu: This pull request references OTA-1604 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This PR refactors test case OCP-46922 with client-go and migrated it from the openshift-tests-private repository to the CVO repository as an openshift-tests-extension test.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jiajliu]

Local test result:

$ ./_output/linux/amd64/cluster-version-operator-tests run-test -n "[Jira:\"Cluster Version Operator\"] cluster-version-operator-tests with cluster access should have correct runlevel and scc"
  Running Suite:  - /home/jiajliu/work/cluster-version-operator
  =============================================================
  Random Seed: 1766564711 - will randomize all specs

  Will run 1 of 1 specs
  ------------------------------
  [Jira:"Cluster Version Operator"] cluster-version-operator-tests with cluster access should have correct runlevel and scc
  /home/jiajliu/work/cluster-version-operator/test/cvo/cvo.go:43
    STEP: Check runlevel in cvo namespace. @ 12/24/25 16:25:12.376
    STEP: Check scc of cvo pod. @ 12/24/25 16:25:12.624
  • [1.507 seconds]
  ------------------------------

  Ran 1 of 1 Specs in 1.507 seconds
  SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
[
  {
    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator-tests with cluster access should have correct runlevel and scc",
    "lifecycle": "blocking",
    "duration": 1507,
    "startTime": "2025-12-24 08:25:11.425672 UTC",
    "endTime": "2025-12-24 08:25:12.932730 UTC",
    "result": "passed",
    "output": "  STEP: Check runlevel in cvo namespace. @ 12/24/25 16:25:12.376\n  STEP: Check scc of cvo pod. @ 12/24/25 16:25:12.624\n"
  }
]

From pre-submits jobs e2e-aws-ovn-techpreview and e2e-agnostic-ovn, the new case [Jira:"Cluster Version Operator"] cluster-version-operator-tests with cluster access should have correct runlevel and scc has been added and passed in the CI.

cc @hongkailiu @DavidHurta to help review, thanks

[jiajliu]

@hongkailiu @DavidHurta just bring your attention in case you missed my last comment for your year-end break. Could you help review the pr when you have a moment?
BTW, the current conflict is a result of newly merged pr, I will resolve it once your review is complete.

[jiajliu]

/test okd-scos-images

[hongkailiu]

/cc

[hongkailiu]

Jia, off the record, this is a perfect example that does not use any oc command. 😸

[hongkailiu]

The comments are only about wording of specs. Otherwise, LGTM.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@test/cvo/util.go`:
- Around line 32-37: SkipIfHypershift currently ignores errors from
IsHypershift; change it to check the returned error and fail the test when
non-nil instead of proceeding silently: in SkipIfHypershift call
IsHypershift(ctx, restConfig), if err != nil invoke the test failure helper
(e.g., Fail or Failf) with a clear message including the error, otherwise keep
the existing behavior of calling Skip when isHypershift is true.
- Around line 23-26: The infrastructure fetch currently swallows errors by
returning (false, nil) when configClient.ConfigV1().Infrastructures().Get(...)
fails; change this to propagate the error or explicitly handle NotFound: if
apierrors.IsNotFound(err) then treat as missing infrastructure (return false,
nil) else return false, err (or log and fail the test). Update the code around
the Get call (the block using configClient.ConfigV1().Infrastructures().Get and
the variables infrastructure/err) to perform an apierrors.IsNotFound check and
only suppress NotFound, otherwise return or propagate the actual error.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8680e60 and db7cc73.

📒 Files selected for processing (3)

• .openshift-tests-extension/openshift_payload_cluster-version-operator.json
• test/cvo/cvo.go
• test/cvo/util.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test/cvo/cvo.go
• test/cvo/util.go

🧬 Code graph analysis (1)

test/cvo/cvo.go (1)

test/cvo/util.go (3)

• GetRestConfig (40-42)
• GetKubeClient (45-47)
• SkipIfHypershift (32-37)

🔇 Additional comments (5)

.openshift-tests-extension/openshift_payload_cluster-version-operator.json (1)

21-31: LGTM!

The new test entry is correctly structured, matches the existing entries' format, and the test name properly aligns with the Describe/It blocks in test/cvo/cvo.go.

test/cvo/util.go (1)

39-52: LGTM!

The client factory functions are clean and follow idiomatic patterns for Kubernetes client initialization.

test/cvo/cvo.go (3)

4-8: LGTM!

Imports are necessary for the new cluster-access test functionality.

---

35-51: LGTM!

The new Describe block follows the agreed-upon naming convention and properly initializes the Kubernetes client for cluster-access tests.

---

53-78: LGTM!

The test implementation correctly validates the CVO namespace label and pod annotation. The logic follows the migration source and past reviewer feedback has been addressed.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[hongkailiu]

/lgtm

/hold

if you want to address this.
Free to cancel otherwise.

[hongkailiu]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu, jiajliu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [hongkailiu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@jiajliu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-update	204dd75	link	true	/test verify-update
ci/prow/images	204dd75	link	true	/test images
ci/prow/verify-deps	204dd75	link	true	/test verify-deps
ci/prow/e2e-agnostic-ovn-upgrade-out-of-change	204dd75	link	true	/test e2e-agnostic-ovn-upgrade-out-of-change
ci/prow/gofmt	204dd75	link	true	/test gofmt
ci/prow/okd-scos-images	204dd75	link	true	/test okd-scos-images
ci/prow/e2e-hypershift-conformance	204dd75	link	true	/test e2e-hypershift-conformance
ci/prow/e2e-agnostic-ovn-upgrade-into-change	204dd75	link	true	/test e2e-agnostic-ovn-upgrade-into-change
ci/prow/e2e-agnostic-ovn	204dd75	link	true	/test e2e-agnostic-ovn
ci/prow/e2e-agnostic-operator	204dd75	link	true	/test e2e-agnostic-operator
ci/prow/unit	204dd75	link	true	/test unit
ci/prow/e2e-hypershift	204dd75	link	true	/test e2e-hypershift

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hongkailiu]

/retest-required