HIVE-3148: add OTE e2e test jobs for openshift/hive

[miyadav]

/hold

Add e2e-ote, e2e-gcp-ote, e2e-azure-ote, and e2e-vsphere-ote test jobs using the OpenShift Tests Extension framework. Temporarily uses dockerfile_literal to build hive-tests from miyadav/hive:fix-ote-init branch while the hive PR is validated.

Summary by CodeRabbit

• New Features

  • Added a dedicated test-runner image to standardize OTE test execution.

• Tests

  • Added four OTE end-to-end test variants for AWS, GCP, Azure, and vSphere.
  • Unified test invocation across providers while keeping provider-specific provisioning and configuration wiring.
  • Updated skip patterns to refine which changes trigger tests.
  • Added/adjusted per-variant timeouts for more reliable Azure runs.

[openshift-ci-robot]

@miyadav: This pull request references HIVE-3148 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

/hold

Add e2e-ote, e2e-gcp-ote, e2e-azure-ote, and e2e-vsphere-ote test jobs using the OpenShift Tests Extension framework. Temporarily uses dockerfile_literal to build hive-tests from miyadav/hive:fix-ote-init branch while the hive PR is validated.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: miyadav
Once this PR has been reviewed and has the lgtm label, please assign 2uasimojo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/hive/OWNERS
• ci-operator/jobs/openshift/hive/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a hive-tests CI image that builds and gzipped-installs an OTE openshift-tests-extension runner and four new OTE e2e job variants (e2e-ote, e2e-gcp-ote, e2e-azure-ote, e2e-vsphere-ote) which run openshift-tests-extension run-suite -c 1 openshift/hive with provider-specific wiring.

Changes

Cohort / File(s)

Summary

CI config: new image + OTE tests ci-operator/config/openshift/hive/openshift-hive-master.yaml

Adds images[]: hive-tests which compiles and gzips openshift-tests-extension. Adds four tests[] entries: e2e-ote, e2e-gcp-ote, e2e-azure-ote, e2e-vsphere-ote. Each test runs openshift-tests-extension run-suite -c 1 openshift/hive, declares HIVE_IMAGE/RELEASE_IMAGE deps, mounts provider credentials, and sets provider-specific env/flags (AWS: mounts creds, SKIP_LONG_RUNNING_TESTS=true, PLATFORM=aws; GCP/Azure: set KUBECONFIG, derive BASE_DOMAIN, set PLATFORM; vSphere: source context scripts, export VIP/network vars, PLATFORM=vsphere). e2e-ote skip patterns now exclude .coderabbit.yaml; Azure OTE adds/overrides timeouts.

Sequence Diagram(s)

sequenceDiagram
    actor CI as CI Operator
    participant Builder as Image Builder
    participant Registry as Image Registry
    participant Job as ci-operator Job
    participant Cloud as Cloud Provider
    participant ClusterClaim as cluster_claim
    participant TestRunner as openshift-tests-extension

    CI->>Builder: build `hive-tests` (compile & gzip openshift-tests-extension)
    Builder-->>Registry: push `hive-tests`
    CI->>Job: trigger e2e-*-ote variant
    Job->>Registry: pull `hive-tests`, `HIVE_IMAGE`, `RELEASE_IMAGE`
    Job->>Cloud: request provider credentials / provision cluster
    Cloud->>ClusterClaim: provision cluster and return kubeconfig/env
    ClusterClaim-->>Job: provide kubeconfig and platform-specific env
    Job->>TestRunner: run `openshift-tests-extension run-suite -c 1 openshift/hive`
    TestRunner-->>Job: emit results/logs
    Job-->>CI: report job outcome

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the main change: adding OTE e2e test jobs to openshift/hive configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR modifies CI operator YAML configuration files, not Ginkgo test source code. The check requires examination of Go test files with Ginkgo test definitions (It, Describe, Context, When blocks), which are not present or modified in this repository.
Test Structure And Quality	✅ Passed	This check is not applicable to this PR as it does not modify any Ginkgo test code. The PR consists entirely of CI/CD configuration changes.
Microshift Test Compatibility	✅ Passed	PR adds CI configuration files to run existing tests from openshift/hive via OTE framework with no new Ginkgo test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds CI configuration only, not new Ginkgo e2e test code. Test code comes from external hive repository.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies CI/CD configuration files defining test job specifications and container builds, not deployment manifests or controllers. No topology-aware scheduling constraints are introduced.
Ote Binary Stdout Contract	✅ Passed	PR explicitly addresses OTE Binary Stdout Contract through commit message stating 'fix to clean json output and deserilization error fix to coderepo', indicating stdout handling issues have been remediated before test jobs are added.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies CI/CD configuration files (YAML) in openshift/release repository to add job definitions. No Ginkgo e2e test code is added; actual test code comes from external openshift/hive repository and is compiled into hive-tests image.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml`:
- Around line 353-355: This job's command block runs the Hive test suite but
doesn't export BASE_DOMAIN like the e2e-gcp job; update the commands (the block
that sets KUBECONFIG and calls /usr/bin/openshift-tests-extension run-suite
openshift/hive) to also export BASE_DOMAIN by reading it from
${CLUSTER_PROFILE_DIR}/public_hosted_zone (e.g., export BASE_DOMAIN="$(cat
${CLUSTER_PROFILE_DIR}/public_hosted_zone)") so downstream Hive provisioning has
the DNS zone available.
- Around line 399-418: The OTE job's commands block sources vsphere helper
scripts (source $SHARED_DIR/vsphere_context.sh, source $SHARED_DIR/govc.sh) but
does not mount the vsphere secret; update the job spec that contains the
commands/from: hive-tests to add a volume/volumeMount or secret mount for
vsphere-ibmcloud-ci at /var/run/vault/vsphere-ibmcloud-ci (matching the
e2e-vsphere job) so the helpers can read the credentials when sourcing those
scripts.
- Around line 29-40: Replace the moving branch reference in the
dockerfile_literal (the RUN git clone --branch fix-ote-init --depth 1
https://github.com/miyadav/hive.git . line) with a clone and checkout pinned to
a specific commit SHA so the image is reproducible; e.g., clone the repo (no
branch), fetch the desired commit SHA, and checkout that SHA (or use git clone
--depth 1 <repo> && git -C hive checkout <COMMIT_SHA>) so the build always uses
an immutable revision—update the RUN line to perform these steps and document
the chosen commit SHA in the file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c6ccca02-6f9c-4ba5-9ac9-33212b4bc53e

📥 Commits

Reviewing files that changed from the base of the PR and between 68dc8d5 and 334cf25.

⛔ Files ignored due to path filters (3)

• ci-operator/jobs/openshift/hive/openshift-hive-master-periodics.yaml is excluded by !ci-operator/jobs/**
• ci-operator/jobs/openshift/hive/openshift-hive-master-postsubmits.yaml is excluded by !ci-operator/jobs/**
• ci-operator/jobs/openshift/hive/openshift-hive-master-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (1)

• ci-operator/config/openshift/hive/openshift-hive-master.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Shows the current branch head that this Dockerfile consumes today.
git ls-remote https://github.com/miyadav/hive.git refs/heads/fix-ote-init

Repository: openshift/release

Length of output: 126

---

Pin the temporary miyadav/hive source to an immutable revision.

Cloning from the fix-ote-init branch makes this image non-reproducible and allows future branch updates to change the test binary without additional openshift/release review. Pin a commit SHA instead of using a moving branch reference.

Suggested change

   - dockerfile_literal: |
       FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
       RUN mkdir -p /go/src/github.com/openshift/hive
       WORKDIR /go/src/github.com/openshift/hive
-      RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
+      ARG HIVE_OTE_COMMIT=<pinned-sha>
+      RUN git init . \
+       && git remote add origin https://github.com/miyadav/hive.git \
+       && git fetch --depth 1 origin "${HIVE_OTE_COMMIT}" \
+       && git checkout --detach FETCH_HEAD
       RUN make -C test/ote build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines 29
- 40, Replace the moving branch reference in the dockerfile_literal (the RUN git
clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
line) with a clone and checkout pinned to a specific commit SHA so the image is
reproducible; e.g., clone the repo (no branch), fetch the desired commit SHA,
and checkout that SHA (or use git clone --depth 1 <repo> && git -C hive checkout
<COMMIT_SHA>) so the build always uses an immutable revision—update the RUN line
to perform these steps and document the chosen commit SHA in the file.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Mount the vSphere credentials in the OTE variant too.

This step sources the same vSphere helper scripts as e2e-vsphere, but unlike the existing job it never mounts vsphere-ibmcloud-ci at /var/run/vault/vsphere-ibmcloud-ci. Those helpers depend on that secret, so this job is likely to fail before the suite starts.

Suggested change

       commands: |
         export KUBECONFIG="${SHARED_DIR}/kubeconfig"
         source $SHARED_DIR/vsphere_context.sh
         source $SHARED_DIR/govc.sh
         source $SHARED_DIR/additional_cluster.sh
@@
         export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)

         /usr/bin/openshift-tests-extension run-suite openshift/hive
+      credentials:
+      - mount_path: /var/run/vault/vsphere-ibmcloud-ci
+        name: vsphere-ibmcloud-ci
+        namespace: test-credentials
       dependencies:
       - env: HIVE_IMAGE
         name: hive

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	commands: |
	export KUBECONFIG="${SHARED_DIR}/kubeconfig"
	source $SHARED_DIR/vsphere_context.sh
	source $SHARED_DIR/govc.sh
	source $SHARED_DIR/additional_cluster.sh
	export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
	export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
	export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
	export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
	export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
	export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
	/usr/bin/openshift-tests-extension run-suite openshift/hive
	dependencies:
	- env: HIVE_IMAGE
	name: hive
	- env: RELEASE_IMAGE
	name: release:latest
	from: hive-tests
	commands: |
	export KUBECONFIG="${SHARED_DIR}/kubeconfig"
	source $SHARED_DIR/vsphere_context.sh
	source $SHARED_DIR/govc.sh
	source $SHARED_DIR/additional_cluster.sh
	export CLUSTER_NAME=$ADDITIONAL_CLUSTER_NAME
	export VSPHERE_API_VIP=$ADDITIONAL_CLUSTER_API_VIP
	export VSPHERE_INGRESS_VIP=$ADDITIONAL_CLUSTER_INGRESS_VIP
	export VSPHERE_MACHINE_NETWORK=$(<"${SHARED_DIR}"/machinecidr.txt)
	export BASE_DOMAIN=$(<"${SHARED_DIR}"/basedomain.txt)
	export VSPHERE_INSTALLER_PLATFORM_SPEC_JSON=$(<"${SHARED_DIR}"/platform.json)
	/usr/bin/openshift-tests-extension run-suite openshift/hive
	credentials:
	- mount_path: /var/run/vault/vsphere-ibmcloud-ci
	name: vsphere-ibmcloud-ci
	namespace: test-credentials
	dependencies:
	- env: HIVE_IMAGE
	name: hive
	- env: RELEASE_IMAGE
	name: release:latest
	from: hive-tests

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
399 - 418, The OTE job's commands block sources vsphere helper scripts (source
$SHARED_DIR/vsphere_context.sh, source $SHARED_DIR/govc.sh) but does not mount
the vsphere secret; update the job spec that contains the commands/from:
hive-tests to add a volume/volumeMount or secret mount for vsphere-ibmcloud-ci
at /var/run/vault/vsphere-ibmcloud-ci (matching the e2e-vsphere job) so the
helpers can read the credentials when sourcing those scripts.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

ci-operator/config/openshift/hive/openshift-hive-master.yaml (2)

397-419: ⚠️ Potential issue | 🔴 Critical

Mount the vSphere secret on the OTE variant too.

This job sources the same vSphere helper scripts as e2e-vsphere on Lines 250-252, but unlike Lines 262-265 it never mounts vsphere-ibmcloud-ci. Those helpers read credentials from that path, so this variant is likely to fail before the suite starts.

Suggested change

       commands: |
         export KUBECONFIG="${SHARED_DIR}/kubeconfig"
         source $SHARED_DIR/vsphere_context.sh
         source $SHARED_DIR/govc.sh
         source $SHARED_DIR/additional_cluster.sh
@@
         /usr/bin/openshift-tests-extension run-suite openshift/hive
+      credentials:
+      - mount_path: /var/run/vault/vsphere-ibmcloud-ci
+        name: vsphere-ibmcloud-ci
+        namespace: test-credentials
       dependencies:
       - env: HIVE_IMAGE
         name: hive

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
397 - 419, The OTE test job's "test:" block (the job with "as: test" and
"commands: | ... /usr/bin/openshift-tests-extension run-suite openshift/hive")
sources the vSphere helper scripts but does not mount the vsphere-ibmcloud-ci
secret that those helpers expect; add a dependency entry to the job's
"dependencies:" list to mount the vsphere-ibmcloud-ci secret (same pattern used
by the e2e-vsphere job) so the helper scripts can read credentials from that
path.

---

29-34: ⚠️ Potential issue | 🟠 Major

Pin the temporary Hive source to an immutable revision.

This image still clones fix-ote-init, so future pushes to that branch can change the OTE runner without another openshift/release review. Fetch and check out a specific commit SHA instead.

Suggested change

   - dockerfile_literal: |
       FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 as builder
       RUN mkdir -p /go/src/github.com/openshift/hive
       WORKDIR /go/src/github.com/openshift/hive
-      RUN git clone --branch fix-ote-init --depth 1 https://github.com/miyadav/hive.git .
+      ARG HIVE_OTE_COMMIT=<pinned-sha>
+      RUN git init . \
+       && git remote add origin https://github.com/miyadav/hive.git \
+       && git fetch --depth 1 origin "${HIVE_OTE_COMMIT}" \
+       && git checkout --detach FETCH_HEAD
       RUN make -C test/ote build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines 29
- 34, The Dockerfile fragment in dockerfile_literal currently clones the branch
name "fix-ote-init" (RUN git clone --branch fix-ote-init --depth 1 ...), which
is mutable; change the git clone invocation to fetch and check out a specific
commit SHA (immutable) instead: clone the repo without relying on a branch (or
clone then checkout) and checkout the provided commit SHA before running make -C
test/ote build so the builder stage uses a pinned commit; update the RUN lines
in the Dockerfile snippet that include git clone and any subsequent git checkout
to use the chosen commit SHA.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml`:
- Around line 322-327: Add an export of KUBECONFIG pointing to the shared
kubeconfig before running tests: in the commands block that sets
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, PULL_SECRET_FILE and CLUSTER_NAME and
then calls /usr/bin/openshift-tests-extension run-suite openshift/hive, insert
export KUBECONFIG="${SHARED_DIR}/kubeconfig" so the openshift-tests-extension
run-suite has access to the claimed cluster kubeconfig.

---

Duplicate comments:
In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml`:
- Around line 397-419: The OTE test job's "test:" block (the job with "as: test"
and "commands: | ... /usr/bin/openshift-tests-extension run-suite
openshift/hive") sources the vSphere helper scripts but does not mount the
vsphere-ibmcloud-ci secret that those helpers expect; add a dependency entry to
the job's "dependencies:" list to mount the vsphere-ibmcloud-ci secret (same
pattern used by the e2e-vsphere job) so the helper scripts can read credentials
from that path.
- Around line 29-34: The Dockerfile fragment in dockerfile_literal currently
clones the branch name "fix-ote-init" (RUN git clone --branch fix-ote-init
--depth 1 ...), which is mutable; change the git clone invocation to fetch and
check out a specific commit SHA (immutable) instead: clone the repo without
relying on a branch (or clone then checkout) and checkout the provided commit
SHA before running make -C test/ote build so the builder stage uses a pinned
commit; update the RUN lines in the Dockerfile snippet that include git clone
and any subsequent git checkout to use the chosen commit SHA.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: eb93571c-1839-43ad-a430-68b90a762544

📥 Commits

Reviewing files that changed from the base of the PR and between 334cf25 and bd18d2a.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/openshift/hive/openshift-hive-master-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (1)

• ci-operator/config/openshift/hive/openshift-hive-master.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== OTE jobs in this file =="
rg -n -C2 'as: e2e(-gcp|-azure|-vsphere)?-ote|KUBECONFIG|openshift-tests-extension run-suite openshift/hive' ci-operator/config/openshift/hive/openshift-hive-master.yaml

echo
echo "== generic-claim workflow / steps mentioning kubeconfig =="
fd -i 'generic-claim' step-registry ci-operator | xargs -r rg -n -C3 'KUBECONFIG|kubeconfig'

echo
echo "== other generic-claim jobs that run openshift-tests-extension =="
rg -n -C3 'workflow:\s*generic-claim|openshift-tests-extension run-suite' ci-operator/config

Repository: openshift/release

Length of output: 50452

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Searching for generic-claim workflow definition =="
find ci-operator -name "*generic*claim*" -type f | head -20

echo
echo "== Looking for generic-claim in workflows directory =="
find ci-operator/step-registry -name "generic-claim" -type d 2>/dev/null | head -10

echo
echo "== Searching for generic-claim workflow in all files =="
rg -l "generic-claim" ci-operator/step-registry --max-count=20 2>/dev/null || true

Repository: openshift/release

Length of output: 2625

---

🏁 Script executed:

cat -n ci-operator/step-registry/generic-claim/generic-claim-workflow.yaml

Repository: openshift/release

Length of output: 814

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Checking ipi-install-rbac ref =="
cat ci-operator/step-registry/ipi/install/rbac/ipi-install-rbac-ref.yaml | head -50

echo
echo "== Searching for where SHARED_DIR/kubeconfig gets created =="
rg 'SHARED_DIR.*kubeconfig|kubeconfig.*SHARED_DIR' ci-operator/step-registry --max-count=10 -A2

echo
echo "== Looking at cluster-claim setup in generic-claim usage =="
rg -B5 'workflow: generic-claim' ci-operator/config/openshift/hive/openshift-hive-master.yaml | grep -A5 'as: e2e-ote'

Repository: openshift/release

Length of output: 50374

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Looking for cluster-claim kubeconfig injection =="
rg 'cluster.claim|cluster_claim' ci-operator/step-registry/generic-claim/ -A5 -B5 | head -40

echo
echo "== Checking if KUBECONFIG is set in container environment =="
rg 'KUBECONFIG.*SHARED_DIR|/tmp.*kubeconfig' ci-operator/step-registry/cluster-claim* -i 2>/dev/null || echo "No direct cluster-claim kubeconfig injection found"

echo
echo "== Searching for documentation on cluster-claim kubeconfig handling =="
find ci-operator -name "*.yaml" -path "*/cluster-claim*" | head -5

echo
echo "== Examine the actual e2e-ote job in context to see if it has a step before openshift-tests-extension =="
sed -n '306,330p' ci-operator/config/openshift/hive/openshift-hive-master.yaml

Repository: openshift/release

Length of output: 114

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Full e2e-ote job definition =="
sed -n '306,380p' ci-operator/config/openshift/hive/openshift-hive-master.yaml

echo
echo "== Check if there are any pre steps in the e2e-ote job =="
sed -n '306,380p' ci-operator/config/openshift/hive/openshift-hive-master.yaml | grep -A100 'as: e2e-ote' | grep -E '^\s+pre:|^\s+- ref:|^\s+- chain:'

Repository: openshift/release

Length of output: 2410

---

Add export KUBECONFIG="${SHARED_DIR}/kubeconfig" to the test commands.

The AWS OTE job using workflow: generic-claim is missing the KUBECONFIG export that all other OTE variants (GCP, Azure, vSphere) include. Without this, the openshift-tests-extension suite will run without access to the claimed cluster's kubeconfig. Align with the pattern used in e2e-gcp-ote, e2e-azure-ote, and e2e-vsphere-ote.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/config/openshift/hive/openshift-hive-master.yaml` around lines
322 - 327, Add an export of KUBECONFIG pointing to the shared kubeconfig before
running tests: in the commands block that sets AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY, PULL_SECRET_FILE and CLUSTER_NAME and then calls
/usr/bin/openshift-tests-extension run-suite openshift/hive, insert export
KUBECONFIG="${SHARED_DIR}/kubeconfig" so the openshift-tests-extension run-suite
has access to the claimed cluster kubeconfig.

[miyadav]

/retest

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[miyadav]

/pj-rehearse pull-ci-openshift-hive-master-e2e-ote

[openshift-merge-bot]

@miyadav: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@miyadav: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-hive-master-e2e-azure-ote	openshift/hive	presubmit	Presubmit changed
pull-ci-openshift-hive-master-e2e-gcp-ote	openshift/hive	presubmit	Presubmit changed
pull-ci-openshift-hive-master-e2e-ote	openshift/hive	presubmit	Presubmit changed
pull-ci-openshift-hive-master-e2e-vsphere-ote	openshift/hive	presubmit	Presubmit changed
pull-ci-openshift-hive-master-coverage	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e-azure	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e-gcp	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e-openstack	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e-pool	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-e2e-vsphere	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-images	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-periodic-images	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-security	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-unit	openshift/hive	presubmit	Ci-operator config changed
pull-ci-openshift-hive-master-verify	openshift/hive	presubmit	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-pool-weekly	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-vsphere-weekly	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-weekly	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-azure-weekly	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-gcp-weekly	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-hive-master-periodic-e2e-openstack-weekly	N/A	periodic	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@miyadav: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/hive/master/e2e-ote	892405f	link	unknown	/pj-rehearse pull-ci-openshift-hive-master-e2e-ote
ci/prow/generated-config	c39af88	link	true	/test generated-config

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[miyadav]

/close
#79036

[openshift-ci]

@miyadav: Closed this PR.

Details

In response to this:

/close
#79036

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.