STOR-2550: add LSO network policy test case #30562
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: automatic mode |
openshift-ci-robot
added
the
jira/valid-reference
|
@duanwei33: This pull request references STOR-2550 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Scheduling required tests: |
|
@duanwei33: This pull request references STOR-2550 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
duanwei33
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@duanwei33: This pull request references STOR-2550 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
| if !lsoInstallInfo.Installed { | ||
| g.Skip("LSO is not installed on this cluster") | ||
| } else if !isLSOVersionSupported(lsoInstallInfo.Version) { | ||
| g.Skip(fmt.Sprintf("LSO network policy support requires version >= 4.21.0, current version: %s", lsoInstallInfo.Version)) | ||
| } |
There was a problem hiding this comment.
| if !lsoInstallInfo.Installed { | |
| g.Skip("LSO is not installed on this cluster") | |
| } else if !isLSOVersionSupported(lsoInstallInfo.Version) { | |
| g.Skip(fmt.Sprintf("LSO network policy support requires version >= 4.21.0, current version: %s", lsoInstallInfo.Version)) | |
| } | |
| if !lsoInstallInfo.Installed { | |
| g.Skip("LSO is not installed on this cluster") | |
| } | |
| if !isLSOVersionSupported(lsoInstallInfo.Version) { | |
| g.Skip(fmt.Sprintf("LSO network policy support requires version >= 4.21.0, current version: %s", lsoInstallInfo.Version)) | |
| } |
will be more readable.
There was a problem hiding this comment.
Okay, it looks clear, will update later.
There was a problem hiding this comment.
@Phaow I have updated the code, but I'm not sure why it doesn't show "Outdated" in the GUI.
Could you check if you have any other comments?
| g.Skip(fmt.Sprintf("LSO network policy support requires version >= 4.21.0, current version: %s", lsoInstallInfo.Version)) | ||
| } | ||
|
|
||
| LSOResourcesToCheck := []resourceCheck{ |
There was a problem hiding this comment.
Maybe we could also consider just append it to CSIResourcesToCheck if lso is installed.
There was a problem hiding this comment.
Thanks for the comment. I once considered combining, but it will give us the clear result from the case level (skipped if LSO is not installed), so I think we can keep this :)
There was a problem hiding this comment.
ok, we could keep it, from the reports scope makes sense.
| runResourceChecks(oc, LSOResourcesToCheck, currentPlatform) | ||
| }) | ||
|
|
||
| g.It("should ensure required NetworkPolicies exist with correct labels for LSO", func() { |
There was a problem hiding this comment.
The same above, we could just append it in g.It("should ensure required NetworkPolicies exist with correct labels"
| // Get all CSVs across all namespaces matching local-storage-operator pattern | ||
| // Command: oc get csv -A -o json | ||
| output, err := oc.AsAdmin().Run("get").Args("csv", "-A", "-o", "json").Output() | ||
| if err != nil { | ||
| return info, fmt.Errorf("failed to list ClusterServiceVersions: %v", err) | ||
| } | ||
|
|
||
| // Parse the JSON output to find local-storage-operator CSV | ||
| // The output contains a list of CSVs with metadata.name and metadata.namespace | ||
| var csvList struct { | ||
| Items []struct { | ||
| Metadata struct { | ||
| Name string `json:"name"` | ||
| Namespace string `json:"namespace"` | ||
| } `json:"metadata"` | ||
| Spec struct { | ||
| Version string `json:"version"` | ||
| } `json:"spec"` | ||
| Status struct { | ||
| Phase string `json:"phase"` | ||
| } `json:"status"` | ||
| } `json:"items"` | ||
| } | ||
|
|
||
| if err := json.Unmarshal([]byte(output), &csvList); err != nil { | ||
| return info, fmt.Errorf("failed to parse CSV list: %v", err) | ||
| } | ||
|
|
||
| // Search for local-storage-operator CSV | ||
| for _, csv := range csvList.Items { | ||
| // Match CSV name pattern: local-storage-operator.* | ||
| if strings.HasPrefix(csv.Metadata.Name, "local-storage-operator") { | ||
| // Only consider CSVs in Succeeded phase | ||
| if csv.Status.Phase == "Succeeded" { | ||
| info.Installed = true | ||
| info.Namespace = csv.Metadata.Namespace | ||
| info.Version = csv.Spec.Version | ||
| return info, nil | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
There may be a better way to do this. oc.AsAdmin().Run() spawns a new oc process, then there is a new custom struct to unmarshal the text output. You could instead use the API types directly from operator-framework here:
https://github.com/operator-framework/api/blob/ebdb4e0b321b668f7bc5146e2972b1ce4529d109/pkg/operators/v1alpha1/clusterserviceversion_types.go#L601-L619
oadp-operator for example imports the API here:
https://github.com/openshift/oadp-operator/blob/oadp-dev/must-gather/pkg/cli.go#L15
then adds it to the scheme here:
https://github.com/openshift/oadp-operator/blob/oadp-dev/must-gather/pkg/cli.go#L82
IMO, you should at least be able to use ClusterServiceVersionList from the operator-framework repo, instead of defining the new csvList struct here. Even better if you can add some new method to test/extended/util/client.go to get a client that supports ClusterServiceVersion so you could list CSV's the same way you list NetworkPolicies and avoid oc.AsAdmin().Run().
There was a problem hiding this comment.
Thanks for the suggestion. I followed the example to use typed controller-runtime client, it looks better, could you help take a look?
But I have to be careful of the dependency update due to the github.com/operator-framework/api introduced.
There was a problem hiding this comment.
The new code looks good, thanks for making this change :)
I don't see any obvious problem with the dependency updates.
@duanwei33 Does this mean you will have a follow-up PR to openshift/release to define a new workflow to install LSO and run this test? |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Yes you are right. wdyt of this idea? |
|
Scheduling required tests: |
Works for me, just wanted to understand how it will run, since existing LSO presubmits don't call this (yet). |
|
/retest |
|
/retest |
|
/lgtm |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
go.mod
Outdated
| go 1.24.0 | ||
| go 1.24.6 | ||
|
|
||
| toolchain go1.24.11 |
There was a problem hiding this comment.
Go will prefer or auto-download Go 1.24.11, is this expected? We'd better use the builder go version consistently.
|
Others LGTM. |
refactor LSO network policy test to use operator-framework API
|
Scheduling required tests: |
|
/lgtm |
|
@DennisPeriquet |
|
@duanwei33 I am no expert here but I see other people have LGTM'ed. Please keep an eye on any blocking jobs that might fail with these changes and be ready to revert as needed. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: DennisPeriquet, dobsonj, duanwei33, Phaow The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/label acknowledge-critical-fixes-only |
openshift-ci
bot
added
the
acknowledge-critical-fixes-only
|
/verified by CI |
openshift-ci-robot
added
the
verified
|
@duanwei33: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest-required |
|
/retest |
|
@duanwei33: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
5 participants
Adding LSO network policy test cases
LSO(and other 3rd Operator) test strategy:
After discussing with the team, we decided not to install/uninstall the Operator/Operand during standard tests, as this would incur significant overhead across all our CI pipelines.
Instead, we will define specific jobs where the Operator/Operand is pre-installed. This approach allows us to cover all configuration-related tests efficiently and with low cost.
Test records: