diff --git a/test/extended/operators/certs.go b/test/extended/operators/certs.go index f55053a3af7c..7caffb91fb87 100644 --- a/test/extended/operators/certs.go +++ b/test/extended/operators/certs.go @@ -26,6 +26,7 @@ import ( g "github.com/onsi/ginkgo/v2" o "github.com/onsi/gomega" + ote "github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo" "github.com/openshift/library-go/pkg/certs/cert-inspection/certgraphanalysis" "github.com/openshift/library-go/pkg/certs/cert-inspection/certgraphapi" @@ -104,6 +105,9 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g if ok, _ := exutil.IsHypershift(ctx, configClient); ok { g.Skip("hypershift does not auto-collect TLS.") } + if ok, _ := exutil.IsRosaCluster(oc); ok { + g.Skip("ROSA does not auto-collect TLS.") + } var err error onDiskPKIContent := &certgraphapi.PKIList{} @@ -175,7 +179,7 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g o.Expect(err).NotTo(o.HaveOccurred()) }) - g.It("all tls artifacts must be registered", func() { + g.It("all tls artifacts must be registered", ote.Informing(), func() { violationsPKIContent, err := certs.GetPKIInfoFromEmbeddedOwnership(ownership.PKIViolations) o.Expect(err).NotTo(o.HaveOccurred()) @@ -276,23 +280,18 @@ var _ = g.Describe(fmt.Sprintf("[sig-arch][Late][Jira:%q]", "kube-apiserver"), g if len(newTLSRegistry.CertKeyPairs) > 0 || len(newTLSRegistry.CertificateAuthorityBundles) > 0 { registryString, err := json.MarshalIndent(newTLSRegistry, "", " ") if err != nil { - // g.Fail("Failed to marshal registry %#v: %v", newTLSRegistry, err) testresult.Flakef("Failed to marshal registry %#v: %v", newTLSRegistry, err) } - // TODO: uncomment when test no longer fails and enhancement is merged - // g.Fail(fmt.Sprintf("Unregistered TLS certificates:\n%s", registryString)) testresult.Flakef("Unregistered TLS certificates found:\n%s\nSee tls/ownership/README.md in origin repo", registryString) } }) - g.It("all registered tls artifacts must have no metadata violation regressions", func() { + g.It("all registered tls artifacts must have no metadata violation regressions", ote.Informing(), func() { violationRegressionOptions := ensure_no_violation_regression.NewEnsureNoViolationRegressionOptions(ownership.AllViolations, genericclioptions.NewTestIOStreamsDiscard()) messages, _, err := violationRegressionOptions.HaveViolationsRegressed([]*certgraphapi.PKIList{actualPKIContent}) o.Expect(err).NotTo(o.HaveOccurred()) if len(messages) > 0 { - // TODO: uncomment when test no longer fails and enhancement is merged - // g.Fail(strings.Join(messages, "\n")) testresult.Flakef("%s", strings.Join(messages, "\n")) } }) diff --git a/test/extended/util/framework.go b/test/extended/util/framework.go index d2815ae01bea..40140de53347 100644 --- a/test/extended/util/framework.go +++ b/test/extended/util/framework.go @@ -2337,6 +2337,16 @@ func IsMicroShiftCluster(kubeClient k8sclient.Interface) (bool, error) { return true, nil } +// IsRosaCluster returns "true" if a cluster is ROSA, +// "false" otherwise. +func IsRosaCluster(oc *CLI) (bool, error) { + product, err := oc.WithoutNamespace().AsAdmin().Run("get").Args("clusterclaims/product.open-cluster-management.io", "-o=jsonpath={.spec.value}").Output() + if err != nil { + return false, nil + } + return strings.Compare(product, "ROSA") == 0, nil +} + func IsTwoNodeFencing(ctx context.Context, configClient clientconfigv1.Interface) bool { infrastructure, err := configClient.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) if err != nil {