NO-JIRA: Fix PodSecurityViolation in set-liveness-probe cmd test#30809
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: automatic mode |
|
@ardaguclu: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
WalkthroughTest files are updated: bindata.go's embedded test resources are regenerated with updated JSON/YAML/HTML content, and set-liveness-probe.sh test expectations are modified to use localhost:8081 instead of google.com:80 for probe URL validation. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.5.0)Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/extended/testdata/bindata.go (1)
34255-34261: Optional: add a short rationale comment in the source fixture (not bindata).Because this is generated content, please document in
test/extended/testdata/cmd/test/cmd/set-liveness-probe.shthat the empty host inhttp://:8081/is intentional for PodSecurity compliance, to prevent accidental regressions on regeneration.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/extended/testdata/bindata.go` around lines 34255 - 34261, Add a short rationale comment in the source test fixture file that produced this generated bindata (test/extended/testdata/cmd/test/cmd/set-liveness-probe.sh) explaining that the empty host in the URL literal "http://:8081/" is intentional for PodSecurity compliance; locate the invocation that uses --get-url=http://:8081/ (the test case around setting liveness probe / the shell command invoking oc set probe) and add a one-line comment immediately above it stating the reason so the intent is preserved in the source (not in the generated bindata.go) to prevent accidental removal on regeneration.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@test/extended/testdata/bindata.go`:
- Around line 34255-34261: Add a short rationale comment in the source test
fixture file that produced this generated bindata
(test/extended/testdata/cmd/test/cmd/set-liveness-probe.sh) explaining that the
empty host in the URL literal "http://:8081/" is intentional for PodSecurity
compliance; locate the invocation that uses --get-url=http://:8081/ (the test
case around setting liveness probe / the shell command invoking oc set probe)
and add a one-line comment immediately above it stating the reason so the intent
is preserved in the source (not in the generated bindata.go) to prevent
accidental removal on regeneration.
ℹ️ Review info
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (2)
test/extended/testdata/bindata.gotest/extended/testdata/cmd/test/cmd/set-liveness-probe.sh
|
Scheduling required tests: |
|
/test e2e-agnostic-ovn-cmd |
|
e2e-agnostic-ovn-cmd failed due to unrelated failures. The tests that this PR tries to fix has passed; |
|
/test e2e-agnostic-ovn-cmd |
|
/retest-required |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ardaguclu, neisw, tchap The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@ardaguclu: This PR has been marked as verified by DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest-required |
|
/retest |
|
/test e2e-metal-ipi-ovn-ipv6 |
|
Job Failure Risk Analysis for sha: 5f1d24e
|
|
/retest |
|
@ardaguclu: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
e2e-agnostic-ovn-cmd job is failing due to the PodSecurityViolation error in cmd-set-liveness-probe test https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_oc/2197/pull-ci-openshift-oc-main-e2e-agnostic-ovn-cmd/2026519491961163776
Overall: https://search.dptools.openshift.org/?search=cmd-set-liveness-probe&maxAge=48h&context=1&type=bug%2Bissue%2Bjunit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job
This PR updates the probe value to something else to prevent the violation.
Summary by CodeRabbit