Skip to content

OCPNODE-4031: Add criocredentialprovider tests #30821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
QiWang19 wants to merge 2 commits into
base: main
Choose a base branch
from
+5,236 −632
Draft

OCPNODE-4031: Add criocredentialprovider tests #30821

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
33ef320
Add criocredentialprovider tests
QiWang19 Feb 28, 2026
3b8fd60
vendor
QiWang19 Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ require (
github.com/opencontainers/go-digest v1.0.0
github.com/openshift-eng/openshift-tests-extension v0.0.0-20251218142942-7ecc8801b9df
github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f
github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368
github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186
github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee
github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13
github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298
github.com/openshift/library-go v0.0.0-20251015151611-6fc7a74b67c5
github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250118001652-a8b9c3c31417
github.com/pborman/uuid v1.2.0
Expand Down
4 changes: 4 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -830,12 +830,16 @@ github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f h1:E72Zo
github.com/openshift-kni/commatrix v0.0.5-0.20251111204857-e5a931eff73f/go.mod h1:cDVdp0eda7EHE6tLuSeo4IqPWdAX/KJK+ogBirIGtsI=
github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368 h1:kSr3DOlq0NCrHd65HB2o/pBsks7AfRm+fkpf9RLUPoc=
github.com/openshift/api v0.0.0-20260114133223-6ab113cb7368/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186 h1:1IBqLfnTwrsauWPpvw4Wz7w57jAhHfUOHSGpKhXRNBg=
github.com/openshift/api v0.0.0-20260225172252-64dddb8f3186/go.mod h1:ZYAxo9t1AALeEotN07tNzIvqqqWSxcZIqMUKnY/xCeQ=
github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d h1:Mfya3RxHWvidOrKyHj3bmFn5x2B89DLZIvDAhwm+C2s=
github.com/openshift/apiserver-library-go v0.0.0-20251015164739-79d04067059d/go.mod h1:zm2/rIUp0p83pz0/1kkSoKTqhTr3uUKSKQ9fP7Z3g7Y=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 h1:6rd4zSo2UaWQcAPZfHK9yzKVqH0BnMv1hqMzqXZyTds=
github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13/go.mod h1:YvOmPmV7wcJxpfhTDuFqqs2Xpb3M3ovsM6Qs/i2ptq4=
github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298 h1:V8uz/2Z4hh+49TUxl0nYs0sDn1fB7lTdSMDKAa6TFY8=
github.com/openshift/client-go v0.0.0-20260219131751-7e63ce155298/go.mod h1:rtH0BhilT6+jn3nWybANEumaBO1vWCKaY8QpwipRy/Y=
github.com/openshift/kubernetes v1.30.1-0.20251017123720-96593f323733 h1:Mpab1CmJPLVWGB0CNGoWnup/NScvv55MVPe94c8JgUk=
github.com/openshift/kubernetes v1.30.1-0.20251017123720-96593f323733/go.mod h1:w3+IfrXNp5RosdDXg3LB55yijJqR/FwouvVntYHQf0o=
github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20251017123720-96593f323733 h1:42lm41QwjG8JoSicx4FHcuIG2kxHxlUnz6c+ftg2e0E=
Expand Down
56 changes: 28 additions & 28 deletions test/extended/imagepolicy/imagepolicy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,8 +198,8 @@ var _ = g.Describe("[sig-imagepolicy][OCPFeatureGate:SigstoreImageVerificationPK

func updateImageConfig(oc *exutil.CLI, allowedRegistries []string) {
e2e.Logf("Updating image config with allowed registries")
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
imageConfig, err := oc.AdminConfigClient().ConfigV1().Images().Get(
Expand All @@ -215,13 +215,13 @@ func updateImageConfig(oc *exutil.CLI, allowedRegistries []string) {
return err
})
o.Expect(err).NotTo(o.HaveOccurred(), "error updating image config")
waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
}

func cleanupImageConfig(oc *exutil.CLI) error {
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
imageConfig, err := oc.AdminConfigClient().ConfigV1().Images().Get(
Expand All @@ -237,8 +237,8 @@ func cleanupImageConfig(oc *exutil.CLI) error {
return err
})
o.Expect(err).NotTo(o.HaveOccurred(), "error cleaning up image config")
waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
return nil
}

Expand Down Expand Up @@ -278,52 +278,52 @@ func waitForTestPodContainerToFailSignatureValidation(ctx context.Context, f *e2

func createClusterImagePolicy(oc *exutil.CLI, policy configv1.ClusterImagePolicy) {
e2e.Logf("Creating cluster image policy %s", policy.Name)
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

_, err := oc.AdminConfigClient().ConfigV1().ClusterImagePolicies().Create(context.TODO(), &policy, metav1.CreateOptions{})
o.Expect(err).NotTo(o.HaveOccurred())

waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
}

func deleteClusterImagePolicy(oc *exutil.CLI, policyName string) error {
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

if err := oc.AdminConfigClient().ConfigV1().ClusterImagePolicies().Delete(context.TODO(), policyName, metav1.DeleteOptions{}); err != nil && !errors.IsNotFound(err) {
return fmt.Errorf("failed to delete cluster image policy %s: %v", policyName, err)
}
waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
return nil
}

func createImagePolicy(oc *exutil.CLI, policy configv1.ImagePolicy, namespace string) {
// Capture initial rendered config names for both pools before creating the policy
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

e2e.Logf("Creating image policy %s in namespace %s", policy.Name, namespace)
_, err := oc.AdminConfigClient().ConfigV1().ImagePolicies(namespace).Create(context.TODO(), &policy, metav1.CreateOptions{})
o.Expect(err).NotTo(o.HaveOccurred())

// Wait until each pool's Spec.Configuration.Name changes from the initial value
// and the pool reports Updated=true
waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
}

func deleteImagePolicy(oc *exutil.CLI, policyName string, namespace string) error {
initialWorkerSpec := getMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := getMCPCurrentSpecConfigName(oc, masterPool)
initialWorkerSpec := GetMCPCurrentSpecConfigName(oc, workerPool)
initialMasterSpec := GetMCPCurrentSpecConfigName(oc, masterPool)

if err := oc.AdminConfigClient().ConfigV1().ImagePolicies(namespace).Delete(context.TODO(), policyName, metav1.DeleteOptions{}); err != nil && !errors.IsNotFound(err) {
return fmt.Errorf("failed to delete image policy %s in namespace %s: %v", policyName, namespace, err)
}
waitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
waitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, workerPool, initialWorkerSpec)
WaitForMCPConfigSpecChangeAndUpdated(oc, masterPool, initialMasterSpec)
return nil
}

Expand Down Expand Up @@ -679,18 +679,18 @@ L8ITFP+Nw9Meiw4etw59CTAPCc7l4Zvwr1K2ZTBmVGxrqdasiqpI0utG69aItsPi
return testImagePolicies
}

// getMCPCurrentSpecConfigName returns the current Spec.Configuration.Name for the given MCP
func getMCPCurrentSpecConfigName(oc *exutil.CLI, pool string) string {
// GetMCPCurrentSpecConfigName returns the current Spec.Configuration.Name for the given MCP
func GetMCPCurrentSpecConfigName(oc *exutil.CLI, pool string) string {
clientSet, err := machineconfigclient.NewForConfig(oc.KubeFramework().ClientConfig())
o.Expect(err).NotTo(o.HaveOccurred())
mcp, err := clientSet.MachineconfigurationV1().MachineConfigPools().Get(context.TODO(), pool, metav1.GetOptions{})
o.Expect(err).NotTo(o.HaveOccurred())
return mcp.Spec.Configuration.Name
}

// waitForMCPConfigSpecChangeAndUpdated waits until Spec.Configuration.Name changes from the provided initial value
// WaitForMCPConfigSpecChangeAndUpdated waits until Spec.Configuration.Name changes from the provided initial value
// and the MCP reports Updated=true
func waitForMCPConfigSpecChangeAndUpdated(oc *exutil.CLI, pool string, initialSpecName string) {
func WaitForMCPConfigSpecChangeAndUpdated(oc *exutil.CLI, pool string, initialSpecName string) {
e2e.Logf("Waiting for pool %s to complete", pool)
clientSet, err := machineconfigclient.NewForConfig(oc.KubeFramework().ClientConfig())
o.Expect(err).NotTo(o.HaveOccurred())
Expand Down
Loading