Skip to content

Add E2E test for the TLSAdherence openshift/api field#31309

Open
richardsonnick wants to merge 1 commit into
openshift:mainfrom
richardsonnick:tls-adherence-e2e
Open

Add E2E test for the TLSAdherence openshift/api field#31309
richardsonnick wants to merge 1 commit into
openshift:mainfrom
richardsonnick:tls-adherence-e2e

Conversation

@richardsonnick

@richardsonnick richardsonnick commented Jun 16, 2026

Copy link
Copy Markdown

Adds E2E tests for the TLSAdherence openshift/api field. This is a requirement for GA.

Summary by CodeRabbit

  • Tests
    • Added new Ginkgo coverage for the TLSAdherence feature gate and API server spec.tlsAdherence behavior.
    • Verifies invalid spec.tlsAdherence values are rejected and valid values (StrictAllComponents, LegacyAdheringComponentsOnly) are accepted.
    • Confirms authorization for viewing and updating API server configuration.
    • Adds wire-level TLS handshake enforcement for non MicroShift/HyperShift clusters based on the configured TLS security profile.
    • TLS-related tests automatically skip when the TLSAdherence gate is disabled.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

New extended apiserver tests add TLSAdherence feature-gate gating, validate spec.tlsAdherence dry-run updates, check apiservers/cluster authorization, and assert wire-level TLS handshake behavior for legacy-adhering components.

Changes

TLSAdherence Integration Tests

Layer / File(s) Summary
Feature gate and suite setup
test/extended/apiserver/tls_adherence.go
Adds TLSAdherence gate detection from featuregate/cluster and skips the suite when the gate is disabled.
Spec validation
test/extended/apiserver/tls_adherence.go
Adds dry-run update and patch tests for invalid spec.tlsAdherence values and verifies both supported policy values are accepted.
Access checks
test/extended/apiserver/tls_adherence.go
Adds SubjectAccessReview coverage for update and get on config.openshift.io/v1 apiservers/cluster.
Wire-level TLS enforcement
test/extended/apiserver/tls_adherence.go
Adds a TLS connection test that derives expected handshake behavior from TLSSecurityProfile and checks legacy-adhering components against it.

TLS Minimum Versions Context Setup

Layer / File(s) Summary
Local context initialization
test/extended/apiserver/tls.go
TestTLSMinimumVersions initializes a local background context before subsequent API and config requests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning FAIL: the serial It mutates cluster-scoped apiservers/cluster and its DeferCleanup returns early when TLSAdherence was unset, so the cluster can be left in StrictAllComponents. Always restore a default value in cleanup (e.g. LegacyAdheringComponentsOnly) and split the wire-level checks from the API validation/auth tests.
✅ Passed checks (14 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: adding an E2E test for the TLSAdherence field.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All new Ginkgo Describe/It titles are static string literals; no dynamic IDs, dates, names, or formatted titles were introduced.
Microshift Test Compatibility ✅ Passed PASS: each new It has [apigroup:config.openshift.io], and the serial wire-level test also skips MicroShift at runtime.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PASS: The new test only uses API/SAR/port-forward checks and skips MicroShift/HyperShift; it never counts or requires multiple nodes or HA topology.
Topology-Aware Scheduling Compatibility ✅ Passed E2E tests only; no manifests/controllers or scheduling constraints (nodeSelector, affinity, spread, replica logic) were added.
Ote Binary Stdout Contract ✅ Passed No stdout writes were added in process-level code; the new code only uses test-case logging/printing inside It blocks and helpers.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The new Ginkgo tests use cluster-internal services and localhost port-forwards only; no IPv4 literals, IPv4-only parsing, or public internet connectivity were added.
No-Weak-Crypto ✅ Passed The patch adds only TLS version checks; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons were introduced.
Container-Privileges ✅ Passed Changed files are Go E2E tests only; no privileged/host* fields, SYS_ADMIN, runAsUser:0, or allowPrivilegeEscalation:true were present.
No-Sensitive-Data-In-Logs ✅ Passed No added logging exposes passwords/tokens/PII; new output is limited to test diagnostics like namespaces, TLS modes, and user names.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: richardsonnick
Once this PR has been reviewed and has the lgtm label, please assign smg247 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot requested review from p0lyn0mial and sjenning June 16, 2026 18:08

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/extended/apiserver/tls_adherence.go`:
- Around line 120-131: The test assertion in the It block does not account for
the optional spec.tlsAdherence field being unset. Since the field is marked as
optional with omitempty and the test comment acknowledges "when set", the
apiServer.Spec.TLSAdherence value may be nil, causing the BeElementOf assertion
to fail even when the state is valid. Either guard the assertion with a nil
check that conditionally validates only when the field is set, or add the
nil/zero value to the validValues slice so that an unset field is considered a
valid state.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 328d6dfb-fe5e-4dfc-a5f3-811d6c04d0e2

📥 Commits

Reviewing files that changed from the base of the PR and between b3b98a0 and 1f5851c.

📒 Files selected for processing (1)
  • test/extended/apiserver/tls_adherence.go

Comment thread test/extended/apiserver/tls_adherence.go Outdated
Comment thread test/extended/apiserver/tls_adherence.go Outdated
Comment on lines +63 to +81
g.It("[FeatureGate:TLSAdherence] should have TLSAdherence listed as enabled in featuregate/cluster status [apigroup:config.openshift.io]", func(ctx context.Context) {
fg, err := oc.AdminConfigClient().ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{})
o.Expect(err).NotTo(o.HaveOccurred(), "failed to get featuregate/cluster")

found := false
for _, featureGateValues := range fg.Status.FeatureGates {
for _, enabledGate := range featureGateValues.Enabled {
if enabledGate.Name == tlsAdherenceFeatureGateName {
found = true
break
}
}
if found {
break
}
}
o.Expect(found).To(o.BeTrue(),
"TLSAdherence must appear in featuregate/cluster .status.featureGates[].enabled[].name")
})

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't hurt to verify this, but I don't think this should count toward the 5 tests, the intent of which are more functional rather than verifying assumptions.

Comment on lines +134 to +147
// Test 5 – verify that no cluster operator is degraded when the TLSAdherence feature gate is active.
g.It("[FeatureGate:TLSAdherence] should not have any degraded cluster operators [apigroup:config.openshift.io]", func(ctx context.Context) {
coList, err := oc.AdminConfigClient().ConfigV1().ClusterOperators().List(ctx, metav1.ListOptions{})
o.Expect(err).NotTo(o.HaveOccurred(), "failed to list clusteroperators")

for _, co := range coList.Items {
for _, condition := range co.Status.Conditions {
if condition.Type == configv1.OperatorDegraded && condition.Status == configv1.ConditionTrue {
g.Fail(fmt.Sprintf("cluster operator %q is degraded: %s: %s",
co.Name, condition.Reason, condition.Message))
}
}
}
})

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is a different kind of test that we can implement that essentially continuously monitors the cluster to verify an invariant is never violated. The way this test is implemented, you'll only get a point in time verification, which would likely result in false negatives.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

Comment thread test/extended/apiserver/tls_adherence.go Outdated
Comment thread test/extended/apiserver/tls_adherence.go
@openshift-ci openshift-ci Bot added the ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review label Jun 21, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@richardsonnick

Copy link
Copy Markdown
Author

/test ?

@richardsonnick

Copy link
Copy Markdown
Author

/test e2e-aws-ovn-single-node-techpreview

@richardsonnick

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
test/extended/apiserver/tls_adherence.go (1)

198-210: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Verify Go's short-circuit case evaluation here is intentional and safe.

The case original.Spec.TLSSecurityProfile == nil, original.Spec.TLSSecurityProfile.Type == ...: pattern relies on Go evaluating case expressions left-to-right and stopping at the first match, which prevents a nil dereference when TLSSecurityProfile is nil. This is correct per the Go spec but is a subtle pattern worth a one-line comment for future maintainers, since it's easy to mistakenly "fix" by reordering.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/extended/apiserver/tls_adherence.go` around lines 198 - 210, Add a brief
inline comment in the switch over original.Spec.TLSSecurityProfile explaining
that the nil check must come first because Go evaluates case expressions
left-to-right, so the Type access is safe only after the nil case
short-circuits; keep this near the tlsShouldWork/tlsShouldNotWork setup in tls
adherence test logic so future readers do not reorder the cases.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/extended/apiserver/tls_adherence.go`:
- Around line 184-196: The cleanup in the APIServer TLS adherence test does not
actually restore the documented fallback when original.Spec.TLSAdherence was
unset, so the cluster can remain at StrictAllComponents after the test. Update
the DeferCleanup logic in tls_adherence.go to explicitly set the APIServer spec
back to LegacyAdheringComponentsOnly when the original value was empty, and only
skip the update when that fallback is already present; keep the existing restore
path for the APIServer client update using original.Spec.TLSAdherence and the
APIServers().Update flow.

---

Nitpick comments:
In `@test/extended/apiserver/tls_adherence.go`:
- Around line 198-210: Add a brief inline comment in the switch over
original.Spec.TLSSecurityProfile explaining that the nil check must come first
because Go evaluates case expressions left-to-right, so the Type access is safe
only after the nil case short-circuits; keep this near the
tlsShouldWork/tlsShouldNotWork setup in tls adherence test logic so future
readers do not reorder the cases.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 967b6fb4-7f0d-4fb5-a7a4-7f1da3dc89df

📥 Commits

Reviewing files that changed from the base of the PR and between f72bc40 and a910371.

📒 Files selected for processing (2)
  • test/extended/apiserver/tls.go
  • test/extended/apiserver/tls_adherence.go
✅ Files skipped from review due to trivial changes (1)
  • test/extended/apiserver/tls.go

Comment thread test/extended/apiserver/tls_adherence.go
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

Tests that apiservers/cluster spec.tlsAdherence:
- rejects invalid values (422 Invalid via dry-run)
- accepts and reflects all valid values (dry-run)
- is only writable by cluster-admins (SubjectAccessReview)
- does not leave cluster operators degraded

Also labels the existing TestTLSMinimumVersions and TestTLSDefaults
wire-level TLS tests with [FeatureGate:TLSAdherence] so they count
toward the openshift/api verify-feature-promotion Sippy check.
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@richardsonnick

Copy link
Copy Markdown
Author

/test ci/prow/e2e-vsphere-ovn

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@richardsonnick: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-csi
/test e2e-aws-jenkins
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-image-registry
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-builds
/test e2e-gcp-ovn-image-ecosystem
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi
/test go-verify-deps
/test images
/test lint
/test okd-scos-images
/test unit
/test verify
/test verify-deps
/test verify-image-manifest-lists

The following commands are available to trigger optional jobs:

/test e2e-agnostic-ovn-cmd
/test e2e-aws-disruptive
/test e2e-aws-etcd-certrotation
/test e2e-aws-etcd-recovery
/test e2e-aws-ovn
/test e2e-aws-ovn-cgroupsv2
/test e2e-aws-ovn-dra-example
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-etcd-scaling
/test e2e-aws-ovn-kube-apiserver-rollout
/test e2e-aws-ovn-kubevirt
/test e2e-aws-ovn-serial-fast
/test e2e-aws-ovn-serial-ipsec
/test e2e-aws-ovn-serial-publicnet-1of2
/test e2e-aws-ovn-serial-publicnet-2of2
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-single-node-serial
/test e2e-aws-ovn-single-node-techpreview
/test e2e-aws-ovn-single-node-techpreview-serial
/test e2e-aws-ovn-single-node-upgrade
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-upgrade-rollback
/test e2e-aws-ovn-upi
/test e2e-aws-proxy
/test e2e-aws-tls-observed-config
/test e2e-aws-tls-observed-config-fips
/test e2e-aws-tls-observed-config-hypershift
/test e2e-azure
/test e2e-azure-ovn-etcd-scaling
/test e2e-azure-ovn-upgrade
/test e2e-baremetalds-kubevirt
/test e2e-external-aws
/test e2e-external-aws-ccm
/test e2e-external-vsphere-ccm
/test e2e-gcp-disruptive
/test e2e-gcp-fips-serial-1of2
/test e2e-gcp-fips-serial-2of2
/test e2e-gcp-ovn-etcd-scaling
/test e2e-gcp-ovn-kube-apiserver-rollout
/test e2e-gcp-ovn-rt-upgrade
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-techpreview-pkiconfig
/test e2e-gcp-ovn-techpreview-serial-1of2
/test e2e-gcp-ovn-techpreview-serial-2of2
/test e2e-gcp-ovn-usernamespace
/test e2e-hypershift-conformance
/test e2e-metal-ipi-ovn
/test e2e-metal-ipi-ovn-bgp-virt-dualstack
/test e2e-metal-ipi-ovn-bgp-virt-dualstack-techpreview
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-dualstack-bgp
/test e2e-metal-ipi-ovn-dualstack-bgp-local-gw
/test e2e-metal-ipi-ovn-dualstack-local-gateway
/test e2e-metal-ipi-ovn-kube-apiserver-rollout
/test e2e-metal-ipi-serial-1of2
/test e2e-metal-ipi-serial-2of2
/test e2e-metal-ipi-serial-ovn-ipv6-1of2
/test e2e-metal-ipi-serial-ovn-ipv6-2of2
/test e2e-metal-ipi-virtualmedia
/test e2e-metal-ovn-single-node-live-iso
/test e2e-metal-ovn-single-node-with-worker-live-iso
/test e2e-metal-ovn-two-node-arbiter
/test e2e-metal-ovn-two-node-fencing
/test e2e-metal-ovn-two-node-fencing-recovery
/test e2e-openstack-dualstack-v6primary
/test e2e-openstack-ovn
/test e2e-openstack-serial
/test e2e-vsphere-ovn-etcd-scaling
/test okd-scos-e2e-aws-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-origin-main-go-verify-deps
pull-ci-openshift-origin-main-images
pull-ci-openshift-origin-main-lint
pull-ci-openshift-origin-main-okd-scos-images
pull-ci-openshift-origin-main-unit
pull-ci-openshift-origin-main-verify
pull-ci-openshift-origin-main-verify-deps
Details

In response to this:

/test ci/prow/e2e-vsphere-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@richardsonnick

Copy link
Copy Markdown
Author

/test ci/prow/e2e-vsphere-ovn

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@richardsonnick: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-csi
/test e2e-aws-jenkins
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-image-registry
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-builds
/test e2e-gcp-ovn-image-ecosystem
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi
/test go-verify-deps
/test images
/test lint
/test okd-scos-images
/test unit
/test verify
/test verify-deps
/test verify-image-manifest-lists

The following commands are available to trigger optional jobs:

/test e2e-agnostic-ovn-cmd
/test e2e-aws-disruptive
/test e2e-aws-etcd-certrotation
/test e2e-aws-etcd-recovery
/test e2e-aws-ovn
/test e2e-aws-ovn-cgroupsv2
/test e2e-aws-ovn-dra-example
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-etcd-scaling
/test e2e-aws-ovn-kube-apiserver-rollout
/test e2e-aws-ovn-kubevirt
/test e2e-aws-ovn-serial-fast
/test e2e-aws-ovn-serial-ipsec
/test e2e-aws-ovn-serial-publicnet-1of2
/test e2e-aws-ovn-serial-publicnet-2of2
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-single-node-serial
/test e2e-aws-ovn-single-node-techpreview
/test e2e-aws-ovn-single-node-techpreview-serial
/test e2e-aws-ovn-single-node-upgrade
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-upgrade-rollback
/test e2e-aws-ovn-upi
/test e2e-aws-proxy
/test e2e-aws-tls-observed-config
/test e2e-aws-tls-observed-config-fips
/test e2e-aws-tls-observed-config-hypershift
/test e2e-azure
/test e2e-azure-ovn-etcd-scaling
/test e2e-azure-ovn-upgrade
/test e2e-baremetalds-kubevirt
/test e2e-external-aws
/test e2e-external-aws-ccm
/test e2e-external-vsphere-ccm
/test e2e-gcp-disruptive
/test e2e-gcp-fips-serial-1of2
/test e2e-gcp-fips-serial-2of2
/test e2e-gcp-ovn-etcd-scaling
/test e2e-gcp-ovn-kube-apiserver-rollout
/test e2e-gcp-ovn-rt-upgrade
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-techpreview-pkiconfig
/test e2e-gcp-ovn-techpreview-serial-1of2
/test e2e-gcp-ovn-techpreview-serial-2of2
/test e2e-gcp-ovn-usernamespace
/test e2e-hypershift-conformance
/test e2e-metal-ipi-ovn
/test e2e-metal-ipi-ovn-bgp-virt-dualstack
/test e2e-metal-ipi-ovn-bgp-virt-dualstack-techpreview
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-dualstack-bgp
/test e2e-metal-ipi-ovn-dualstack-bgp-local-gw
/test e2e-metal-ipi-ovn-dualstack-local-gateway
/test e2e-metal-ipi-ovn-kube-apiserver-rollout
/test e2e-metal-ipi-serial-1of2
/test e2e-metal-ipi-serial-2of2
/test e2e-metal-ipi-serial-ovn-ipv6-1of2
/test e2e-metal-ipi-serial-ovn-ipv6-2of2
/test e2e-metal-ipi-virtualmedia
/test e2e-metal-ovn-single-node-live-iso
/test e2e-metal-ovn-single-node-with-worker-live-iso
/test e2e-metal-ovn-two-node-arbiter
/test e2e-metal-ovn-two-node-fencing
/test e2e-metal-ovn-two-node-fencing-recovery
/test e2e-openstack-dualstack-v6primary
/test e2e-openstack-ovn
/test e2e-openstack-serial
/test e2e-vsphere-ovn-etcd-scaling
/test okd-scos-e2e-aws-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-origin-main-go-verify-deps
pull-ci-openshift-origin-main-images
pull-ci-openshift-origin-main-lint
pull-ci-openshift-origin-main-okd-scos-images
pull-ci-openshift-origin-main-unit
pull-ci-openshift-origin-main-verify
pull-ci-openshift-origin-main-verify-deps
Details

In response to this:

/test ci/prow/e2e-vsphere-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@richardsonnick: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-ovn b1744bd link true /test e2e-vsphere-ovn
ci/prow/e2e-aws-csi b1744bd link true /test e2e-aws-csi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants