storage, tests, cdi_upload: Verify CDI upload in primary UDN namespace

[Anatw]

What this PR does / why we need it:

Add a regression test that uploads a disk image to a DataVolume in a PUDN namespace. This tests regression for bug CNV-58018 (CDI upload proxy could not reach the uploader pod in namespaces with a primary UDN).

Which issue(s) this PR fixes:

Special notes for reviewer:

jira-ticket:

NONE

Summary by CodeRabbit

• Tests
  • Added module-scoped pytest fixtures to provision an isolated Layer2 UDN environment for storage upload validation, including deterministic subnet configuration and readiness checks.
  • Added an end-to-end virtctl image upload test that creates a DataVolume in the provisioned namespace, verifies the upload result, and waits for the DataVolume to reach a successful state.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2372d7a6-9652-4747-887e-68a496084fad

📥 Commits

Reviewing files that changed from the base of the PR and between f935701 and 0682593.

📒 Files selected for processing (2)

• tests/storage/cdi_upload/conftest.py
• tests/storage/cdi_upload/test_upload_virtctl.py

---

📝 Walkthrough

Walkthrough

Adds UDN-backed CDI upload test coverage by introducing two pytest fixtures (udn_namespace_for_dv_upload, primary_udn_for_upload) in conftest.py that provision a dedicated namespace and a Primary Layer2 UDN with seeded /24 subnet and persistent IPAM, and a new virtctl upload test that validates DataVolume success in that UDN namespace.

Changes

UDN-backed CDI Upload Test

Layer / File(s)	Summary
UDN namespace and Primary Layer2 UDN fixtures tests/storage/cdi_upload/conftest.py	Imports UDN creation helpers and seeded subnet utility. Defines udn_namespace_for_dv_upload (creates a dedicated namespace) and primary_udn_for_upload (provisions a persistent-IPAM Layer2 UDN with a deterministic /24 subnet, waits for allocation success before yielding).
virtctl upload test in UDN namespace tests/storage/cdi_upload/test_upload_virtctl.py	Adds test_virtctl_image_upload_dv_in_pudn_namespace (marked sno, polarion CNV-16270): creates a DataVolume via virtctl_upload_dv in the UDN namespace, calls check_upload_virtctl_result, then waits for dv.wait_for_dv_success.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

new-tests

Suggested reviewers

• kgoldbla
• kshvaika
• dalia-frank
• Ahmad-Hafe
• josemacassan
• acinko-rh
• jpeimer

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a regression test for CDI upload functionality in a primary UDN namespace, directly corresponding to the test additions in the changeset.
Description check	✅ Passed	The PR description includes all required template sections: purpose (regression test for CNV-58018), which issue fixed (none), special notes for reviewers (none needed), and jira-ticket field properly marked as NONE.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stp Link Required	✅ Passed	New test function has Jira link with required skip marker in docstring: "Jira: https://redhat.atlassian.net/browse/CNV-58018 # "

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Linked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped RedHatQE/openshift-virtualization-tests-design-docs.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message
• /security-override - Set security check runs to pass (maintainers only)
• /security-override cancel - Re-run security checks

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest verify-bugs-are-open - verify-bugs-are-open
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3
• /cherry-pick-retry <branch> - Retry a failed cherry-pick (merged PRs only)

Branch Management

• /rebase - Rebase this PR branch onto its base branch

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
5. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• jpeimer

Reviewers:

• Ahmad-Hafe
• acinko-rh
• dalia-frank
• ema-aka-young
• josemacassan
• jpeimer
• kgoldbla
• kshvaika

Available Labels

• hold
• verified
• wip
• lgtm
• approve

AI Features

• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

Security Checks

• Suspicious Path Detection: Monitors paths: .claude/, .vscode/, .cursor/, .devcontainer/, .pi/, .github/workflows/, .github/actions/
• Committer Identity Check: Verifies last committer matches PR author
• Mandatory: Security checks block merge (use /security-override to bypass — maintainers only)

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[openshift-virtualization-qe-bot]

D/S test tox -e verify-tc-requirement-polarion failed: cnv-tests-tox-executor/29116

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/storage/cdi_upload/test_upload_virtctl.py`:
- Around line 418-423: The test function
`test_virtctl_image_upload_dv_in_pudn_namespace` declares `download_image` as a
function parameter but never uses its return value, only its side effects.
Remove `download_image` from the function parameters and add it to the existing
`@pytest.mark.usefixtures` decorator alongside `primary_udn_for_upload` to
explicitly declare the fixture dependency without creating an unused-argument
lint warning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: d928feea-57f4-4c4d-8b7e-48034824af0c

📥 Commits

Reviewing files that changed from the base of the PR and between eee54e9 and 629d196.

📒 Files selected for processing (2)

• tests/storage/cdi_upload/conftest.py
• tests/storage/cdi_upload/test_upload_virtctl.py

[jpeimer]

/approve
/lgtm

[Anatw]

/build-and-push-container

[openshift-virtualization-qe-bot-2]

New container for quay.io/openshift-cnv/openshift-virtualization-tests:pr-5214 published

[Anatw]

/verified

Tested on net-awax-422
Openshift version: 4.22.0-rc.5
CNV version: 4.22.0
HCO image: brew.registry.redhat.io/rh-osbs/iib:1152053

openshift-virtualization-tests-runner/5690
PYTEST_PARAMS: -s -o log_cli=true -m tier2 --jira tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv_in_pudn_namespace
=== 1 deselected, 1 xpassed, 3 warnings in 87.48s (0:01:27) =====

[openshift-virtualization-qe-bot-3]

@coderabbitai

Test execution plan request details

CRITICAL: You MUST post an inline review comment on the first changed line of the first file.
The inline comment should contain the full Test Execution Plan (smoke decision, gating decision, and specific affected tests).
Do NOT submit a blocking review event (REQUEST_CHANGES/APPROVE).
Post a single inline PR comment on Files Changed (non-blocking COMMENT flow).

As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan.
You will post an inline review comment with the test execution plan on the first changed file.
If you fail to run or post a comment, retry.

Analysis Requirements:

1. Examine code changes in each modified file

2. Identify affected code paths, functions, and classes

3. Analyze pytest-specific elements: fixtures (scope, dependencies), parametrization, markers, conftest changes

4. Trace test dependencies through imports, shared utilities, fixture inheritance, fixture teardown, and yield from cleanup in conftest

5. Detect new tests introduced in the PR

6. Utilities and libs impact (when utilities/ or libs/ changes):
   You MUST use shell scripts (rg, git diff) to trace the full impact.
   Follow these sub-steps in order:

   6a. Identify modified symbols: For each changed file under utilities/ or libs/,
   list every modified function or method.
   Example: git diff HEAD~1 --unified=0 -- utilities/hco.py | grep '^[+-]def '

   6b. Find direct callers: Search tests and conftest for each symbol from 6a.
   Example: rg -l 'get_hco_version' tests/

   6c. Trace fixture teardown and cleanup: Find fixtures that reach
   the modified symbol through yield from or context-manager wrappers.
   Example: rg -l 'yield from.*enable_common_boot|def.*enable_common_boot' tests/

   6d. Trace same-file callers: In each changed file, find other functions
   whose body calls a modified symbol (including code after yield
   in @contextmanager helpers).
   Example: rg 'get_hco_version|enable_common_boot' utilities/hco.py

   6e. Expand transitively: If function A calls modified B, then
   tests/fixtures that call A are affected — even when the test body
   never imports B directly.

   Do NOT limit impact to tests that import the modified symbol only.

7. Smoke test impact: Intersect the affected set from step 6 with smoke-marked tests.
   Run: rg -l '@pytest.mark.smoke' tests/
   VERIFY the above command returned actual file paths before concluding False.
   Set True if either condition is met:

   • a smoke-marked file appears in the affected set from 6b-6e, OR
   • any conftest.py in the smoke test's parent-directory hierarchy (up to repo root)
     imports or calls a modified utilities/libs symbol — including autouse fixtures
     that depend on modified functions. ALL tests in that directory and below are affected.
     Example check: for each smoke_file, scan dirname(smoke_file)/conftest.py,
     dirname(dirname(smoke_file))/conftest.py, etc. for modified symbol imports
     and autouse fixtures that depend on modified symbols.

8. Gating test impact: Intersect the affected set from step 6 with gating-marked tests.
   Run: rg -l '@pytest.mark.gating' tests/
   Set True if a gating-marked file also appears in the affected set from 6b-6e.
   Utilities/libs changes often affect gating tests without affecting smoke tests.
   Do NOT stop analysis after concluding Run smoke tests: False.

Output rules:
Do NOT include analysis step numbers (1-8) in your visible output.

Your deliverable:
Your inline informational comment will be based on the following requirements:

Test Execution Plan

• Run smoke tests: True / False — If True, state the dependency path (test → fixture → changed symbol). True ONLY with a verified path.
• Run gating tests: True / False — If True, state the dependency path. True if any gating-marked test is in the affected set.
• Affected tests to run (required when utilities/, libs/, or shared conftest changes — list concrete paths even when smoke is False)

Use these formats:

• path/to/test_file.py - When the entire test file needs verification
• path/to/test_file.py::TestClass::test_method - When specific test(s) needed
• path/to/test_file.py::test_function - When specific test(s) needed
• -m marker - When a marker covers multiple affected tests (e.g. -m gating only if ALL gating tests in scope need run)
• Tag each listed test or group with its marker when not obvious, e.g. (gating) or (smoke)

Real test commands (MANDATORY when changes affect session/runtime code):

When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
config hooks, session-scoped setup) or modifies runtime behavior that unit tests mock away,
you MUST include concrete pytest commands the PR author must run on a real cluster
to verify the change works end-to-end. Include:

• A command for the error/fix path (the scenario the PR fixes)
• A command for the happy path (regression: the normal case still works)
• Use lightweight tests (e.g., --collect-only for startup failures,
  a single small test for runtime behavior)
  If the PR only changes test logic (not utilities/libs/conftest), the affected test
  paths themselves serve as the real test commands — no separate section needed.

Example output for a session-startup fix:

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=nonexistent-sc --collect-only`
Expected: ValueError with clear message, not IndexError

Happy path (regression):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=<valid-sc> -k test_bar`
Expected: session starts normally

Guidelines:

• Include tests affected directly OR via fixture setup/teardown, yield from cleanup, or transitive utility call chains (caller calls modified helper)
• Use a full file path only if ALL tests in that file require verification
• Use file path + test name when only specific tests use an affected fixture or utility wrapper (preferred for partial file impact)
• If a test marker can cover multiple files/tests, provide the marker
• Balance coverage vs over-testing - Keep descriptions minimal
• Example: if leaf helper foo() changes, include tests whose fixture teardown calls wrapper bar() where bar() calls foo(), even when the test body only imports an unrelated symbol from the same utilities module

Hardware-Related Checks (SR-IOV, GPU, DPDK):

When PR modifies fixtures for hardware-specific resources:

• Collection Safety: Fixtures MUST have existence checks (return None when hardware unavailable)
• Test Plan: MUST verify both WITH and WITHOUT hardware:
  • Run affected tests on cluster WITH hardware
  • Verify collection succeeds on cluster WITHOUT hardware

CRITICAL WORKFLOW COMPLETION RULES:

When responding to this test execution plan request, you MUST follow these rules EXACTLY:

1. YOUR ONLY DELIVERABLE: Post one non-blocking inline comment containing the test execution plan on the first changed line
2. THEN STOP IMMEDIATELY - Do NOT generate any additional response
3. FALLBACK ONLY: If inline comment API calls fail after retrying, post as a regular PR comment
4. SILENCE = SUCCESS: After successfully submitting the review, your task is complete. No confirmation needed.

ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):

• ❌ Do NOT post acknowledgment messages like "Test execution plan posted", "Review posted successfully", "I've successfully posted"
• ❌ Do NOT mention review IDs, URLs, or confirmation of posting in the PR thread
• ❌ Do NOT add any follow-up comments after submitting the review
• ❌ Do NOT reply to confirm task completion
• ❌ Do NOT explain what you did - just do it and stop

Remember: The pull request review is visible to users. Additional comments are redundant noise.

CRITICAL — Verification rules for smoke and gating decisions:
- For each True decision, you must have traced a concrete path: test file → fixture → utility function → modified symbol.
- Do NOT assume impact based on scope, file proximity, or infrastructure-sounding names.
Only set True when you trace a concrete path through steps 6a-6e, then 7 or 8.
WRONG: "utilities/hco.py changed → run smoke" (no traced dependency path)
WRONG: "Run smoke tests: False" with no affected-test list when gating tests use the changed utility
RIGHT: "Run smoke tests: False, Run gating tests: True" plus tests/.../test_foo.py::TestBar::test_baz (gating)
RIGHT: "Smoke test X uses fixture Y → wrapper Z → changed function W in utilities/hco.py"

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get the PR diff to identify first changed file and first changed line
gh pr view 5214 --repo RedHatQE/openshift-virtualization-tests --json files --jq '.files[].path'

# Check for smoke-marked tests in cdi_upload directory
rg -n '`@pytest.mark.smoke`' tests/storage/cdi_upload/ 2>/dev/null || echo "No smoke tests in cdi_upload"

# Check for gating-marked tests in cdi_upload directory  
rg -n '`@pytest.mark.gating`' tests/storage/cdi_upload/ 2>/dev/null || echo "No gating tests in cdi_upload"

# Check all smoke test files in repo
rg -l '`@pytest.mark.smoke`' tests/ 2>/dev/null | head -20

# Check all gating test files in repo
rg -l '`@pytest.mark.gating`' tests/ 2>/dev/null | head -20

# Check if new fixtures in conftest are used anywhere else
rg -rn 'udn_namespace_for_dv_upload\|primary_udn_for_upload' tests/ 2>/dev/null

# Get the PR diff to find specific line numbers in the first changed file
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5214/files --jq '.[0] | {filename: .filename, patch: .patch}'

Length of output: 4333

---

🏁 Script executed:

#!/bin/bash
# Post inline review comment on first changed line of conftest.py
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5214/reviews \
  --method POST \
  --field event="COMMENT" \
  --field body="" \
  --field "comments[][path]=tests/storage/cdi_upload/conftest.py" \
  --field "comments[][line]=10" \
  --field "comments[][side]=RIGHT" \
  --field "comments[][body]=**Test Execution Plan**

**Run smoke tests: False**
No traced path from the new non-autouse fixtures (\`udn_namespace_for_dv_upload\`, \`primary_udn_for_upload\`) to any smoke-marked test. The smoke test at \`test_upload_virtctl.py:154\` does not depend on the new fixtures.

**Run gating tests: False**
No traced path from the new fixtures to the gating-marked test at \`test_upload_virtctl.py:233\`. That test does not use \`udn_namespace_for_dv_upload\` or \`primary_udn_for_upload\`.

**Affected tests to run**

\`\`\`
tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv_in_pudn_namespace
\`\`\`
(new test, \`@pytest.mark.sno\`, validates CDI upload proxy reachability in a Primary UDN namespace — the scenario fixed by CNV-58018)"

Length of output: 2932

---

---

[yossisegev]

Thank you

[Anatw]

/check-can-merge

[Anatw]

Change: rebase on main

[openshift-virtualization-qe-bot]

D/S test tox -e verify-tc-requirement-polarion failed: cnv-tests-tox-executor/29256

[Anatw]

/verified

No code changes - #5214 (comment)

[openshift-virtualization-qe-bot-5]

Clean rebase detected — no code changes compared to previous head (f935701).
The following labels were preserved: verified, approved-jpeimer, lgtm-yossisegev, commented-Anatw, lgtm-jpeimer, commented-coderabbitai[bot], lgtm-coderabbitai[bot].

[RoniKishner]

What is the reason for setting udn_namespace_for_dv_upload and also primary_udn_for_upload module scope ?
If you only need them for a single test test_virtctl_image_upload_dv_in_pudn_namespace shouldn't you delete them at the end of the test?

[Anatw]

It was requested by Jenia - #5214 (comment)

[rnetser]

@Anatw it was raised as a question; there is not point in having these with borader scope than needed. moreover, module scope does not align with the test descirption which is function scope

@jpeimer why was the borader scope requested?