Skip to content

ROSAENG-60112 | test: add tests for OIDC commands#3316

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:masterfrom
olucasfreitas:ROSAENG-60112-3E
Jul 6, 2026
Merged

ROSAENG-60112 | test: add tests for OIDC commands#3316
openshift-merge-bot[bot] merged 1 commit into
openshift:masterfrom
olucasfreitas:ROSAENG-60112-3E

Conversation

@olucasfreitas

@olucasfreitas olucasfreitas commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Summary

Add focused tests for 4 OIDC-related commands, all previously at 0% coverage. Tests target functions that return errors or are pure, without needing to refactor the legacy os.Exit pattern.

Detailed Description of the Issue

The OIDC commands are required for the STS cluster creation flow and had no automated test coverage. This PR adds tests for the testable internals: strategy factory functions, exported helpers that return errors, and pure command builders.

Related Issues and PRs

Type of Change

  • test

Previous Behavior

No automated test coverage for cmd/create/oidcconfig, cmd/create/oidcprovider, cmd/dlt/oidcconfig, or cmd/dlt/oidcprovider.

Behavior After This Change

15 new test cases across 4 commands:

Command Tests What's covered
cmd/create/oidcconfig 7 getOidcConfigStrategy factory (5 cases), ManagedAutoStrategy.executeNoExit (2 cases)
cmd/create/oidcprovider 3 CreateOIDCProvider exported function with OCM + AWS mocks
cmd/dlt/oidcconfig 4 getOidcConfigStrategy factory (4 cases)
cmd/dlt/oidcprovider 1 buildCommand pure function

Intentionally skipped: cmd/register/oidcconfig (no extracted helpers that return errors).

How to Test (Step-by-Step)

Test Steps

  1. go test ./cmd/create/oidcconfig/... ./cmd/create/oidcprovider/... ./cmd/dlt/oidcconfig/... ./cmd/dlt/oidcprovider/... -count=1
  2. go vet ./cmd/create/oidcconfig/... ./cmd/create/oidcprovider/... ./cmd/dlt/oidcconfig/... ./cmd/dlt/oidcprovider/...

Expected Results

  • All tests pass
  • go vet clean

Breaking Changes

  • No breaking changes

Developer Verification Checklist

  • Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
  • PR description clearly explains both what changed and why.
  • Relevant Jira/GitHub issues and related PRs are linked.
  • make install-hooks has been run in this clone.
  • Tests were added/updated where appropriate.
  • make test passes.
  • make lint passes.
  • Any risk, limitation, or follow-up work is documented.

Summary by CodeRabbit

  • Tests

    • Added new Ginkgo/Gomega test suites for creating and deleting OIDC configs and creating OIDC providers.
    • Verified strategy selection for auto vs manual modes, including invalid-mode error handling.
    • Added coverage for success and failure scenarios using mocked API and cloud responses.
    • Introduced Go test suite entrypoints so specs run via go test.
  • Chores

    • Updated Tekton task bundle digests in e2e pipeline runs.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

This pull request adds Ginkgo/Gomega test coverage for OIDC config creation, OIDC provider creation, and OIDC config deletion strategy selection. It also adds suite entrypoints for the new test packages. Separately, it updates pinned Tekton bundle digests for git-clone-oci-ta, source-build-oci-ta, and apply-tags in four PipelineRun manifests.

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning The specs are focused, but most Gomega checks are bare Expect(...).To(HaveOccurred())/NotTo(...) with no diagnostic messages. Add short failure messages to the new assertions (especially error checks) so failures identify the behavior under test.
✅ Passed checks (14 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise, follows the repository format, and accurately summarizes the main change: adding OIDC command tests.
Description check ✅ Passed The description covers the required template sections with clear summary, issue context, related work, test plan, and checklist.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All new Ginkgo titles are static strings; no timestamps, UUIDs, generated names, or title concatenation found in the changed test files.
Microshift Test Compatibility ✅ Passed The new specs are unit tests using mocks/httptest only; they don't reference unsupported OpenShift APIs, namespaces, or MicroShift-sensitive features.
Single Node Openshift (Sno) Test Compatibility ✅ Passed The new Ginkgo tests are unit-style, using mocked API/AWS helpers and no node/topology assumptions or SNO-specific skips were found.
Topology-Aware Scheduling Compatibility ✅ Passed Only Ginkgo/Gomega tests and Tekton PipelineRun digest bumps were changed; no deployments, controllers, or pod scheduling fields were added.
Ote Binary Stdout Contract ✅ Passed Changed files are tests/suite entrypoints only; no stdout writes, init/TestMain/BeforeSuite hooks, or log redirection issues were added.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed New Ginkgo tests only use mocked runtimes/API stubs and example.com strings; no IPv4 literals, ParseIP/CIDR, or live internet calls found.
No-Weak-Crypto ✅ Passed Touched files contain no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, no custom crypto, and no secret/token comparisons; only sha256 bundle digests.
Container-Privileges ✅ Passed No manifest sets privileged/hostPID/hostNetwork/hostIPC/allowPrivilegeEscalation/SYS_ADMIN; only a parameter description mentions “privileged mode.”
No-Sensitive-Data-In-Logs ✅ Passed No new logging/printing was added in the changed files; only tests and Tekton bundle updates with synthetic data and secret placeholders.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 1, 2026
@olucasfreitas olucasfreitas changed the title ROSAENG-60112 | test: add tests for OIDC commands (Phase 3E) ROSAENG-60112 | test: add tests for OIDC commands Jul 1, 2026
@olucasfreitas

Copy link
Copy Markdown
Contributor Author

/test all

@olucasfreitas olucasfreitas marked this pull request as ready for review July 1, 2026 23:14
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 1, 2026
@openshift-ci openshift-ci Bot requested review from amandahla and marcolan018 July 1, 2026 23:14

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
cmd/create/oidcprovider/cmd_test.go (1)

25-51: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Minor duplication in mock response setup.

The OidcConfig/OidcThumbprint responder setup (Lines 30-40) is duplicated verbatim in the failure spec (Lines 72-82). Could be extracted into a small helper to reduce repetition.

Also applies to: 67-94

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/create/oidcprovider/cmd_test.go` around lines 25 - 51, The OidcConfig and
OidcThumbprint responder setup in the CreateOIDCProvider test is duplicated
across the success and failure specs, so extract that repeated mock setup into a
small helper and reuse it from the CreateOIDCProvider test cases. Keep the
helper close to the existing test code and have it encapsulate the shared
t.ApiServer.AppendHandlers calls while preserving the existing oidcConfigId and
issuerUrl inputs used by CreateOIDCProvider.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@cmd/create/oidcprovider/cmd_test.go`:
- Around line 25-51: The OidcConfig and OidcThumbprint responder setup in the
CreateOIDCProvider test is duplicated across the success and failure specs, so
extract that repeated mock setup into a small helper and reuse it from the
CreateOIDCProvider test cases. Keep the helper close to the existing test code
and have it encapsulate the shared t.ApiServer.AppendHandlers calls while
preserving the existing oidcConfigId and issuerUrl inputs used by
CreateOIDCProvider.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0e4f8200-6bca-4860-b279-b612113584af

📥 Commits

Reviewing files that changed from the base of the PR and between dc110e6 and 0862aee.

📒 Files selected for processing (8)
  • cmd/create/oidcconfig/cmd_test.go
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
  • cmd/create/oidcprovider/cmd_test.go
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
  • cmd/dlt/oidcprovider/cmd_test.go
  • cmd/dlt/oidcprovider/oidcprovider_suite_test.go

Comment thread cmd/create/oidcprovider/cmd_test.go
Comment thread cmd/dlt/oidcprovider/cmd_test.go Outdated
Comment thread cmd/dlt/oidcprovider/cmd_test.go Outdated
@olucasfreitas

Copy link
Copy Markdown
Contributor Author

/override ci/prow/security

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@olucasfreitas: Overrode contexts on behalf of olucasfreitas: ci/prow/security

Details

In response to this:

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@olucasfreitas

olucasfreitas commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@amandahla @jerichokeyne ready for review when you can

Comment thread .tekton/rosa-cli-e2e-test-pull-request.yaml
@amandahla

Copy link
Copy Markdown
Contributor

/approve

Add focused tests for 3 OIDC-related commands, all previously at 0%
coverage. Tests target functions that return errors or are pure, without
needing to refactor the legacy os.Exit pattern.

- cmd/create/oidcconfig: getOidcConfigStrategy factory (5 cases) and
  ManagedAutoStrategy.executeNoExit (2 cases via OCM mock)
- cmd/create/oidcprovider: CreateOIDCProvider exported function (4 cases
  with OCM + AWS mocks, including FetchOidcThumbprint failure)
- cmd/dlt/oidcconfig: getOidcConfigStrategy factory (4 cases)

Skip cmd/dlt/oidcprovider (buildCommand is a commandbuilder pass-through
already covered by pkg/aws/commandbuilder tests) and
cmd/register/oidcconfig (no extracted helpers that return errors).
@amandahla

Copy link
Copy Markdown
Contributor

/approve
/lgtm

@olucasfreitas

Copy link
Copy Markdown
Contributor Author

/override ci/prow/security

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 6, 2026
@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla, olucasfreitas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [amandahla,olucasfreitas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla, olucasfreitas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [amandahla,olucasfreitas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@olucasfreitas: Overrode contexts on behalf of olucasfreitas: ci/prow/security

Details

In response to this:

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
cmd/create/oidcconfig/cmd_test.go (1)

67-81: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider asserting the IssuerUrl side effect too.

executeNoExit also sets s.oidcConfigInput.IssuerUrl from the created config before returning the ID (per cmd.go's executeNoExit). Asserting this would tighten coverage of the success path.

Suggested addition
 			id, err := strategy.executeNoExit(t.RosaRuntime)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(id).To(Equal("managed-oidc-123"))
+			Expect(input.IssuerUrl).To(Equal("https://oidc.managed.example.com"))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/create/oidcconfig/cmd_test.go` around lines 67 - 81, The success test for
CreateManagedOidcConfigAutoStrategy only checks the returned ID, but
executeNoExit also mutates oidcConfigInput.IssuerUrl from the created OIDC
config. Update the test around executeNoExit to assert that the input’s
IssuerUrl is set to the expected issuer URL alongside the existing ID assertion,
using the CreateManagedOidcConfigAutoStrategy and OidcConfigInput symbols to
locate the flow.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@cmd/create/oidcconfig/cmd_test.go`:
- Around line 67-81: The success test for CreateManagedOidcConfigAutoStrategy
only checks the returned ID, but executeNoExit also mutates
oidcConfigInput.IssuerUrl from the created OIDC config. Update the test around
executeNoExit to assert that the input’s IssuerUrl is set to the expected issuer
URL alongside the existing ID assertion, using the
CreateManagedOidcConfigAutoStrategy and OidcConfigInput symbols to locate the
flow.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 6e3b42bb-2a53-4044-b0c8-2aa3ebe094de

📥 Commits

Reviewing files that changed from the base of the PR and between dcc52c6 and ffbb313.

📒 Files selected for processing (10)
  • .tekton/rosa-cli-e2e-test-pull-request.yaml
  • .tekton/rosa-cli-e2e-test-push.yaml
  • .tekton/rosa-pull-request.yaml
  • .tekton/rosa-push.yaml
  • cmd/create/oidcconfig/cmd_test.go
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
  • cmd/create/oidcprovider/cmd_test.go
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
✅ Files skipped from review due to trivial changes (3)
  • .tekton/rosa-pull-request.yaml
  • cmd/create/oidcprovider/oidcprovider_suite_test.go
  • .tekton/rosa-push.yaml
🚧 Files skipped from review as they are similar to previous changes (4)
  • cmd/dlt/oidcconfig/oidcconfig_suite_test.go
  • cmd/create/oidcconfig/oidcconfig_suite_test.go
  • cmd/dlt/oidcconfig/cmd_test.go
  • cmd/create/oidcprovider/cmd_test.go

@olucasfreitas

Copy link
Copy Markdown
Contributor Author

/override ci/prow/security

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@olucasfreitas: Overrode contexts on behalf of olucasfreitas: ci/prow/security

Details

In response to this:

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@olucasfreitas: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 28.33%. Comparing base (f61ec2a) to head (ffbb313).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3316      +/-   ##
==========================================
+ Coverage   28.03%   28.33%   +0.29%     
==========================================
  Files         334      334              
  Lines       36710    36710              
==========================================
+ Hits        10293    10401     +108     
+ Misses      25663    25552     -111     
- Partials      754      757       +3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@openshift-merge-bot openshift-merge-bot Bot merged commit b698dbf into openshift:master Jul 6, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants