OLS-2077 - Enabling cert rotation tests.

[sriroopar]

Description

Enabling certificate rotation e2e tests with modifications to adapt with recent changes on pod starts/restarts.

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

After enabling and modifying, this test was run across operator HEAD.

[sriroopar]

/retest

[JoaoFula]

/lgtm

[onmete]

Two findings from code review — both about failure-mode clarity, not correctness of the happy path.

[onmete]

The return value of wait_for_ols() is discarded here. If OLS never becomes ready within 300s, the test continues silently and fails at the query step with a misleading error.

Other callers in the codebase (conftest.py, adapt_ols_config.py, data_collector_control.py) all check the return value.

Suggestion:

Suggested change

	wait_for_ols(pytest.ols_url, timeout=300, interval=10)
	assert wait_for_ols(pytest.ols_url, timeout=300, interval=10), \
	"OLS did not become ready after CA certificate rotation"

[onmete]

Addressed in 8e5000f — return value is now asserted.

[onmete]

If all 6 attempts of _query_succeeds raise exceptions (e.g. ConnectionError), response stays None. The assertion failure message f"OLS returned {response.status_code}..." then raises AttributeError, masking the real failure.

Suggestion:

status = response.status_code if response is not None else "no response (all attempts raised)"
assert retry_until_timeout_or_success(
    6,
    30,
    _query_succeeds,
    "Retrying query while route stabilizes after CA cert rotation",
), f"OLS returned {status} after CA certificate rotation"

[onmete]

Addressed in 8e5000f — response is guarded against None in the f-string. Also nice additions: type annotation on response and return type on _query_succeeds.

[onmete]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: onmete

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [onmete]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[onmete]

/lgtm

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 893b643 and 2 for PR HEAD dd50c91 in total

[sriroopar]

/retest

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 9096652 and 1 for PR HEAD dd50c91 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 055844b and 0 for PR HEAD dd50c91 in total

[openshift-merge-bot]

/hold

Revision dd50c91 was retested 3 times: holding

[JoaoFula]

/retest

[sriroopar]

/test e2e-ols-cluster

[openshift-ci]

@sriroopar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ols-cluster	dd50c91	link	true	/test e2e-ols-cluster

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.