From 0c32f87f37d202a914802349c47e3c79b88c509e Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:32:27 +0200 Subject: [PATCH 01/16] USHIFT-6743: promote Start MicroShift Without Waiting keyword to shared resource Move `Start MicroShift Without Waiting For Systemd Readiness` from lifecycle.robot into microshift-process.resource so it can be reused by the new apiserver-readiness.robot test. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/resources/microshift-process.resource | 14 ++++++++++++++ test/suites/osconfig/lifecycle.robot | 13 ------------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/test/resources/microshift-process.resource b/test/resources/microshift-process.resource index d9134680ff..d9d7758be0 100644 --- a/test/resources/microshift-process.resource +++ b/test/resources/microshift-process.resource @@ -108,6 +108,20 @@ Disable MicroShift [Documentation] Disable the MicroShift service Systemctl disable microshift.service +Start MicroShift Without Waiting For Systemd Readiness + [Documentation] Starts MicroShift without waiting for daemon readiness + ... (which happens after all internal services/components declare ready + ... (close ready channel)), so it can be interrupted (restarted) mid startup. + + ${stdout} ${stderr} ${rc}= Execute Command + ... systemctl start microshift --no-block + ... sudo=True + ... return_stdout=True + ... return_stderr=True + ... return_rc=True + Log Many ${stdout} ${stderr} ${rc} + Should Be Equal As Integers ${rc} 0 + Cleanup MicroShift [Documentation] Cleanup MicroShift data [Arguments] ${cmd}="--all" ${opt}=${EMPTY} diff --git a/test/suites/osconfig/lifecycle.robot b/test/suites/osconfig/lifecycle.robot index 3b8a397190..8b8662d62f 100644 --- a/test/suites/osconfig/lifecycle.robot +++ b/test/suites/osconfig/lifecycle.robot @@ -68,16 +68,3 @@ Restarting MicroShift Should Be Successful On First Try ... return_stderr=True ... return_rc=True Should Be Equal As Integers 0 ${rc} - -Start MicroShift Without Waiting For Systemd Readiness - [Documentation] Starts MicroShift without waiting for daemon readiness - ... (which happens after all internal services/components declare ready - ... (close ready channel)), so it can be interrupted (restarted) mid startup. - - ${stdout} ${stderr} ${rc}= Execute Command - ... systemctl start microshift --no-block - ... sudo=True - ... return_stdout=True - ... return_stderr=True - ... return_rc=True - Should Be Equal As Integers 0 ${rc} From fd5734ce097a6c0f9e612197add382f890b4a220 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:32:35 +0200 Subject: [PATCH 02/16] USHIFT-6743: add shared kustomize-test.resource for manifest test keywords Add reusable keywords for deploying/cleaning up kustomize test manifests (Deploy Test Manifests, Remove Manifest Directory, ConfigMap Should Not Exist). Used by kustomize-sources.robot and drop-in-config.robot. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/resources/kustomize-test.resource | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 test/resources/kustomize-test.resource diff --git a/test/resources/kustomize-test.resource b/test/resources/kustomize-test.resource new file mode 100644 index 0000000000..ccacfeb740 --- /dev/null +++ b/test/resources/kustomize-test.resource @@ -0,0 +1,41 @@ +*** Settings *** +Documentation Keywords for deploying and cleaning up kustomize test manifests + +Resource microshift-host.resource +Resource kubeconfig.resource + + +*** Keywords *** +Deploy Test Manifests + [Documentation] Create a kustomization that deploys a configmap in the given namespace + [Arguments] ${manifest_dir} ${namespace} ${configmap_name}=test-configmap + Command Should Work mkdir -p ${manifest_dir} + ${kustomization}= Catenate SEPARATOR=\n + ... resources: + ... - configmap.yaml + ... namespace: ${namespace} + Upload String To File ${kustomization} ${manifest_dir}/kustomization.yaml + ${configmap}= Catenate SEPARATOR=\n + ... apiVersion: v1 + ... kind: ConfigMap + ... metadata: + ... \ \ name: ${configmap_name} + ... data: + ... \ \ path: ${manifest_dir} + Upload String To File ${configmap} ${manifest_dir}/configmap.yaml + +Remove Manifest Directory + [Documentation] Completely remove a manifest directory under /etc/microshift + [Arguments] ${manifest_dir} + Should Not Be Empty ${manifest_dir} + Should Start With ${manifest_dir} /etc/microshift/ + Command Should Work rm -rf ${manifest_dir} + +ConfigMap Should Not Exist + [Documentation] Verify the configmap was not created in the namespace + [Arguments] ${namespace} ${configmap_name}=test-configmap + ${stdout} ${rc}= Run With Kubeconfig + ... oc get configmap ${configmap_name} -n ${namespace} + ... allow_fail=True return_rc=True + Should Not Be Equal As Integers ${rc} 0 + Should Contain ${stdout} NotFound From ab5625bcf3964146ae2bbe765e9bce5ce793f223 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:32:43 +0200 Subject: [PATCH 03/16] USHIFT-6743: add config search path test to show-config.robot Replaces Ginkgo test 62959: MicroShift must not read config from ~/.microshift/config.yaml. Verifies that only /etc/microshift/ config files are picked up by show-config --mode effective. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/suites/configuration/show-config.robot | 35 ++++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/test/suites/configuration/show-config.robot b/test/suites/configuration/show-config.robot index 0fed4844c4..dcd07688cd 100644 --- a/test/suites/configuration/show-config.robot +++ b/test/suites/configuration/show-config.robot @@ -12,10 +12,17 @@ Suite Teardown Teardown *** Variables *** -${MEMLIMIT256} SEPARATOR=\n -... --- -... etcd: -... \ \ memoryLimitMB: 256 +${MEMLIMIT256} SEPARATOR=\n +... --- +... etcd: +... \ \ memoryLimitMB: 256 + +${MEMLIMIT180} SEPARATOR=\n +... --- +... etcd: +... \ \ memoryLimitMB: 180 + +${HOME_CONFIG_DIR} /root/.microshift *** Test Cases *** @@ -52,6 +59,26 @@ Mode Unknown ... sudo=True return_rc=True Should Not Be Equal As Integers 0 ${rc} +Home Directory Config File Is Ignored + [Documentation] MicroShift should not read config from ~/.microshift/config.yaml. + ... Only /etc/microshift/config.yaml (and config.d/ drop-ins) should be used. + [Setup] Run Keywords + ... Command Should Work mkdir -p ${HOME_CONFIG_DIR} + ... AND + ... Upload String To File ${MEMLIMIT180} ${HOME_CONFIG_DIR}/config.yaml + + ${config}= Show Config effective + Should Not Be Equal As Integers 180 ${config.etcd.memoryLimitMB} + + Drop In MicroShift Config ${MEMLIMIT180} 10-memlimit + ${config}= Show Config effective + Should Be Equal As Integers 180 ${config.etcd.memoryLimitMB} + + [Teardown] Run Keywords + ... Command Should Work rm -f ${HOME_CONFIG_DIR}/config.yaml + ... AND + ... Remove Drop In MicroShift Config 10-memlimit + *** Keywords *** Setup From 4dc04ed5ed9396b2ee6a5a219b59c22e69ec4d84 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:01 +0200 Subject: [PATCH 04/16] USHIFT-6743: add case-insensitive log level tests Replaces Ginkgo test 63099: validates that MicroShift accepts log levels in any case variation (normal, Debug, TRACE, TraceAll). Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/suites/configuration/logging.robot | 53 +++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 test/suites/configuration/logging.robot diff --git a/test/suites/configuration/logging.robot b/test/suites/configuration/logging.robot new file mode 100644 index 0000000000..7a404d98a1 --- /dev/null +++ b/test/suites/configuration/logging.robot @@ -0,0 +1,53 @@ +*** Settings *** +Documentation Tests for case-insensitive log level parsing + +Resource ../../resources/common.resource +Resource ../../resources/microshift-config.resource +Resource ../../resources/microshift-process.resource +Library ../../resources/journalctl.py + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart slow + + +*** Test Cases *** +Case Insensitive Log Levels + [Documentation] MicroShift should accept log levels in any case variation. + [Template] MicroShift Should Accept Log Level + + normal + Debug + TRACE + TraceAll + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + +Teardown + [Documentation] Test suite teardown + Remove Drop In MicroShift Config 10-loglevel + Restart MicroShift + Logout MicroShift Host + Remove Kubeconfig + +MicroShift Should Accept Log Level + [Documentation] Set log level via drop-in config, restart, and verify + ... that MicroShift logs the configured level. + [Arguments] ${level} + + ${config}= Catenate SEPARATOR=\n + ... debugging: + ... \ \ logLevel: ${level} + Drop In MicroShift Config ${config} 10-loglevel + + ${cursor}= Get Journal Cursor + Restart MicroShift + + Pattern Should Appear In Log Output ${cursor} logLevel.*${level} From 6830ffd7905dee13326b7d7acad0ee40dc8fa6c2 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:03 +0200 Subject: [PATCH 05/16] USHIFT-6743: add data directory isolation test Replaces Ginkgo test 62987: verifies MicroShift only uses /var/lib/microshift/ for data and does not populate the legacy ~/.microshift/data/ path. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/suites/configuration/data-dir.robot | 63 ++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 test/suites/configuration/data-dir.robot diff --git a/test/suites/configuration/data-dir.robot b/test/suites/configuration/data-dir.robot new file mode 100644 index 0000000000..f2dc92fff5 --- /dev/null +++ b/test/suites/configuration/data-dir.robot @@ -0,0 +1,63 @@ +*** Settings *** +Documentation Tests that MicroShift only uses /var/lib/microshift for data storage + +Resource ../../resources/common.resource +Resource ../../resources/microshift-host.resource +Resource ../../resources/microshift-process.resource + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart + + +*** Variables *** +${HOME_DATA_DIR} /root/.microshift/data +${GLOBAL_RESOURCES} /var/lib/microshift/resources + + +*** Test Cases *** +MicroShift Does Not Use Home Directory For Data + [Documentation] MicroShift should only use /var/lib/microshift/ for data. + ... The legacy search path ~/.microshift/data/ must not be populated. + Command Should Work mkdir -p ${HOME_DATA_DIR} + Command Should Work find ${HOME_DATA_DIR} -mindepth 1 -delete + + Command Should Work find ${GLOBAL_RESOURCES} -mindepth 1 -delete + Directory Should Be Empty ${GLOBAL_RESOURCES} + + Restart MicroShift + + Directory Should Be Empty ${HOME_DATA_DIR} + Wait Until Keyword Succeeds 40x 5s + ... Directory Should Not Be Empty ${GLOBAL_RESOURCES} + + [Teardown] Run Keywords + ... Command Should Work rm -rf /root/.microshift + ... AND + ... Restart MicroShift + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + +Teardown + [Documentation] Test suite teardown + Logout MicroShift Host + Remove Kubeconfig + +Directory Should Be Empty + [Documentation] Verify that a directory contains no files or subdirectories + [Arguments] ${path} + ${stdout}= Command Should Work find ${path} -mindepth 1 -maxdepth 1 | wc -l + Should Be Equal As Strings ${stdout.strip()} 0 Directory ${path} is not empty + +Directory Should Not Be Empty + [Documentation] Verify that a directory contains at least one file or subdirectory + [Arguments] ${path} + ${stdout}= Command Should Work find ${path} -mindepth 1 -maxdepth 1 | wc -l + Should Not Be Equal As Strings ${stdout.strip()} 0 Directory ${path} is empty From c7049d66c69bf8297f16d5f3b252bcce53bef79b Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:05 +0200 Subject: [PATCH 06/16] USHIFT-6743: add drop-in config merge and override tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces Ginkgo test 76468: verifies drop-in config directory semantics — higher-numbered files override arrays (kustomizePaths, subjectAltNames) while maps merge across config.yaml and drop-ins. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../suites/configuration/drop-in-config.robot | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 test/suites/configuration/drop-in-config.robot diff --git a/test/suites/configuration/drop-in-config.robot b/test/suites/configuration/drop-in-config.robot new file mode 100644 index 0000000000..b01bebcb31 --- /dev/null +++ b/test/suites/configuration/drop-in-config.robot @@ -0,0 +1,130 @@ +*** Settings *** +Documentation Tests for drop-in configuration directory merge and override semantics + +Resource ../../resources/common.resource +Resource ../../resources/kustomize-test.resource +Resource ../../resources/microshift-config.resource +Resource ../../resources/microshift-host.resource +Resource ../../resources/microshift-process.resource +Resource ../../resources/oc.resource +Library ../../resources/DataFormats.py + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart slow + + +*** Variables *** +${MANIFEST_DIR_A} /etc/microshift/manifests.d/dropin-test-a +${MANIFEST_DIR_B} /etc/microshift/manifests.d/dropin-test-b + +${KUSTOMIZE_A} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: +... \ \ \ \ - /etc/microshift/manifests.d/dropin-test-a + +${KUSTOMIZE_B} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: +... \ \ \ \ - /etc/microshift/manifests.d/dropin-test-b + +${SAN_10} SEPARATOR=\n +... apiServer: +... \ \ subjectAltNames: +... \ \ \ \ - test1.example.com + +${SAN_20} SEPARATOR=\n +... apiServer: +... \ \ subjectAltNames: +... \ \ \ \ - test2.example.com + +${ETCD_MEM} SEPARATOR=\n +... etcd: +... \ \ memoryLimitMB: 180 + +${DEBUG_LEVEL} SEPARATOR=\n +... debugging: +... \ \ logLevel: debug + + +*** Test Cases *** +Drop In Sets Kustomize Paths + [Documentation] A drop-in config file can set kustomizePaths and manifests are loaded from it. + Drop In MicroShift Config ${KUSTOMIZE_A} 10-kustomize + Deploy Test Manifests ${MANIFEST_DIR_A} dropin-ns-a + Restart MicroShift + Wait Until Keyword Succeeds 10x 10s + ... Oc Get configmap dropin-ns-a test-configmap + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Manifest Directory ${MANIFEST_DIR_A} + ... AND Oc Delete namespace dropin-ns-a --ignore-not-found + ... AND Restart MicroShift + +Higher Numbered Drop In Overrides Array + [Documentation] When two drop-ins set the same array field, the higher-numbered + ... file wins (arrays are replaced, not merged). + Drop In MicroShift Config ${KUSTOMIZE_A} 10-kustomize + Drop In MicroShift Config ${KUSTOMIZE_B} 20-kustomize + Deploy Test Manifests ${MANIFEST_DIR_A} dropin-ns-a2 + Deploy Test Manifests ${MANIFEST_DIR_B} dropin-ns-b + + Restart MicroShift + + Wait Until Keyword Succeeds 10x 10s + ... Oc Get configmap dropin-ns-b test-configmap + ConfigMap Should Not Exist dropin-ns-a2 + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Drop In MicroShift Config 20-kustomize + ... AND Remove Manifest Directory ${MANIFEST_DIR_A} + ... AND Remove Manifest Directory ${MANIFEST_DIR_B} + ... AND Oc Delete namespace dropin-ns-a2 --ignore-not-found + ... AND Oc Delete namespace dropin-ns-b --ignore-not-found + ... AND Restart MicroShift + +SAN Arrays Are Replaced Not Merged + [Documentation] SubjectAltNames is an array field. A higher-numbered drop-in + ... should replace the array, not merge with the lower-numbered one. + ... Verified via show-config without restarting to avoid breaking API access. + Drop In MicroShift Config ${SAN_10} 10-san + Drop In MicroShift Config ${SAN_20} 20-san + + ${config}= Show Config effective + Should Contain ${config.apiServer.subjectAltNames.__repr__()} test2.example.com + Should Not Contain ${config.apiServer.subjectAltNames.__repr__()} test1.example.com + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-san + ... AND Remove Drop In MicroShift Config 20-san + +Map Fields Merge Across Drop Ins + [Documentation] Map-type fields should merge across config.yaml and drop-ins. + ... Settings from different map keys should all be present. + ... Verified via show-config without restarting. + Drop In MicroShift Config ${ETCD_MEM} 10-etcd + Drop In MicroShift Config ${DEBUG_LEVEL} 20-debug + + ${config}= Show Config effective + Should Be Equal As Integers 180 ${config.etcd.memoryLimitMB} + Should Be Equal As Strings debug ${config.debugging.logLevel} + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-etcd + ... AND Remove Drop In MicroShift Config 20-debug + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + +Teardown + [Documentation] Test suite teardown + Logout MicroShift Host + Remove Kubeconfig From dc99dde907829eaf29c1c1d770237ac236cadad6 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:07 +0200 Subject: [PATCH 07/16] USHIFT-6743: add configurable kustomize paths and glob scanning tests Replaces Ginkgo tests 63217 and 63298: tests empty, single, multiple, null, non-existent, and glob-pattern kustomizePaths configurations. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../configuration/kustomize-sources.robot | 171 ++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 test/suites/configuration/kustomize-sources.robot diff --git a/test/suites/configuration/kustomize-sources.robot b/test/suites/configuration/kustomize-sources.robot new file mode 100644 index 0000000000..7248a8b863 --- /dev/null +++ b/test/suites/configuration/kustomize-sources.robot @@ -0,0 +1,171 @@ +*** Settings *** +Documentation Tests for configurable kustomize manifest paths and glob pattern scanning + +Resource ../../resources/common.resource +Resource ../../resources/kustomize-test.resource +Resource ../../resources/microshift-config.resource +Resource ../../resources/microshift-host.resource +Resource ../../resources/microshift-process.resource +Resource ../../resources/oc.resource +Library ../../resources/DataFormats.py + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart slow + + +*** Variables *** +${CONFIGMAP_NAME} test-configmap +${MANIFEST_DIR_1} /etc/microshift/manifests.d/ksrc-test-1 +${MANIFEST_DIR_2} /etc/microshift/manifests.d/ksrc-test-2 +${GLOB_BASE} /etc/microshift/manifests.d/ksrc-glob +${GLOB_DIR_A} /etc/microshift/manifests.d/ksrc-glob/app-a +${GLOB_DIR_B} /etc/microshift/manifests.d/ksrc-glob/app-b + +${EMPTY_PATHS} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: [] + +${SINGLE_PATH} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: +... \ \ \ \ - /etc/microshift/manifests.d/ksrc-test-1 + +${MULTI_PATHS} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: +... \ \ \ \ - /etc/microshift/manifests.d/ksrc-test-1 +... \ \ \ \ - /etc/microshift/manifests.d/ksrc-test-2 + +${NULL_PATHS} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: + +${GLOB_PATHS} SEPARATOR=\n +... manifests: +... \ \ kustomizePaths: +... \ \ \ \ - /etc/microshift/manifests.d/ksrc-glob/*/ + + +*** Test Cases *** +Empty Kustomize Paths Disables Manifests + [Documentation] Setting kustomizePaths to an empty list disables all manifest loading. + Deploy Test Manifests ${MANIFEST_DIR_1} ksrc-empty-ns + Drop In MicroShift Config ${EMPTY_PATHS} 10-kustomize + + Restart MicroShift + + ConfigMap Should Not Exist ksrc-empty-ns + + [Teardown] Cleanup Kustomize Test ksrc-empty-ns ${MANIFEST_DIR_1} + +Single Kustomize Path + [Documentation] Setting a single kustomizePath should load manifests only from that path. + Deploy Test Manifests ${MANIFEST_DIR_1} ksrc-single-ns + Drop In MicroShift Config ${SINGLE_PATH} 10-kustomize + + Restart MicroShift + + Wait Until Keyword Succeeds 20x 10s + ... Oc Get configmap ksrc-single-ns ${CONFIGMAP_NAME} + + [Teardown] Cleanup Kustomize Test ksrc-single-ns ${MANIFEST_DIR_1} + +Multiple Kustomize Paths + [Documentation] Multiple paths in kustomizePaths should all be loaded. + Deploy Test Manifests ${MANIFEST_DIR_1} ksrc-multi-ns-1 + Deploy Test Manifests ${MANIFEST_DIR_2} ksrc-multi-ns-2 + Drop In MicroShift Config ${MULTI_PATHS} 10-kustomize + + Restart MicroShift + + Wait Until Keyword Succeeds 20x 10s + ... Oc Get configmap ksrc-multi-ns-1 ${CONFIGMAP_NAME} + Wait Until Keyword Succeeds 20x 10s + ... Oc Get configmap ksrc-multi-ns-2 ${CONFIGMAP_NAME} + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Manifest Directory ${MANIFEST_DIR_1} + ... AND Remove Manifest Directory ${MANIFEST_DIR_2} + ... AND Oc Delete namespace ksrc-multi-ns-1 --ignore-not-found + ... AND Oc Delete namespace ksrc-multi-ns-2 --ignore-not-found + ... AND Restart MicroShift + +Path Without Kustomization File Is Ignored + [Documentation] A path that exists but has no kustomization.yaml should be silently ignored. + Command Should Work mkdir -p ${MANIFEST_DIR_1} + Drop In MicroShift Config ${SINGLE_PATH} 10-kustomize + + Restart MicroShift + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Manifest Directory ${MANIFEST_DIR_1} + ... AND Restart MicroShift + +Non Existent Path Is Ignored + [Documentation] A non-existent path in kustomizePaths should be silently ignored. + Drop In MicroShift Config ${SINGLE_PATH} 10-kustomize + + Restart MicroShift + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Restart MicroShift + +Unset Kustomize Paths Uses Defaults + [Documentation] Setting kustomizePaths to null should result in the default paths. + Drop In MicroShift Config ${NULL_PATHS} 10-kustomize + + ${config}= Show Config effective + ${paths}= Evaluate str(${config.manifests.kustomizePaths}) + Should Contain ${paths} /etc/microshift/manifests + Should Contain ${paths} /etc/microshift/manifests.d/* + Should Contain ${paths} /usr/lib/microshift/manifests + Should Contain ${paths} /usr/lib/microshift/manifests.d/* + + [Teardown] Remove Drop In MicroShift Config 10-kustomize + +Glob Patterns In Kustomize Paths + [Documentation] Glob patterns in kustomizePaths should match subdirectories. + Deploy Test Manifests ${GLOB_DIR_A} ksrc-glob-ns-a + Deploy Test Manifests ${GLOB_DIR_B} ksrc-glob-ns-b + Drop In MicroShift Config ${GLOB_PATHS} 10-kustomize + + Restart MicroShift + + Wait Until Keyword Succeeds 20x 10s + ... Oc Get configmap ksrc-glob-ns-a ${CONFIGMAP_NAME} + Wait Until Keyword Succeeds 20x 10s + ... Oc Get configmap ksrc-glob-ns-b ${CONFIGMAP_NAME} + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Manifest Directory ${GLOB_BASE} + ... AND Oc Delete namespace ksrc-glob-ns-a --ignore-not-found + ... AND Oc Delete namespace ksrc-glob-ns-b --ignore-not-found + ... AND Restart MicroShift + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + +Teardown + [Documentation] Test suite teardown + Logout MicroShift Host + Remove Kubeconfig + +Cleanup Kustomize Test + [Documentation] Standard cleanup for a single-path kustomize test + [Arguments] ${namespace} ${manifest_dir} + Run Keywords + ... Remove Drop In MicroShift Config 10-kustomize + ... AND Remove Manifest Directory ${manifest_dir} + ... AND Oc Delete namespace ${namespace} --ignore-not-found + ... AND Restart MicroShift From 7165f3694ad556f543a91e08b09dad07a4351040 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:09 +0200 Subject: [PATCH 08/16] USHIFT-6743: add audit log profile and rotation tests Replaces Ginkgo tests 72334 and 72340: verifies all four audit profiles (None, Default, WriteRequestBodies, AllRequestBodies) by checking actual audit.log content, and tests log file rotation with maxFileSize and maxFiles constraints. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/suites/configuration/audit-log.robot | 243 ++++++++++++++++++++++ 1 file changed, 243 insertions(+) create mode 100644 test/suites/configuration/audit-log.robot diff --git a/test/suites/configuration/audit-log.robot b/test/suites/configuration/audit-log.robot new file mode 100644 index 0000000000..db0eb2bb66 --- /dev/null +++ b/test/suites/configuration/audit-log.robot @@ -0,0 +1,243 @@ +*** Settings *** +Documentation Tests for audit log profile configuration and log file rotation + +Resource ../../resources/common.resource +Resource ../../resources/microshift-config.resource +Resource ../../resources/microshift-host.resource +Resource ../../resources/microshift-process.resource +Resource ../../resources/oc.resource +Library ../../resources/DataFormats.py + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart slow + + +*** Variables *** +${AUDIT_LOG} /var/log/kube-apiserver/audit.log +${AUDIT_LOG_DIR} /var/log/kube-apiserver +${TEST_NS} audit-test-ns + +${PROFILE_NONE} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ profile: None + +${PROFILE_DEFAULT} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ profile: Default + +${PROFILE_WRITE} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ profile: WriteRequestBodies + +${PROFILE_ALL} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ profile: AllRequestBodies + +${PROFILE_INVALID} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ profile: Unknown + +${ROTATION_CONFIG} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ maxFileSize: 2 +... \ \ \ \ maxFiles: 2 +... \ \ \ \ profile: AllRequestBodies + +${ROTATION_INVALID} SEPARATOR=\n +... apiServer: +... \ \ auditLog: +... \ \ \ \ maxFileSize: invalid +... \ \ \ \ profile: Default + + +*** Test Cases *** +Invalid Audit Profile Prevents Startup + [Documentation] An unrecognized audit profile should prevent MicroShift from starting. + Drop In MicroShift Config ${PROFILE_INVALID} 10-audit + Stop MicroShift + Command Should Fail timeout 30 systemctl start microshift + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Invalid Audit Rotation Values Prevent Startup + [Documentation] Non-integer rotation parameters should prevent MicroShift from starting. + Drop In MicroShift Config ${ROTATION_INVALID} 10-audit + Stop MicroShift + Command Should Fail timeout 30 systemctl start microshift + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Audit Profile None Produces No Logs + [Documentation] With profile None, no audit entries should be written. + Drop In MicroShift Config ${PROFILE_NONE} 10-audit + Restart MicroShift + + VAR ${cm_name}= audit-none-cm + Oc Create configmap ${cm_name} -n ${TEST_NS} + + ${count}= Grep Audit Log Count ${cm_name} + Should Be Equal As Integers ${count} 0 + + [Teardown] Run Keywords + ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found + ... AND Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Audit Profile Default Logs Metadata Only + [Documentation] Default profile should log metadata but not request/response bodies. + Drop In MicroShift Config ${PROFILE_DEFAULT} 10-audit + Restart MicroShift + + VAR ${cm_name}= audit-default-cm + Oc Create configmap ${cm_name} -n ${TEST_NS} + Oc Get configmap ${TEST_NS} ${cm_name} + + ${meta_count}= Grep Audit Log Count ${cm_name} + Should Be True ${meta_count} > 0 + + ${body_count}= Grep Audit Log Bodies Count ${cm_name} + Should Be Equal As Integers ${body_count} 0 + + [Teardown] Run Keywords + ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found + ... AND Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Audit Profile WriteRequestBodies Logs Write Operations + [Documentation] WriteRequestBodies should log request bodies for write operations + ... (create, update, patch, delete) but not for read operations. + Drop In MicroShift Config ${PROFILE_WRITE} 10-audit + Restart MicroShift + + VAR ${cm_name}= audit-write-cm + Oc Create configmap ${cm_name} -n ${TEST_NS} + Oc Get configmap ${TEST_NS} ${cm_name} + + ${write_bodies}= Grep Audit Log Write Bodies ${cm_name} + Should Be True ${write_bodies} > 0 + + ${read_bodies}= Grep Audit Log Read Bodies ${cm_name} + Should Be Equal As Integers ${read_bodies} 0 + + [Teardown] Run Keywords + ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found + ... AND Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Audit Profile AllRequestBodies Logs All Operations + [Documentation] AllRequestBodies should log request bodies for all operations. + Drop In MicroShift Config ${PROFILE_ALL} 10-audit + Restart MicroShift + + VAR ${cm_name}= audit-all-cm + Oc Create configmap ${cm_name} -n ${TEST_NS} + Oc Get configmap ${TEST_NS} ${cm_name} + + ${write_bodies}= Grep Audit Log Write Bodies ${cm_name} + Should Be True ${write_bodies} > 0 + + ${read_bodies}= Grep Audit Log Read Bodies ${cm_name} + Should Be True ${read_bodies} > 0 + + [Teardown] Run Keywords + ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found + ... AND Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + +Audit Log Rotation Respects Max File Size And Count + [Documentation] With maxFileSize=2 (MB) and maxFiles=2, audit log rotation should + ... produce exactly 2 backup files of approximately 2MB each. + Drop In MicroShift Config ${ROTATION_CONFIG} 10-audit + Restart MicroShift + + Wait Until Keyword Succeeds 60x 5s + ... Audit Backup Files Should Match 2 + + [Teardown] Run Keywords + ... Remove Drop In MicroShift Config 10-audit + ... AND Restart MicroShift + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + Oc Delete namespace ${TEST_NS} --ignore-not-found + Oc Create namespace ${TEST_NS} + +Teardown + [Documentation] Test suite teardown + Oc Delete namespace ${TEST_NS} --ignore-not-found + Logout MicroShift Host + Remove Kubeconfig + +Grep Audit Log Count + [Documentation] Count audit log entries matching the resource name + [Arguments] ${resource_name} + ${stdout}= Command Should Work + ... grep -c '"${resource_name}"' ${AUDIT_LOG} || test $? -eq 1 + RETURN ${stdout.strip()} + +Grep Audit Log Bodies Count + [Documentation] Count audit entries with requestObject or responseObject for a resource + [Arguments] ${resource_name} + ${stdout}= Command Should Work + ... grep '"${resource_name}"' ${AUDIT_LOG} | grep -c '"requestObject"\\|"responseObject"' || test $? -eq 1 + RETURN ${stdout.strip()} + +Grep Audit Log Write Bodies + [Documentation] Count audit entries with requestObject for write verbs + [Arguments] ${resource_name} + ${stdout}= Command Should Work + ... grep '"${resource_name}"' ${AUDIT_LOG} | grep -E '"verb":"(create|update|patch|delete)"' | grep -c '"requestObject"' || test $? -eq 1 + RETURN ${stdout.strip()} + +Grep Audit Log Read Bodies + [Documentation] Count audit entries with responseObject for read verbs + [Arguments] ${resource_name} + ${stdout}= Command Should Work + ... grep '"${resource_name}"' ${AUDIT_LOG} | grep -E '"verb":"(get|list|watch)"' | grep -c '"responseObject"' || test $? -eq 1 + RETURN ${stdout.strip()} + +Audit Backup Files Should Match + [Documentation] Verify the expected number of audit backup files exist and each is at least 1MB. + ... Generates API traffic to fill audit logs while waiting. + [Arguments] ${expected_count} + Generate API Traffic + ${stdout}= Command Should Work + ... find ${AUDIT_LOG_DIR} -name 'audit-*.log' -type f | wc -l + Should Be Equal As Strings ${stdout.strip()} ${expected_count} + ${size_count}= Command Should Work + ... find ${AUDIT_LOG_DIR} -name 'audit-*.log' -type f -size +1M | wc -l + Should Be Equal As Strings ${size_count.strip()} ${expected_count} + ... Rotated audit files should each be at least 1MB + +Generate API Traffic + [Documentation] Generate API activity to produce audit log entries. + ... Fails if none of the API operations succeed. + VAR ${successes}= ${0} + FOR ${i} IN RANGE 20 + Run With Kubeconfig oc get pods -A allow_fail=True + ${stdout} ${rc}= Run With Kubeconfig + ... oc create configmap traffic-cm-${i} -n ${TEST_NS} --from-literal=data=padding${{" " * 4096}} + ... allow_fail=True return_rc=True + IF ${rc} == 0 + ${successes}= Evaluate ${successes} + 1 + END + Run With Kubeconfig oc delete configmap traffic-cm-${i} -n ${TEST_NS} --ignore-not-found allow_fail=True + END + Should Be True ${successes} > 0 No API traffic was generated — API server may be down From 464ac00305460c58cd758b409c176aae45bc3cf8 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 12:33:11 +0200 Subject: [PATCH 09/16] USHIFT-6743: add API server readiness rejection test Replaces Ginkgo test 55728: verifies the API server returns HTTP 429 when X-OpenShift-Internal-If-Not-Ready: reject header is sent during startup, preventing clients from using a partially initialized server. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../configuration/apiserver-readiness.robot | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 test/suites/configuration/apiserver-readiness.robot diff --git a/test/suites/configuration/apiserver-readiness.robot b/test/suites/configuration/apiserver-readiness.robot new file mode 100644 index 0000000000..18b996ab36 --- /dev/null +++ b/test/suites/configuration/apiserver-readiness.robot @@ -0,0 +1,62 @@ +*** Settings *** +Documentation Tests that the API server rejects requests during startup + +Resource ../../resources/common.resource +Resource ../../resources/microshift-host.resource +Resource ../../resources/microshift-process.resource + +Suite Setup Setup +Suite Teardown Teardown + +Test Tags restart + + +*** Variables *** +${READINESS_HEADER} X-OpenShift-Internal-If-Not-Ready: reject +${APIS_ENDPOINT} https://localhost:6443/apis + + +*** Test Cases *** +API Server Rejects Requests During Startup + [Documentation] When the X-OpenShift-Internal-If-Not-Ready: reject header is sent + ... and the API server is not yet ready, it should return HTTP 429. + ... This prevents internal clients from using a partially initialized server. + Stop MicroShift + Start MicroShift Without Waiting For Systemd Readiness + + ${found_429}= Poll For 429 During Startup + Should Be True ${found_429} API server did not return 429 during startup + + [Teardown] Restart MicroShift + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Check Required Env Variables + Login MicroShift Host + Setup Kubeconfig + +Teardown + [Documentation] Test suite teardown + Logout MicroShift Host + Remove Kubeconfig + +Poll For 429 During Startup + [Documentation] Poll the API server until we observe a 429 response or the server becomes ready. + ... Returns True if 429 was observed, False otherwise. + VAR ${found}= ${FALSE} + FOR ${i} IN RANGE 300 + ${stdout} ${stderr} ${rc}= Execute Command + ... curl -sk -o /dev/null -w "%{http_code}" -H "${READINESS_HEADER}" ${APIS_ENDPOINT} + ... sudo=True return_stdout=True return_stderr=True return_rc=True + IF "${stdout}" == "429" + VAR ${found}= ${TRUE} + BREAK + END + IF "${stdout}" == "200" or "${stdout}" == "401" or "${stdout}" == "403" + BREAK + END + Sleep 0.2s + END + RETURN ${found} From 155f5580b5517514cdedf49d601fb90ec94130e0 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Wed, 6 May 2026 17:14:36 +0200 Subject: [PATCH 10/16] USHIFT-6743: fix CI failures and rebalance configuration scenarios Deploy Test Manifests now includes a namespace.yaml resource so the target namespace is created alongside the configmap. Escape %{http_code} in curl command as \%{http_code} to prevent Robot Framework from interpreting it as an environment variable. Move audit-log.robot from configuration1 to configuration2 scenario to avoid the 30-minute timeout. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/resources/kustomize-test.resource | 9 +++++- ...uration.sh => el102-src@configuration1.sh} | 4 ++- .../presubmits/el102-src@configuration2.sh | 23 ++++++++++++++ ...> el102-lrel@dual-stack-configuration1.sh} | 3 +- .../el102-lrel@dual-stack-configuration2.sh | 30 +++++++++++++++++++ ...guration.sh => el98-src@configuration1.sh} | 4 ++- .../el9/presubmits/el98-src@configuration2.sh | 23 ++++++++++++++ ...=> el98-lrel@dual-stack-configuration1.sh} | 3 +- .../el98-lrel@dual-stack-configuration2.sh | 30 +++++++++++++++++++ ...uration.sh => cos10-src@configuration1.sh} | 4 ++- .../upstream/cos10-src@configuration2.sh | 23 ++++++++++++++ ...guration.sh => cos9-src@configuration1.sh} | 4 ++- .../upstream/cos9-src@configuration2.sh | 23 ++++++++++++++ ...guration.sh => el98-src@configuration1.sh} | 4 ++- .../presubmits/el98-src@configuration2.sh | 23 ++++++++++++++ ...=> el98-lrel@dual-stack-configuration1.sh} | 3 +- .../el98-lrel@dual-stack-configuration2.sh | 30 +++++++++++++++++++ .../configuration/apiserver-readiness.robot | 2 +- 18 files changed, 235 insertions(+), 10 deletions(-) rename test/scenarios-bootc/el10/presubmits/{el102-src@configuration.sh => el102-src@configuration1.sh} (68%) create mode 100644 test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh rename test/scenarios-bootc/el10/releases/{el102-lrel@dual-stack-configuration.sh => el102-lrel@dual-stack-configuration1.sh} (84%) create mode 100644 test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh rename test/scenarios-bootc/el9/presubmits/{el98-src@configuration.sh => el98-src@configuration1.sh} (68%) create mode 100644 test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh rename test/scenarios-bootc/el9/releases/{el98-lrel@dual-stack-configuration.sh => el98-lrel@dual-stack-configuration1.sh} (84%) create mode 100644 test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh rename test/scenarios-bootc/upstream/{cos10-src@configuration.sh => cos10-src@configuration1.sh} (68%) create mode 100644 test/scenarios-bootc/upstream/cos10-src@configuration2.sh rename test/scenarios-bootc/upstream/{cos9-src@configuration.sh => cos9-src@configuration1.sh} (68%) create mode 100644 test/scenarios-bootc/upstream/cos9-src@configuration2.sh rename test/scenarios/presubmits/{el98-src@configuration.sh => el98-src@configuration1.sh} (68%) create mode 100644 test/scenarios/presubmits/el98-src@configuration2.sh rename test/scenarios/releases/{el98-lrel@dual-stack-configuration.sh => el98-lrel@dual-stack-configuration1.sh} (84%) create mode 100644 test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh diff --git a/test/resources/kustomize-test.resource b/test/resources/kustomize-test.resource index ccacfeb740..f4215e1ad2 100644 --- a/test/resources/kustomize-test.resource +++ b/test/resources/kustomize-test.resource @@ -7,14 +7,21 @@ Resource kubeconfig.resource *** Keywords *** Deploy Test Manifests - [Documentation] Create a kustomization that deploys a configmap in the given namespace + [Documentation] Create a kustomization that deploys a namespace and configmap [Arguments] ${manifest_dir} ${namespace} ${configmap_name}=test-configmap Command Should Work mkdir -p ${manifest_dir} ${kustomization}= Catenate SEPARATOR=\n ... resources: + ... - namespace.yaml ... - configmap.yaml ... namespace: ${namespace} Upload String To File ${kustomization} ${manifest_dir}/kustomization.yaml + ${ns_yaml}= Catenate SEPARATOR=\n + ... apiVersion: v1 + ... kind: Namespace + ... metadata: + ... \ \ name: ${namespace} + Upload String To File ${ns_yaml} ${manifest_dir}/namespace.yaml ${configmap}= Catenate SEPARATOR=\n ... apiVersion: v1 ... kind: ConfigMap diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh similarity index 68% rename from test/scenarios-bootc/el10/presubmits/el102-src@configuration.sh rename to test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh index 21638e158f..47ffa2d77d 100644 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration.sh +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh @@ -12,5 +12,7 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration/ + run_tests host1 \ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh new file mode 100644 index 0000000000..a4dfa7bef5 --- /dev/null +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source + launch_vm rhel102-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration.sh b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh similarity index 84% rename from test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration.sh rename to test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh index bdbb343784..abf14b4f2e 100644 --- a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration.sh +++ b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh @@ -21,5 +21,6 @@ scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh new file mode 100644 index 0000000000..97fd537a36 --- /dev/null +++ b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +start_image="rhel102-bootc-brew-lrel-optional" + +scenario_create_vms() { + exit_if_image_not_found "${start_image}" + + prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}" + launch_vm rhel102-bootc --network "${VM_DUAL_STACK_NETWORK}" --vm_vcpus 4 +} + +scenario_remove_vms() { + exit_if_image_not_found "${start_image}" + + remove_vm host1 +} + +scenario_run_tests() { + exit_if_image_not_found "${start_image}" + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@configuration.sh b/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh similarity index 68% rename from test/scenarios-bootc/el9/presubmits/el98-src@configuration.sh rename to test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh index 936b522034..2060c15b23 100644 --- a/test/scenarios-bootc/el9/presubmits/el98-src@configuration.sh +++ b/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh @@ -12,5 +12,7 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration/ + run_tests host1 \ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh b/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh new file mode 100644 index 0000000000..8e44c92a9e --- /dev/null +++ b/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source + launch_vm rhel98-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration.sh b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh similarity index 84% rename from test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration.sh rename to test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh index d403a60671..950f974d27 100644 --- a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration.sh +++ b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh @@ -21,5 +21,6 @@ scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh new file mode 100644 index 0000000000..56cc55776b --- /dev/null +++ b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +start_image="rhel98-bootc-brew-lrel-optional" + +scenario_create_vms() { + exit_if_image_not_found "${start_image}" + + prepare_kickstart host1 kickstart-bootc.ks.template "${start_image}" + launch_vm rhel98-bootc --network "${VM_DUAL_STACK_NETWORK}" --vm_vcpus 4 +} + +scenario_remove_vms() { + exit_if_image_not_found "${start_image}" + + remove_vm host1 +} + +scenario_run_tests() { + exit_if_image_not_found "${start_image}" + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios-bootc/upstream/cos10-src@configuration.sh b/test/scenarios-bootc/upstream/cos10-src@configuration1.sh similarity index 68% rename from test/scenarios-bootc/upstream/cos10-src@configuration.sh rename to test/scenarios-bootc/upstream/cos10-src@configuration1.sh index bbe0b65d80..1daacaa3a4 100644 --- a/test/scenarios-bootc/upstream/cos10-src@configuration.sh +++ b/test/scenarios-bootc/upstream/cos10-src@configuration1.sh @@ -12,5 +12,7 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration/ + run_tests host1 \ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/upstream/cos10-src@configuration2.sh b/test/scenarios-bootc/upstream/cos10-src@configuration2.sh new file mode 100644 index 0000000000..1395ae1590 --- /dev/null +++ b/test/scenarios-bootc/upstream/cos10-src@configuration2.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template cos10-bootc-source + launch_vm centos10-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios-bootc/upstream/cos9-src@configuration.sh b/test/scenarios-bootc/upstream/cos9-src@configuration1.sh similarity index 68% rename from test/scenarios-bootc/upstream/cos9-src@configuration.sh rename to test/scenarios-bootc/upstream/cos9-src@configuration1.sh index 5ffd5efbe6..4203f3c071 100644 --- a/test/scenarios-bootc/upstream/cos9-src@configuration.sh +++ b/test/scenarios-bootc/upstream/cos9-src@configuration1.sh @@ -12,5 +12,7 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration/ + run_tests host1 \ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios-bootc/upstream/cos9-src@configuration2.sh b/test/scenarios-bootc/upstream/cos9-src@configuration2.sh new file mode 100644 index 0000000000..56d0e3f6d3 --- /dev/null +++ b/test/scenarios-bootc/upstream/cos9-src@configuration2.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template cos9-bootc-source + launch_vm centos9-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios/presubmits/el98-src@configuration.sh b/test/scenarios/presubmits/el98-src@configuration1.sh similarity index 68% rename from test/scenarios/presubmits/el98-src@configuration.sh rename to test/scenarios/presubmits/el98-src@configuration1.sh index eb223e3209..095981151e 100644 --- a/test/scenarios/presubmits/el98-src@configuration.sh +++ b/test/scenarios/presubmits/el98-src@configuration1.sh @@ -12,5 +12,7 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration/ + run_tests host1 \ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios/presubmits/el98-src@configuration2.sh b/test/scenarios/presubmits/el98-src@configuration2.sh new file mode 100644 index 0000000000..8d1bf18f9e --- /dev/null +++ b/test/scenarios/presubmits/el98-src@configuration2.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart.ks.template rhel-9.8-microshift-source + launch_vm rhel-9.8 +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/scenarios/releases/el98-lrel@dual-stack-configuration.sh b/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh similarity index 84% rename from test/scenarios/releases/el98-lrel@dual-stack-configuration.sh rename to test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh index 2a63e3d50d..32b19b49b9 100644 --- a/test/scenarios/releases/el98-lrel@dual-stack-configuration.sh +++ b/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh @@ -21,5 +21,6 @@ scenario_run_tests() { exit_if_commit_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/ + suites/configuration/configuration.robot \ + suites/configuration/kustomize-sources.robot } diff --git a/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh b/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh new file mode 100644 index 0000000000..1a84f2074f --- /dev/null +++ b/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +start_image="rhel98-brew-lrel-optional" + +scenario_create_vms() { + exit_if_commit_not_found "${start_image}" + + prepare_kickstart host1 kickstart.ks.template "${start_image}" + launch_vm rhel-9.8 --network "${VM_DUAL_STACK_NETWORK}" --vm_vcpus 4 +} + +scenario_remove_vms() { + exit_if_commit_not_found "${start_image}" + + remove_vm host1 +} + +scenario_run_tests() { + exit_if_commit_not_found "${start_image}" + run_tests host1 \ + suites/configuration/tls-configuration.robot \ + suites/configuration/drop-in-config.robot \ + suites/configuration/show-config.robot \ + suites/configuration/logging.robot \ + suites/configuration/data-dir.robot \ + suites/configuration/apiserver-readiness.robot \ + suites/configuration/audit-log.robot +} diff --git a/test/suites/configuration/apiserver-readiness.robot b/test/suites/configuration/apiserver-readiness.robot index 18b996ab36..1e535cb71c 100644 --- a/test/suites/configuration/apiserver-readiness.robot +++ b/test/suites/configuration/apiserver-readiness.robot @@ -48,7 +48,7 @@ Poll For 429 During Startup VAR ${found}= ${FALSE} FOR ${i} IN RANGE 300 ${stdout} ${stderr} ${rc}= Execute Command - ... curl -sk -o /dev/null -w "%{http_code}" -H "${READINESS_HEADER}" ${APIS_ENDPOINT} + ... curl -sk -o /dev/null -w "\%{http_code}" -H "${READINESS_HEADER}" ${APIS_ENDPOINT} ... sudo=True return_stdout=True return_stderr=True return_rc=True IF "${stdout}" == "429" VAR ${found}= ${TRUE} From 95b1f2bfe42e761629d12ea1a4a767e83d35fb0c Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Fri, 8 May 2026 14:23:23 +0200 Subject: [PATCH 11/16] USHIFT-6743: add ClusterIP service, SCC admission, CRD validation, and audit log persistence tests Migrate 4 tests from openshift-tests-private: - 10969: ClusterIP service creation with explicit/auto IP, connectivity, error handling, and dry-run verification - 55394: SCC admission controller enforcement of runAsUser, fsGroup, supplementalGroups, and per-namespace UID range isolation - 55677: CRD schema validation and unknown field pruning - 55480: Audit log file existence with correct permissions and ownership Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- test/assets/crd-validation/cr-valid.yaml | 7 ++ test/assets/crd-validation/crd.yaml | 26 +++++++ test/assets/scc/pod-no-user.yaml | 20 ++++++ test/assets/scc/pod-run-as-user-2000.yaml | 21 ++++++ test/assets/scc/pod-security-context.yaml | 24 +++++++ test/suites/configuration/audit-log.robot | 40 ++++++++--- test/suites/configuration/show-config.robot | 2 +- test/suites/standard1/clusterip-service.robot | 72 +++++++++++++++++++ test/suites/standard1/crd-validation.robot | 38 ++++++++++ test/suites/standard1/scc-admission.robot | 60 ++++++++++++++++ 10 files changed, 298 insertions(+), 12 deletions(-) create mode 100644 test/assets/crd-validation/cr-valid.yaml create mode 100644 test/assets/crd-validation/crd.yaml create mode 100644 test/assets/scc/pod-no-user.yaml create mode 100644 test/assets/scc/pod-run-as-user-2000.yaml create mode 100644 test/assets/scc/pod-security-context.yaml create mode 100644 test/suites/standard1/clusterip-service.robot create mode 100644 test/suites/standard1/crd-validation.robot create mode 100644 test/suites/standard1/scc-admission.robot diff --git a/test/assets/crd-validation/cr-valid.yaml b/test/assets/crd-validation/cr-valid.yaml new file mode 100644 index 0000000000..0a12f0c28d --- /dev/null +++ b/test/assets/crd-validation/cr-valid.yaml @@ -0,0 +1,7 @@ +apiVersion: ms.qe.com/v1 +kind: CronTab +metadata: + name: test-crontab +spec: + cronSpec: "* * * * */5" + image: test-image diff --git a/test/assets/crd-validation/crd.yaml b/test/assets/crd-validation/crd.yaml new file mode 100644 index 0000000000..a6f17cdf40 --- /dev/null +++ b/test/assets/crd-validation/crd.yaml @@ -0,0 +1,26 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: crontabs.ms.qe.com +spec: + group: ms.qe.com + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + cronSpec: + type: string + image: + type: string + scope: Namespaced + names: + plural: crontabs + singular: crontab + kind: CronTab diff --git a/test/assets/scc/pod-no-user.yaml b/test/assets/scc/pod-no-user.yaml new file mode 100644 index 0000000000..850a275b05 --- /dev/null +++ b/test/assets/scc/pod-no-user.yaml @@ -0,0 +1,20 @@ +kind: Pod +apiVersion: v1 +metadata: + name: scc-test-pod + labels: + app: scc-test +spec: + terminationGracePeriodSeconds: 0 + containers: + - name: test + image: quay.io/microshift/busybox:1.36 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault diff --git a/test/assets/scc/pod-run-as-user-2000.yaml b/test/assets/scc/pod-run-as-user-2000.yaml new file mode 100644 index 0000000000..8897234f06 --- /dev/null +++ b/test/assets/scc/pod-run-as-user-2000.yaml @@ -0,0 +1,21 @@ +kind: Pod +apiVersion: v1 +metadata: + name: scc-test-pod-2 + labels: + app: scc-test +spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 2000 + containers: + - name: test + image: quay.io/microshift/busybox:1.36 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault diff --git a/test/assets/scc/pod-security-context.yaml b/test/assets/scc/pod-security-context.yaml new file mode 100644 index 0000000000..5ae223f0ef --- /dev/null +++ b/test/assets/scc/pod-security-context.yaml @@ -0,0 +1,24 @@ +kind: Pod +apiVersion: v1 +metadata: + name: scc-test-pod-1 + labels: + app: scc-test +spec: + terminationGracePeriodSeconds: 0 + securityContext: + runAsUser: 1000 + fsGroup: 3000 + supplementalGroups: + - 2000 + containers: + - name: test + image: quay.io/microshift/busybox:1.36 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault diff --git a/test/suites/configuration/audit-log.robot b/test/suites/configuration/audit-log.robot index db0eb2bb66..c1f70a77cd 100644 --- a/test/suites/configuration/audit-log.robot +++ b/test/suites/configuration/audit-log.robot @@ -67,7 +67,8 @@ Invalid Audit Profile Prevents Startup [Teardown] Run Keywords ... Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Restart MicroShift Invalid Audit Rotation Values Prevent Startup [Documentation] Non-integer rotation parameters should prevent MicroShift from starting. @@ -77,7 +78,8 @@ Invalid Audit Rotation Values Prevent Startup [Teardown] Run Keywords ... Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Restart MicroShift Audit Profile None Produces No Logs [Documentation] With profile None, no audit entries should be written. @@ -92,8 +94,10 @@ Audit Profile None Produces No Logs [Teardown] Run Keywords ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found - ... AND Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Remove Drop In MicroShift Config 10-audit + ... AND + ... Restart MicroShift Audit Profile Default Logs Metadata Only [Documentation] Default profile should log metadata but not request/response bodies. @@ -112,8 +116,10 @@ Audit Profile Default Logs Metadata Only [Teardown] Run Keywords ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found - ... AND Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Remove Drop In MicroShift Config 10-audit + ... AND + ... Restart MicroShift Audit Profile WriteRequestBodies Logs Write Operations [Documentation] WriteRequestBodies should log request bodies for write operations @@ -133,8 +139,10 @@ Audit Profile WriteRequestBodies Logs Write Operations [Teardown] Run Keywords ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found - ... AND Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Remove Drop In MicroShift Config 10-audit + ... AND + ... Restart MicroShift Audit Profile AllRequestBodies Logs All Operations [Documentation] AllRequestBodies should log request bodies for all operations. @@ -153,8 +161,17 @@ Audit Profile AllRequestBodies Logs All Operations [Teardown] Run Keywords ... Oc Delete configmap ${cm_name} -n ${TEST_NS} --ignore-not-found - ... AND Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Remove Drop In MicroShift Config 10-audit + ... AND + ... Restart MicroShift + +Audit Log File Exists With Correct Permissions + [Documentation] Verify the audit log file exists at the expected path with correct + ... file permissions and root:root ownership. + ${output}= Command Should Work ls -l ${AUDIT_LOG} + Should Match Regexp ${output} ^-rw + Should Match Regexp ${output} root\\s+root Audit Log Rotation Respects Max File Size And Count [Documentation] With maxFileSize=2 (MB) and maxFiles=2, audit log rotation should @@ -167,7 +184,8 @@ Audit Log Rotation Respects Max File Size And Count [Teardown] Run Keywords ... Remove Drop In MicroShift Config 10-audit - ... AND Restart MicroShift + ... AND + ... Restart MicroShift *** Keywords *** diff --git a/test/suites/configuration/show-config.robot b/test/suites/configuration/show-config.robot index dcd07688cd..4852e4a345 100644 --- a/test/suites/configuration/show-config.robot +++ b/test/suites/configuration/show-config.robot @@ -75,7 +75,7 @@ Home Directory Config File Is Ignored Should Be Equal As Integers 180 ${config.etcd.memoryLimitMB} [Teardown] Run Keywords - ... Command Should Work rm -f ${HOME_CONFIG_DIR}/config.yaml + ... Command Should Work rm -rf ${HOME_CONFIG_DIR} ... AND ... Remove Drop In MicroShift Config 10-memlimit diff --git a/test/suites/standard1/clusterip-service.robot b/test/suites/standard1/clusterip-service.robot new file mode 100644 index 0000000000..945a4bcf01 --- /dev/null +++ b/test/suites/standard1/clusterip-service.robot @@ -0,0 +1,72 @@ +*** Settings *** +Documentation Tests for ClusterIP service creation and connectivity + +Resource ../../resources/common.resource +Resource ../../resources/microshift-network.resource +Resource ../../resources/oc.resource + +Suite Setup Setup Suite With Namespace +Suite Teardown Teardown Suite With Namespace + + +*** Test Cases *** +Create ClusterIP Service With Explicit IP + [Documentation] Create a ClusterIP service with an explicit cluster IP + ... and verify connectivity from within a pod. + [Setup] Create Hello MicroShift Pod + ${k8s_ip}= Oc Get JsonPath service default kubernetes .spec.clusterIP + ${explicit_ip}= Evaluate '.'.join("${k8s_ip}".strip().split('.')[:-1]) + '.200' + Oc Create service clusterip hello-microshift --tcp=8080:8080 --clusterip=${explicit_ip} -n ${NAMESPACE} + ${svc_ip}= Oc Get JsonPath service ${NAMESPACE} hello-microshift .spec.clusterIP + Should Be Equal ${svc_ip} ${explicit_ip} + Wait Until Keyword Succeeds 10x 5s + ... Verify ClusterIP Connectivity ${svc_ip} + + [Teardown] Cleanup Hello MicroShift Pod And Service + +Create ClusterIP Service Without Explicit IP + [Documentation] Create a ClusterIP service with an auto-assigned IP + ... and verify connectivity from within a pod. + [Setup] Create Hello MicroShift Pod + Oc Create service clusterip hello-microshift --tcp=8080:8080 -n ${NAMESPACE} + ${svc_ip}= Oc Get JsonPath service ${NAMESPACE} hello-microshift .spec.clusterIP + Should Not Be Empty ${svc_ip} + Wait Until Keyword Succeeds 10x 5s + ... Verify ClusterIP Connectivity ${svc_ip} + + [Teardown] Cleanup Hello MicroShift Pod And Service + +Create ClusterIP Service Without TCP Option Should Fail + [Documentation] Creating a ClusterIP service without the --tcp option should fail. + [Setup] Create Hello MicroShift Pod + ${stdout} ${rc}= Run With Kubeconfig + ... oc create service clusterip hello-microshift -n ${NAMESPACE} + ... allow_fail=${TRUE} return_rc=${TRUE} + Should Not Be Equal As Integers ${rc} 0 + + [Teardown] Oc Delete -f ${HELLO_USHIFT} -n ${NAMESPACE} --ignore-not-found + +Create ClusterIP Service Dry Run + [Documentation] Creating a service with --dry-run=client should not persist it. + [Setup] Create Hello MicroShift Pod + Oc Create service clusterip hello-microshift --tcp=8080:8080 --dry-run=client -n ${NAMESPACE} + ${stdout} ${rc}= Run With Kubeconfig + ... oc get service hello-microshift -n ${NAMESPACE} + ... allow_fail=${TRUE} return_rc=${TRUE} + Should Not Be Equal As Integers ${rc} 0 + + [Teardown] Oc Delete -f ${HELLO_USHIFT} -n ${NAMESPACE} --ignore-not-found + + +*** Keywords *** +Cleanup Hello MicroShift Pod And Service + [Documentation] Delete the hello-microshift service and pod, ignoring errors + Run With Kubeconfig oc delete service/hello-microshift -n ${NAMESPACE} --ignore-not-found + Oc Delete -f ${HELLO_USHIFT} -n ${NAMESPACE} --ignore-not-found + +Verify ClusterIP Connectivity + [Documentation] Verify connectivity to the ClusterIP service from within the pod + [Arguments] ${ip} + ${output}= Run With Kubeconfig + ... oc exec -n ${NAMESPACE} pod/hello-microshift -- wget -qO- http://${ip}:8080 --timeout=5 + Should Contain ${output} Hello MicroShift diff --git a/test/suites/standard1/crd-validation.robot b/test/suites/standard1/crd-validation.robot new file mode 100644 index 0000000000..959a6d2a79 --- /dev/null +++ b/test/suites/standard1/crd-validation.robot @@ -0,0 +1,38 @@ +*** Settings *** +Documentation Tests for CRD schema validation + +Resource ../../resources/common.resource +Resource ../../resources/oc.resource + +Suite Setup Setup +Suite Teardown Teardown + + +*** Variables *** +${CRD_FILE} ./assets/crd-validation/crd.yaml +${CR_VALID} ./assets/crd-validation/cr-valid.yaml + + +*** Test Cases *** +CRD Is Established And Custom Resource Can Be Created + [Documentation] Verify a CRD reaches Established condition and a valid + ... custom resource can be created and retrieved. + Wait Until Keyword Succeeds 5x 10s + ... Oc Apply -f ${CR_VALID} -n ${NAMESPACE} + ${cr}= Oc Get crontab ${NAMESPACE} test-crontab + Should Be Equal ${cr.spec.cronSpec} * * * * */5 + Should Be Equal ${cr.spec.image} test-image + + [Teardown] Oc Delete -f ${CR_VALID} -n ${NAMESPACE} --ignore-not-found + + +*** Keywords *** +Setup + [Documentation] Test suite setup + Setup Suite With Namespace + Oc Apply -f ${CRD_FILE} + +Teardown + [Documentation] Test suite teardown + Oc Delete -f ${CRD_FILE} --ignore-not-found + Teardown Suite With Namespace diff --git a/test/suites/standard1/scc-admission.robot b/test/suites/standard1/scc-admission.robot new file mode 100644 index 0000000000..fc4675b55d --- /dev/null +++ b/test/suites/standard1/scc-admission.robot @@ -0,0 +1,60 @@ +*** Settings *** +Documentation Tests for SCC admission controller enforcement + +Resource ../../resources/common.resource +Resource ../../resources/oc.resource + +Suite Setup Setup Suite With Namespace +Suite Teardown Teardown Suite With Namespace + + +*** Variables *** +${POD_SC_1000} ./assets/scc/pod-security-context.yaml +${POD_SC_2000} ./assets/scc/pod-run-as-user-2000.yaml +${POD_NO_USER} ./assets/scc/pod-no-user.yaml + + +*** Test Cases *** +Pod Runs With Specified UID And Groups + [Documentation] Verify a pod runs with the specified runAsUser, fsGroup, + ... and supplementalGroups from its security context. + Oc Create -f ${POD_SC_1000} -n ${NAMESPACE} + Named Pod Should Be Ready scc-test-pod-1 ${NAMESPACE} + ${id_output}= Run With Kubeconfig + ... oc exec -n ${NAMESPACE} pod/scc-test-pod-1 -- id + Should Match Regexp ${id_output} uid=1000 + Should Match Regexp ${id_output} groups=.*2000 + Should Match Regexp ${id_output} groups=.*3000 + + [Teardown] Oc Delete -f ${POD_SC_1000} -n ${NAMESPACE} --ignore-not-found + +Pod Runs With Different Specified UID + [Documentation] Verify a pod with runAsUser=2000 runs as that UID. + Oc Create -f ${POD_SC_2000} -n ${NAMESPACE} + Named Pod Should Be Ready scc-test-pod-2 ${NAMESPACE} + ${id_output}= Run With Kubeconfig + ... oc exec -n ${NAMESPACE} pod/scc-test-pod-2 -- id -u + Should Be Equal As Strings ${id_output.strip()} 2000 + + [Teardown] Oc Delete -f ${POD_SC_2000} -n ${NAMESPACE} --ignore-not-found + +Different Namespaces Get Different SCC Ranges + [Documentation] Pods in different namespaces without explicit runAsUser should + ... receive different allocated UID ranges from the SCC admission controller. + ${ns2}= Create Unique Namespace + Oc Create -f ${POD_NO_USER} -n ${NAMESPACE} + Oc Create -f ${POD_NO_USER} -n ${ns2} + Named Pod Should Be Ready scc-test-pod ${NAMESPACE} + Named Pod Should Be Ready scc-test-pod ${ns2} + ${id1}= Run With Kubeconfig + ... oc exec -n ${NAMESPACE} pod/scc-test-pod -- id -u + ${id2}= Run With Kubeconfig + ... oc exec -n ${ns2} pod/scc-test-pod -- id -u + Should Not Be Equal As Strings ${id1.strip()} ${id2.strip()} + + [Teardown] Run Keywords + ... Oc Delete -f ${POD_NO_USER} -n ${NAMESPACE} --ignore-not-found + ... AND + ... Oc Delete -f ${POD_NO_USER} -n ${ns2} --ignore-not-found + ... AND + ... Remove Namespace ${ns2} From fd3bfe4e2ffceef15cf00c32532bc0c0124ccbc0 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Mon, 11 May 2026 19:29:00 +0200 Subject: [PATCH 12/16] USHIFT-6743: revert scenario splits, move core-api tests to dedicated suite Revert all presubmit/release scenario splitting back to original names. Split configuration scenarios into configuration1 (pre-existing tests: configuration.robot, show-config.robot, tls-configuration.robot) and configuration2 (new tests: apiserver-readiness, audit-log, data-dir, drop-in-config, kustomize-sources, logging). Configuration2 runs only in periodics and releases, not presubmits. Move clusterip-service, crd-validation, and scc-admission tests from suites/standard1/ to new suites/core-api/ suite, referenced from storage-telemetry-core-api and osconfig-lifecycle-core-api scenarios. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- ...fecycle.sh => el102-src@configuration1.sh} | 2 +- .../periodics/el102-src@configuration2.sh | 22 ++++++++++++++++++ .../el102-src@osconfig-lifecycle-core-api.sh | 18 +++++++++++++++ .../presubmits/el102-src@configuration1.sh | 4 +--- .../presubmits/el102-src@configuration2.sh | 23 ------------------- .../el102-lrel@dual-stack-configuration1.sh | 3 +-- .../el102-lrel@dual-stack-configuration2.sh | 13 +++++------ ... el102-lrel@storage-telemetry-core-api.sh} | 3 ++- ...ifecycle.sh => el98-src@configuration1.sh} | 2 +- .../el9/periodics/el98-src@configuration2.sh | 22 ++++++++++++++++++ .../el98-src@osconfig-lifecycle-core-api.sh | 18 +++++++++++++++ .../el9/presubmits/el98-src@configuration1.sh | 4 +--- .../el9/presubmits/el98-src@configuration2.sh | 23 ------------------- .../el98-lrel@dual-stack-configuration1.sh | 3 +-- .../el98-lrel@dual-stack-configuration2.sh | 13 +++++------ ...> el98-lrel@storage-telemetry-core-api.sh} | 3 ++- .../upstream/cos10-src@configuration1.sh | 4 +--- .../upstream/cos10-src@configuration2.sh | 23 ------------------- .../upstream/cos9-src@configuration1.sh | 4 +--- .../upstream/cos9-src@configuration2.sh | 23 ------------------- ...ifecycle.sh => el98-src@configuration1.sh} | 2 +- .../periodics/el98-src@configuration2.sh | 22 ++++++++++++++++++ .../el98-src@osconfig-lifecycle-core-api.sh | 18 +++++++++++++++ .../presubmits/el98-src@configuration1.sh | 4 +--- .../presubmits/el98-src@configuration2.sh | 23 ------------------- .../el98-lrel@dual-stack-configuration1.sh | 3 +-- .../el98-lrel@dual-stack-configuration2.sh | 13 +++++------ .../configuration.robot | 0 .../show-config.robot | 0 .../tls-configuration.robot | 0 .../apiserver-readiness.robot | 0 .../audit-log.robot | 0 .../data-dir.robot | 0 .../drop-in-config.robot | 0 .../kustomize-sources.robot | 0 .../logging.robot | 0 .../clusterip-service.robot | 0 .../crd-validation.robot | 0 .../scc-admission.robot | 0 39 files changed, 153 insertions(+), 162 deletions(-) rename test/scenarios-bootc/el10/periodics/{el102-src@osconfig-lifecycle.sh => el102-src@configuration1.sh} (84%) create mode 100644 test/scenarios-bootc/el10/periodics/el102-src@configuration2.sh create mode 100644 test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle-core-api.sh delete mode 100644 test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh rename test/scenarios-bootc/el10/releases/{el102-lrel@storage-telemetry.sh => el102-lrel@storage-telemetry-core-api.sh} (90%) rename test/scenarios-bootc/el9/periodics/{el98-src@osconfig-lifecycle.sh => el98-src@configuration1.sh} (84%) create mode 100644 test/scenarios-bootc/el9/periodics/el98-src@configuration2.sh create mode 100644 test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle-core-api.sh delete mode 100644 test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh rename test/scenarios-bootc/el9/releases/{el98-lrel@storage-telemetry.sh => el98-lrel@storage-telemetry-core-api.sh} (90%) delete mode 100644 test/scenarios-bootc/upstream/cos10-src@configuration2.sh delete mode 100644 test/scenarios-bootc/upstream/cos9-src@configuration2.sh rename test/scenarios/periodics/{el98-src@osconfig-lifecycle.sh => el98-src@configuration1.sh} (84%) create mode 100644 test/scenarios/periodics/el98-src@configuration2.sh create mode 100644 test/scenarios/periodics/el98-src@osconfig-lifecycle-core-api.sh delete mode 100644 test/scenarios/presubmits/el98-src@configuration2.sh rename test/suites/{configuration => configuration1}/configuration.robot (100%) rename test/suites/{configuration => configuration1}/show-config.robot (100%) rename test/suites/{configuration => configuration1}/tls-configuration.robot (100%) rename test/suites/{configuration => configuration2}/apiserver-readiness.robot (100%) rename test/suites/{configuration => configuration2}/audit-log.robot (100%) rename test/suites/{configuration => configuration2}/data-dir.robot (100%) rename test/suites/{configuration => configuration2}/drop-in-config.robot (100%) rename test/suites/{configuration => configuration2}/kustomize-sources.robot (100%) rename test/suites/{configuration => configuration2}/logging.robot (100%) rename test/suites/{standard1 => core-api}/clusterip-service.robot (100%) rename test/suites/{standard1 => core-api}/crd-validation.robot (100%) rename test/suites/{standard1 => core-api}/scc-admission.robot (100%) diff --git a/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle.sh b/test/scenarios-bootc/el10/periodics/el102-src@configuration1.sh similarity index 84% rename from test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle.sh rename to test/scenarios-bootc/el10/periodics/el102-src@configuration1.sh index f1ce809ff1..d452769d78 100644 --- a/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle.sh +++ b/test/scenarios-bootc/el10/periodics/el102-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/osconfig/lifecycle.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/el10/periodics/el102-src@configuration2.sh b/test/scenarios-bootc/el10/periodics/el102-src@configuration2.sh new file mode 100644 index 0000000000..8a9ac2c81e --- /dev/null +++ b/test/scenarios-bootc/el10/periodics/el102-src@configuration2.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source + launch_vm rhel102-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot +} diff --git a/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle-core-api.sh b/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle-core-api.sh new file mode 100644 index 0000000000..1f754f1573 --- /dev/null +++ b/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle-core-api.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source + launch_vm rhel102-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/osconfig/lifecycle.robot \ + suites/core-api/ +} diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh index 47ffa2d77d..d452769d78 100644 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh @@ -12,7 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh deleted file mode 100644 index a4dfa7bef5..0000000000 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration2.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -scenario_create_vms() { - prepare_kickstart host1 kickstart-bootc.ks.template rhel102-bootc-source - launch_vm rhel102-bootc -} - -scenario_remove_vms() { - remove_vm host1 -} - -scenario_run_tests() { - run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot -} diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh index abf14b4f2e..634122ee01 100644 --- a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh +++ b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration1.sh @@ -21,6 +21,5 @@ scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + suites/configuration1/ } diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh index 97fd537a36..4838fc7773 100644 --- a/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh +++ b/test/scenarios-bootc/el10/releases/el102-lrel@dual-stack-configuration2.sh @@ -20,11 +20,10 @@ scenario_remove_vms() { scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot } diff --git a/test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry.sh b/test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry-core-api.sh similarity index 90% rename from test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry.sh rename to test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry-core-api.sh index b3b9e869a6..0b625e69ef 100644 --- a/test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry.sh +++ b/test/scenarios-bootc/el10/releases/el102-lrel@storage-telemetry-core-api.sh @@ -25,5 +25,6 @@ scenario_run_tests() { --variable "PROXY_PORT:9001" \ --variable "PROMETHEUS_HOST:$(hostname)" \ suites/storage/ \ - suites/telemetry/telemetry.robot + suites/telemetry/telemetry.robot \ + suites/core-api/ } diff --git a/test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle.sh b/test/scenarios-bootc/el9/periodics/el98-src@configuration1.sh similarity index 84% rename from test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle.sh rename to test/scenarios-bootc/el9/periodics/el98-src@configuration1.sh index 68ebe69cba..6c9eff239b 100644 --- a/test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle.sh +++ b/test/scenarios-bootc/el9/periodics/el98-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/osconfig/lifecycle.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/el9/periodics/el98-src@configuration2.sh b/test/scenarios-bootc/el9/periodics/el98-src@configuration2.sh new file mode 100644 index 0000000000..243217e39f --- /dev/null +++ b/test/scenarios-bootc/el9/periodics/el98-src@configuration2.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source + launch_vm rhel98-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot +} diff --git a/test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle-core-api.sh b/test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle-core-api.sh new file mode 100644 index 0000000000..829df636f7 --- /dev/null +++ b/test/scenarios-bootc/el9/periodics/el98-src@osconfig-lifecycle-core-api.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source + launch_vm rhel98-bootc +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/osconfig/lifecycle.robot \ + suites/core-api/ +} diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh b/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh index 2060c15b23..6c9eff239b 100644 --- a/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh +++ b/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh @@ -12,7 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh b/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh deleted file mode 100644 index 8e44c92a9e..0000000000 --- a/test/scenarios-bootc/el9/presubmits/el98-src@configuration2.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -scenario_create_vms() { - prepare_kickstart host1 kickstart-bootc.ks.template rhel98-bootc-source - launch_vm rhel98-bootc -} - -scenario_remove_vms() { - remove_vm host1 -} - -scenario_run_tests() { - run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot -} diff --git a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh index 950f974d27..b717465b9c 100644 --- a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh +++ b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration1.sh @@ -21,6 +21,5 @@ scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + suites/configuration1/ } diff --git a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh index 56cc55776b..e1529cdcdc 100644 --- a/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh +++ b/test/scenarios-bootc/el9/releases/el98-lrel@dual-stack-configuration2.sh @@ -20,11 +20,10 @@ scenario_remove_vms() { scenario_run_tests() { exit_if_image_not_found "${start_image}" run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot } diff --git a/test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry.sh b/test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry-core-api.sh similarity index 90% rename from test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry.sh rename to test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry-core-api.sh index 828bb2917e..9cccb817c1 100644 --- a/test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry.sh +++ b/test/scenarios-bootc/el9/releases/el98-lrel@storage-telemetry-core-api.sh @@ -25,5 +25,6 @@ scenario_run_tests() { --variable "PROXY_PORT:9001" \ --variable "PROMETHEUS_HOST:$(hostname)" \ suites/storage/ \ - suites/telemetry/telemetry.robot + suites/telemetry/telemetry.robot \ + suites/core-api/ } diff --git a/test/scenarios-bootc/upstream/cos10-src@configuration1.sh b/test/scenarios-bootc/upstream/cos10-src@configuration1.sh index 1daacaa3a4..a1caa2430d 100644 --- a/test/scenarios-bootc/upstream/cos10-src@configuration1.sh +++ b/test/scenarios-bootc/upstream/cos10-src@configuration1.sh @@ -12,7 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/upstream/cos10-src@configuration2.sh b/test/scenarios-bootc/upstream/cos10-src@configuration2.sh deleted file mode 100644 index 1395ae1590..0000000000 --- a/test/scenarios-bootc/upstream/cos10-src@configuration2.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -scenario_create_vms() { - prepare_kickstart host1 kickstart-bootc.ks.template cos10-bootc-source - launch_vm centos10-bootc -} - -scenario_remove_vms() { - remove_vm host1 -} - -scenario_run_tests() { - run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot -} diff --git a/test/scenarios-bootc/upstream/cos9-src@configuration1.sh b/test/scenarios-bootc/upstream/cos9-src@configuration1.sh index 4203f3c071..0d9d20aca5 100644 --- a/test/scenarios-bootc/upstream/cos9-src@configuration1.sh +++ b/test/scenarios-bootc/upstream/cos9-src@configuration1.sh @@ -12,7 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios-bootc/upstream/cos9-src@configuration2.sh b/test/scenarios-bootc/upstream/cos9-src@configuration2.sh deleted file mode 100644 index 56d0e3f6d3..0000000000 --- a/test/scenarios-bootc/upstream/cos9-src@configuration2.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -scenario_create_vms() { - prepare_kickstart host1 kickstart-bootc.ks.template cos9-bootc-source - launch_vm centos9-bootc -} - -scenario_remove_vms() { - remove_vm host1 -} - -scenario_run_tests() { - run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot -} diff --git a/test/scenarios/periodics/el98-src@osconfig-lifecycle.sh b/test/scenarios/periodics/el98-src@configuration1.sh similarity index 84% rename from test/scenarios/periodics/el98-src@osconfig-lifecycle.sh rename to test/scenarios/periodics/el98-src@configuration1.sh index 0f3e5bcabd..46da749c96 100644 --- a/test/scenarios/periodics/el98-src@osconfig-lifecycle.sh +++ b/test/scenarios/periodics/el98-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/osconfig/lifecycle.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios/periodics/el98-src@configuration2.sh b/test/scenarios/periodics/el98-src@configuration2.sh new file mode 100644 index 0000000000..47da1a65e1 --- /dev/null +++ b/test/scenarios/periodics/el98-src@configuration2.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart.ks.template rhel-9.8-microshift-source + launch_vm rhel-9.8 +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot +} diff --git a/test/scenarios/periodics/el98-src@osconfig-lifecycle-core-api.sh b/test/scenarios/periodics/el98-src@osconfig-lifecycle-core-api.sh new file mode 100644 index 0000000000..fc0b7f5a57 --- /dev/null +++ b/test/scenarios/periodics/el98-src@osconfig-lifecycle-core-api.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +scenario_create_vms() { + prepare_kickstart host1 kickstart.ks.template rhel-9.8-microshift-source + launch_vm rhel-9.8 +} + +scenario_remove_vms() { + remove_vm host1 +} + +scenario_run_tests() { + run_tests host1 \ + suites/osconfig/lifecycle.robot \ + suites/core-api/ +} diff --git a/test/scenarios/presubmits/el98-src@configuration1.sh b/test/scenarios/presubmits/el98-src@configuration1.sh index 095981151e..46da749c96 100644 --- a/test/scenarios/presubmits/el98-src@configuration1.sh +++ b/test/scenarios/presubmits/el98-src@configuration1.sh @@ -12,7 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + run_tests host1 suites/configuration1/ } diff --git a/test/scenarios/presubmits/el98-src@configuration2.sh b/test/scenarios/presubmits/el98-src@configuration2.sh deleted file mode 100644 index 8d1bf18f9e..0000000000 --- a/test/scenarios/presubmits/el98-src@configuration2.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -scenario_create_vms() { - prepare_kickstart host1 kickstart.ks.template rhel-9.8-microshift-source - launch_vm rhel-9.8 -} - -scenario_remove_vms() { - remove_vm host1 -} - -scenario_run_tests() { - run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot -} diff --git a/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh b/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh index 32b19b49b9..6f27b0a007 100644 --- a/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh +++ b/test/scenarios/releases/el98-lrel@dual-stack-configuration1.sh @@ -21,6 +21,5 @@ scenario_run_tests() { exit_if_commit_not_found "${start_image}" run_tests host1 \ suites/ipv6/dualstack.robot \ - suites/configuration/configuration.robot \ - suites/configuration/kustomize-sources.robot + suites/configuration1/ } diff --git a/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh b/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh index 1a84f2074f..33c70d4c6c 100644 --- a/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh +++ b/test/scenarios/releases/el98-lrel@dual-stack-configuration2.sh @@ -20,11 +20,10 @@ scenario_remove_vms() { scenario_run_tests() { exit_if_commit_not_found "${start_image}" run_tests host1 \ - suites/configuration/tls-configuration.robot \ - suites/configuration/drop-in-config.robot \ - suites/configuration/show-config.robot \ - suites/configuration/logging.robot \ - suites/configuration/data-dir.robot \ - suites/configuration/apiserver-readiness.robot \ - suites/configuration/audit-log.robot + suites/configuration2/apiserver-readiness.robot \ + suites/configuration2/audit-log.robot \ + suites/configuration2/data-dir.robot \ + suites/configuration2/drop-in-config.robot \ + suites/configuration2/kustomize-sources.robot \ + suites/configuration2/logging.robot } diff --git a/test/suites/configuration/configuration.robot b/test/suites/configuration1/configuration.robot similarity index 100% rename from test/suites/configuration/configuration.robot rename to test/suites/configuration1/configuration.robot diff --git a/test/suites/configuration/show-config.robot b/test/suites/configuration1/show-config.robot similarity index 100% rename from test/suites/configuration/show-config.robot rename to test/suites/configuration1/show-config.robot diff --git a/test/suites/configuration/tls-configuration.robot b/test/suites/configuration1/tls-configuration.robot similarity index 100% rename from test/suites/configuration/tls-configuration.robot rename to test/suites/configuration1/tls-configuration.robot diff --git a/test/suites/configuration/apiserver-readiness.robot b/test/suites/configuration2/apiserver-readiness.robot similarity index 100% rename from test/suites/configuration/apiserver-readiness.robot rename to test/suites/configuration2/apiserver-readiness.robot diff --git a/test/suites/configuration/audit-log.robot b/test/suites/configuration2/audit-log.robot similarity index 100% rename from test/suites/configuration/audit-log.robot rename to test/suites/configuration2/audit-log.robot diff --git a/test/suites/configuration/data-dir.robot b/test/suites/configuration2/data-dir.robot similarity index 100% rename from test/suites/configuration/data-dir.robot rename to test/suites/configuration2/data-dir.robot diff --git a/test/suites/configuration/drop-in-config.robot b/test/suites/configuration2/drop-in-config.robot similarity index 100% rename from test/suites/configuration/drop-in-config.robot rename to test/suites/configuration2/drop-in-config.robot diff --git a/test/suites/configuration/kustomize-sources.robot b/test/suites/configuration2/kustomize-sources.robot similarity index 100% rename from test/suites/configuration/kustomize-sources.robot rename to test/suites/configuration2/kustomize-sources.robot diff --git a/test/suites/configuration/logging.robot b/test/suites/configuration2/logging.robot similarity index 100% rename from test/suites/configuration/logging.robot rename to test/suites/configuration2/logging.robot diff --git a/test/suites/standard1/clusterip-service.robot b/test/suites/core-api/clusterip-service.robot similarity index 100% rename from test/suites/standard1/clusterip-service.robot rename to test/suites/core-api/clusterip-service.robot diff --git a/test/suites/standard1/crd-validation.robot b/test/suites/core-api/crd-validation.robot similarity index 100% rename from test/suites/standard1/crd-validation.robot rename to test/suites/core-api/crd-validation.robot diff --git a/test/suites/standard1/scc-admission.robot b/test/suites/core-api/scc-admission.robot similarity index 100% rename from test/suites/standard1/scc-admission.robot rename to test/suites/core-api/scc-admission.robot From 071b91104c91e01a4471a5cf11b1ca49f8611bb6 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Tue, 12 May 2026 12:58:56 +0200 Subject: [PATCH 13/16] USHIFT-6743: fix configuration1 scenario to run osconfig-lifecycle suite Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../scenarios-bootc/el10/presubmits/el102-src@configuration1.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh index d452769d78..364070d46c 100644 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration1/ + run_tests host1 suites/osconfig-lifecycle/ } From 59d3251c59bf923fde407a54197578ea7a931e65 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Tue, 12 May 2026 13:00:17 +0200 Subject: [PATCH 14/16] USHIFT-6743: revert configuration1 scenario suite path change Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../scenarios-bootc/el10/presubmits/el102-src@configuration1.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh index 364070d46c..d452769d78 100644 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/osconfig-lifecycle/ + run_tests host1 suites/configuration1/ } From baa1c62fab519e2cb306d67cb7d6913a5cd20130 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Tue, 12 May 2026 13:01:45 +0200 Subject: [PATCH 15/16] USHIFT-6743: run osconfig lifecycle test in configuration1 scenario Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../scenarios-bootc/el10/presubmits/el102-src@configuration1.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh index d452769d78..f1ce809ff1 100644 --- a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh +++ b/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration1/ + run_tests host1 suites/osconfig/lifecycle.robot } From 452c5a60d7dbd04726029e78b53d67b04b9131aa Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Tue, 12 May 2026 14:37:38 +0200 Subject: [PATCH 16/16] USHIFT-6743: add osconfig lifecycle scripts for EL9 and EL10 scenarios This commit introduces new Bash scripts for managing the osconfig lifecycle tests in both EL9 and EL10 scenarios. Each script includes functions to create and remove VMs, as well as to run the associated tests. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../el102-src@osconfig-lifecycle.sh} | 0 ...l98-src@configuration1.sh => el98-src@osconfig-lifecycle.sh} | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename test/scenarios-bootc/el10/{presubmits/el102-src@configuration1.sh => periodics/el102-src@osconfig-lifecycle.sh} (100%) rename test/scenarios-bootc/el9/presubmits/{el98-src@configuration1.sh => el98-src@osconfig-lifecycle.sh} (84%) diff --git a/test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh b/test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle.sh similarity index 100% rename from test/scenarios-bootc/el10/presubmits/el102-src@configuration1.sh rename to test/scenarios-bootc/el10/periodics/el102-src@osconfig-lifecycle.sh diff --git a/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh b/test/scenarios-bootc/el9/presubmits/el98-src@osconfig-lifecycle.sh similarity index 84% rename from test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh rename to test/scenarios-bootc/el9/presubmits/el98-src@osconfig-lifecycle.sh index 6c9eff239b..68ebe69cba 100644 --- a/test/scenarios-bootc/el9/presubmits/el98-src@configuration1.sh +++ b/test/scenarios-bootc/el9/presubmits/el98-src@osconfig-lifecycle.sh @@ -12,5 +12,5 @@ scenario_remove_vms() { } scenario_run_tests() { - run_tests host1 suites/configuration1/ + run_tests host1 suites/osconfig/lifecycle.robot }