Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-76856

[release-4.21]Make TLS registry test as informing

XMLWordPrintable

    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem

      Origin tests which check that all TLS artifacts are registered and have no metadata violations are currently flaking on failure. Now that their pass rate is >99% its time to make them fail on violations.

      Solution

      This issue was addressed through multiple PRs:

      PR #1 - Initial Implementation (Merged, then Reverted):

      • https://github.com/openshift/origin/pull/29074 - OCPBUGS-60853: make TLS registry tests required
      • Changed testresult.Flakef() to g.Fail() for certificate tests
      • Removed TODO comments about making tests required
      • Sippy showed 99.9% pass rate for both TLS tests
      • Status: MERGED then REVERTED due to ROSA failures

      PR #2 - Revert (Merged):

      • https://github.com/openshift/origin/pull/30358 - TRT-2349: Revert "make TLS registry tests required"
      • Reverted PR #29074 per OpenShift CI policy to restore payload flow
      • Multiple ROSA payload failures on both TLS certificate tests
      • ROSA cannot be payload-tested to verify fixes before merging
      • Status: MERGED

      PR #3 - Final Solution (Merged):

      • https://github.com/openshift/origin/pull/30585 - OCPBUGS-60853: cert tests: mark TLS registry test as informing
      • Reapplied changes from PR #29074 (proper failure reporting)
      • Added ote.Informing() label to both certificate tests → Non-blocking failures
      • Added IsRosaCluster() function and skip logic for ROSA/MicroShift/Hypershift
      • Tests now run and report failures without blocking CI/PR workflows
      • Status: MERGED

      Final Behavior

      On standard OpenShift clusters (OCP, OSD, ARO):

      • Both certificate tests run in blocking CI jobs
      • Tests use g.Fail() for proper failure reporting
      • Tests marked as ote.Informing() → failures are recorded but don't block PRs
      • Gather data about TLS artifacts and metadata violations without blocking development

      On ROSA, MicroShift, and Hypershift clusters:

      • Tests are skipped (these platforms don't auto-collect TLS certificates the same way)

      Tests Affected

      [sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]

      [sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]

      Version Information

      • Target Version: 4.22.0
      • Fix Version: 4.22.0
      • Target Backport Versions: 4.18.z, 4.19.z, 4.20.z, 4.21.z

              wk2019 Ke Wang
              wk2019 Ke Wang
              None
              None
              Ke Wang Ke Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: