Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-806

Improve CCO E2E Test Coverage

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Improve CCO E2E Test Coverage
    • In Progress
    • Quality / Stability / Reliability
    • 86% To Do, 14% In Progress, 0% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None
    • None
    • None

      This epic tracks the effort to improve CCO E2E test coverage by identifying gaps in existing Prow CI workflows and ensuring all required test cases are either automated in CI or explicitly covered by manual execution.

      The scope includes:

      • Test cases expected to be covered by Prow CI but currently missing workflows
      • Existing test cases that can be automated
      • Legacy test cases requiring validation or migration
      • Test cases not yet automated due to ongoing migration
      • Test cases that must remain manual

       

      Missing CCO E2E test coverage has been identified.

      The following test cases are expected to be covered by Prow CI, but no workflow exists for them at present. These cases should either be added to the CI pipeline or executed manually.

      • Microsoft Entra Workload ID + private cluster installion CCO-621

      Cases that can be automated

      • Existing old cases
        • OCP-68978 - CCO migrate away from configmaps to Lease for leaderelection leases-phase 2
        • OCP-71752 - Check CCO controller metrics
        • OCP-70928 - [AWS]ccoctl generate manifests when IAM roles exist
        • OCP-65165 - Reduce Cloud Credential Operator Memory cost
      • The openshift-test-private cases are currently in migration, so below cases were not automated during the feature testing phase.
        • OCP-82633 - Network Policies for CCO - AWS/AWS sts
        • OCP-82706 - Network Policies for CCO - GCP/GCP WID/Azure/Entra Workload ID
        • OCP-85507 - Add preserve-existing-roles flag to ccoctl auzre 
        • [Covered by Prow CI] OCP-85653 - ccoctl uses the pub key file of the existing cluster.
          • Prow CI pipeline - cucushift-installer-rehearse-aws-ipi-byo-iam-role-efs

      Manual cases

      • OCP-78736 - [CCO/AWS] Rotate the OIDC bound service account signer key
      • OCP-78158 - [CCO/GCP] Rotate the OIDC bound service account signer key.
      • OCP-77978 - [CCO/Azure] Rotate the OIDC bound service account signer key.
      • OCP-69007 - Update vSphere root secret vsphere-creds
      • OCP-64715 - Test the permission list for ccoctl 
      • AWS SCP testing:
        • OCP-34035 - [Bug 1829101][SCP][AWS]Allow to skip all credential promission checking for supported region
        • OCP-34046 - [Bug 1829101][SCP][AWS]cco permission checking should fail by default installation on SCP scenario
      •  

       

              Unassigned Unassigned
              mihuang@redhat.com Mingxia Huang
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: