Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3571

Introduce tests for new permissions required as presubmit tests on PRs

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • Introduce tests for new permissions required as presubmit tests on PRs
    • False
    • None
    • False
    • Green
    • To Do
    • OCPSTRAT-1664 - Continuosly test minimum permissions required for AWS ROSA
    • OCPSTRAT-1664Continuosly test minimum permissions required for AWS ROSA
    • 10% To Do, 10% In Progress, 80% Done
    • Hide

      19/11/2024: Remains on track for 4.18. There is one remaining PR to merge to be able to call this work dev-complete: https://github.com/openshift/release/pull/58833 - this is currently failing tests and some coordination is needed with QE's changes to use the min-perms workflow: https://github.com/openshift/release/pull/58859 - this is reasonable to be complete before Friday

      30/06/2024: Met with ROSA to discuss the problem and brainstorm solutions. See https://issues.redhat.com/browse/CORS-3577 for a summary.

      30/08/2024: Met with Patrick for another brainstorming session. We agree that: 1) ROSA team should be responsible for testing ROSA-specific permissions and scenarios; 2) we need a better process definition for features that involve new permissions; 3) as a PoC we want to create a presubmit and/or release-informing job to run installs with a given permission set (either minimal or feature-specific) and have alerts setup when those jobs fail; 4) we will decide what to do based on the feedback of the PoC.

      09/10/2024: Met with Marco Braga to discuss the CI implementation and how this work is related to https://issues.redhat.com/browse/OCPSTRAT-1434

      23/10/2024: Met with the ROSA team to present our progress on https://github.com/openshift/installer/pull/8704 and discuss if and how that can be used by them. They will evaluate the solution and give us feedback.

      Show
      19/11/2024: Remains on track for 4.18. There is one remaining PR to merge to be able to call this work dev-complete: https://github.com/openshift/release/pull/58833 - this is currently failing tests and some coordination is needed with QE's changes to use the min-perms workflow: https://github.com/openshift/release/pull/58859 - this is reasonable to be complete before Friday 30/06/2024: Met with ROSA to discuss the problem and brainstorm solutions. See https://issues.redhat.com/browse/CORS-3577 for a summary. 30/08/2024: Met with Patrick for another brainstorming session. We agree that: 1) ROSA team should be responsible for testing ROSA-specific permissions and scenarios; 2) we need a better process definition for features that involve new permissions; 3) as a PoC we want to create a presubmit and/or release-informing job to run installs with a given permission set (either minimal or feature-specific) and have alerts setup when those jobs fail; 4) we will decide what to do based on the feedback of the PoC. 09/10/2024: Met with Marco Braga to discuss the CI implementation and how this work is related to https://issues.redhat.com/browse/OCPSTRAT-1434 23/10/2024: Met with the ROSA team to present our progress on https://github.com/openshift/installer/pull/8704 and discuss if and how that can be used by them. They will evaluate the solution and give us feedback.

      OCP/Telco Definition of Done
      Epic Template descriptions and documentation.

      <--- Cut-n-Paste the entire contents of this description into your new Epic --->

      Epic Goal

      • To introduce tests for new permissions required as presubmit tests on PRs so so PR authors can see whenever their changes affect the minimum required permissions

      Why is this important?

      • Currently the process is that QE installs with the documented minimum permissions, that starts failing whenever something new unknowingly requires additional permissions. That test runs once a week. When it fails QE reviews and files bugs, installer then goes and adds them to a file which tracks the required permissions in the installer repo.
      • The issue is that it takes some time to get a permissions change implemented by AWS, so the late discovery of a need can become a release blocker

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • ...

      Open questions::

      1. The details of what would happen when the tests then fail and a new permission is required for example. As in would it be a new PR or what documentation we need to put in place to explain.

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              rdossant Rafael Fonseca dos Santos
              beth.white Beth White
              Yunfei Jiang Yunfei Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: