Skip to content

[WIP] CM-873: Trust Manager Scenario Based E2E#394

Open
chiragkyal wants to merge 2 commits intoopenshift:masterfrom
chiragkyal:tm-bundle-e2e
Open

[WIP] CM-873: Trust Manager Scenario Based E2E#394
chiragkyal wants to merge 2 commits intoopenshift:masterfrom
chiragkyal:tm-bundle-e2e

Conversation

@chiragkyal
Copy link
Copy Markdown
Member

@chiragkyal chiragkyal commented Apr 6, 2026
edited
Loading

Summary

Adds comprehensive scenario-based e2e tests for the trust-manager Bundle CR, covering the full lifecycle from Bundle creation through target sync verification under various TrustManager configurations.

Test Coverage

Group 1 — Default TrustManager (no optional features):

  • Inline / ConfigMap / Secret source → ConfigMap target
  • Multiple sources, custom metadata, namespace selector filtering
  • Target data drift reconciliation, source update propagation, Bundle deletion cleanup
  • Negative: Secret target without SecretTargets enabled, useDefaultCAs without DefaultCAPackage enabled, ConfigMap source outside trust namespace

Group 2 — SecretTargets enabled:

  • Inline / ConfigMap source → Secret target, dual ConfigMap + Secret targets
  • Negative: Bundle name not in authorizedSecrets list

Group 3 — DefaultCAPackage enabled:

  • useDefaultCAs → ConfigMap target, useDefaultCAs + Inline combined data

Group 4 — SecretTargets + DefaultCAPackage enabled:

  • useDefaultCAs + Inline → ConfigMap + Secret dual targets

Group 5 — Custom TrustNamespace:

  • ConfigMap source in custom trust namespace → ConfigMap target
  • Negative: ConfigMap source in default namespace not synced when custom trust namespace is configured

@chiragkyal
add github.com/cert-manager/trust-manager package
7a018b4 
Signed-off-by: chiragkyal <ckyal@redhat.com>
@chiragkyal
Bundle CR related tests
02852e9 
Signed-off-by: chiragkyal <ckyal@redhat.com>

fix e2e

Signed-off-by: chiragkyal <ckyal@redhat.com>

extend tests

Signed-off-by: chiragkyal <ckyal@redhat.com>

improve tests

Signed-off-by: chiragkyal <ckyal@redhat.com>
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 6, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 6, 2026
edited
Loading

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)
  • do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 27af27f4-10b8-49d6-9cbd-e51af3f78ca8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 6, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chiragkyal
Once this PR has been reviewed and has the lgtm label, please assign mytreya-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@chiragkyal chiragkyal changed the title [WIP] Trust Manager Scenario Based E2E [WIP] CM-873: Trust Manager Scenario Based E2E Apr 6, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 6, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Apr 6, 2026
edited by openshift-ci bot
Loading

@chiragkyal: This pull request references CM-873 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "cert-manager-1.19" instead.

Details

In response to this:

Summary

Adds comprehensive scenario-based e2e tests for the trust-manager Bundle CR, covering the full lifecycle from Bundle creation through target sync verification under various TrustManager configurations.

Test Coverage

Group 1 — Default TrustManager (no optional features):

  • Inline / ConfigMap / Secret source → ConfigMap target
  • Multiple sources, custom metadata, namespace selector filtering
  • Target data drift reconciliation, source update propagation, Bundle deletion cleanup
  • Negative: Secret target without SecretTargets enabled, useDefaultCAs without DefaultCAPackage enabled, ConfigMap source outside trust namespace

Group 2 — SecretTargets enabled:

  • Inline / ConfigMap source → Secret target, dual ConfigMap + Secret targets
  • Negative: Bundle name not in authorizedSecrets list

Group 3 — DefaultCAPackage enabled:

  • useDefaultCAs → ConfigMap target, useDefaultCAs + Inline combined data

Group 4 — SecretTargets + DefaultCAPackage enabled:

  • useDefaultCAs + Inline → ConfigMap + Secret dual targets

Group 5 — Custom TrustNamespace:

  • ConfigMap source in custom trust namespace → ConfigMap target
  • Negative: ConfigMap source in default namespace not synced when custom trust namespace is configured

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 6, 2026

@chiragkyal: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-operator-tech-preview 02852e9 link false /test e2e-operator-tech-preview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 6, 2026

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mytreya-rh mytreya-rh Awaiting requested review from mytreya-rh

@PillaiManish PillaiManish Awaiting requested review from PillaiManish

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chiragkyal @openshift-ci-robot