tls: extract injectTLSAnnotation constant and use double-quoted config keys

[gangwgr]

Summary

• Extract the duplicated "config.openshift.io/inject-tls" string literal into an injectTLSAnnotation constant, reducing duplication across all annotation checks.
• Replace backtick-quoted raw strings with double-quoted strings for HCP ConfigMap jsonpath config keys (config\.json, config\.yaml).

Test plan

• Verify go vet ./test/extended/tls/... passes
• Confirm no functional change — only string literal consolidation and quoting style

Made with Cursor

Summary by CodeRabbit

• Tests
  • Improved test code maintainability by consolidating repeated configuration values and tightening assertion error messages in TLS verification tests.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gangwgr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• test/extended/tls/OWNERS [gangwgr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gangwgr]

/pipeline required

[openshift-merge-bot]

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

[coderabbitai]

Walkthrough

A package-level constant injectTLSAnnotation is introduced to replace hard-coded string "config.openshift.io/inject-tls" throughout a TLS test file. Local variable shadowing is avoided, and error messages are updated accordingly. Minor string escaping normalization is applied to ConfigMap key patterns.

Changes

Constant-Based String Replacement in TLS Tests

Layer / File(s)	Summary
Constant Declaration test/extended/tls/tls_observed_config.go	Package-level constant injectTLSAnnotation is defined with value "config.openshift.io/inject-tls".
Test Function Updates test/extended/tls/tls_observed_config.go	Hard-coded annotation key strings are replaced with injectTLSAnnotation constant in testConfigMapTLSInjection, testAnnotationRestorationAfterDeletion, testAnnotationRestorationWhenFalse, and verifyConfigMapsForTargets. Local variable names adjusted to avoid shadowing. Error and assertion messages reference the constant.
String Normalization test/extended/tls/tls_observed_config.go	Go string escaping for ConfigMap JSON path keys (config.json, config.yaml) in verifyHCPConfigMaps is normalized without altering effective patterns.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

---

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

• Ignore

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Stable And Deterministic Test Names	❌ Error	The file contains multiple Ginkgo test names with dynamic content. Test titles use fmt.Sprintf with target.namespace and target.servicePort, violating the stable test names requirement.	Replace dynamic test names with static descriptors. Move namespace/port values to test bodies instead of titles. Use static text like "should populate ObservedConfig with TLS settings for target".

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main changes: extracting a constant for the TLS annotation and converting to double-quoted config keys.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Test Structure And Quality	✅ Passed	All requirements met: single responsibility, proper cleanup with DeferCleanup, explicit timeouts throughout, meaningful assertions. Refactoring maintains quality standards.
Microshift Test Compatibility	✅ Passed	No new Ginkgo tests were added. Changes are refactoring: extracting constants, replacing hard-coded strings, and adjusting quoting style only.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR refactors existing test code (extracts constant, adjusts quoting). No new Ginkgo tests added, so SNO compatibility check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies only test code, extracting a constant and adjusting string escaping. No deployment manifests, operator code, or controllers are modified. Not applicable to test refactoring.
Ote Binary Stdout Contract	✅ Passed	The PR modifies only a Ginkgo test file with a constant extraction and refactoring. No process-level code writes to stdout. The changes maintain OTE Binary Stdout Contract compliance.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR is a refactoring of existing tests only—no new Ginkgo test blocks added. The custom check applies only to new tests; this PR contains no new test additions.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gangwgr]

/test e2e-vsphere-ovn-upi

[gangwgr]

/test e2e-metal-ipi-ovn-ipv6

[ingvagabund]

The backslash-dot escaping is needed for jsonpath key lookup and works with either quoting
style

Oh, in that case the originally escaped form is fine.

[gangwgr]

I remove the this changes from pr, keeping old

[openshift-merge-bot]

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

[openshift-ci]

@gangwgr: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-vsphere-ovn-upi	431a4b2	link	true	/test e2e-vsphere-ovn-upi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[gangwgr]

/test e2e-gcp-csi