From e4816f674a10f9fe1897597fb547361f78addd0c Mon Sep 17 00:00:00 2001 From: Varsha B Date: Fri, 27 Feb 2026 22:50:02 +0530 Subject: [PATCH 1/8] Modify tests for interop test suite (#1076) * modify tests for interop Signed-off-by: Varsha B * move the test to sequential Signed-off-by: Varsha B --------- Signed-off-by: Varsha B --- .../e2e/ginkgo/parallel/1-031_validate_toolchain_test.go | 2 +- .../1-077_validate_disable_dex_removed_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename test/openshift/e2e/ginkgo/{parallel => sequential}/1-077_validate_disable_dex_removed_test.go (97%) diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go index d489f2fcfa0..7727b26b050 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go @@ -99,7 +99,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } else { // when running against RC/ released version of gitops - expected_dexVersion = "v2.41.1" + expected_dexVersion = "v2.43.1" expected_redisVersion = "7.2.11" } diff --git a/test/openshift/e2e/ginkgo/parallel/1-077_validate_disable_dex_removed_test.go b/test/openshift/e2e/ginkgo/sequential/1-077_validate_disable_dex_removed_test.go similarity index 97% rename from test/openshift/e2e/ginkgo/parallel/1-077_validate_disable_dex_removed_test.go rename to test/openshift/e2e/ginkgo/sequential/1-077_validate_disable_dex_removed_test.go index 9ed8dbcb714..cdb96a28764 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-077_validate_disable_dex_removed_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-077_validate_disable_dex_removed_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package parallel +package sequential import ( "context" @@ -30,7 +30,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -var _ = Describe("GitOps Operator Parallel E2E Tests", func() { +var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Context("1-077_validate_disable_dex_removed", func() { From 0330232360588ac0db2f15a2df151dd58d9b67bc Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Wed, 18 Mar 2026 19:27:22 +0100 Subject: [PATCH 2/8] Added fix to validate_permissions_tests, that now is able to filter out CSV to find the one that is not a copy, and compare against easier updated snapshot. Assisted-by: Claude Signed-off-by: Adam Saleh --- .../1-090_validate_permissions_test.go | 672 +----------------- .../snapshots/valid_csv_permissions.yaml | 470 ++++++++++++ 2 files changed, 494 insertions(+), 648 deletions(-) create mode 100644 test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml diff --git a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go index a47de6eb3fa..1c01a21540b 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go @@ -19,6 +19,8 @@ package parallel import ( "context" "fmt" + "os" + "path/filepath" "strings" . "github.com/onsi/ginkgo/v2" @@ -59,652 +61,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { return } - By("checking that the expected CSV matches the actual CSV on the cluster") - - csvString := ` -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: openshift-gitops-operator.v1.16.0 - namespace: openshift-operators -spec: - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - persistentvolumeclaims - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - - resourcequotas - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - - podtemplates - - replicasets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resourceNames: - - gitops-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - argocds - - argocds/finalizers - - argocds/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - clusteranalysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - notificationsconfigurations - - notificationsconfigurations/finalizers - verbs: - - '*' - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/finalizers - verbs: - - update - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/status - verbs: - - get - - patch - - update - - apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/finalizers - - rollouts/scale - - rollouts/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - config.openshift.io - resources: - - clusterversions - verbs: - - get - - list - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleclidownloads - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consolelinks - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update - - apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - get - - list - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - watch - - apiGroups: - - getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - - prometheusrules - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - virtualservices - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - oauth.openshift.io - resources: - - oauthclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - operators.coreos.com - resources: - - clusterserviceversions - - operatorgroups - - subscriptions - verbs: - - create - - get - - list - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/finalizers - verbs: - - update - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/status - verbs: - - get - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - get - - patch - - update - - watch - - apiGroups: - - template.openshift.io - resources: - - templateconfigs - - templateinstances - - templates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - traefik.containo.us - resources: - - traefikservices - verbs: - - get - - update - - watch - - apiGroups: - - x.getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create` - - expectedCsv := &olmv1alpha1.ClusterServiceVersion{} - - Expect(yaml.UnmarshalStrict([]byte(csvString), expectedCsv)).To(Succeed()) - By("looking for a ClusterServiceVersion for openshift-gitops across all namespaces") gitopsCSVsFound := []olmv1alpha1.ClusterServiceVersion{} var csvList olmv1alpha1.ClusterServiceVersionList @@ -712,6 +68,10 @@ spec: for index := range csvList.Items { csv := csvList.Items[index] if strings.Contains(csv.Name, "openshift-gitops-operator") { + // OLM copies CSVs to other namespaces; skip those copies + if _, copied := csv.Labels["olm.copiedFrom"]; copied { + continue + } gitopsCSVsFound = append(gitopsCSVsFound, csv) } } @@ -730,9 +90,25 @@ spec: Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions[0].ServiceAccountName = "" - Expect(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) + snapshotPath := "../snapshots/valid_csv_permissions.yaml" + + if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { + By("updating snapshot file with actual CSV cluster permissions") + data, marshalErr := yaml.Marshal(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions) + Expect(marshalErr).NotTo(HaveOccurred()) + Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) + Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) + } + + By("checking that the expected CSV cluster permissions match the actual CSV on the cluster") + + snapshotData, readErr := os.ReadFile(snapshotPath) + Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) + + var snapshotPermissions []olmv1alpha1.StrategyDeploymentPermissions + Expect(yaml.Unmarshal(snapshotData, &snapshotPermissions)).To(Succeed()) - Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions)) + Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(snapshotPermissions)) By("checking that the specific fields in gitopsservices.pipelines.openshift.io CRD that we are looking for are present and have the expected values") diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml new file mode 100644 index 00000000000..0b594f012fd --- /dev/null +++ b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml @@ -0,0 +1,470 @@ +- rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - podtemplates + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resourceNames: + - gitops-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps.openshift.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - analysistemplates + - clusteranalysistemplates + - experiments + - experiments/finalizers + - namespacemanagements + - namespacemanagements/status + - rollouts + - rollouts/finalizers + - rollouts/scale + - rollouts/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - argocds + - argocds/finalizers + - argocds/status + - rolloutmanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - notificationsconfigurations + - notificationsconfigurations/finalizers + verbs: + - '*' + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/finalizers + verbs: + - update + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - authentications + - clusterversions + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - console.openshift.io + resources: + - consoleclidownloads + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - get + - list + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - ambassadormappings + - mappings + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - virtualservices + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - operatorgroups + - subscriptions + verbs: + - create + - get + - list + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - '*' + - gitopsservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/finalizers + verbs: + - update + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - '*' + - clusterrolebindings + - clusterroles + verbs: + - bind + - create + - delete + - deletecollection + - escalate + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - '*' + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - get + - patch + - update + - watch + - apiGroups: + - template.openshift.io + resources: + - templateconfigs + - templateinstances + - templates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - get + - update + - watch + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: "" From 7c58931ec0689b47bbe0d8ee9282167a20dfd949 Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Mon, 9 Mar 2026 11:01:44 +0100 Subject: [PATCH 3/8] Changed 1-031_validate_toolchain_test.go to use yaml snapshot of the versions to make checking an updating easier. If env-var E2E_UPDATE_SNAPSHOTS=1 is present, the file will autoupdate. Assisted-by: Claude Signed-off-by: Adam Saleh --- .../parallel/1-031_validate_toolchain_test.go | 73 +++--- .../1-031_validate_toolchain_test.go.orig | 224 ++++++++++++++++++ .../valid_toolchain_versions_prow.yaml | 5 + .../valid_toolchain_versions_release.yaml | 5 + 4 files changed, 277 insertions(+), 30 deletions(-) create mode 100644 test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig create mode 100644 test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml create mode 100644 test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go index 7727b26b050..261481d361f 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go @@ -19,9 +19,7 @@ package parallel import ( "context" "os" - - // "os" - + "path/filepath" "strings" "time" @@ -35,6 +33,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" + "sigs.k8s.io/yaml" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -84,25 +83,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { It("verifies that toolchain versions have the expected values", func() { - // These variables need to be maintained according to the component matrix: https://spaces.redhat.com/display/GITOPS/GitOps+Component+Matrix - expected_kustomizeVersion := "v5.8.1" - expected_helmVersion := "v3.19.4" - expected_argocdVersion := "v3.3.2" - - var expected_dexVersion string - var expected_redisVersion string - - if os.Getenv("CI") == "prow" { - // when running against openshift-ci - expected_dexVersion = "v2.43.0" - expected_redisVersion = "8.2.3" - - } else { - // when running against RC/ released version of gitops - expected_dexVersion = "v2.43.1" - expected_redisVersion = "7.2.11" - } - By("locating pods containing toolchain in openshift-gitops") gitops_server_pod, err := getPodName("openshift-gitops-server") @@ -142,6 +122,17 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { // argocd-server: v2.13.1+af54ef8 Expect(err).NotTo(HaveOccurred()) + // Extract the version from "argocd-server: v3.3.0+af54ef8" and strip the + suffix, + // since the test intent is to match the base version only (ContainSubstring was used previously for this reason). + argocdVersionLine := strings.TrimSpace(argocdVersion) + argocdVersionClean := argocdVersionLine + if idx := strings.LastIndex(argocdVersionLine, " "); idx != -1 { + argocdVersionClean = argocdVersionLine[idx+1:] + } + if idx := strings.Index(argocdVersionClean, "+"); idx != -1 { + argocdVersionClean = argocdVersionClean[:idx] + } + By("extracting the dex version from container") dexVersionOutput, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+dex_pod+" -- dex version") Expect(err).ToNot(HaveOccurred()) @@ -172,17 +163,39 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { // After: v=6.2.7 Expect(err).NotTo(HaveOccurred()) - By("verifying containers have expected toolchain versions") + By("collecting all toolchain versions") - Expect(kustomizeVersion).To(Equal(expected_kustomizeVersion)) - Expect(helmVersion).To(Equal(expected_helmVersion)) - Expect(dexVersion).To(Equal(expected_dexVersion)) + collectedVersions := map[string]string{ + "argocd": argocdVersionClean, + "dex": dexVersion, + "helm": helmVersion, + "kustomize": kustomizeVersion, + "redis": redisVersion, + } + + snapshotPath := "../snapshots/valid_toolchain_versions_release.yaml" + + if os.Getenv("CI") == "prow" { + snapshotPath = "../snapshots/valid_toolchain_versions_prow.yaml" + } + + By("comparing collected versions against snapshot") + + snapshotData, readErr := os.ReadFile(snapshotPath) + Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) + + if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { + By("updating snapshot file with collected versions") + data, marshalErr := yaml.Marshal(collectedVersions) + Expect(marshalErr).NotTo(HaveOccurred()) + Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) + Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) + } - // We are as argocdVersion contains v2.7.6+00c914a suffix addition to the version no. - // So, we are checking if expected_argocdVersion is substring of the actual version - Expect(argocdVersion).To(ContainSubstring(expected_argocdVersion)) + var snapshotVersions map[string]string + Expect(yaml.Unmarshal(snapshotData, &snapshotVersions)).To(Succeed()) - Expect(redisVersion).To(Equal(expected_redisVersion)) + Expect(collectedVersions).To(Equal(snapshotVersions)) }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig new file mode 100644 index 00000000000..77e77c630f4 --- /dev/null +++ b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig @@ -0,0 +1,224 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package parallel + +import ( + "context" + "os" + "path/filepath" + "strings" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + routev1 "github.com/openshift/api/route/v1" + "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" + k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + osFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/os" + fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "sigs.k8s.io/yaml" + + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { + + Context("1-031_validate_toolchain", func() { + + var ( + k8sClient client.Client + ) + + BeforeEach(func() { + fixture.EnsureParallelCleanSlate() + k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() + }) + + // getPodName waits for there to exist a running pod with name 'name' in openshift-gitops + getPodName := func(name string) (string, error) { + + var podName string + + if err := wait.PollUntilContextTimeout(context.Background(), time.Second*5, time.Minute*2, true, func(ctx context.Context) (done bool, err error) { + + var podList corev1.PodList + if err := k8sClient.List(ctx, &podList, client.InNamespace("openshift-gitops")); err != nil { + GinkgoWriter.Println(err) + return false, nil + } + + for _, pod := range podList.Items { + if pod.Status.Phase == corev1.PodRunning { + if strings.Contains(pod.Name, name) { + podName = pod.Name + return true, nil + } + } + } + return false, nil + + }); err != nil { + return "", err + } + + return podName, nil + } + + It("verifies that toolchain versions have the expected values", func() { + +<<<<<<< Updated upstream + // These variables need to be maintained according to the component matrix: https://spaces.redhat.com/display/GITOPS/GitOps+Component+Matrix + expected_kustomizeVersion := "v5.8.1" + expected_helmVersion := "v3.19.4" + expected_argocdVersion := "v3.3.2" + + var expected_dexVersion string + var expected_redisVersion string + + if os.Getenv("CI") == "prow" { + // when running against openshift-ci + expected_dexVersion = "v2.43.0" + expected_redisVersion = "8.2.3" + + } else { + // when running against RC/ released version of gitops + expected_dexVersion = "v2.43.1" + expected_redisVersion = "7.2.11" + } + +======= +>>>>>>> Stashed changes + By("locating pods containing toolchain in openshift-gitops") + + gitops_server_pod, err := getPodName("openshift-gitops-server") + Expect(err).ToNot(HaveOccurred()) + dex_pod, err := getPodName("openshift-gitops-dex-server") + Expect(err).ToNot(HaveOccurred()) + redis_pod, err := getPodName("openshift-gitops-redis") + Expect(err).ToNot(HaveOccurred()) + + serverRoute := &routev1.Route{ObjectMeta: metav1.ObjectMeta{Name: "openshift-gitops-server", Namespace: "openshift-gitops"}} + Eventually(serverRoute).Should(k8sFixture.ExistByName()) + + By("extracting the kustomize version from container") + + kustomizeVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- kustomize version") + + Expect(err).NotTo(HaveOccurred()) + kustomizeVersion = strings.TrimSpace(kustomizeVersion) + + By("extracting the helm version from container") + helmVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- helm version") + Expect(err).NotTo(HaveOccurred()) + + // output format: + // version.BuildInfo{Version:"v3.15.4", GitCommit:"fa9efb07d9d8debbb4306d72af76a383895aa8c4", GitTreeState:"", GoVersion:"go1.22.9 (Red Hat 1.22.9-1.module+el8.10.0+22500+aee717ef)" + helmVersion = helmVersion[strings.Index(helmVersion, "Version:"):] + // After: Version:"v3.15.4" (...) + helmVersion = helmVersion[strings.Index(helmVersion, "\"")+1:] + // After: v3.15.4" (...) + helmVersion = helmVersion[:strings.Index(helmVersion, "\"")] + // After: v3.15.4 + + By("extracting the argo cd server version from container") + argocdVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- argocd version --short --server "+serverRoute.Spec.Host+" --insecure | grep 'argocd-server'") + argocdVersion = strings.ReplaceAll(argocdVersion, "+unknown", "") + // output format: + // argocd-server: v2.13.1+af54ef8 + Expect(err).NotTo(HaveOccurred()) + + // Extract the version from "argocd-server: v3.3.0+af54ef8" and strip the + suffix, + // since the test intent is to match the base version only (ContainSubstring was used previously for this reason). + argocdVersionLine := strings.TrimSpace(argocdVersion) + argocdVersionClean := argocdVersionLine + if idx := strings.LastIndex(argocdVersionLine, " "); idx != -1 { + argocdVersionClean = argocdVersionLine[idx+1:] + } + if idx := strings.Index(argocdVersionClean, "+"); idx != -1 { + argocdVersionClean = argocdVersionClean[:idx] + } + + By("extracting the dex version from container") + dexVersionOutput, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+dex_pod+" -- dex version") + Expect(err).ToNot(HaveOccurred()) + // Output format: + // Defaulted container "dex" out of: dex, copyutil (init) + // Dex Version: v2.41.1-1-ga7854d65 + + var dexVersion string + dexVersionOutputSplit := strings.Split(dexVersionOutput, "\n") + for _, line := range dexVersionOutputSplit { + if strings.Contains(line, "Dex Version:") { + dexVersion = line + dexVersion = dexVersion[strings.Index(dexVersion, ":")+1:] + // After: ' v2.41.1-1-ga7854d65' + dexVersion = strings.TrimSpace(dexVersion) + // After: 'v2.41.1-1-ga7854d65' + break + } + } + Expect(dexVersion).ToNot(BeEmpty()) + + By("extracting the redis version from container") + redisVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+redis_pod+" -- redis-server -v") + // output format: Redis server v=6.2.7 sha=00000000:0 malloc=jemalloc-5.1.0 bits=64 build=5d88ce217879027a + redisVersion = redisVersion[strings.Index(redisVersion, "v=")+2:] + // After: v=6.2.7 (...) + redisVersion = redisVersion[0:strings.Index(redisVersion, " ")] + // After: v=6.2.7 + Expect(err).NotTo(HaveOccurred()) + + By("collecting all toolchain versions") + + collectedVersions := map[string]string{ + "argocd": argocdVersionClean, + "dex": dexVersion, + "helm": helmVersion, + "kustomize": kustomizeVersion, + "redis": redisVersion, + } + + snapshotPath := "../snapshots/valid_toolchain_versions_release.yaml" + if os.Getenv("CI") == "prow" { + snapshotPath = "../snapshots/valid_toolchain_versions_prow.yaml" + } + + if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { + By("updating snapshot file with collected versions") + data, marshalErr := yaml.Marshal(collectedVersions) + Expect(marshalErr).NotTo(HaveOccurred()) + Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) + Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) + } + + By("comparing collected versions against snapshot") + + snapshotData, readErr := os.ReadFile(snapshotPath) + Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) + + var snapshotVersions map[string]string + Expect(yaml.Unmarshal(snapshotData, &snapshotVersions)).To(Succeed()) + + Expect(collectedVersions).To(Equal(snapshotVersions)) + + }) + + }) +}) diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml new file mode 100644 index 00000000000..26dc3f01d60 --- /dev/null +++ b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml @@ -0,0 +1,5 @@ +argocd: v3.3.2 +dex: v2.43.0 +helm: v3.19.4 +kustomize: v5.8.1 +redis: 8.2.3 \ No newline at end of file diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml new file mode 100644 index 00000000000..cc71319548a --- /dev/null +++ b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml @@ -0,0 +1,5 @@ +argocd: v3.3.2 +dex: v2.43.0 +helm: v3.19.4 +kustomize: v5.8.1 +redis: 7.2.11 \ No newline at end of file From 575bbb7bc5b77d5baed454ab159276b6eb8a6028 Mon Sep 17 00:00:00 2001 From: E2E Test Bot Date: Tue, 24 Mar 2026 12:57:07 +0000 Subject: [PATCH 4/8] Update tests for v1.20 --- .../1-121_validate_image_updater_test.go | 29 ++++++++++++------- ...51_validate_argocd_agent_principal_test.go | 17 +++++++---- .../1-052_validate_argocd_agent_agent_test.go | 17 +++++++---- 3 files changed, 42 insertions(+), 21 deletions(-) diff --git a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go index fbe37cce099..8d78f005131 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go @@ -86,8 +86,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) hasPermission := false if err == nil && len(output) > 0 { - // Check if the service account user is already in the users list - // Remove quotes and whitespace for comparison output = strings.TrimSpace(strings.Trim(output, "'\"")) if strings.Contains(output, serviceAccountUser) { hasPermission = true @@ -146,6 +144,12 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { RepoURL: "https://github.com/argoproj-labs/argocd-image-updater/", Path: "test/e2e/testdata/005-public-guestbook", TargetRevision: "HEAD", + // multi-arch image + Kustomize: &appv1alpha1.ApplicationSourceKustomize{ + Images: appv1alpha1.KustomizeImages{ + "quay.io/dkarpele/my-guestbook=quay.io/prometheus/node-exporter:v1.6.0", + }, + }, }, Destination: appv1alpha1.ApplicationDestination{ Server: "https://kubernetes.default.svc", @@ -175,8 +179,9 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { NamePattern: "app*", Images: []imageUpdaterApi.ImageConfig{ { - Alias: "guestbook", - ImageName: "quay.io/dkarpele/my-guestbook:~29437546.0", + Alias: "guestbook", + // Watch for the v1.7.x bumps + ImageName: "quay.io/prometheus/node-exporter:~v1.7.0", CommonUpdateSettings: &imageUpdaterApi.CommonUpdateSettings{ UpdateStrategy: &updateStrategy, }, @@ -188,7 +193,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } Expect(k8sClient.Create(ctx, imageUpdater)).To(Succeed()) - By("ensuring that the Application image has `29437546.0` version after update") + By("ensuring that the Application image has been updated by Image Updater") Eventually(func() string { err := k8sClient.Get(ctx, client.ObjectKeyFromObject(app), app) @@ -197,17 +202,19 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { return "" // Let Eventually retry on error } - // Nil-safe check: The Kustomize block is only added by the Image Updater after its first run. - // We must check that it and its Images field exist before trying to access them. if app.Spec.Source.Kustomize != nil && len(app.Spec.Source.Kustomize.Images) > 0 { - imageStr := string(app.Spec.Source.Kustomize.Images[0]) - GinkgoWriter.Printf("Found Kustomize image: %s\n", imageStr) + // Join all images to handle any appending behaviors + var allImages []string + for _, img := range app.Spec.Source.Kustomize.Images { + allImages = append(allImages, string(img)) + } + imageStr := strings.Join(allImages, ", ") + GinkgoWriter.Printf("Found Kustomize image string: %s\n", imageStr) return imageStr } - // Return an empty string to signify the condition is not yet met. return "" - }, "10m", "10s").Should(Equal("quay.io/dkarpele/my-guestbook:29437546.0"), "Image Updater did not update the Application image within timeout") + }, "10m", "10s").Should(ContainSubstring("v1.7."), "Image Updater did not update the Application image within timeout") }) }) }) diff --git a/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go b/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go index 8477d8cd21d..1eda20fa886 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go @@ -355,7 +355,14 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { container := deploymentFixture.GetTemplateSpecContainerByName(argoCDAgentPrincipalName, *principalDeployment) Expect(container).ToNot(BeNil()) - Expect(container.Image).To(Equal(common.ArgoCDAgentPrincipalDefaultImageName)) + + if fixture.RunningOnOpenShift() { + // downstream + Expect(container.Image).To(ContainSubstring("argocd-agent-rhel9")) + } else { + // Upstream + Expect(container.Image).To(Equal(common.ArgoCDAgentPrincipalDefaultImageName)) + } By("Create required secrets and certificates for principal pod to start properly") @@ -405,7 +412,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { By("Create ArgoCD instance") - argoCD.Spec.ArgoCDAgent.Principal.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.0" + argoCD.Spec.ArgoCDAgent.Principal.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.1" Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) By("Verify expected resources are created for principal pod") @@ -416,7 +423,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { container := deploymentFixture.GetTemplateSpecContainerByName(argoCDAgentPrincipalName, *principalDeployment) Expect(container).ToNot(BeNil()) - Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.5.0")) + Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.5.1")) By("Verify environment variables are set correctly") @@ -435,7 +442,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { ac.Spec.ArgoCDAgent.Principal.LogFormat = "json" ac.Spec.ArgoCDAgent.Principal.Server.KeepAliveMinInterval = "60s" ac.Spec.ArgoCDAgent.Principal.Server.EnableWebSocket = ptr.To(true) - ac.Spec.ArgoCDAgent.Principal.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.1" + ac.Spec.ArgoCDAgent.Principal.Image = "quay.io/argoprojlabs/argocd-agent:v0.6.0" ac.Spec.ArgoCDAgent.Principal.Namespace.AllowedNamespaces = []string{"agent-managed", "agent-autonomous"} ac.Spec.ArgoCDAgent.Principal.Namespace.EnableNamespaceCreate = ptr.To(true) @@ -482,7 +489,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { if container == nil { return false } - return container.Image == "quay.io/argoprojlabs/argocd-agent:v0.5.1" + return container.Image == "quay.io/argoprojlabs/argocd-agent:v0.6.0" }, "120s", "5s").Should(BeTrue(), "Principal deployment should have the updated image") By("verify that deployment is in Ready state") diff --git a/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go b/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go index 1daf0001a69..0b62b6e753d 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go @@ -338,7 +338,14 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { container := deploymentFixture.GetTemplateSpecContainerByName(argoCDAgentAgentName, *agentDeployment) Expect(container).ToNot(BeNil()) - Expect(container.Image).To(Equal(common.ArgoCDAgentAgentDefaultImageName)) + + if fixture.RunningOnOpenShift() { + // downstream + Expect(container.Image).To(ContainSubstring("argocd-agent-rhel9")) + } else { + // Upstream + Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.7.0")) + } By("Verify environment variables are set correctly") @@ -372,7 +379,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { By("Create ArgoCD instance") - argoCD.Spec.ArgoCDAgent.Agent.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.0" + argoCD.Spec.ArgoCDAgent.Agent.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.1" Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) By("Verify expected resources are created for agent pod") @@ -383,7 +390,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { container := deploymentFixture.GetTemplateSpecContainerByName(argoCDAgentAgentName, *agentDeployment) Expect(container).ToNot(BeNil()) - Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.5.0")) + Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.5.1")) By("Verify environment variables are set correctly") @@ -400,7 +407,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { ac.Spec.ArgoCDAgent.Agent.LogLevel = "trace" ac.Spec.ArgoCDAgent.Agent.LogFormat = "json" - ac.Spec.ArgoCDAgent.Agent.Image = "quay.io/argoprojlabs/argocd-agent:v0.5.1" + ac.Spec.ArgoCDAgent.Agent.Image = "quay.io/argoprojlabs/argocd-agent:v0.6.0" ac.Spec.ArgoCDAgent.Agent.Client.KeepAliveInterval = "60s" ac.Spec.ArgoCDAgent.Agent.Client.EnableWebSocket = ptr.To(true) @@ -430,7 +437,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { if container == nil { return false } - return container.Image == "quay.io/argoprojlabs/argocd-agent:v0.5.1" + return container.Image == "quay.io/argoprojlabs/argocd-agent:v0.6.0" }, "120s", "5s").Should(BeTrue(), "Agent deployment should have the updated image") By("Verify environment variables are updated correctly") From 7922ade17766a3660cca920ec85916145103c2f2 Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Wed, 18 Mar 2026 19:27:22 +0100 Subject: [PATCH 5/8] Added fix to validate_permissions_tests, that now is able to filter out CSV to find the one that is not a copy, and compare against easier updated snapshot. Assisted-by: Claude Signed-off-by: Adam Saleh --- .../1-031_validate_toolchain_test.go.orig | 224 ------ .../1-090_validate_permissions_test.go | 672 +----------------- .../snapshots/valid_csv_permissions.yaml | 470 ++++++++++++ 3 files changed, 494 insertions(+), 872 deletions(-) delete mode 100644 test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig create mode 100644 test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig deleted file mode 100644 index 77e77c630f4..00000000000 --- a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go.orig +++ /dev/null @@ -1,224 +0,0 @@ -/* -Copyright 2025. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package parallel - -import ( - "context" - "os" - "path/filepath" - "strings" - "time" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - routev1 "github.com/openshift/api/route/v1" - "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" - k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" - osFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/os" - fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" - "sigs.k8s.io/yaml" - - "sigs.k8s.io/controller-runtime/pkg/client" -) - -var _ = Describe("GitOps Operator Parallel E2E Tests", func() { - - Context("1-031_validate_toolchain", func() { - - var ( - k8sClient client.Client - ) - - BeforeEach(func() { - fixture.EnsureParallelCleanSlate() - k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() - }) - - // getPodName waits for there to exist a running pod with name 'name' in openshift-gitops - getPodName := func(name string) (string, error) { - - var podName string - - if err := wait.PollUntilContextTimeout(context.Background(), time.Second*5, time.Minute*2, true, func(ctx context.Context) (done bool, err error) { - - var podList corev1.PodList - if err := k8sClient.List(ctx, &podList, client.InNamespace("openshift-gitops")); err != nil { - GinkgoWriter.Println(err) - return false, nil - } - - for _, pod := range podList.Items { - if pod.Status.Phase == corev1.PodRunning { - if strings.Contains(pod.Name, name) { - podName = pod.Name - return true, nil - } - } - } - return false, nil - - }); err != nil { - return "", err - } - - return podName, nil - } - - It("verifies that toolchain versions have the expected values", func() { - -<<<<<<< Updated upstream - // These variables need to be maintained according to the component matrix: https://spaces.redhat.com/display/GITOPS/GitOps+Component+Matrix - expected_kustomizeVersion := "v5.8.1" - expected_helmVersion := "v3.19.4" - expected_argocdVersion := "v3.3.2" - - var expected_dexVersion string - var expected_redisVersion string - - if os.Getenv("CI") == "prow" { - // when running against openshift-ci - expected_dexVersion = "v2.43.0" - expected_redisVersion = "8.2.3" - - } else { - // when running against RC/ released version of gitops - expected_dexVersion = "v2.43.1" - expected_redisVersion = "7.2.11" - } - -======= ->>>>>>> Stashed changes - By("locating pods containing toolchain in openshift-gitops") - - gitops_server_pod, err := getPodName("openshift-gitops-server") - Expect(err).ToNot(HaveOccurred()) - dex_pod, err := getPodName("openshift-gitops-dex-server") - Expect(err).ToNot(HaveOccurred()) - redis_pod, err := getPodName("openshift-gitops-redis") - Expect(err).ToNot(HaveOccurred()) - - serverRoute := &routev1.Route{ObjectMeta: metav1.ObjectMeta{Name: "openshift-gitops-server", Namespace: "openshift-gitops"}} - Eventually(serverRoute).Should(k8sFixture.ExistByName()) - - By("extracting the kustomize version from container") - - kustomizeVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- kustomize version") - - Expect(err).NotTo(HaveOccurred()) - kustomizeVersion = strings.TrimSpace(kustomizeVersion) - - By("extracting the helm version from container") - helmVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- helm version") - Expect(err).NotTo(HaveOccurred()) - - // output format: - // version.BuildInfo{Version:"v3.15.4", GitCommit:"fa9efb07d9d8debbb4306d72af76a383895aa8c4", GitTreeState:"", GoVersion:"go1.22.9 (Red Hat 1.22.9-1.module+el8.10.0+22500+aee717ef)" - helmVersion = helmVersion[strings.Index(helmVersion, "Version:"):] - // After: Version:"v3.15.4" (...) - helmVersion = helmVersion[strings.Index(helmVersion, "\"")+1:] - // After: v3.15.4" (...) - helmVersion = helmVersion[:strings.Index(helmVersion, "\"")] - // After: v3.15.4 - - By("extracting the argo cd server version from container") - argocdVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+gitops_server_pod+" -- argocd version --short --server "+serverRoute.Spec.Host+" --insecure | grep 'argocd-server'") - argocdVersion = strings.ReplaceAll(argocdVersion, "+unknown", "") - // output format: - // argocd-server: v2.13.1+af54ef8 - Expect(err).NotTo(HaveOccurred()) - - // Extract the version from "argocd-server: v3.3.0+af54ef8" and strip the + suffix, - // since the test intent is to match the base version only (ContainSubstring was used previously for this reason). - argocdVersionLine := strings.TrimSpace(argocdVersion) - argocdVersionClean := argocdVersionLine - if idx := strings.LastIndex(argocdVersionLine, " "); idx != -1 { - argocdVersionClean = argocdVersionLine[idx+1:] - } - if idx := strings.Index(argocdVersionClean, "+"); idx != -1 { - argocdVersionClean = argocdVersionClean[:idx] - } - - By("extracting the dex version from container") - dexVersionOutput, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+dex_pod+" -- dex version") - Expect(err).ToNot(HaveOccurred()) - // Output format: - // Defaulted container "dex" out of: dex, copyutil (init) - // Dex Version: v2.41.1-1-ga7854d65 - - var dexVersion string - dexVersionOutputSplit := strings.Split(dexVersionOutput, "\n") - for _, line := range dexVersionOutputSplit { - if strings.Contains(line, "Dex Version:") { - dexVersion = line - dexVersion = dexVersion[strings.Index(dexVersion, ":")+1:] - // After: ' v2.41.1-1-ga7854d65' - dexVersion = strings.TrimSpace(dexVersion) - // After: 'v2.41.1-1-ga7854d65' - break - } - } - Expect(dexVersion).ToNot(BeEmpty()) - - By("extracting the redis version from container") - redisVersion, err := osFixture.ExecCommand("bash", "-c", "oc -n openshift-gitops exec "+redis_pod+" -- redis-server -v") - // output format: Redis server v=6.2.7 sha=00000000:0 malloc=jemalloc-5.1.0 bits=64 build=5d88ce217879027a - redisVersion = redisVersion[strings.Index(redisVersion, "v=")+2:] - // After: v=6.2.7 (...) - redisVersion = redisVersion[0:strings.Index(redisVersion, " ")] - // After: v=6.2.7 - Expect(err).NotTo(HaveOccurred()) - - By("collecting all toolchain versions") - - collectedVersions := map[string]string{ - "argocd": argocdVersionClean, - "dex": dexVersion, - "helm": helmVersion, - "kustomize": kustomizeVersion, - "redis": redisVersion, - } - - snapshotPath := "../snapshots/valid_toolchain_versions_release.yaml" - if os.Getenv("CI") == "prow" { - snapshotPath = "../snapshots/valid_toolchain_versions_prow.yaml" - } - - if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { - By("updating snapshot file with collected versions") - data, marshalErr := yaml.Marshal(collectedVersions) - Expect(marshalErr).NotTo(HaveOccurred()) - Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) - Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) - } - - By("comparing collected versions against snapshot") - - snapshotData, readErr := os.ReadFile(snapshotPath) - Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) - - var snapshotVersions map[string]string - Expect(yaml.Unmarshal(snapshotData, &snapshotVersions)).To(Succeed()) - - Expect(collectedVersions).To(Equal(snapshotVersions)) - - }) - - }) -}) diff --git a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go index a47de6eb3fa..1c01a21540b 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go @@ -19,6 +19,8 @@ package parallel import ( "context" "fmt" + "os" + "path/filepath" "strings" . "github.com/onsi/ginkgo/v2" @@ -59,652 +61,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { return } - By("checking that the expected CSV matches the actual CSV on the cluster") - - csvString := ` -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: openshift-gitops-operator.v1.16.0 - namespace: openshift-operators -spec: - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - persistentvolumeclaims - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - - resourcequotas - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - - podtemplates - - replicasets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resourceNames: - - gitops-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - argocds - - argocds/finalizers - - argocds/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - clusteranalysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - notificationsconfigurations - - notificationsconfigurations/finalizers - verbs: - - '*' - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/finalizers - verbs: - - update - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/status - verbs: - - get - - patch - - update - - apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/finalizers - - rollouts/scale - - rollouts/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - config.openshift.io - resources: - - clusterversions - verbs: - - get - - list - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleclidownloads - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consolelinks - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update - - apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - get - - list - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - watch - - apiGroups: - - getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - - prometheusrules - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - virtualservices - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - oauth.openshift.io - resources: - - oauthclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - operators.coreos.com - resources: - - clusterserviceversions - - operatorgroups - - subscriptions - verbs: - - create - - get - - list - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/finalizers - verbs: - - update - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/status - verbs: - - get - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - get - - patch - - update - - watch - - apiGroups: - - template.openshift.io - resources: - - templateconfigs - - templateinstances - - templates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - traefik.containo.us - resources: - - traefikservices - verbs: - - get - - update - - watch - - apiGroups: - - x.getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create` - - expectedCsv := &olmv1alpha1.ClusterServiceVersion{} - - Expect(yaml.UnmarshalStrict([]byte(csvString), expectedCsv)).To(Succeed()) - By("looking for a ClusterServiceVersion for openshift-gitops across all namespaces") gitopsCSVsFound := []olmv1alpha1.ClusterServiceVersion{} var csvList olmv1alpha1.ClusterServiceVersionList @@ -712,6 +68,10 @@ spec: for index := range csvList.Items { csv := csvList.Items[index] if strings.Contains(csv.Name, "openshift-gitops-operator") { + // OLM copies CSVs to other namespaces; skip those copies + if _, copied := csv.Labels["olm.copiedFrom"]; copied { + continue + } gitopsCSVsFound = append(gitopsCSVsFound, csv) } } @@ -730,9 +90,25 @@ spec: Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions[0].ServiceAccountName = "" - Expect(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) + snapshotPath := "../snapshots/valid_csv_permissions.yaml" + + if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { + By("updating snapshot file with actual CSV cluster permissions") + data, marshalErr := yaml.Marshal(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions) + Expect(marshalErr).NotTo(HaveOccurred()) + Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) + Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) + } + + By("checking that the expected CSV cluster permissions match the actual CSV on the cluster") + + snapshotData, readErr := os.ReadFile(snapshotPath) + Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) + + var snapshotPermissions []olmv1alpha1.StrategyDeploymentPermissions + Expect(yaml.Unmarshal(snapshotData, &snapshotPermissions)).To(Succeed()) - Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions)) + Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(snapshotPermissions)) By("checking that the specific fields in gitopsservices.pipelines.openshift.io CRD that we are looking for are present and have the expected values") diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml new file mode 100644 index 00000000000..0b594f012fd --- /dev/null +++ b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml @@ -0,0 +1,470 @@ +- rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - podtemplates + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resourceNames: + - gitops-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps.openshift.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - analysistemplates + - clusteranalysistemplates + - experiments + - experiments/finalizers + - namespacemanagements + - namespacemanagements/status + - rollouts + - rollouts/finalizers + - rollouts/scale + - rollouts/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - argocds + - argocds/finalizers + - argocds/status + - rolloutmanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - notificationsconfigurations + - notificationsconfigurations/finalizers + verbs: + - '*' + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/finalizers + verbs: + - update + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - authentications + - clusterversions + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - console.openshift.io + resources: + - consoleclidownloads + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - get + - list + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - ambassadormappings + - mappings + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - virtualservices + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - operatorgroups + - subscriptions + verbs: + - create + - get + - list + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - '*' + - gitopsservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/finalizers + verbs: + - update + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - '*' + - clusterrolebindings + - clusterroles + verbs: + - bind + - create + - delete + - deletecollection + - escalate + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - '*' + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - get + - patch + - update + - watch + - apiGroups: + - template.openshift.io + resources: + - templateconfigs + - templateinstances + - templates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - get + - update + - watch + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: "" From 3f59e1777f2c47687fd6f2f2f65e5fa996bb5cb6 Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Sun, 5 Apr 2026 19:00:41 +0200 Subject: [PATCH 6/8] Updated versions for testing. Signed-off-by: Adam Saleh --- .../e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml | 2 +- .../e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml index 26dc3f01d60..34ced9b6293 100644 --- a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml +++ b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_prow.yaml @@ -1,5 +1,5 @@ argocd: v3.3.2 -dex: v2.43.0 +dex: v2.43.1 helm: v3.19.4 kustomize: v5.8.1 redis: 8.2.3 \ No newline at end of file diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml index cc71319548a..61f481dc5dd 100644 --- a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml +++ b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml @@ -1,5 +1,5 @@ argocd: v3.3.2 -dex: v2.43.0 +dex: v2.43.1 helm: v3.19.4 kustomize: v5.8.1 redis: 7.2.11 \ No newline at end of file From f0a834553fab359d9102444159bcbc08dc1c48b6 Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Thu, 9 Apr 2026 16:08:00 +0200 Subject: [PATCH 7/8] Updated toolchain to match catalog tests. --- .../e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml index 61f481dc5dd..5d8f3ae094b 100644 --- a/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml +++ b/test/openshift/e2e/ginkgo/snapshots/valid_toolchain_versions_release.yaml @@ -1,4 +1,4 @@ -argocd: v3.3.2 +argocd: v3.3.6 dex: v2.43.1 helm: v3.19.4 kustomize: v5.8.1 From 247dd0c2eadb9fba56247623ce57201b3b066e5b Mon Sep 17 00:00:00 2001 From: Adam Saleh Date: Sat, 11 Apr 2026 10:06:28 +0200 Subject: [PATCH 8/8] Adding a wait for new rollout in the verifyTLS test Signed-off-by: Adam Saleh --- .../openshift/e2e/ginkgo/fixture/deployment/fixture.go | 10 ++++++++++ .../parallel/1-023_validate_repo_server_tls_test.go | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go b/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go index c3247d93eb7..e346902d0fc 100644 --- a/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go +++ b/test/openshift/e2e/ginkgo/fixture/deployment/fixture.go @@ -274,6 +274,16 @@ func HaveReadyReplicas(readyReplicas int) matcher.GomegaMatcher { }) } +func HaveAllReplicasReady() matcher.GomegaMatcher { + return fetchDeployment(func(depl *appsv1.Deployment) bool { + GinkgoWriter.Println("Deployment", depl.Name, "- HaveAllReplicasReady:", "replicas:", depl.Status.Replicas, "ready:", depl.Status.ReadyReplicas, "updated:", depl.Status.UpdatedReplicas) + return depl.Generation == depl.Status.ObservedGeneration && + depl.Status.Replicas > 0 && + depl.Status.ReadyReplicas == depl.Status.Replicas && + depl.Status.UpdatedReplicas == depl.Status.Replicas + }) +} + func HaveUpdatedReplicas(updatedReplicas int) matcher.GomegaMatcher { return fetchDeployment(func(depl *appsv1.Deployment) bool { GinkgoWriter.Println("Deployment HaveUpdatedReplicas:", "expected: ", updatedReplicas, "actual: ", depl.Status.UpdatedReplicas) diff --git a/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go b/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go index b3f066790d9..d4ae1b427ff 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-023_validate_repo_server_tls_test.go @@ -28,6 +28,7 @@ import ( "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" appFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/application" argocdFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/argocd" + deplFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/deployment" k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" appsv1 "k8s.io/api/apps/v1" @@ -118,6 +119,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { }).Should(BeTrue()) + By("waiting for argocd-server deployment rollout to complete after verifyTLS change") + serverDepl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "argocd-server", Namespace: nsTest_1_23_custom.Name}} + Eventually(serverDepl, "3m", "5s").Should(deplFixture.HaveAllReplicasReady()) + By("ensuring we can deploy to the namespace via the ArgoCD instance") app := &argocdv1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{Name: "guestbook", Namespace: nsTest_1_23_custom.Name},