Added E2E tests for role ownership validation#1208
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (4)
🔗 Linked repositories identifiedCodeRabbit considers these linked repositories for cross-repo context during reviews:
🚧 Files skipped from review as they are similar to previous changes (4)
📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds four sequential OpenShift Ginkgo E2E tests covering stable cluster-scoped RBAC ownership for default Argo CD components, agents, agent principals, and Image Updater across multiple ArgoCD reconciliations. ChangesRole ownership E2E tests
Estimated code review effort: 4 (Complex) | ~45 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent.go (1)
69-106: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winDuplicated agent spec configuration violates DRY.
The
ArgoCDAgentspec block (lines 81-104) is repeated almost verbatim at lines 198-221, with only the instance name and Redis address differing. Extract a helper function to build the agent spec to prevent divergence.♻️ Extract a helper for the agent spec
+func buildAgentSpec(name string) *argov1beta1api.ArgoCDAgentSpec { + return &argov1beta1api.ArgoCDAgentSpec{ + Agent: &argov1beta1api.AgentSpec{ + Enabled: ptr.To(true), + Creds: "mtls:any", + LogLevel: "info", + LogFormat: "text", + Client: &argov1beta1api.AgentClientSpec{ + PrincipalServerAddress: "argocd-agent-principal.example.com", + PrincipalServerPort: "443", + Mode: string(argov1beta1api.AgentModeManaged), + EnableWebSocket: ptr.To(false), + EnableCompression: ptr.To(false), + KeepAliveInterval: "30s", + }, + TLS: &argov1beta1api.AgentTLSSpec{ + SecretName: agentClientTLSSecretName, + RootCASecretName: agentRootCASecretName, + Insecure: ptr.To(false), + }, + Redis: &argov1beta1api.AgentRedisSpec{ + ServerAddress: fmt.Sprintf("%s-redis:%d", name, common.ArgoCDDefaultRedisPort), + }, + }, + } +}Then use it in both places:
// In BeforeEach (line 81) - ArgoCDAgent: &argov1beta1api.ArgoCDAgentSpec{ - Agent: &argov1beta1api.AgentSpec{ - ... - }, - }, + ArgoCDAgent: buildAgentSpec("argocd-agent"), // In It block (line 198) - ArgoCDAgent: &argov1beta1api.ArgoCDAgentSpec{ - Agent: &argov1beta1api.AgentSpec{ - ... - }, - }, + ArgoCDAgent: buildAgentSpec("argocd-agent-argocd"),Also applies to: 186-223
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent.go` around lines 69 - 106, The ArgoCDAgent configuration is duplicated in multiple test setups, so extract the repeated AgentSpec construction into a helper and reuse it in both places. Create a small builder/helper near the test cases that assembles the common AgentSpec fields, then pass in the few varying values like the instance name and Redis server address from the duplicated ArgoCD spec blocks. Keep the existing ArgoCD, ArgoCDAgent, and AgentClientSpec usage intact while replacing the repeated inline literal with the shared helper.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal.go`:
- Around line 311-322: The namespace-scoped reuse block is missing an update for
principalNetworkPolicy, so it can still point at the original namespace when
verifyExpectedResourcesExist runs. In the setup where argoCD, serviceAccount,
role, roleBinding, principalDeployment, and principalRoute are reassigned to
nsScoped.Name, also set principalNetworkPolicy.Namespace to nsScoped.Name so all
scoped resources stay consistent.
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go`:
- Around line 84-99: The SCC permission check in the role ownership validation
is using the wrong `oc auth can-i` result handling, since `ExecCommand` returns
"yes"/"no" rather than a service account name, so update the logic in the
`default` service account block to compare the trimmed output against "yes" and
only call `add-scc-to-user` when needed. Also extract this repeated
permission-check-and-add flow into a shared helper used by both namespace blocks
to remove the duplicated code in the validation test.
- Line 158: The SCC grant for the second image updater instance is using the
wrong namespace variable, so the permission is applied to the first namespace
instead of the second one. Update the `ExecCommand` call in
`validate_role_ownership_image_updater.go` so the `add-scc-to-user` command
targets the `default` service account in `ns1.Name`, matching the
`system:serviceaccount:<ns1.Name>:default` user used for the second instance.
Keep the first instance unchanged and ensure the second instance’s SCC
assignment references the same namespace as its deployment.
- Around line 62-78: The AfterEach cleanup contains dead code because
defaultArgocd and imageUpdater are never assigned anywhere in this test, so the
cleanup branches never run. Remove the unused defaultArgocd/imageUpdater
declarations and delete the corresponding cleanup blocks in AfterEach, and also
drop the now-unused imageUpdaterApi import so the test only keeps real
setup/teardown paths.
In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership.go`:
- Line 52: The imageUpdaterControllerClusterRoleBindingName constant is
truncated and does not match the actual ClusterRoleBinding name used elsewhere
in the test. Update imageUpdaterControllerClusterRoleBindingName in
validate_role_ownership.go to use the full
openshift-gitops-openshift-gitops-argocd-image-updater-controller value so it
stays consistent with the related ClusterRole constant and the object referenced
later in the test.
---
Nitpick comments:
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent.go`:
- Around line 69-106: The ArgoCDAgent configuration is duplicated in multiple
test setups, so extract the repeated AgentSpec construction into a helper and
reuse it in both places. Create a small builder/helper near the test cases that
assembles the common AgentSpec fields, then pass in the few varying values like
the instance name and Redis server address from the duplicated ArgoCD spec
blocks. Keep the existing ArgoCD, ArgoCDAgent, and AgentClientSpec usage intact
while replacing the repeated inline literal with the shared helper.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 0b34271d-6b78-4426-a2f0-128fbd921916
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (5)
go.modtest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
argoproj-labs/argocd-operator(manual)
| By("ensuring default service account has anyuid SCC permission") | ||
| serviceAccountUser := "system:serviceaccount:" + ns.Name + ":default" | ||
| output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) | ||
| hasPermission := false | ||
| if err == nil && len(output) > 0 { | ||
| // Check if the service account user is already in the users list | ||
| // Remove quotes and whitespace for comparison | ||
| output = strings.TrimSpace(strings.Trim(output, "'\"")) | ||
| if strings.Contains(output, serviceAccountUser) { | ||
| hasPermission = true | ||
| } | ||
| } | ||
| if !hasPermission { | ||
| _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns.Name) | ||
| Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account") | ||
| } |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Incorrect SCC permission check logic and duplicated code.
oc auth can-i returns "yes" or "no", but the code checks strings.Contains(output, serviceAccountUser), which will never match. hasPermission is therefore always false and the SCC is always redundantly added. The check should compare against "yes". Additionally, this logic is duplicated for both namespaces.
🔧 Fix check logic and extract helper
+ checkAndGrantAnyuidSCC := func(namespace string) {
+ serviceAccountUser := "system:serviceaccount:" + namespace + ":default"
+ output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser)
+ if err == nil && strings.EqualFold(strings.TrimSpace(output), "yes") {
+ return
+ }
+ _, err = osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", namespace)
+ Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account")
+ }Then replace both duplicated blocks:
- By("ensuring default service account has anyuid SCC permission")
- serviceAccountUser := "system:serviceaccount:" + ns.Name + ":default"
- output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser)
- hasPermission := false
- if err == nil && len(output) > 0 {
- output = strings.TrimSpace(strings.Trim(output, "'\""))
- if strings.Contains(output, serviceAccountUser) {
- hasPermission = true
- }
- }
- if !hasPermission {
- _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns.Name)
- Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account")
- }
+ By("ensuring default service account has anyuid SCC permission")
+ checkAndGrantAnyuidSCC(ns.Name)And for the second namespace:
- By("ensuring default service account has anyuid SCC permission")
- serviceAccountUser = "system:serviceaccount:" + ns1.Name + ":default"
- output, err = osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser)
- hasPermission = false
- if err == nil && len(output) > 0 {
- output = strings.TrimSpace(strings.Trim(output, "'\""))
- if strings.Contains(output, serviceAccountUser) {
- hasPermission = true
- }
- }
- if !hasPermission {
- _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns.Name)
- Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account")
- }
+ By("ensuring default service account has anyuid SCC permission")
+ checkAndGrantAnyuidSCC(ns1.Name)Also applies to: 145-160
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go`
around lines 84 - 99, The SCC permission check in the role ownership validation
is using the wrong `oc auth can-i` result handling, since `ExecCommand` returns
"yes"/"no" rather than a service account name, so update the logic in the
`default` service account block to compare the trimmed output against "yes" and
only call `add-scc-to-user` when needed. Also extract this repeated
permission-check-and-add flow into a shared helper used by both namespace blocks
to remove the duplicated code in the validation test.
There was a problem hiding this comment.
♻️ Duplicate comments (1)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go (1)
313-317: 🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick winMissing
principalNetworkPolicy.Namespaceupdate for scoped instance.When reusing
argoCDfor the namespace-scoped instance, the namespaces ofserviceAccount,role,roleBinding,principalDeployment, andprincipalRouteare updated tonsScoped.Name, butprincipalNetworkPolicy.Namespaceis not. While the current test flow doesn't callverifyExpectedResourcesExistfor the scoped namespace, this inconsistency could cause failures if the test is extended.🔧 Add missing namespace update
serviceAccount.Namespace = nsScoped.Name role.Namespace = nsScoped.Name roleBinding.Namespace = nsScoped.Name principalDeployment.Namespace = nsScoped.Name principalRoute.Namespace = nsScoped.Name + principalNetworkPolicy.Namespace = nsScoped.Name🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go` around lines 313 - 317, The namespace-scoped reuse block is missing the Namespace update for principalNetworkPolicy, leaving it inconsistent with serviceAccount, role, roleBinding, principalDeployment, and principalRoute. Update principalNetworkPolicy.Namespace alongside the other reused resources in the scoped-instance setup so all principal resources point to nsScoped.Name. Use the existing namespace reassignment block in the test and the principalNetworkPolicy symbol to locate the fix.
🧹 Nitpick comments (2)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go (1)
189-201: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRemove duplicate
principalNetworkPolicyassignment.
principalNetworkPolicyis assigned twice with identical metadata (lines 189–194 and 196–201). The second assignment is dead code and should be removed.♻️ Proposed fix
principalNetworkPolicy = &networkingv1.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: fmt.Sprintf("%s-agent-principal-network-policy", argoCDName), Namespace: ns.Name, }, } - - principalNetworkPolicy = &networkingv1.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%s-agent-principal-network-policy", argoCDName), - Namespace: ns.Name, - }, - }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go` around lines 189 - 201, Remove the duplicate principalNetworkPolicy initialization in the validation test: the second assignment to principalNetworkPolicy in the same block is identical to the first and should be deleted. Keep the single NetworkPolicy construction near the existing principalNetworkPolicy symbol so the test only creates it once.test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent_test.go (1)
133-142: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueMisleading
Bymessage for Service type assertion.The
Bymessage says "LoadBalancer or ClusterIP depending on which service," but the assertion on line 142 unconditionally expects"ClusterIP". This message is stale or copy-pasted from a different test and should be corrected to avoid confusion.♻️ Proposed fix
- By("verifying Service '" + serviceName + "' exists and is a LoadBalancer or ClusterIP depending on which service") + By("verifying Service '" + serviceName + "' exists and is a ClusterIP")🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent_test.go` around lines 133 - 142, The `By` description around the Service assertion is stale and does not match the actual check in this test. Update the message near the `service`/`Expect(string(service.Spec.Type))` assertion so it accurately states that the Service is expected to be `ClusterIP` here, or otherwise align the assertion with the intended service type logic if this test should vary by service name.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go`:
- Around line 313-317: The namespace-scoped reuse block is missing the Namespace
update for principalNetworkPolicy, leaving it inconsistent with serviceAccount,
role, roleBinding, principalDeployment, and principalRoute. Update
principalNetworkPolicy.Namespace alongside the other reused resources in the
scoped-instance setup so all principal resources point to nsScoped.Name. Use the
existing namespace reassignment block in the test and the principalNetworkPolicy
symbol to locate the fix.
---
Nitpick comments:
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent_test.go`:
- Around line 133-142: The `By` description around the Service assertion is
stale and does not match the actual check in this test. Update the message near
the `service`/`Expect(string(service.Spec.Type))` assertion so it accurately
states that the Service is expected to be `ClusterIP` here, or otherwise align
the assertion with the intended service type logic if this test should vary by
service name.
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go`:
- Around line 189-201: Remove the duplicate principalNetworkPolicy
initialization in the validation test: the second assignment to
principalNetworkPolicy in the same block is identical to the first and should be
deleted. Keep the single NetworkPolicy construction near the existing
principalNetworkPolicy symbol so the test only creates it once.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: dda076d9-4a99-4473-b7c8-d7793fab4e54
📒 Files selected for processing (2)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_agent_test.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
argoproj-labs/argocd-operator(manual)
There was a problem hiding this comment.
♻️ Duplicate comments (1)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go (1)
72-87: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winSCC permission check logic still incorrect — previously flagged but unaddressed.
oc auth can-i use scc/anyuid --as <user>returns"yes"or"no", but the code checksstrings.Contains(output, serviceAccountUser), which will never match.hasPermissionis therefore alwaysfalseand the SCC is always redundantly added. This was flagged in a prior review and remains unfixed. The duplicated logic across both namespace blocks is also still present.🔧 Fix check logic and extract helper
+ checkAndGrantAnyuidSCC := func(namespace string) { + serviceAccountUser := "system:serviceaccount:" + namespace + ":default" + output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) + if err == nil && strings.EqualFold(strings.TrimSpace(output), "yes") { + return + } + _, err = osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", namespace) + Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account") + }Then replace both duplicated blocks:
By("ensuring default service account has anyuid SCC permission") - serviceAccountUser := "system:serviceaccount:" + ns.Name + ":default" - output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) - hasPermission := false - if err == nil && len(output) > 0 { - // Check if the service account user is already in the users list - // Remove quotes and whitespace for comparison - output = strings.TrimSpace(strings.Trim(output, "'\"")) - if strings.Contains(output, serviceAccountUser) { - hasPermission = true - } - } - if !hasPermission { - _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns.Name) - Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account") - } + checkAndGrantAnyuidSCC(ns.Name)And for the second namespace:
By("ensuring default service account has anyuid SCC permission") - serviceAccountUser = "system:serviceaccount:" + ns1.Name + ":default" - output, err = osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) - hasPermission = false - if err == nil && len(output) > 0 { - // Check if the service account user is already in the users list - // Remove quotes and whitespace for comparison - output = strings.TrimSpace(strings.Trim(output, "'\"")) - if strings.Contains(output, serviceAccountUser) { - hasPermission = true - } - } - if !hasPermission { - _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns1.Name) - Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account") - } + checkAndGrantAnyuidSCC(ns1.Name)Also applies to: 133-148
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go` around lines 72 - 87, The SCC permission check in the repeated namespace blocks is still wrong: `oc auth can-i use scc/anyuid --as ...` returns a yes/no response, so the `strings.Contains(output, serviceAccountUser)` test in this flow will never succeed. Update the logic around `osFixture.ExecCommand`, `hasPermission`, and the `add-scc-to-user` fallback to inspect the returned yes/no value correctly, and extract the duplicated check into a helper so both namespace sections use the same fixed implementation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In
`@test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go`:
- Around line 72-87: The SCC permission check in the repeated namespace blocks
is still wrong: `oc auth can-i use scc/anyuid --as ...` returns a yes/no
response, so the `strings.Contains(output, serviceAccountUser)` test in this
flow will never succeed. Update the logic around `osFixture.ExecCommand`,
`hasPermission`, and the `add-scc-to-user` fallback to inspect the returned
yes/no value correctly, and extract the duplicated check into a helper so both
namespace sections use the same fixed implementation.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 8bdf037c-1195-43f4-baf2-0ac283e04b69
📒 Files selected for processing (3)
test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.gotest/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_image_updater.go
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
argoproj-labs/argocd-operator(manual)
💤 Files with no reviewable changes (1)
- test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership.go
🚧 Files skipped from review as they are similar to previous changes (1)
- test/openshift/e2e/ginkgo/sequential/1-125_validate_role_ownership_agent_principal_test.go
|
@coderabbitai full review |
✅ Action performedFull review finished. Your plan includes PR reviews subject to rate limits. More reviews will be available in 55 seconds. |
|
/retest |
…ator ref Signed-off-by: Alka Kumari <alkumari@redhat.com>
Signed-off-by: Alka Kumari <alkumari@redhat.com>
Signed-off-by: Alka Kumari <alkumari@redhat.com>
Signed-off-by: Alka Kumari <alkumari@redhat.com>
5441d56 to
c6e32a4
Compare
|
/retest |
1 similar comment
|
/retest |
|
@alkakumari016: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
What type of PR is this?
What does this PR do / why we need it:
Change git ref for argocd operator and adds E2E tests for role ownership validation
Have you updated the necessary documentation?
Which issue(s) this PR fixes:
Fixes #?
Test acceptance criteria:
How to test changes / Special notes to the reviewer: