POC: move one test to HCO API v1

[nunnatsa]

Short description:

HCO is transitioning from v1beta1 to v1 API. The v1 API introduces a restructured spec where fields are grouped under domain-specific sections (e.g. security, virtualization, networking).

This PR is a proof of concept for the migration, applying the v1 API to a single test. It switches
test_set_hco_crypto_failed_without_required_cipher to use the V1 API version
field.

More details:

This PR also added some preparations for moving to HCO v1 API:

• Adds the api_version parameter to the get_hyperconverged_resource function
• Defines the HCOV1SpecFields constants for the new spec structure
• Forwards indirect parametrize kwargs from fixtures to get_hyperconverged_resource, enabling tests to select the API version

Which issue(s) this PR fixes:

POC for the implementation of https://redhat.atlassian.net/browse/CNV-86253

jira-ticket:

https://redhat.atlassian.net/browse/CNV-86253

Summary by CodeRabbit

• Tests

  • Updated test fixtures and infrastructure to support API version parameterization for enhanced flexibility in testing scenarios

• Improvements

  • Restructured TLS security profile configuration to properly nest security settings under the dedicated security specification section
  • Enhanced API version handling capabilities for better compatibility with various HyperConverged resource deployments

[coderabbitai]

Warning

Rate limit exceeded

@nunnatsa has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 34 minutes and 43 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 546e6d4a-4787-4372-88a0-faf97d16e93a

📥 Commits

Reviewing files that changed from the base of the PR and between c63d0fb and 07d422a.

📒 Files selected for processing (4)

• tests/conftest.py
• tests/install_upgrade_operators/crypto_policy/test_hco_custom_profile_negative.py
• utilities/constants.py
• utilities/infra.py

📝 Walkthrough

Walkthrough

Five pytest fixtures in tests/conftest.py are updated to accept a request parameter and forward parametrization to get_hyperconverged_resource. A new HCOV1SpecFields constant class defines HCO v1 spec field keys. get_hyperconverged_resource in utilities/infra.py now accepts an optional api_version parameter. TLS security profile tests are updated to parametrize for HCO v1 API and nest payloads under spec.security.

Changes

Parameterized Fixture Architecture with HCO v1 Spec Fields

Layer / File(s)	Summary
Constants Definition utilities/constants.py	New HCOV1SpecFields class defines HCO v1 spec section keys as string constants (SECURITY, FEATURE_GATES, VIRTUALIZATION, etc.).
Infrastructure API utilities/infra.py	get_hyperconverged_resource now accepts optional api_version parameter (defaults to V1BETA1) and uses it to set hco.api_version instead of hard-coding.
Test Fixture Parametrization tests/conftest.py	All five hyperconverged_resource_scope_* fixtures (function, class, module, package, session) now accept request parameter and forward getattr(request, "param", {}) as keyword arguments to get_hyperconverged_resource, enabling indirect parametrization.
Test Implementation tests/install_upgrade_operators/crypto_policy/test_hco_custom_profile_negative.py	Tests import HCOV1SpecFields and add pytest.mark.parametrize decorators to force HyperConverged.ApiVersion.V1. TLS spec payloads are restructured to nest tlsSecurityProfile under HCOV1SpecFields.SECURITY within the spec object instead of at the top level.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.11% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: migrating a single test to use HCO API v1 as a proof of concept.
Description check	✅ Passed	The description covers all required sections with sufficient detail: short summary, more details about the POC and preparations, issue reference, and jira ticket link.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 34 minutes and 43 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot-2]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest verify-bugs-are-open - verify-bugs-are-open
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
5. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• dshchedr
• myakove
• rnetser
• vsibirsk

Reviewers:

• OhadRevah
• RoniKishner
• albarker-rh
• dshchedr
• geetikakay
• hmeir
• rlobillo
• rnetser
• vsibirsk

Available Labels

• hold
• verified
• wip
• lgtm
• approve

AI Features

• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.67%. Comparing base (b4ad2e0) to head (07d422a).
⚠️ Report is 112 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4695      +/-   ##
==========================================
+ Coverage   98.63%   98.67%   +0.03%     
==========================================
  Files          25       25              
  Lines        2420     2491      +71     
==========================================
+ Hits         2387     2458      +71     
  Misses         33       33              

Flag	Coverage Δ
utilities	98.67% <100.00%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-virtualization-qe-bot-2]

Clean rebase detected — no code changes compared to previous head (c63d0fb).

[openshift-virtualization-qe-bot]

Clean rebase detected — no code changes compared to previous head (280b4ba).

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/conftest.py`:
- Around line 1168-1202: Each hyperconverged_resource fixture
(hyperconverged_resource_scope_function, hyperconverged_resource_scope_class,
hyperconverged_resource_scope_module, hyperconverged_resource_scope_package,
hyperconverged_resource_scope_session) should stop splatting request.param;
instead explicitly extract supported keys (at minimum api_version =
getattr(request, "param", {}).get("api_version")) and pass only those named
arguments to get_hyperconverged_resource(client=admin_client,
hco_ns_name=hco_namespace.name, api_version=api_version) (and add any other
allowed params explicitly), leaving out unknown keys so typos or unexpected
params don’t get forwarded.

In `@utilities/infra.py`:
- Around line 610-617: add explicit type annotations to
get_hyperconverged_resource: annotate parameters (client: Any, hco_ns_name: str,
*, api_version: HyperConverged.ApiVersion = HyperConverged.ApiVersion.V1BETA1)
and the return type as HyperConverged; import Any from typing and make
api_version a keyword-only parameter by adding a leading * in the signature;
ensure the function body remains the same but update the signature to def
get_hyperconverged_resource(client: Any, hco_ns_name: str, *, api_version:
HyperConverged.ApiVersion = HyperConverged.ApiVersion.V1BETA1) -> HyperConverged
so mypy can validate callers and the new public argument.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 73247a6f-624f-4f60-9a80-97aa58d4d53a

📥 Commits

Reviewing files that changed from the base of the PR and between 6206af2 and c63d0fb.

📒 Files selected for processing (4)

• tests/conftest.py
• tests/install_upgrade_operators/crypto_policy/test_hco_custom_profile_negative.py
• utilities/constants.py
• utilities/infra.py