🌱 Add uninstall feature test #2453
Conversation
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
This PR adds an end-to-end test for verifying that bundle resources are properly removed when a ClusterExtension is uninstalled. The test uses the Gherkin BDD format to define the uninstall scenario.
Changes:
- Added new
uninstall.featurefile with a test scenario that verifies resource cleanup after ClusterExtension deletion
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2453 +/- ##
========================================
Coverage 69.49% 69.50%
========================================
Files 101 101
Lines 7754 7891 +137
========================================
+ Hits 5389 5485 +96
- Misses 1930 1968 +38
- Partials 435 438 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
openshift-ci
bot
added
the
do-not-merge/work-in-progress
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
d7180c9 to
255a7c0
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
255a7c0 to
1bd6544
Compare
camilamacedo86
left a comment
camilamacedo86
left a comment
There was a problem hiding this comment.
Just I nit otherwise
/approved
|
/hold to add another test |
openshift-ci
bot
added
the
do-not-merge/hold
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
1bd6544 to
1b10dc6
Compare
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
1b10dc6 to
63cb602
Compare
test/e2e/features/uninstall.feature
Outdated
| And resource "clusterrole/testoperator.v1.2.-37mym6pni2xxmai9n7fmhtbn9i348lx7o619rmf3ypio" is eventually not found | ||
| And resource "clusterrole/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" is eventually not found | ||
| And resource "clusterrolebinding/testoperator.v1.2.-37mym6pni2xxmai9n7fmhtbn9i348lx7o619rmf3ypio" is eventually not found | ||
| And resource "clusterrolebinding/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" is eventually not found No newline at end of file |
There was a problem hiding this comment.
I do not think we can have those fixed. Can we not improve that and search by label something like that?
/approved cancel (due new additionals)
There was a problem hiding this comment.
I can't see a way around it. If we use a label, all we assert is that there are no clusterroles owned by the ClusterExtension. But, they could still exist on the cluster =/
There was a problem hiding this comment.
This brought up something I hadn't thought about: if the names change, then we'll get a false positive. I've updated the Background to ensure the resources exist with those names.
There was a problem hiding this comment.
Yep—I don’t think we can do that.
Also, my understanding is that e2e tests should reflect what an end user expects. As a user, I’d expect all owned files to be deleted, while keeping the CRDs to avoid data loss.
Since this is all managed by OLM, do we have any label/annotation we can rely on to identify everything OLM manages for a given CE?
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
63cb602 to
b9c084c
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
perdasilva
force-pushed
the
uninstall-e2e-test
branch
2 times, most recently
from
34df40f to
20cf71d
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
20cf71d to
d82c922
Compare
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
d82c922 to
91d65d5
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
91d65d5 to
876fc6b
Compare
| @@ -0,0 +1,66 @@ | |||
| Feature: Uninstall ClusterExtension | |||
|
|
|||
| As an OLM user I would like to uninstall a cluster extension. | |||
There was a problem hiding this comment.
perhaps we should extend description, stating what is the expected outcome of such operation?
| As an OLM user I would like to uninstall a cluster extension. | |
| As an OLM user I would like to uninstall a cluster extension, removing all resources previously installed/updated through the extension |
test/e2e/features/uninstall.feature
Outdated
| And bundle "test-operator.1.2.0" is installed in version "1.2.0" | ||
| # Ensure the bundle resources exist before initiating the deletion process and checking | ||
| # that they no longer exist to avoid false positives (i.e. if they never existed, checking that they don't exist | ||
| # will succeed) | ||
| And resource "networkpolicy/test-operator-network-policy" exists | ||
| And resource "configmap/test-configmap" exists | ||
| And resource "deployment/test-operator" exists |
There was a problem hiding this comment.
for better readability and maintainability, I would suggest to:
- extend
ClusterExtension is rolled outstep implementation to check if all resources that are listed as a part of extension really exist on the cluster. - Instead of listing explicitly we can find it out programmatically by (1) listing all objects stated in revision phases, or (2) listing manifests in Helm release secret (by using
helmcli) - these resources (GVK + name) can be stored in the test context.
With all these changes, we can collapse above steps and replace them with ClusterExtension is rolled out. It makes the test more readable, because is not in focus of this test.
edit: the comment applies to all lines until the line 40.
| And resource "clusterrolebinding/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" exists | ||
|
|
||
| Scenario: Uninstall ClusterExtension | ||
| When resource "clusterextension/${NAME}" is removed |
There was a problem hiding this comment.
Reads better if we introduce step ClusterExtension is removed.
| And resource "clusterrolebinding/testoperator.v1.2.-37mym6pni2xxmai9n7fmhtbn9i348lx7o619rmf3ypio" exists | ||
| And resource "clusterrolebinding/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" exists | ||
|
|
||
| Scenario: Uninstall ClusterExtension |
There was a problem hiding this comment.
Be more verbose, e.g. "Removing ClusterExtension triggers the extension uninstall, removing all installed resources eventually.
test/e2e/features/uninstall.feature
Outdated
| Then resource "networkpolicy/test-operator-network-policy" is eventually not found | ||
| And resource "configmap/test-configmap" is eventually not found | ||
| And resource "deployment/test-operator" is eventually not found | ||
| And resource "clusterrole/testoperator.v1.2.-37mym6pni2xxmai9n7fmhtbn9i348lx7o619rmf3ypio" is eventually not found | ||
| And resource "clusterrole/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" is eventually not found | ||
| And resource "clusterrolebinding/testoperator.v1.2.-37mym6pni2xxmai9n7fmhtbn9i348lx7o619rmf3ypio" is eventually not found | ||
| And resource "clusterrolebinding/testoperator.v1.2.0-t88i5epjh8oxp4klplhjyrsekwcp92b27w03ayr1ku5" is eventually not found |
There was a problem hiding this comment.
See comments above. We can now introduce a step that reads like:
All resources owned by extension are removed.
Step implementation is going to fetch from the test context all resources (GVK, name) pairs and iterate over them, asserting that they cannot be found in the cluster.
|
/approve Once @pedjak comments are addressed. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>
perdasilva
force-pushed
the
uninstall-e2e-test
branch
from
876fc6b to
babfc30
Compare
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| require.Eventually(godog.T(ctx), func() bool { | ||
| obj, err := k8sClient("get", kind, name, "-n", sc.namespace, "--ignore-not-found", "-o", "yaml") | ||
| return err == nil && obj == "" |
There was a problem hiding this comment.
ResourceEventuallyNotFound checks obj == "", but kubectl get ... --ignore-not-found -o yaml can still return whitespace/newlines (or other benign output) on stdout. This can make the step flaky; compare against strings.TrimSpace(obj) == "" instead of a raw empty string check.
| return err == nil && obj == "" | |
| return err == nil && strings.TrimSpace(obj) == "" |
| out, err := k8sClient("get", "secrets", "-n", "olmv1-system", "-l", fmt.Sprintf("name=%s", extName), "--field-selector", "type=operatorframework.io/index.v1", "-o", "json") | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if strings.TrimSpace(out) == "" { | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
When kubectl get secrets ... returns an empty string, this function returns (nil, err) where err is nil. That propagates a nil Secret to callers and can cause a panic later. Return a non-nil error when no matching release Secret is found.
| var secretList corev1.SecretList | ||
| if err = json.Unmarshal([]byte(out), &secretList); err != nil { | ||
| return nil, err | ||
| } | ||
| if len(secretList.Items) != 1 { | ||
| return nil, err | ||
| } | ||
| return &secretList.Items[0], nil |
There was a problem hiding this comment.
This assumes exactly one Secret matches the selector, but Helm release storage typically keeps multiple Secrets (history / revisions). As written, len(secretList.Items) != 1 returns (nil, err) where err is nil, and also makes the lookup fail in normal cases. Select the latest deployed revision (e.g., by Helm labels like version) or otherwise disambiguate, and return a real error if the result set is empty/ambiguous.
| func helmReleaseFromSecret(secret *corev1.Secret) (*release.Release, error) { | ||
| gzReader, err := gzip.NewReader(strings.NewReader(string(secret.Data["chunk"]))) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| defer gzReader.Close() |
There was a problem hiding this comment.
helmReleaseFromSecret assumes a gzipped JSON-encoded Helm release is stored in secret.Data["chunk"] and reads it via string(...) + strings.NewReader. This is very unlikely to match Helm’s standard release Secret encoding (and will panic if secret is nil). Consider using Helm’s storage/driver decoding logic (or the helm-operator-plugins action client) and validate the expected data key/format; at minimum, guard against secret == nil and missing data keys with a clear error.
| menifests := strings.Split(rel.Manifest, "\n") | ||
| for _, manifest := range menifests { |
There was a problem hiding this comment.
Typo in variable name: menifests should be manifests.
| menifests := strings.Split(rel.Manifest, "\n") | |
| for _, manifest := range menifests { | |
| manifests := strings.Split(rel.Manifest, "\n") | |
| for _, manifest := range manifests { |
| func collectHelmReleaseObjects(rel *release.Release) ([]client.Object, error) { | ||
| objs := []client.Object{} | ||
| menifests := strings.Split(rel.Manifest, "\n") | ||
| for _, manifest := range menifests { | ||
| if manifest == "" { | ||
| continue | ||
| } | ||
| u := &unstructured.Unstructured{} | ||
| if err := yaml.Unmarshal([]byte(manifest), u); err != nil { | ||
| return nil, fmt.Errorf("failed to unmarshal manifest: %w", err) | ||
| } |
There was a problem hiding this comment.
collectHelmReleaseObjects splits rel.Manifest by newline and unmarshals each line independently. This will fail if the manifest contains standard multi-line YAML documents (or if objects aren’t newline-delimited). Prefer using the same manifest parsing approach used elsewhere in the codebase (e.g., internal/operator-controller/rukpak/util.ManifestObjects over the full manifest string), or otherwise split on YAML document boundaries and trim whitespace.
5 participants
Description
Adds initial uninstall feature e2e tests:
Note: this PR also does some low level variable name refactoring to improve readability
Reviewer Checklist