fix: close GUARDIAN-BL-ENVTEST-FAIL -- all integration suites green#6
Merged
Conversation
ontave
force-pushed
the
session/6-integration-envtest-gaps
branch
from
4f15ac1 to
b3a4620
Compare
Four root causes fixed:
1. RBACPolicyReconciler: finalizer addition returned ctrl.Result{}, nil
causing GenerationChangedPredicate to filter the subsequent metadata-only
Update event. Changed to ctrl.Result{Requeue: true} so status conditions
are set on the same cycle. rbacpolicy_controller.go.
2. IdentityProviderReconciler in controller TestMain registered without
HTTPClient, causing 10s OIDC network timeout in envtest. Added
alwaysReachableHTTPDoer test double. rbacpolicy_controller_test.go.
3. EPGReconciler in epg TestMain registered without OperatorNamespace,
defaulting to "". SSA patches targeted namespace "" causing "server could
not find the requested resource". Set OperatorNamespace: testNamespace.
4. lineage integration probe PermissionSet missing required spec.permissions.
Added a minimal PermissionRule to the probe object.
All four suites pass: controller, epg, lineage, webhook.
ontave
force-pushed
the
session/6-integration-envtest-gaps
branch
from
d0aa261 to
d88e6c3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Root causes
rbacpolicy_controller.go: Finalizer addition returned
ctrl.Result{}, nil.GenerationChangedPredicatefiltered the subsequent metadata-only Update event (finalizer does not bump generation), so the reconcile that sets status conditions never ran. Fixed:ctrl.Result{Requeue: true}.controller TestMain:
IdentityProviderReconcilerregistered withoutHTTPClientfield. Real OIDC HTTP calls tohttps://accounts.example.com/.well-known/openid-configurationblocked foroidcReachabilityTimeout(10s), expiring before deferred status patch fired. Fixed: injectedalwaysReachableHTTPDoer{}test double.epg TestMain:
EPGReconcilerregistered withoutOperatorNamespace. All SSA patches targeted namespace"", causing "server could not find the requested resource". Fixed:OperatorNamespace: testNamespace.lineage TestMain: probe
PermissionSetinwaitForLineageWebhookActivewas missing requiredspec.permissions, causing a CRD validation rejection before the webhook was reached. Fixed: added a minimalPermissionRule.Test plan
KUBEBUILDER_ASSETS=/tmp/envtest-bins/k8s/1.35.0-linux-amd64 go test ./test/integration/... -timeout 180spasses all 4 packagesgo test ./...🤖 Generated with Claude Code