Skip to content

CNTRLPLANE-3629: features: promote ExternalOIDCExternalClaimsSourcing to TechPreviewNoUpgrade#2893

Open
everettraven wants to merge 1 commit into
openshift:masterfrom
everettraven:feature/promote-externalclaimssourcing-tpnu
Open

CNTRLPLANE-3629: features: promote ExternalOIDCExternalClaimsSourcing to TechPreviewNoUpgrade#2893
everettraven wants to merge 1 commit into
openshift:masterfrom
everettraven:feature/promote-externalclaimssourcing-tpnu

Conversation

@everettraven

Copy link
Copy Markdown
Contributor

No description provided.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 16, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 16, 2026

Copy link
Copy Markdown

@everettraven: This pull request references CNTRLPLANE-3629 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 982e1776-c701-4d7e-bfa9-be682e7cb0c3

📥 Commits

Reviewing files that changed from the base of the PR and between a41e2c7 and 6996475.

⛔ Files ignored due to path filters (1)
  • config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
📒 Files selected for processing (5)
  • features.md
  • features/features.go
  • payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml
  • payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
  • payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
💤 Files with no reviewable changes (3)
  • payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
  • payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
  • payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml
✅ Files skipped from review due to trivial changes (1)
  • features.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • features/features.go

📝 Walkthrough

Walkthrough

FeatureGateExternalOIDCExternalClaimsSourcing is enabled for TechPreviewNoUpgrade by expanding the code gate condition, updating the TechPreviewNoUpgrade payload manifests to list it as enabled, and adding the externalClaimsSources schema to the Authentication CRD. The feature table entry is also repositioned in features.md.

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Description check ❓ Inconclusive No pull request description was provided, so there is no meaningful description to evaluate. Add a brief PR description summarizing the feature-gate promotion and CRD manifest updates.
✅ Passed checks (14 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the main change: promoting ExternalOIDCExternalClaimsSourcing to TechPreviewNoUpgrade.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Touched files are docs/YAML/config only; none contain Ginkgo specs or dynamic test-title strings.
Test Structure And Quality ✅ Passed No Ginkgo test code changed; the PR only updates docs, feature flags, and CRD YAML, so this test-structure check is not applicable.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only updates feature/manifests and a YAML test fixture, with no MicroShift-unsafe test code.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PASS: The PR only changes feature-gate docs/manifests and a CRD schema; no Ginkgo e2e tests or SNO-sensitive test logic were added.
Topology-Aware Scheduling Compatibility ✅ Passed Only feature-gate docs/manifests and an Authentication CRD schema changed; no deployment/controller scheduling constraints were added.
Ote Binary Stdout Contract ✅ Passed PR only changes feature-gate definitions/manifests; no main/TestMain/BeforeSuite/RunSpecs or stdout logging changes were introduced.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only changes feature gates and CRD/schema manifests, with no IPv4-only code or external connectivity paths.
No-Weak-Crypto ✅ Passed Touched files only adjust feature-gate metadata and CRD schema; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret/token comparisons found.
Container-Privileges ✅ Passed PASS: The touched files are feature-gate and CRD schema updates, and a direct scan found no privileged, hostPID, hostNetwork, allowPrivilegeEscalation, or SYS_ADMIN settings.
No-Sensitive-Data-In-Logs ✅ Passed No logging code or logger calls were added in the touched files; changes are only feature-gate manifests and CRD/schema text.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented


Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 16, 2026
@openshift-ci

openshift-ci Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Hello @everettraven! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

@openshift-ci

openshift-ci Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 16, 2026
@everettraven everettraven force-pushed the feature/promote-externalclaimssourcing-tpnu branch from afae6dc to a41e2c7 Compare June 16, 2026 12:11
@openshift-ci openshift-ci Bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 16, 2026
@everettraven

Copy link
Copy Markdown
Contributor Author

Looks like we removed the TPNU jobs I would have used to test that this doesn't introduce any regressions in TPNU. Will need to update that.

@everettraven

Copy link
Copy Markdown
Contributor Author

/payload-job periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview

/payload-job periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-revertoauth-techpreview

@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@everettraven: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview
  • periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-revertoauth-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4d95c5f0-6b21-11f1-8854-ae90a324338d-0

@everettraven

Copy link
Copy Markdown
Contributor Author

Missed one:

/payload-job periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-upstream-parity

@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@everettraven: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-upstream-parity

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/ffb3b650-6b41-11f1-9ec4-77f2a1ad7df7-0

@everettraven

everettraven commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

@everettraven

Copy link
Copy Markdown
Contributor Author

/payload-job-with-prs periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview openshift/origin#31314

@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@everettraven: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/cce98770-6b48-11f1-9b34-4683d9c5c4ec-0

@everettraven

Copy link
Copy Markdown
Contributor Author

/payload-job-with-prs periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview openshift/origin#31314

@openshift-ci

openshift-ci Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

@everettraven: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

@everettraven

Copy link
Copy Markdown
Contributor Author

/payload-job-with-prs periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview openshift/origin#31314

@openshift-ci

openshift-ci Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

@everettraven: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-cluster-authentication-operator-release-5.0-periodics-e2e-aws-external-oidc-configure-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/5c07aa70-6e3e-11f1-99e0-ca645b3cefbc-0

…Upgrade

Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
@everettraven everettraven force-pushed the feature/promote-externalclaimssourcing-tpnu branch from a41e2c7 to 6996475 Compare June 26, 2026 13:59
@everettraven everettraven marked this pull request as ready for review June 26, 2026 13:59
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 26, 2026
@openshift-ci openshift-ci Bot requested a review from deads2k June 26, 2026 14:03
@openshift-ci openshift-ci Bot requested a review from JoelSpeed June 26, 2026 14:03
@JoelSpeed

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 29, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
/test minor-e2e-upgrade-minor

@openshift-ci

openshift-ci Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 29, 2026
@everettraven

Copy link
Copy Markdown
Contributor Author

/verified by payload-jobs

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jun 29, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@everettraven: This PR has been marked as verified by payload-jobs.

Details

In response to this:

/verified by payload-jobs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@everettraven

Copy link
Copy Markdown
Contributor Author

/retest-required

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD 7841260 and 2 for PR HEAD 6996475 in total

@everettraven

Copy link
Copy Markdown
Contributor Author

/retest-required

1 similar comment
@everettraven

Copy link
Copy Markdown
Contributor Author

/retest-required

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD 90cdc3b and 1 for PR HEAD 6996475 in total

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@everettraven: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants