OPRUN-4446: Update preflight auth checks for Boxcutter feature gate

[perdasilva]

The Helm and Boxcutter appliers require different permissions:

• Helm applier requires update clusterextensions/finalizers
• Boxcutter applier requires update on clusterextensionrevisions/finalizers

This PR:

• adds helper functions to check whether a feature gate is enabled on the cluster
• skips the helm applier specific test is the boxcutter runtime feature gate is enabled
• adds the boxcutter applier specific test, which is skipped if the feature is disabled
• pulls in openshift/api as a dependency to get access to the feature gate names (and bumps client-go to get over some build errors)
• refactors the test code slightly to use named scenario constants instead of magic ints

And most importantly removes the check against the Installed condition in the test. This check doesn't make sense the RBAC can change at any time during the extension lifecycle. Therefore, the extension could still be installed even if the preflight checks fail. As such, it is not strictly necessary.

[openshift-ci-robot]

@perdasilva: This pull request explicitly references no jira issue.

Details

In response to this:

The Helm and Boxcutter appliers require different permissions:

• Helm applier requires update clusterextensions/finalizers
• Boxcutter applier requires update on clusterextensionrevisions/finalizers

This PR:

• adds helper functions to check whether a feature gate is enabled on the cluster
• skips the helm applier specific test is the boxcutter runtime feature gate is enabled
• adds the boxcutter applier specific test, which is skipped if the feature is disabled
• pulls in openshift/api as a dependency to get access to the feature gate names
• refactors the test code slightly to use named scenario constants instead of magic ints

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@perdasilva: This pull request references OPRUN-4446 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

The Helm and Boxcutter appliers require different permissions:

• Helm applier requires update clusterextensions/finalizers
• Boxcutter applier requires update on clusterextensionrevisions/finalizers

This PR:

• adds helper functions to check whether a feature gate is enabled on the cluster
• skips the helm applier specific test is the boxcutter runtime feature gate is enabled
• adds the boxcutter applier specific test, which is skipped if the feature is disabled
• pulls in openshift/api as a dependency to get access to the feature gate names
• refactors the test code slightly to use named scenario constants instead of magic ints

And most importantly removes the check against the Installed condition in the test. This check doesn't make sense the RBAC can change at any time during the extension lifecycle. Therefore, the extension could still be installed even if the preflight checks fail. As such, it is not strictly necessary.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@perdasilva: This pull request references OPRUN-4446 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

The Helm and Boxcutter appliers require different permissions:

• Helm applier requires update clusterextensions/finalizers
• Boxcutter applier requires update on clusterextensionrevisions/finalizers

This PR:

• adds helper functions to check whether a feature gate is enabled on the cluster
• skips the helm applier specific test is the boxcutter runtime feature gate is enabled
• adds the boxcutter applier specific test, which is skipped if the feature is disabled
• pulls in openshift/api as a dependency to get access to the feature gate names (and bumps client-go to get over some build errors)
• refactors the test code slightly to use named scenario constants instead of magic ints

And most importantly removes the check against the Installed condition in the test. This check doesn't make sense the RBAC can change at any time during the extension lifecycle. Therefore, the extension could still be installed even if the preflight checks fail. As such, it is not strictly necessary.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[camilamacedo86]

It seems all great for me 👍
The ID tracked in the JSON is fixed now . Cool 🎉

[camilamacedo86]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@perdasilva: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.