om: add test to show what input the TODO-other-configObserver controller requires

[bertinatto]

The test runs a single controller whose job is to create the oauth-apiserver configuration.

  input-dir:
  - config.openshift.io/clusterversions: not really used by the controller, but it's required to start the operator CreateOperatorStarter/prepareOauthOperator
  - config.openshift.io/authentications/cluster: required by the controller
  - config.openshift.io/infrastructures/cluster: required by the controller
  - config.openshift.io/consoles/cluster: required by the controller
  - config.openshift.io/oauths/cluster: required by the controller
  - config.openshift.io/apiservers/cluster: required by observe_cors.go and observe_tlssecurityprofile.go
  - core/configmaps/openshift-authentication/v4-0-config-system-router-certs: required the controller
  - core/configmaps/openshift-etcd/etcd-endpoints: required by the controller in order to set 

[coderabbitai]

Walkthrough

Adds test data for an oauth-apiserver configuration observer: new input cluster- and namespace-scoped manifests, numerous expected-output ApplyStatus/Create/Update YAMLs for Authentication and Event resources, and a test specification and controller-results file. No source code changes.

Changes

Cohort / File(s)	Summary
ApplyStatus for Authentication Resources test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-*.yaml, test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/9a45-*.yaml	Adds ApplyStatus bodies, metadata, and options for cluster-scoped Authentication resources, including fieldManager entries and force flags.
Event Creation Records (bodies & metadata) test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/{1225,5b77,9405,a2b3,ab40,e039}-body-*.yaml, .../metadata-*.yaml	Adds six pairs of Event manifests (body + metadata) documenting observations: API audiences, TLS cipher suites, ObservedConfig diffs, feature flags, TLS policy, and storage updates.
Authentication Update Record test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-*.yaml	Adds an Update action metadata and a complex Authentication resource body with extensive status.conditions, managedFields, and spec.observedConfig entries.
Controller Results test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/controller-results.yaml	Adds controller-results mapping enumerating controller statuses (mostly Skipped; one Succeeded).
Input: Cluster-scoped config resources test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/{apiservers.yaml,authentications/cluster.yaml,clusterversions.yaml,consoles/cluster.yaml,infrastructures.yaml,oauths/cluster.yaml}, test-data/.../operator.openshift.io/authentications/cluster.yaml	Adds cluster-scoped OpenShift config and operator Authentication manifests representing cluster state and observedConfig.
Input: Namespace-scoped resources test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/namespaces/openshift-authentication/core/secrets.yaml, test-data/.../namespaces/openshift-etcd/core/configmaps.yaml	Adds a Secret in openshift-authentication and a ConfigMap (etcd endpoints) in openshift-etcd.
Test specification test-data/apply-configuration/overall/oauth-apiserver-config-observer/test.yaml	Adds test orchestration YAML describing the ApplyConfiguration test: binaryName, controller, input directories, and timestamps.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Heterogeneous set of YAML test artifacts: many small event manifests plus a few large, dense cluster-scoped manifests.
• Pay extra attention to:
  • 9a45-body-cluster.yaml (very large status.conditions, managedFields, observedConfig correctness).
  • Consistency between Event body and corresponding metadata files (names, namespaces, timestamps).
  • ApplyStatus option fields (fieldManager and force) and matching resource names (cluster).

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 43a8ab2 and f69d851.

📒 Files selected for processing (28)

• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-body-cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-metadata-cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-options-cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-body-authentication-operator.17fe72c59b829800.87c2a194.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-metadata-authentication-operator.17fe72c59b829800.87c2a194.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-body-authentication-operator.17fe72c59b829800.49fb0e36.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-metadata-authentication-operator.17fe72c59b829800.49fb0e36.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9405-body-authentication-operator.17fe72c59b829800.c4ead233.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9405-metadata-authentication-operator.17fe72c59b829800.c4ead233.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-body-authentication-operator.17fe72c59b829800.7cfd43de.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-metadata-authentication-operator.17fe72c59b829800.7cfd43de.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-body-authentication-operator.17fe72c59b829800.44a05c38.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-metadata-authentication-operator.17fe72c59b829800.44a05c38.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e039-body-authentication-operator.17fe72c59b829800.3f819c88.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e039-metadata-authentication-operator.17fe72c59b829800.3f819c88.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-body-cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-metadata-cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/controller-results.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/authentications/cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/consoles/cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/oauths/cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/namespaces/openshift-authentication/core/secrets.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/namespaces/openshift-etcd/core/configmaps.yaml (1 hunks)
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/test.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-body-cluster.yaml

🚧 Files skipped from review as they are similar to previous changes (20)

• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-options-cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-metadata-authentication-operator.17fe72c59b829800.87c2a194.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e039-body-authentication-operator.17fe72c59b829800.3f819c88.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-metadata-authentication-operator.17fe72c59b829800.44a05c38.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9405-body-authentication-operator.17fe72c59b829800.c4ead233.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-body-authentication-operator.17fe72c59b829800.7cfd43de.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-body-authentication-operator.17fe72c59b829800.44a05c38.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-metadata-authentication-operator.17fe72c59b829800.49fb0e36.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/apiservers.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/29ab-metadata-cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/controller-results.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/test.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-metadata-authentication-operator.17fe72c59b829800.7cfd43de.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/namespaces/openshift-authentication/core/secrets.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/namespaces/openshift-etcd/core/configmaps.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/authentications/cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-body-authentication-operator.17fe72c59b829800.87c2a194.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e039-metadata-authentication-operator.17fe72c59b829800.3f819c88.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/oauths/cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9405-metadata-authentication-operator.17fe72c59b829800.c4ead233.yaml

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-body-authentication-operator.17fe72c59b829800.49fb0e36.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/consoles/cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-body-cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-metadata-cluster.yaml
• test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml

🔇 Additional comments (7)

test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/consoles/cluster.yaml (1)

1-48: Test data manifest is well-formed and appropriate.

The Console resource manifest is syntactically valid YAML, follows the OpenShift config API schema, includes realistic metadata fields (managedFields, ownerReferences), and masks sensitive portions of the consoleURL appropriately for test data. This aligns well with the PR objective of adding test input for the oauth-apiserver-config-observer.

test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/clusterversions.yaml (1)

1-166: Test data structure is well-formed and appropriate for integration testing.

This new input manifest provides a realistic, stable ClusterVersion state with:

• Proper Kubernetes API structure (metadata, spec, status)
• Consistent managed fields tracking operations from cluster-bootstrap and cluster-version-operator
• A complete set of conditions reflecting a successfully completed cluster update (Available=True, Failing/Progressing=False)
• Realistic capabilities and version history data

The data is suitable for testing how the oauth-apiserver config observer handles ClusterVersion resources in a stable cluster state.

test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-body-authentication-operator.17fe72c59b829800.49fb0e36.yaml (1)

11-14: Verify cipher suite formatting in event message.

The cipher suites in the message are space-separated rather than comma-separated ("TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" instead of "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"). Confirm this matches the actual output format produced by the cluster-authentication-operator when it observes TLS security profile changes.

test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/config.openshift.io/infrastructures.yaml (1)

1-99: LGTM: Valid test data fixture for cluster Infrastructure resource.

The YAML is syntactically correct and represents a properly structured InfrastructureList with a single cluster-scoped Infrastructure resource. The resource definition includes complete metadata, spec, and status sections with realistic values appropriate for test data (BareMetal platform, HighlyAvailable topology, IPv6 test addresses). Field consistency checks pass (IP ranges align between spec and status sections).

test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-metadata-cluster.yaml (1)

1-8: Test metadata structure is correct. The placeholder TODO-other-configObserver in the controllerInstanceName field is intentional per the PR objectives. The metadata for the Update operation is properly formed.

test-data/apply-configuration/overall/oauth-apiserver-config-observer/input-dir/cluster-scoped-resources/operator.openshift.io/authentications/cluster.yaml (1)

1-809: Input manifest is well-formed and appropriate for test data. The empty spec.observedConfig (line 807) is intentional—this represents the input state before the ConfigObserver controller processes it. The extensive managedFields entries (lines 11–795) provide realistic Kubernetes field ownership history, and the overall YAML structure is syntactically sound.

test-data/apply-configuration/overall/oauth-apiserver-config-observer/expected-output/Management/Update/cluster-scoped-resources/operator.openshift.io/authentications/9a45-body-cluster.yaml (1)

1-831: Expected-output body correctly demonstrates ConfigObserver transformation. Compared to the input manifest (File 2), this file shows the populated spec.observedConfig with comprehensive OAuth and API server configuration (lines 806–831). The consistent UIDs, timestamps, and managedFields structure with the input file confirm they represent the expected pre- and post-processing states. The populated config values (etcd endpoints, TLS cipher suites, OAuth templates) are realistic and appropriate for test expectations.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bertinatto
Once this PR has been reviewed and has the lgtm label, please assign liouk for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@bertinatto: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.