Add retry for virtctl download to handle transient SSL errors#5355
Add retry for virtctl download to handle transient SSL errors#5355Ahmad-Hafe wants to merge 1 commit into
Conversation
📝 WalkthroughWalkthrough
ChangesRetry download with helper
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsLinked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Branch Management
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
Security Checks
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@utilities/infra.py`:
- Line 695: The requests.get() call in the archive download function disables
TLS certificate verification with verify=False, creating a security
vulnerability where downloads could be intercepted. Enable certificate
verification by changing verify=False to verify=True in the requests.get() call,
or provide the path to a proper CA bundle if the target server uses a custom
certificate authority. Additionally, remove the urllib3.disable_warnings() call
that was suppressing SSL warnings, as proper certificate validation should now
be in place. The retry loop should handle legitimate transient network errors
without compromising security by disabling certificate checks.
- Around line 695-706: The requests.get() call in the _download_file function
lacks a timeout parameter, which allows a stalled socket to block indefinitely
and bypass the TimeoutSampler retry envelope. Additionally, the exceptions_dict
in the TimeoutSampler does not include requests.exceptions.Timeout, so timeout
exceptions won't be caught and retried. Add a timeout parameter (with an
appropriate value) to the requests.get() call, and add
requests.exceptions.Timeout to the exceptions_dict alongside the existing
requests.exceptions.SSLError and requests.exceptions.ConnectionError entries to
ensure transient hangs are properly retried.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 2e2a8e99-0f72-4fde-a7be-79f9fd7b32f6
📒 Files selected for processing (1)
utilities/infra.py
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
- GitHub Check: can-be-merged
- GitHub Check: can-be-merged
🧰 Additional context used
📓 Path-based instructions (3)
**/*.py
📄 CodeRabbit inference engine (AGENTS.md)
**/*.py: Never add linter suppressions like# noqa,# type: ignore, or# pylint: disable. Fix the code instead. If you believe a rule is wrong, ask the user for explicit approval.
Search the codebase for existing implementations before writing new code. Checkutilities/,libs/,tests/, andpyproject.tomldependencies. Never duplicate logic—extract to shared modules. Usepyhelper_utils.shell.run_commandfor shell commands instead ofsubprocess.run, and useocp-resourcesclasses instead of raw YAML dicts.
Type hints are MANDATORY. Use mypy strict mode inlibs/and all new public functions under utilities. UseTYPE_CHECKINGfor type-only imports to avoid runtime overhead and circular imports.
Write Google-format docstrings for all public functions with non-obvious return values or side effects.
Always useuv runto execute commands. Never executepython,pip,pytest,tox, orpre-commitdirectly. Useuv run python,uv run pytest,uv run tox,uv run pre-commit, anduv addfor package installation.
Always use absolute imports. Never use relative imports.
Prefer specific imports usingfrom module import funcfor functions and constants. Usefrom package import module(thenmodule.Name) when retaining the module name meaningfully improves readability. Never use bareimport modulewithout afromclause.
Always use named arguments for function calls with more than one argument.
Never use single-letter variable names. Always use descriptive, meaningful names.
No dead code. Every function, variable, and fixture must be used or removed. Code marked with# skip-unused-codeis excluded from dead code analysis (enforced via custom ruff plugin).
Prefer direct attribute access usingfoo.attr. Save to variables only when reusing the same attribute multiple times improves readability or extracting clarifies intent.
Imports must always be at the top of the module. Do not import inside functions.
No defensive programming. Fail...
Files:
utilities/infra.py
utilities/infra.py
📄 CodeRabbit inference engine (AGENTS.md)
Place infrastructure helpers (SSH, networking infrastructure, pod operations) in
utilities/infra.py.
Files:
utilities/infra.py
**
⚙️ CodeRabbit configuration file
**: # AI Review and Development StandardsAssisted-by: Claude noreply@anthropic.com
Coding standards, conventions, and review guidelines for openshift-virtualization-tests.
These rules apply to ALL contributors and review tools — human and AI alike.
Strict Rules (MANDATORY)
Linter Suppressions PROHIBITED
- ❌ NEVER add
# noqa,# type: ignore,# pylint: disable- ❌ NEVER disable linter/mypy rules to work around issues
- ✅ FIX THE CODE - If linter complains, the code is wrong
- If you think a rule is wrong: ASK the user for explicit approval
Code Reuse (Search-First Development)
Before writing ANY new code:
- SEARCH codebase for existing implementations
- CHECK
utilities/for shared functions- CHECK
libs/for shared libraries- CHECK
tests/for shared fixtures and helper functions- CHECK
pyproject.tomldependencies — project packages (e.g.,pyhelper-utils,ocp-resources,openshift-python-wrapper) may already provide the functionality- VERIFY no similar logic exists elsewhere
- NEVER duplicate logic - extract to shared module
- REUSE existing code and patterns — only write new when nothing exists
External package examples:
- Shell commands — use
pyhelper_utils.shell.run_command, NEVER usesubprocess.rundirectly in test/utility code- OpenShift resources — use
ocp-resourcesclasses, NEVER construct raw YAML dictsPython Requirements
- Type hints MANDATORY - mypy strict mode in
libs/, all new public functions under utilities MUST be typed- Use
TYPE_CHECKINGfor type-only imports - wrap imports needed solely for type hints inif TYPE_CHECKING:to avoid runtime overhead and circular imports- Google-format docstrings REQUIRED - for all public functions with non-obvious return values OR side effects
- No defensive programming - fail-fast, don't hide bugs with fake defaults (see exceptions below)
- ALWAYS use
uv run-...
Files:
utilities/infra.py
⚙️ CodeRabbit configuration file
**: ## PR Template Validation
Check the PR description for required sections from.github/pull_request_template.md.
Required sections (must be present, even if empty):
##### What this PR does / why we need it:— MUST be present AND have meaningful content.
Flag as HIGH if the section is missing, empty, whitespace-only, contains only HTML comments,
or contains only placeholder tokens such asTBD,TBA,N/A,-,—,none, or..##### Which issue(s) this PR fixes:— must be present (may be empty)##### Special notes for reviewer:— must be present (may be empty)##### jira-ticket:— must be present (may be empty)
If any required section is absent, orWhat this PR does / why we need it:has no content,
flag it as HIGH severity and ask the author to restore the missing template section(s).Approval Policy
You may approve the PR when ALL of the following are true:
- All your review comments have been addressed with either:
- a code/doc change that fixes the issue, or
- a substantive author response that justifies no code change.
Thread "resolved" state alone is not sufficient.
OR you had no review comments.- If you posted a test execution plan comment requesting tests, and the PR author replied
with a comment explaining why the requested tests are not needed or were already covered,
treat that as an acceptable response — do not block approval on the test plan alone.- The author's explanation must be reasonable and specific (not just "N/A" or "not needed").
Accept explanations like: "these tests were already run in CI", "this change is docs-only",
"the affected tests are quarantined", or "verified manually on cluster X".
Files:
utilities/infra.py
🧠 Learnings (28)
📚 Learning: 2026-01-12T11:24:13.825Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:50-52
Timestamp: 2026-01-12T11:24:13.825Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when catching exceptions in Python, use LOGGER.error before re-raising and do not replace it with LOGGER.exception in except blocks. This follows the established pattern across the codebase.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-12T14:25:05.723Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3366
File: tests/storage/cdi_clone/test_clone.py:5-9
Timestamp: 2026-01-12T14:25:05.723Z
Learning: In Python tests and utility code across the repository, bitmath.parse_string_unsafe correctly parses Kubernetes quantities (e.g., '4Gi', '512Mi', PVC storage requests) without supplying system=bitmath.NIST. There are 30+ usages indicating this is the standard behavior. Reviewers should verify that code that builds or compares quantity strings does not pass the NIST parameter, and if a new test relies on quantity parsing, assume no NIST parameter is required unless explicitly documented.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-20T01:03:13.139Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:1-8
Timestamp: 2026-01-20T01:03:13.139Z
Learning: In the openshift-virtualization-tests repository, Python imports should consistently use module-level imports for the logging module (i.e., import logging) rather than from logging import ... The established pattern spans 270+ files and should not be flagged for refactoring. Apply this guideline to Python files across the repo (e.g., tests/network/provider_migration/libprovider.py).
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-21T21:26:41.805Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 3559
File: utilities/infra.py:251-254
Timestamp: 2026-01-21T21:26:41.805Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when reviewing Python code, recognize that with Python 3.14 the syntax 'except ValueError, TypeError:' is valid if there is no 'as' clause, and should not be flagged as Python 2 syntax. If you use an 'as' binding (e.g., 'except (ValueError, TypeError) as e:'), parentheses are required. Ensure this pattern is version-consistent and not flagged as Python 2 syntax when 'as' is absent.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-25T13:18:21.675Z
Learnt from: jpeimer
Repo: RedHatQE/openshift-virtualization-tests PR: 3571
File: tests/storage/storage_migration/utils.py:158-167
Timestamp: 2026-01-25T13:18:21.675Z
Learning: In reviews of the openshift-virtualization-tests repo (and similar Python code), avoid suggesting minor stylistic changes that require extra verification (e.g., removing dict.keys() checks for membership) unless the change has clear correctness or maintainability impact. Focus on fixes with observable behavior, security, performance, or maintainability benefits; defer low-impact style tweaks that are costly to verify.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-18T06:35:39.536Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: utilities/virt.py:2449-2453
Timestamp: 2026-02-18T06:35:39.536Z
Learning: In Python code, a function named clearly and self-descriptively can be deemed not to require a docstring. However, treat this as a context-specific guideline and not a universal rule. For public APIs or functions with side effects, prefer concise docstrings explaining behavior, inputs, outputs, and side effects. This guidance is based on the example in utilities/virt.py from RedHatQE/openshift-virtualization-tests where validate_libvirt_persistent_domain(vm, admin_client) was considered self-documenting.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-23T16:33:22.070Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 3883
File: utilities/pytest_utils.py:441-463
Timestamp: 2026-02-23T16:33:22.070Z
Learning: In Python code reviews, the guideline to always use named arguments for multi-argument calls does not apply to built-ins or methods that have positional-only parameters (those defined with a / in their signature). Do not flag or require named arguments for calls like dict.get(key, default=None, /), list.pop(), str.split(sep, maxsplit) and similar built-ins that cannot accept keyword arguments. Apply the named-argument rule only to functions/methods that explicitly accept keyword arguments.
Applied to files:
utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In RedHatQE/openshift-virtualization-tests, when reviewing Python files, post targeted inline comments on the Files changed tab at the exact location (file and line) of the issue rather than opening a single discussion thread for multiple issues. This should be done for each applicable location to improve traceability and clarity. If multiple issues exist in the same file, address them with separate inline comments pointing to the specific lines.
Applied to files:
utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, CodeRabbit should post targeted inline comments at each applicable location in the Files Changed tab, rather than aggregating multiple issues into a single PR discussion thread reply. This guideline applies to all Python files (any file ending in .py) changed in a PR; for non-Python files, follow the same inline-comment-at-location principle if relevant.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-04T13:45:29.122Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: utilities/console.py:54-59
Timestamp: 2026-05-04T13:45:29.122Z
Learning: During review of RedHatQE/openshift-virtualization-tests “lint-cleanup” PRs (e.g., changes targeting lint issues like stale noqa/utf-8 headers), do not flag existing `# type: ignore` directives that were already present before the PR and were not introduced or modified by the PR. Only raise findings for `# type: ignore` suppressions that the PR itself adds, changes, or otherwise makes newly effective (i.e., they appear in the diff as additions/edits).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-04T13:45:33.892Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: tests/virt/cluster/common_templates/centos/test_centos_os_support.py:78-83
Timestamp: 2026-05-04T13:45:33.892Z
Learning: When reviewing lint-cleanup or formatting-only pull requests in this repo (e.g., changes like removing/updating `# noqa` comments or UTF-8 headers), do not raise findings for code patterns that already existed before the PR. Specifically, if a problematic construct such as `.is_connective(tcp_timeout=120)` was present in the base branch, suppress that finding and only raise issues when the PR itself introduces or modifies that construct (i.e., the diff adds/changes the call or its arguments). Apply this rule across all Python files (`**/*.py`).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-05T17:01:15.294Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4739
File: tests/virt/node/descheduler/conftest.py:2-2
Timestamp: 2026-05-05T17:01:15.294Z
Learning: In this repo’s Python code, it’s acceptable (and preferred by convention) to build `run_command` inputs using `shlex.split(f"<command> {arg}")` rather than converting to direct list literals like `['oc', 'adm', 'uncordon', name]`. During code review, generally don’t flag `shlex.split(...)` usage for `run_command` calls and don’t suggest replacing it with list literals; the string-form pattern is used to keep commands readable and consistent with how they’re typed in a terminal.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-08T12:49:20.694Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4788
File: utilities/os_utils.py:257-262
Timestamp: 2026-05-08T12:49:20.694Z
Learning: In RedHatQE/openshift-virtualization-tests, the Ruff flake8-boolean-trap rules FBT001/FBT002 are intentionally not enabled (pyproject.toml does not select the FBT rules; confirmed via `ruff check --show-settings`). Therefore, do not flag boolean positional parameters as FBT001/FBT002 violations in this repository. If Ruff configuration changes and starts selecting FBT rules, this exception should be reconsidered.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-12T05:10:24.601Z
Learnt from: acinko-rh
Repo: RedHatQE/openshift-virtualization-tests PR: 4780
File: tests/storage/utils.py:568-572
Timestamp: 2026-05-12T05:10:24.601Z
Learning: In this repository, Ruff rule UP043 ("unnecessary default type arguments") is enforced. When annotating `collections.abc.Generator` return types, prefer the single-parameter form `Generator[YieldType]` rather than `Generator[YieldType, None, None]`. Explicit `None, None` for the SendType and ReturnType are unnecessary defaults (per PEP 696) and will trigger UP043. Apply this consistently across all Python files.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-13T19:23:09.603Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4833
File: tests/network/localnet/migration_stuntime/libstuntime.py:25-25
Timestamp: 2026-05-13T19:23:09.603Z
Learning: In this repository, do not recommend adding `from __future__ import annotations` to fix forward-reference type annotation issues (e.g., Ruff UP037). Follow the established convention: use quoted string type annotations for forward references when the referenced class/type is defined later in the same file (e.g., `"ContinuousPing"`), and prefer `typing.Self` for self-referential return types.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:30:56.781Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_bitwarden.py:207-207
Timestamp: 2026-05-18T06:30:56.781Z
Learning: During Ruff/lint rule-enablement PRs in this repository (e.g., when introducing a new rule like PLC0415), it’s acceptable to keep CI green by adding per-line, targeted suppressions for pre-existing violations: add only `# noqa: <single-ruff-rule-id>` at the end of the specific violating line. In this PR context, reviewers should NOT flag these targeted `# noqa: PLC0415` comments as policy violations, assuming the suppression is for a pre-existing issue and is documented in the PR description as a candidate for follow-up cleanup. Do not allow blanket `# noqa` (without a specific rule) or `per-file-ignores`; those remain disallowed.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:12.015Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_pytest_utils.py:270-270
Timestamp: 2026-05-18T06:31:12.015Z
Learning: In RedHatQE/openshift-virtualization-tests, if a PR is a Ruff rule-enforcement PR and its “Special notes for reviewer” documents that pre-existing Ruff violations are being temporarily handled via per-line suppressions (e.g., `# noqa: PLC0415`) to keep CI green, reviewers should treat those specific `# noqa: <rule>` comments as an agreed, temporary mechanism. Do not flag them as code-quality issues and do not recommend removing, consolidating, or refactoring those suppressions within the same PR; cleanup/remediation is expected to happen in dedicated follow-up PRs instead.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:15.083Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_data_collector.py:304-304
Timestamp: 2026-05-18T06:31:15.083Z
Learning: When reviewing Python code in this repository for Ruff/linter rule rollouts, do not treat temporary suppression comments as violations in the specific migration scenario where a PR enables a new Ruff rule (e.g., PLC0415) and the PR description explicitly documents that all *pre-existing* violations are being annotated with `# noqa: <RULE>` as a short-lived measure. In that case, only flag `# noqa: <RULE>` suppressions that are newly introduced on code that did not previously violate the rule—i.e., verify via the PR diff against the prior state (and/or prior Ruff findings) that the suppressed line was already violating before the rule was enabled. Ignore suppressions that are covering violations that existed before the new rule rollout and were intentionally bulk-added for cleanup in follow-up PRs.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:20.848Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_hco.py:501-501
Timestamp: 2026-05-18T06:31:20.848Z
Learning: When reviewing Python code in RedHatQE/openshift-virtualization-tests, avoid flagging Ruff `# noqa: <RULE>` suppressions as issues if they were intentionally added as a temporary measure to keep CI green after a PR enables a new Ruff/lint rule (e.g., PLC0415) and the PR description documents this under "Special notes for reviewer". Treat these suppressions as deferred technical debt. Only flag `# noqa: PLC0415` (and similar rule-specific suppressions) when they are newly introduced without an accompanying documented intent in the PR (and thus appear to be masking a new violation rather than a pre-existing one).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T09:09:09.479Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4878
File: utilities/unittests/test_pytest_utils.py:2194-2197
Timestamp: 2026-05-18T09:09:09.479Z
Learning: In this repository (RedHatQE/openshift-virtualization-tests), do not flag missing return type annotations or missing argument type annotations as Ruff “ANN” rule violations (e.g., ANN001/ANN002/ANN201/ANN202). The repo’s Ruff configuration does not enable ANN rules and only uses `extend-select = ["PLC0415"]`, so missing type annotations should not be treated as ANN lint failures during code review.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When using Kubernetes API models like `NodeSelectorRequirement` or `LabelSelectorRequirement` with operators `Exists` or `DoesNotExist`, the `values` field must not be non-empty. It is valid for `values` to be omitted / left as `None` (Python) / passed as `null`—Kubernetes rejects non-empty `values` for these operators, but does not require the field to be present or explicitly set to an empty list. In code reviews, do not treat missing `values=[]` for `Exists`/`DoesNotExist` as a validation issue; only flag cases where `values` is provided with actual elements.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When constructing Kubernetes `NodeSelectorRequirement` (or `LabelSelectorRequirement`) objects in code, do not treat `values` being omitted, `None`, or an empty list as an API-validation problem when the requirement’s operator is `Exists` or `DoesNotExist`. Per the Kubernetes API spec, these operators only require that the `values` array is not non-empty (i.e., it must be empty); they do not require the field to be explicitly present as `[]`. Therefore, reviewers should not flag `values=None`/missing `values` for `Exists`/`DoesNotExist`.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-26T15:52:31.613Z
Learnt from: rlobillo
Repo: RedHatQE/openshift-virtualization-tests PR: 4983
File: utilities/hco.py:376-378
Timestamp: 2026-05-26T15:52:31.613Z
Learning: For Python files in this repo, don’t raise review findings for missing type hints or missing/Google-style docstrings on an existing function when the PR’s only functional change is adding one or more new parameters to that function and the PR does not otherwise refactor or substantially rewrite its body/signature. Treat type-annotation/docstring improvements as out of scope for focused parameter-add PRs and defer them to a follow-up. Only raise missing type-hint or docstring issues when the PR introduces an entirely new function or substantially rewrites an existing one.
Applied to files:
utilities/infra.py
📚 Learning: 2026-06-21T20:28:07.727Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 5283
File: tests/network/libs/service.py:14-16
Timestamp: 2026-06-21T20:28:07.727Z
Learning: When reviewing Python code in this repository targeting Python 3.14 with PEP 649 (deferred annotation evaluation using descriptors) enabled by default, do not flag annotations that reference types imported only under `if TYPE_CHECKING:` (e.g., `client: DynamicClient | None = None`) as potential runtime `NameError` problems. With PEP 649 enabled, annotations are not evaluated at function definition time, so these patterns are valid without `from __future__ import annotations`.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-18T06:34:38.042Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: tests/virt/cluster/common_templates/utils.py:58-58
Timestamp: 2026-02-18T06:34:38.042Z
Learning: In RedHatQE/openshift-virtualization-tests, treat 'public' functions as those defined in any Python files under libs/ or utilities/ (any depth). Functions inside nested test directories (e.g., tests/virt/cluster/common_templates/, tests/virt/node/, etc.) are test helpers and do not require Google-format docstrings unless explicitly requested. Use this rule during reviews to decide whether to enforce docstrings on public API functions in libs/utilities.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-03T15:38:09.624Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4701
File: tests/virt/node/general/test_windows_vtpm_bitlocker.py:50-52
Timestamp: 2026-05-03T15:38:09.624Z
Learning: During review of PRs that are lint cleanups or tooling/version bumps, do not flag code-quality issues for patterns that pre-existed before the PR. Specifically, if the diff does not introduce/modify constructs such as nested `if` blocks or unnecessary list comprehensions, treat them as known/deferred and leave them for dedicated follow-up cleanup PRs. Only raise issues when the PR itself adds, changes, or refactors the problematic code.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-15T18:42:02.504Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4860
File: utilities/hco.py:385-389
Timestamp: 2026-05-15T18:42:02.504Z
Learning: In this repository, under the Python `utilities/` directory (utility/helper modules, not tests), do not flag bare `assert` statements as correctness or style issues. The codebase conventionally uses `assert` in these utilities (e.g., `utilities/virt.py`, `utilities/infra.py`, etc.) and does not enforce running Python with `-O`/`PYTHONOPTIMIZE`, so the usual “asserts may be stripped” concern should not be treated as a review blocker here.
Applied to files:
utilities/infra.py
📚 Learning: 2026-06-15T10:56:21.758Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 4994
File: tests/network/user_defined_network/ip_specification/test_ip_specification.py:123-127
Timestamp: 2026-06-15T10:56:21.758Z
Learning: In this repository, do not require or flag missing `-> None` return type annotations on pytest test functions/methods (i.e., functions named `test_*`) located under `tests/**`. Return type annotations for `-> None` on these test functions are optional and should not be treated as inconsistent. Separately, in `utilities/**` and `libs/**`, enforce return type annotations for non-test public functions (e.g., functions that are not internal/private such as those not starting with `_`).
Applied to files:
utilities/infra.py
🪛 ast-grep (0.44.0)
utilities/infra.py
[info] 694-694: no timeout was given on call to external resource
Context: requests.get(url=url, verify=False, stream=True)
Note: [CWE-1088] Synchronous Access of Remote Resource without Timeout.
(requests-timeout)
[info] 694-694: Make sure cookies are safe and secure
Context: verify=False
Note: [CWE-614] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.
(secure-cookie)
[warning] 696-696: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(local_file_name, "wb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
(open-filename-from-request)
[error] 694-694: verify should be True
Context: verify=False
Note: [CWE-295] Improper Certificate Validation (TLS verification disabled).
(request-verify)
🪛 OpenGrep (1.23.0)
utilities/infra.py
[WARNING] 695-695: SSL/TLS verification is disabled (verify=False). This allows man-in-the-middle attacks. Remove verify=False or set it to True.
(coderabbit.tls.verify-disabled-python)
🪛 Ruff (0.15.18)
utilities/infra.py
[error] 695-695: Probable use of requests call without timeout
(S113)
[error] 695-695: Probable use of requests call with verify=False disabling SSL certificate checks
(S501)
7b7a2f6 to
daf3c56
Compare
|
Clean rebase detected — no code changes compared to previous head ( |
|
/reprocess |
daf3c56 to
4a0564d
Compare
|
/reprocess |
|
Clean rebase detected — no code changes compared to previous head ( |
|
/test-plan |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
repo="RedHatQE/openshift-virtualization-tests"
pr="5355"
files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"
if [[ -z "$first_file" || "$first_file" == "null" ]]; then
echo "ERROR: Could not determine first changed file" >&2
exit 1
fi
first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
if line.startswith("@@"):
m = re.search(r"\+(\d+)", line)
current_new = int(m.group(1)) if m else None
continue
if current_new is None:
continue
if line.startswith("+") and not line.startswith("+++"):
first = current_new
break
if line.startswith("-") and not line.startswith("---"):
continue
current_new += 1
print("" if first is None else first)
PY
)"
if [[ -z "$first_added_line" ]]; then
echo "ERROR: Could not determine first added line for $first_file" >&2
exit 1
fi
comment_body="$(cat <<'EOF'
**Test Execution Plan**
- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)
**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.
Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"
echo "first_file=$first_file"
echo "first_added_line=$first_added_line"
tmp_review="$(mktemp)"
jq -n \
--arg body "$comment_body" \
--arg path "$first_file" \
--argjson line "$first_added_line" \
'{
event: "COMMENT",
comments: [
{
path: $path,
side: "RIGHT",
line: $line,
body: $body
}
]
}' > "$tmp_review"
set +e
inline_out="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status=$?
set -e
echo "== inline review result =="
echo "$inline_out"
if [[ "$inline_status" -eq 0 ]]; then
exit 0
fi
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "== fallback comment result =="
echo "$fallback_out"
exit 0Length of output: 4808
CRITICAL (blocking): I retried the required posting flow for PR Why this rule exists: the inline comment anchors the test plan to the changed code, and the fallback PR comment preserves the plan when inline comments are unavailable. Here, both failed due to integration permissions, so I cannot complete the posting action from this environment.
Prepared Test Execution Plan
Affected tests to run
Real tests (cluster required) Error path (the fix): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'Expected: transient Happy path (regression): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully. |
|
Clean rebase detected — no code changes compared to previous head ( |
|
/retest all Auto-triggered: Files in this PR were modified by merged PR #5323. Overlapping filesutilities/infra.py |
|
/verified Gating tests — all pass: Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster): tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
repo="RedHatQE/openshift-virtualization-tests"
pr="5355"
files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"
if [[ -z "$first_file" || "$first_file" == "null" ]]; then
echo "ERROR: Could not determine first changed file" >&2
exit 1
fi
first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
if line.startswith("@@"):
m = re.search(r"\+(\d+)", line)
current_new = int(m.group(1)) if m else None
continue
if current_new is None:
continue
if line.startswith("+") and not line.startswith("+++"):
first = current_new
break
if line.startswith("-") and not line.startswith("---"):
continue
current_new += 1
print("" if first is None else first)
PY
)"
if [[ -z "$first_added_line" ]]; then
echo "ERROR: Could not determine first added line for $first_file" >&2
exit 1
fi
comment_body="$(cat <<'EOF'
**Test Execution Plan**
- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)
**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.
Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"
echo "first_file=$first_file"
echo "first_added_line=$first_added_line"
make_review_payload() {
local out="$1"
jq -n \
--arg body "$comment_body" \
--arg path "$first_file" \
--argjson line "$first_added_line" \
'{
event: "COMMENT",
comments: [
{
path: $path,
side: "RIGHT",
line: $line,
body: $body
}
]
}' > "$out"
}
tmp_review="$(mktemp)"
make_review_payload "$tmp_review"
echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"
if [[ "$inline_status_1" -eq 0 ]]; then
exit 0
fi
echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"
if [[ "$inline_status_2" -eq 0 ]]; then
exit 0
fi
echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"
exit 0Length of output: 5583
CRITICAL (blocking): I retried the required posting flow for PR Why this rule exists:
Prepared Test Execution Plan
Affected tests to run
Real tests (cluster required) Error path (the fix): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'Expected: transient Happy path (regression): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully. |
|
/verified Gating tests — all pass: Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster): tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
repo="RedHatQE/openshift-virtualization-tests"
pr="5355"
files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"
if [[ -z "$first_file" || "$first_file" == "null" ]]; then
echo "ERROR: Could not determine first changed file" >&2
exit 1
fi
first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
if line.startswith("@@"):
m = re.search(r"\+(\d+)", line)
current_new = int(m.group(1)) if m else None
continue
if current_new is None:
continue
if line.startswith("+") and not line.startswith("+++"):
first = current_new
break
if line.startswith("-") and not line.startswith("---"):
continue
current_new += 1
print("" if first is None else first)
PY
)"
if [[ -z "$first_added_line" ]]; then
echo "ERROR: Could not determine first added line for $first_file" >&2
exit 1
fi
comment_body="$(cat <<'EOF'
**Test Execution Plan**
- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)
**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.
Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"
echo "first_file=$first_file"
echo "first_added_line=$first_added_line"
tmp_review="$(mktemp)"
jq -n \
--arg body "$comment_body" \
--arg path "$first_file" \
--argjson line "$first_added_line" \
'{
event: "COMMENT",
comments: [
{
path: $path,
side: "RIGHT",
line: $line,
body: $body
}
]
}' > "$tmp_review"
echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"
if [[ "$inline_status_1" -eq 0 ]]; then
exit 0
fi
echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"
if [[ "$inline_status_2" -eq 0 ]]; then
exit 0
fi
echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"
exit 0Length of output: 5482
CRITICAL (blocking): I retried the exact required posting flow for PR Why this rule exists: the inline comment anchors the test plan to the changed code, and the fallback PR comment preserves the plan when inline review comments are unavailable. Since both paths fail, this is a permissions/integration blocker, not a payload or coordinate issue.
Prepared Test Execution Plan
Affected tests to run
Real tests (cluster required) Error path (the fix): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'Expected: transient Happy path (regression): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'Expected: |
|
/verified |
|
/verified Gating tests — all pass: Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster): tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
repo="RedHatQE/openshift-virtualization-tests"
pr="5355"
files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"
if [[ -z "$first_file" || "$first_file" == "null" ]]; then
echo "ERROR: Could not determine first changed file" >&2
exit 1
fi
first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
if line.startswith("@@"):
m = re.search(r"\+(\d+)", line)
current_new = int(m.group(1)) if m else None
continue
if current_new is None:
continue
if line.startswith("+") and not line.startswith("+++"):
first = current_new
break
if line.startswith("-") and not line.startswith("---"):
continue
current_new += 1
print("" if first is None else first)
PY
)"
if [[ -z "$first_added_line" ]]; then
echo "ERROR: Could not determine first added line for $first_file" >&2
exit 1
fi
comment_body="$(cat <<'EOF'
**Test Execution Plan**
- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
**Affected tests to run**
- `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` (smoke)
- `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)
**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the `virtctl` download succeeds instead of failing fixture/setup.
Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: `virtctl` downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"
echo "first_file=$first_file"
echo "first_added_line=$first_added_line"
tmp_review="$(mktemp)"
jq -n \
--arg body "$comment_body" \
--arg path "$first_file" \
--argjson line "$first_added_line" \
'{
event: "COMMENT",
comments: [
{
path: $path,
side: "RIGHT",
line: $line,
body: $body
}
]
}' > "$tmp_review"
echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"
if [[ "$inline_status_1" -eq 0 ]]; then
exit 0
fi
echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
"/repos/$repo/pulls/$pr/reviews" \
--input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"
if [[ "$inline_status_2" -eq 0 ]]; then
exit 0
fi
echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"
exit 0Length of output: 5625
CRITICAL (blocking): I retried the required posting flow with fresh PR metadata, and GitHub still blocks both allowed write paths. Why this matters: Verified target
Write attempts
Prepared Test Execution Plan
Affected tests to run
Real tests (cluster required) Error path (the fix): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'Expected: transient Happy path (regression): pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'Expected: |
|
/lgtm |
|
/approve |
|
/retest tox |
|
/retest build-container |
|
/retest all |
|
/retest verify-bugs-are-open |
|
/retest all |
|
Clean rebase detected — no code changes compared to previous head ( |
servolkov
left a comment
There was a problem hiding this comment.
[STORGE][GATING] is misleading and unrelated to the change in the PR and should be omitted.
|
Clean rebase detected — no code changes compared to previous head ( |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@utilities/infra.py`:
- Line 695: The requests.get call in the infra helper uses a positional url
argument alongside keyword arguments, which violates the named-arguments
guideline. Update the request call in the function that fetches the URL response
to pass url as a named argument, keeping verify and timeout as named arguments
too, so the call is consistent and easier to read.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 2f2d98f1-62b0-4393-9f4b-217d99d959e6
📒 Files selected for processing (1)
utilities/infra.py
📜 Review details
🧰 Additional context used
📓 Path-based instructions (3)
**/*.py
📄 CodeRabbit inference engine (AGENTS.md)
**/*.py: Never add linter suppressions like# noqa,# type: ignore, or# pylint: disable. Fix the code instead. If you believe a rule is wrong, ask the user for explicit approval.
Search the codebase for existing implementations before writing new code. Checkutilities/,libs/,tests/, andpyproject.tomldependencies. Never duplicate logic—extract to shared modules. Usepyhelper_utils.shell.run_commandfor shell commands instead ofsubprocess.run, and useocp-resourcesclasses instead of raw YAML dicts.
Type hints are MANDATORY. Use mypy strict mode inlibs/and all new public functions under utilities. UseTYPE_CHECKINGfor type-only imports to avoid runtime overhead and circular imports.
Write Google-format docstrings for all public functions with non-obvious return values or side effects.
Always useuv runto execute commands. Never executepython,pip,pytest,tox, orpre-commitdirectly. Useuv run python,uv run pytest,uv run tox,uv run pre-commit, anduv addfor package installation.
Always use absolute imports. Never use relative imports.
Prefer specific imports usingfrom module import funcfor functions and constants. Usefrom package import module(thenmodule.Name) when retaining the module name meaningfully improves readability. Never use bareimport modulewithout afromclause.
Always use named arguments for function calls with more than one argument.
Never use single-letter variable names. Always use descriptive, meaningful names.
No dead code. Every function, variable, and fixture must be used or removed. Code marked with# skip-unused-codeis excluded from dead code analysis (enforced via custom ruff plugin).
Prefer direct attribute access usingfoo.attr. Save to variables only when reusing the same attribute multiple times improves readability or extracting clarifies intent.
Imports must always be at the top of the module. Do not import inside functions.
No defensive programming. Fail...
Files:
utilities/infra.py
utilities/infra.py
📄 CodeRabbit inference engine (AGENTS.md)
Place infrastructure helpers (SSH, networking infrastructure, pod operations) in
utilities/infra.py.
Files:
utilities/infra.py
**
⚙️ CodeRabbit configuration file
**: # AI Review and Development StandardsAssisted-by: Claude noreply@anthropic.com
Coding standards, conventions, and review guidelines for openshift-virtualization-tests.
These rules apply to ALL contributors and review tools — human and AI alike.
Strict Rules (MANDATORY)
Linter Suppressions PROHIBITED
- ❌ NEVER add
# noqa,# type: ignore,# pylint: disable- ❌ NEVER disable linter/mypy rules to work around issues
- ✅ FIX THE CODE - If linter complains, the code is wrong
- If you think a rule is wrong: ASK the user for explicit approval
Code Reuse (Search-First Development)
Before writing ANY new code:
- SEARCH codebase for existing implementations
- CHECK
utilities/for shared functions- CHECK
libs/for shared libraries- CHECK
tests/for shared fixtures and helper functions- CHECK
pyproject.tomldependencies — project packages (e.g.,pyhelper-utils,ocp-resources,openshift-python-wrapper) may already provide the functionality- VERIFY no similar logic exists elsewhere
- NEVER duplicate logic - extract to shared module
- REUSE existing code and patterns — only write new when nothing exists
External package examples:
- Shell commands — use
pyhelper_utils.shell.run_command, NEVER usesubprocess.rundirectly in test/utility code- OpenShift resources — use
ocp-resourcesclasses, NEVER construct raw YAML dictsPython Requirements
- Type hints MANDATORY - mypy strict mode in
libs/, all new public functions under utilities MUST be typed- Use
TYPE_CHECKINGfor type-only imports - wrap imports needed solely for type hints inif TYPE_CHECKING:to avoid runtime overhead and circular imports- Google-format docstrings REQUIRED - for all public functions with non-obvious return values OR side effects
- No defensive programming - fail-fast, don't hide bugs with fake defaults (see exceptions below)
- ALWAYS use
uv run-...
Files:
utilities/infra.py
⚙️ CodeRabbit configuration file
**: ## PR Template Validation
Check the PR description for required sections from.github/pull_request_template.md.
Required sections (must be present, even if empty):
##### What this PR does / why we need it:— MUST be present AND have meaningful content.
Flag as HIGH if the section is missing, empty, whitespace-only, contains only HTML comments,
or contains only placeholder tokens such asTBD,TBA,N/A,-,—,none, or..##### Which issue(s) this PR fixes:— must be present (may be empty)##### Special notes for reviewer:— must be present (may be empty)##### jira-ticket:— must be present (may be empty)
If any required section is absent, orWhat this PR does / why we need it:has no content,
flag it as HIGH severity and ask the author to restore the missing template section(s).Approval Policy
You may approve the PR when ALL of the following are true:
- All your review comments have been addressed with either:
- a code/doc change that fixes the issue, or
- a substantive author response that justifies no code change.
Thread "resolved" state alone is not sufficient.
OR you had no review comments.- If you posted a test execution plan comment requesting tests, and the PR author replied
with a comment explaining why the requested tests are not needed or were already covered,
treat that as an acceptable response — do not block approval on the test plan alone.- The author's explanation must be reasonable and specific (not just "N/A" or "not needed").
Accept explanations like: "these tests were already run in CI", "this change is docs-only",
"the affected tests are quarantined", or "verified manually on cluster X".
Files:
utilities/infra.py
🧠 Learnings (28)
📚 Learning: 2026-01-12T11:24:13.825Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:50-52
Timestamp: 2026-01-12T11:24:13.825Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when catching exceptions in Python, use LOGGER.error before re-raising and do not replace it with LOGGER.exception in except blocks. This follows the established pattern across the codebase.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-12T14:25:05.723Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3366
File: tests/storage/cdi_clone/test_clone.py:5-9
Timestamp: 2026-01-12T14:25:05.723Z
Learning: In Python tests and utility code across the repository, bitmath.parse_string_unsafe correctly parses Kubernetes quantities (e.g., '4Gi', '512Mi', PVC storage requests) without supplying system=bitmath.NIST. There are 30+ usages indicating this is the standard behavior. Reviewers should verify that code that builds or compares quantity strings does not pass the NIST parameter, and if a new test relies on quantity parsing, assume no NIST parameter is required unless explicitly documented.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-20T01:03:13.139Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:1-8
Timestamp: 2026-01-20T01:03:13.139Z
Learning: In the openshift-virtualization-tests repository, Python imports should consistently use module-level imports for the logging module (i.e., import logging) rather than from logging import ... The established pattern spans 270+ files and should not be flagged for refactoring. Apply this guideline to Python files across the repo (e.g., tests/network/provider_migration/libprovider.py).
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-21T21:26:41.805Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 3559
File: utilities/infra.py:251-254
Timestamp: 2026-01-21T21:26:41.805Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when reviewing Python code, recognize that with Python 3.14 the syntax 'except ValueError, TypeError:' is valid if there is no 'as' clause, and should not be flagged as Python 2 syntax. If you use an 'as' binding (e.g., 'except (ValueError, TypeError) as e:'), parentheses are required. Ensure this pattern is version-consistent and not flagged as Python 2 syntax when 'as' is absent.
Applied to files:
utilities/infra.py
📚 Learning: 2026-01-25T13:18:21.675Z
Learnt from: jpeimer
Repo: RedHatQE/openshift-virtualization-tests PR: 3571
File: tests/storage/storage_migration/utils.py:158-167
Timestamp: 2026-01-25T13:18:21.675Z
Learning: In reviews of the openshift-virtualization-tests repo (and similar Python code), avoid suggesting minor stylistic changes that require extra verification (e.g., removing dict.keys() checks for membership) unless the change has clear correctness or maintainability impact. Focus on fixes with observable behavior, security, performance, or maintainability benefits; defer low-impact style tweaks that are costly to verify.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-18T06:35:39.536Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: utilities/virt.py:2449-2453
Timestamp: 2026-02-18T06:35:39.536Z
Learning: In Python code, a function named clearly and self-descriptively can be deemed not to require a docstring. However, treat this as a context-specific guideline and not a universal rule. For public APIs or functions with side effects, prefer concise docstrings explaining behavior, inputs, outputs, and side effects. This guidance is based on the example in utilities/virt.py from RedHatQE/openshift-virtualization-tests where validate_libvirt_persistent_domain(vm, admin_client) was considered self-documenting.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-23T16:33:22.070Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 3883
File: utilities/pytest_utils.py:441-463
Timestamp: 2026-02-23T16:33:22.070Z
Learning: In Python code reviews, the guideline to always use named arguments for multi-argument calls does not apply to built-ins or methods that have positional-only parameters (those defined with a / in their signature). Do not flag or require named arguments for calls like dict.get(key, default=None, /), list.pop(), str.split(sep, maxsplit) and similar built-ins that cannot accept keyword arguments. Apply the named-argument rule only to functions/methods that explicitly accept keyword arguments.
Applied to files:
utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In RedHatQE/openshift-virtualization-tests, when reviewing Python files, post targeted inline comments on the Files changed tab at the exact location (file and line) of the issue rather than opening a single discussion thread for multiple issues. This should be done for each applicable location to improve traceability and clarity. If multiple issues exist in the same file, address them with separate inline comments pointing to the specific lines.
Applied to files:
utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, CodeRabbit should post targeted inline comments at each applicable location in the Files Changed tab, rather than aggregating multiple issues into a single PR discussion thread reply. This guideline applies to all Python files (any file ending in .py) changed in a PR; for non-Python files, follow the same inline-comment-at-location principle if relevant.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-04T13:45:29.122Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: utilities/console.py:54-59
Timestamp: 2026-05-04T13:45:29.122Z
Learning: During review of RedHatQE/openshift-virtualization-tests “lint-cleanup” PRs (e.g., changes targeting lint issues like stale noqa/utf-8 headers), do not flag existing `# type: ignore` directives that were already present before the PR and were not introduced or modified by the PR. Only raise findings for `# type: ignore` suppressions that the PR itself adds, changes, or otherwise makes newly effective (i.e., they appear in the diff as additions/edits).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-04T13:45:33.892Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: tests/virt/cluster/common_templates/centos/test_centos_os_support.py:78-83
Timestamp: 2026-05-04T13:45:33.892Z
Learning: When reviewing lint-cleanup or formatting-only pull requests in this repo (e.g., changes like removing/updating `# noqa` comments or UTF-8 headers), do not raise findings for code patterns that already existed before the PR. Specifically, if a problematic construct such as `.is_connective(tcp_timeout=120)` was present in the base branch, suppress that finding and only raise issues when the PR itself introduces or modifies that construct (i.e., the diff adds/changes the call or its arguments). Apply this rule across all Python files (`**/*.py`).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-05T17:01:15.294Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4739
File: tests/virt/node/descheduler/conftest.py:2-2
Timestamp: 2026-05-05T17:01:15.294Z
Learning: In this repo’s Python code, it’s acceptable (and preferred by convention) to build `run_command` inputs using `shlex.split(f"<command> {arg}")` rather than converting to direct list literals like `['oc', 'adm', 'uncordon', name]`. During code review, generally don’t flag `shlex.split(...)` usage for `run_command` calls and don’t suggest replacing it with list literals; the string-form pattern is used to keep commands readable and consistent with how they’re typed in a terminal.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-08T12:49:20.694Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4788
File: utilities/os_utils.py:257-262
Timestamp: 2026-05-08T12:49:20.694Z
Learning: In RedHatQE/openshift-virtualization-tests, the Ruff flake8-boolean-trap rules FBT001/FBT002 are intentionally not enabled (pyproject.toml does not select the FBT rules; confirmed via `ruff check --show-settings`). Therefore, do not flag boolean positional parameters as FBT001/FBT002 violations in this repository. If Ruff configuration changes and starts selecting FBT rules, this exception should be reconsidered.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-12T05:10:24.601Z
Learnt from: acinko-rh
Repo: RedHatQE/openshift-virtualization-tests PR: 4780
File: tests/storage/utils.py:568-572
Timestamp: 2026-05-12T05:10:24.601Z
Learning: In this repository, Ruff rule UP043 ("unnecessary default type arguments") is enforced. When annotating `collections.abc.Generator` return types, prefer the single-parameter form `Generator[YieldType]` rather than `Generator[YieldType, None, None]`. Explicit `None, None` for the SendType and ReturnType are unnecessary defaults (per PEP 696) and will trigger UP043. Apply this consistently across all Python files.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-13T19:23:09.603Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4833
File: tests/network/localnet/migration_stuntime/libstuntime.py:25-25
Timestamp: 2026-05-13T19:23:09.603Z
Learning: In this repository, do not recommend adding `from __future__ import annotations` to fix forward-reference type annotation issues (e.g., Ruff UP037). Follow the established convention: use quoted string type annotations for forward references when the referenced class/type is defined later in the same file (e.g., `"ContinuousPing"`), and prefer `typing.Self` for self-referential return types.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:30:56.781Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_bitwarden.py:207-207
Timestamp: 2026-05-18T06:30:56.781Z
Learning: During Ruff/lint rule-enablement PRs in this repository (e.g., when introducing a new rule like PLC0415), it’s acceptable to keep CI green by adding per-line, targeted suppressions for pre-existing violations: add only `# noqa: <single-ruff-rule-id>` at the end of the specific violating line. In this PR context, reviewers should NOT flag these targeted `# noqa: PLC0415` comments as policy violations, assuming the suppression is for a pre-existing issue and is documented in the PR description as a candidate for follow-up cleanup. Do not allow blanket `# noqa` (without a specific rule) or `per-file-ignores`; those remain disallowed.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:12.015Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_pytest_utils.py:270-270
Timestamp: 2026-05-18T06:31:12.015Z
Learning: In RedHatQE/openshift-virtualization-tests, if a PR is a Ruff rule-enforcement PR and its “Special notes for reviewer” documents that pre-existing Ruff violations are being temporarily handled via per-line suppressions (e.g., `# noqa: PLC0415`) to keep CI green, reviewers should treat those specific `# noqa: <rule>` comments as an agreed, temporary mechanism. Do not flag them as code-quality issues and do not recommend removing, consolidating, or refactoring those suppressions within the same PR; cleanup/remediation is expected to happen in dedicated follow-up PRs instead.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:15.083Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_data_collector.py:304-304
Timestamp: 2026-05-18T06:31:15.083Z
Learning: When reviewing Python code in this repository for Ruff/linter rule rollouts, do not treat temporary suppression comments as violations in the specific migration scenario where a PR enables a new Ruff rule (e.g., PLC0415) and the PR description explicitly documents that all *pre-existing* violations are being annotated with `# noqa: <RULE>` as a short-lived measure. In that case, only flag `# noqa: <RULE>` suppressions that are newly introduced on code that did not previously violate the rule—i.e., verify via the PR diff against the prior state (and/or prior Ruff findings) that the suppressed line was already violating before the rule was enabled. Ignore suppressions that are covering violations that existed before the new rule rollout and were intentionally bulk-added for cleanup in follow-up PRs.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T06:31:20.848Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_hco.py:501-501
Timestamp: 2026-05-18T06:31:20.848Z
Learning: When reviewing Python code in RedHatQE/openshift-virtualization-tests, avoid flagging Ruff `# noqa: <RULE>` suppressions as issues if they were intentionally added as a temporary measure to keep CI green after a PR enables a new Ruff/lint rule (e.g., PLC0415) and the PR description documents this under "Special notes for reviewer". Treat these suppressions as deferred technical debt. Only flag `# noqa: PLC0415` (and similar rule-specific suppressions) when they are newly introduced without an accompanying documented intent in the PR (and thus appear to be masking a new violation rather than a pre-existing one).
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-18T09:09:09.479Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4878
File: utilities/unittests/test_pytest_utils.py:2194-2197
Timestamp: 2026-05-18T09:09:09.479Z
Learning: In this repository (RedHatQE/openshift-virtualization-tests), do not flag missing return type annotations or missing argument type annotations as Ruff “ANN” rule violations (e.g., ANN001/ANN002/ANN201/ANN202). The repo’s Ruff configuration does not enable ANN rules and only uses `extend-select = ["PLC0415"]`, so missing type annotations should not be treated as ANN lint failures during code review.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When using Kubernetes API models like `NodeSelectorRequirement` or `LabelSelectorRequirement` with operators `Exists` or `DoesNotExist`, the `values` field must not be non-empty. It is valid for `values` to be omitted / left as `None` (Python) / passed as `null`—Kubernetes rejects non-empty `values` for these operators, but does not require the field to be present or explicitly set to an empty list. In code reviews, do not treat missing `values=[]` for `Exists`/`DoesNotExist` as a validation issue; only flag cases where `values` is provided with actual elements.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When constructing Kubernetes `NodeSelectorRequirement` (or `LabelSelectorRequirement`) objects in code, do not treat `values` being omitted, `None`, or an empty list as an API-validation problem when the requirement’s operator is `Exists` or `DoesNotExist`. Per the Kubernetes API spec, these operators only require that the `values` array is not non-empty (i.e., it must be empty); they do not require the field to be explicitly present as `[]`. Therefore, reviewers should not flag `values=None`/missing `values` for `Exists`/`DoesNotExist`.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-26T15:52:31.613Z
Learnt from: rlobillo
Repo: RedHatQE/openshift-virtualization-tests PR: 4983
File: utilities/hco.py:376-378
Timestamp: 2026-05-26T15:52:31.613Z
Learning: For Python files in this repo, don’t raise review findings for missing type hints or missing/Google-style docstrings on an existing function when the PR’s only functional change is adding one or more new parameters to that function and the PR does not otherwise refactor or substantially rewrite its body/signature. Treat type-annotation/docstring improvements as out of scope for focused parameter-add PRs and defer them to a follow-up. Only raise missing type-hint or docstring issues when the PR introduces an entirely new function or substantially rewrites an existing one.
Applied to files:
utilities/infra.py
📚 Learning: 2026-06-21T20:28:07.727Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 5283
File: tests/network/libs/service.py:14-16
Timestamp: 2026-06-21T20:28:07.727Z
Learning: When reviewing Python code in this repository targeting Python 3.14 with PEP 649 (deferred annotation evaluation using descriptors) enabled by default, do not flag annotations that reference types imported only under `if TYPE_CHECKING:` (e.g., `client: DynamicClient | None = None`) as potential runtime `NameError` problems. With PEP 649 enabled, annotations are not evaluated at function definition time, so these patterns are valid without `from __future__ import annotations`.
Applied to files:
utilities/infra.py
📚 Learning: 2026-02-18T06:34:38.042Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: tests/virt/cluster/common_templates/utils.py:58-58
Timestamp: 2026-02-18T06:34:38.042Z
Learning: In RedHatQE/openshift-virtualization-tests, treat 'public' functions as those defined in any Python files under libs/ or utilities/ (any depth). Functions inside nested test directories (e.g., tests/virt/cluster/common_templates/, tests/virt/node/, etc.) are test helpers and do not require Google-format docstrings unless explicitly requested. Use this rule during reviews to decide whether to enforce docstrings on public API functions in libs/utilities.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-03T15:38:09.624Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4701
File: tests/virt/node/general/test_windows_vtpm_bitlocker.py:50-52
Timestamp: 2026-05-03T15:38:09.624Z
Learning: During review of PRs that are lint cleanups or tooling/version bumps, do not flag code-quality issues for patterns that pre-existed before the PR. Specifically, if the diff does not introduce/modify constructs such as nested `if` blocks or unnecessary list comprehensions, treat them as known/deferred and leave them for dedicated follow-up cleanup PRs. Only raise issues when the PR itself adds, changes, or refactors the problematic code.
Applied to files:
utilities/infra.py
📚 Learning: 2026-05-15T18:42:02.504Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4860
File: utilities/hco.py:385-389
Timestamp: 2026-05-15T18:42:02.504Z
Learning: In this repository, under the Python `utilities/` directory (utility/helper modules, not tests), do not flag bare `assert` statements as correctness or style issues. The codebase conventionally uses `assert` in these utilities (e.g., `utilities/virt.py`, `utilities/infra.py`, etc.) and does not enforce running Python with `-O`/`PYTHONOPTIMIZE`, so the usual “asserts may be stripped” concern should not be treated as a review blocker here.
Applied to files:
utilities/infra.py
📚 Learning: 2026-06-15T10:56:21.758Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 4994
File: tests/network/user_defined_network/ip_specification/test_ip_specification.py:123-127
Timestamp: 2026-06-15T10:56:21.758Z
Learning: In this repository, do not require or flag missing `-> None` return type annotations on pytest test functions/methods (i.e., functions named `test_*`) located under `tests/**`. Return type annotations for `-> None` on these test functions are optional and should not be treated as inconsistent. Separately, in `utilities/**` and `libs/**`, enforce return type annotations for non-test public functions (e.g., functions that are not internal/private such as those not starting with `_`).
Applied to files:
utilities/infra.py
🪛 ast-grep (0.44.0)
utilities/infra.py
[warning] 694-694: Request-controlled URL passed to requests; validate against an allowlist to prevent SSRF.
Context: requests.get(url, verify=False, timeout=TIMEOUT_30SEC)
Note: [CWE-918] Server-Side Request Forgery (SSRF).
(ssrf-requests)
[info] 694-694: Make sure cookies are safe and secure
Context: verify=False
Note: [CWE-614] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.
(secure-cookie)
[error] 694-694: verify should be True
Context: verify=False
Note: [CWE-295] Improper Certificate Validation (TLS verification disabled).
(request-verify)
[warning] 696-696: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(local_file_name, "wb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
(open-filename-from-request)
🪛 OpenGrep (1.23.0)
utilities/infra.py
[WARNING] 695-695: SSL/TLS verification is disabled (verify=False). This allows man-in-the-middle attacks. Remove verify=False or set it to True.
(coderabbit.tls.verify-disabled-python)
🪛 Ruff (0.15.20)
utilities/infra.py
[error] 695-695: Probable use of requests call with verify=False disabling SSL certificate checks
(S501)
🔇 Additional comments (4)
utilities/infra.py (4)
695-695: 🔒 Security & PrivacyTLS verification disabled — already litigated, not new to this PR.
verify=Falsepredates this diff and was already flagged/withdrawn twice in prior reviews of this exact function as pre-existing behavior, not a regression introduced here.
684-693: LGTM!
696-699: LGTM!
713-716: LGTM!
…rrors Signed-off-by: Ahmad Hafe <ahafe@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com> Signed-off-by: Ahmad Hafe <ahafe@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
What this PR does / why we need it:
The virtctl binary download from the cluster CLI route can intermittently fail with transient network errors (SSL handshake failures, connection resets, timeouts) during TLS connection, causing all tests depending on the virtctl_binary fixture to fail in setup.
Wraps the download in
TimeoutSamplerto retry onSSLErrorandConnectionErrorfor up to 2 minutes (10s between attempts).Which issue(s) this PR fixes:
Special notes for reviewer:
Tested on cluster c01-ahmad422 — both error path and happy path tests passed:
TestDisconnectedVirtctlDownload::test_download_virtcli_binary(gating) - PASSEDTestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux(gating) - PASSEDjira-ticket:
https://redhat.atlassian.net/browse/CNV-83631
Summary by CodeRabbit