Skip to content

feat(e2e): add --run-as flag to run all tests as cluster-admin#574

Merged
istein1 merged 5 commits into
migtools:mainfrom
midays:run_tests_as_admin
Jul 1, 2026
Merged

feat(e2e): add --run-as flag to run all tests as cluster-admin#574
istein1 merged 5 commits into
migtools:mainfrom
midays:run_tests_as_admin

Conversation

@midays

@midays midays commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Add a --run-as=admin flag that overrides all test contexts to use
cluster-admin credentials without modifying individual test files.

Changes:

  • config: add RunAs field
  • suite: register --run-as flag in tier0 and tier1 suite files
  • scenario: populate NonAdmin fields with admin contexts when RunAs=admin
  • rbac: add SetupActiveKubectlRunners and SetupActiveNamespaceAdmin
    helpers that bypass RBAC setup in admin mode and log the resolved
    username as proof of identity
  • tests: remove empty-context Skip guards from all 21 non-admin tests
    and replace SetupNamespaceAdminUsersForScenario with
    SetupActiveKubectlRunners

When --run-as is omitted, behavior is unchanged.

Jenkins Run

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features
    • Added a --run-as flag to run end-to-end tests with admin credentials.
  • Bug Fixes
    • Removed multiple premature skips so non-admin E2E migrations and validations run even when non-admin contexts are not provided.
    • Updated non-admin kubectl/permission initialization to consistently follow the correct admin vs non-admin execution path across tiers and scenarios.
  • Tests
    • Added a compliance workflow to enforce non-admin test conventions around setup and skip guards.

@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@midays, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 58 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7baffb0f-9d4f-454d-9ef7-b12c35b8c69b

📥 Commits

Reviewing files that changed from the base of the PR and between b53d66d and 3a9a5b3.

📒 Files selected for processing (4)
  • .github/workflows/test-compliance.yml
  • e2e-tests/tests/tier0/mta_846_validate_single_incompatible_route_live_test.go
  • e2e-tests/tests/tier0/mta_853_split_apply_test.go
  • e2e-tests/tests/tier1/mta_850_validate_duplicate_gvk_test.go
📝 Walkthrough

Walkthrough

Adds a RunAs config variable and --run-as CLI flags for the e2e suites. New RBAC helpers branch on config.RunAs to use admin runners when requested. NewMigrationScenario now derives non-admin contexts conditionally, and the affected tier0/tier1 tests switch to the new helpers while removing context-based skips.

Changes

RunAs Admin Mode for E2E Tests

Layer / File(s) Summary
Config, scenario, and RBAC helpers
e2e-tests/config/config.go, e2e-tests/framework/scenario.go, e2e-tests/framework/rbac.go
Adds exported RunAs string, updates NewMigrationScenario to derive non-admin contexts and override them in admin mode, and introduces SetupActiveNamespaceAdmin/SetupActiveKubectlRunners with config.RunAs branching.
CLI flag registration
e2e-tests/tests/tier0/e2e_suite_test.go, e2e-tests/tests/tier1/e2e_suite_test.go
Registers the --run-as flag in both e2e suite entry points.
Tier0 test setup updates
e2e-tests/tests/tier0/mta_80[4-9]_*.go, e2e-tests/tests/tier0/mta_81[0-3]_*.go, e2e-tests/tests/tier0/mta_82[7-8]_*.go, e2e-tests/tests/tier0/mta_83[1,3]_*.go, e2e-tests/tests/tier0/mta_84[4-6]_*.go
Removes skip guards for missing non-admin contexts across tier0 tests and replaces non-admin runner setup with SetupActiveKubectlRunners; MTA-827 also switches target namespace admin setup to SetupActiveNamespaceAdmin, and MTA-846 only drops its skip guard.
Tier1 test setup updates
e2e-tests/tests/tier1/mta_82[9-30]_*.go, e2e-tests/tests/tier1/mta_83[2,6]_*.go, e2e-tests/tests/tier1/mta_850_*.go
Removes skip guards for missing non-admin contexts across tier1 tests and replaces non-admin runner setup with SetupActiveKubectlRunners; MTA-850 only drops its skip guard.
Compliance workflow
.github/workflows/test-compliance.yml
Adds a pull-request workflow that checks e2e-tests/tests/** for legacy non-admin setup calls and empty-context skip guards.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • migtools/crane#222: Adds the namespace-admin RBAC helpers and non-admin context wiring that this PR extends with RunAs-aware active setup.
  • migtools/crane#359: Introduces the MTA-827 custom transformation stage test that is directly updated here to use SetupActiveKubectlRunners and SetupActiveNamespaceAdmin.
  • migtools/crane#557: Introduces the MTA-850 duplicate GVK validation test whose skip guard is removed in this PR.

Suggested labels

kind/feature, test, size/XL

Suggested reviewers

  • stillalearner
  • aufi

Poem

🐇 Hop, hop, the flags are in place,
RunAs now toggles the test-suite space.
Admin or not, the runners still run,
Skips fade away like a setting sun.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: adding a --run-as flag to run e2e tests as cluster-admin.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

Test Coverage Report

Total: 47.6%

Per-package coverage

  • github.com/konveyor/crane — 0.0%
  • github.com/konveyor/crane/cmd/apply — 52.7%
  • github.com/konveyor/crane/cmd/convert — 0.0%
  • github.com/konveyor/crane/cmd/export — 93.0%
  • github.com/konveyor/crane/cmd/plugin-manager — 0.0%
  • github.com/konveyor/crane/cmd/plugin-manager/add — 0.0%
  • github.com/konveyor/crane/cmd/plugin-manager/list — 0.0%
  • github.com/konveyor/crane/cmd/plugin-manager/remove — 0.0%
  • github.com/konveyor/crane/cmd/skopeo-sync-gen — 0.0%
  • github.com/konveyor/crane/cmd/transfer-pvc — 9.2%
  • github.com/konveyor/crane/cmd/transform — 59.7%
  • github.com/konveyor/crane/cmd/transform/listplugins — 23.0%
  • github.com/konveyor/crane/cmd/transform/optionals — 0.0%
  • github.com/konveyor/crane/cmd/tunnel-api — 0.0%
  • github.com/konveyor/crane/cmd/validate — 64.4%
  • github.com/konveyor/crane/cmd/version — 20.0%
  • github.com/konveyor/crane/internal/apply — 33.8%
  • github.com/konveyor/crane/internal/buildinfo — 100.0%
  • github.com/konveyor/crane/internal/file — 79.0%
  • github.com/konveyor/crane/internal/flags — 0.0%
  • github.com/konveyor/crane/internal/kustomize — 85.7%
  • github.com/konveyor/crane/internal/plugin — 32.9%
  • github.com/konveyor/crane/internal/transform — 80.9%
  • github.com/konveyor/crane/internal/validate — 58.6%
Full function-level details
github.com/konveyor/crane/cmd/apply/apply.go:44:			Complete								100.0%
github.com/konveyor/crane/cmd/apply/apply.go:50:			Validate								87.5%
github.com/konveyor/crane/cmd/apply/apply.go:64:			Run									0.0%
github.com/konveyor/crane/cmd/apply/apply.go:68:			NewApplyCommand								0.0%
github.com/konveyor/crane/cmd/apply/apply.go:109:			getStageNames								100.0%
github.com/konveyor/crane/cmd/apply/apply.go:117:			addFlagsForOptions							0.0%
github.com/konveyor/crane/cmd/apply/apply.go:133:			run									81.4%
github.com/konveyor/crane/cmd/convert/convert.go:30:			NewConvertOptions							0.0%
github.com/konveyor/crane/cmd/convert/convert.go:63:			addFlagsForConvertOptions						0.0%
github.com/konveyor/crane/cmd/convert/convert.go:74:			Complete								0.0%
github.com/konveyor/crane/cmd/convert/convert.go:83:			Run									0.0%
github.com/konveyor/crane/cmd/convert/convert.go:87:			run									0.0%
github.com/konveyor/crane/cmd/convert/convert.go:112:			getClientFromContext							0.0%
github.com/konveyor/crane/cmd/convert/convert.go:134:			getRestConfigFromContext						0.0%
github.com/konveyor/crane/cmd/export/cluster.go:29:			NewClusterScopeHandler							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:35:			isClusterScopedResource							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:44:			filterRbacResources							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:102:			NewClusterScopedRbacHandler						100.0%
github.com/konveyor/crane/cmd/export/cluster.go:113:			exportedSANamespaces							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:126:			groupMatchesExportedSANamespaces					100.0%
github.com/konveyor/crane/cmd/export/cluster.go:143:			parseServiceAccountUserSubject						100.0%
github.com/konveyor/crane/cmd/export/cluster.go:154:			prepareForFiltering							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:187:			filteredResourcesOfKind							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:213:			accept									100.0%
github.com/konveyor/crane/cmd/export/cluster.go:223:			acceptClusterRoleBinding						100.0%
github.com/konveyor/crane/cmd/export/cluster.go:260:			acceptClusterRole							100.0%
github.com/konveyor/crane/cmd/export/cluster.go:284:			acceptSecurityContextConstraints					100.0%
github.com/konveyor/crane/cmd/export/cluster.go:336:			anyServiceAccountInNamespace						100.0%
github.com/konveyor/crane/cmd/export/crd.go:17:				normalizeGroupSet							85.7%
github.com/konveyor/crane/cmd/export/crd.go:29:				shouldSkipCRDGroup							100.0%
github.com/konveyor/crane/cmd/export/crd.go:50:				crdFailureAPIResourceName						100.0%
github.com/konveyor/crane/cmd/export/crd.go:56:				getOperatorManager							92.9%
github.com/konveyor/crane/cmd/export/crd.go:88:				collectRelatedCRDs							90.6%
github.com/konveyor/crane/cmd/export/discover.go:40:			hasClusterScopedManifests						100.0%
github.com/konveyor/crane/cmd/export/discover.go:58:			prepareClusterResourceDir						100.0%
github.com/konveyor/crane/cmd/export/discover.go:74:			prepareFailuresDir							100.0%
github.com/konveyor/crane/cmd/export/discover.go:86:			writeResources								85.7%
github.com/konveyor/crane/cmd/export/discover.go:134:			writeErrors								83.3%
github.com/konveyor/crane/cmd/export/discover.go:176:			getFilePath								95.2%
github.com/konveyor/crane/cmd/export/discover.go:214:			discoverPreferredResources						100.0%
github.com/konveyor/crane/cmd/export/discover.go:243:			resourceToExtract							100.0%
github.com/konveyor/crane/cmd/export/discover.go:312:			isAdmittedResource							100.0%
github.com/konveyor/crane/cmd/export/discover.go:321:			getObjects								100.0%
github.com/konveyor/crane/cmd/export/discover.go:355:			iterateItemsByGet							93.8%
github.com/konveyor/crane/cmd/export/discover.go:381:			iterateItemsInList							92.3%
github.com/konveyor/crane/cmd/export/export.go:54:			Complete								92.0%
github.com/konveyor/crane/cmd/export/export.go:101:			Validate								100.0%
github.com/konveyor/crane/cmd/export/export.go:142:			validateExportNamespace							87.5%
github.com/konveyor/crane/cmd/export/export.go:159:			allResourceListsForbidden						87.5%
github.com/konveyor/crane/cmd/export/export.go:177:			Run									0.0%
github.com/konveyor/crane/cmd/export/export.go:290:			NewExportCommand							54.2%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:43:		Complete								0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:48:		Validate								0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:91:		Run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:95:		NewAddCommand								0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:127:		addFlagsForOptions							0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:132:		run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:204:		downloadBinary								0.0%
github.com/konveyor/crane/cmd/plugin-manager/add/add.go:253:		binaryURIForPlatform							0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:46:		Complete								0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:51:		Validate								0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:56:		Run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:60:		NewListCommand								0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:90:		addFlagsForOptions							0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:98:		run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:167:		printInstalledInformation						0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:177:		groupInformationForPlugins						0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:196:		printInformation							0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:208:		printParamsInformation							0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:222:		getOptionalFields							0.0%
github.com/konveyor/crane/cmd/plugin-manager/list/list.go:247:		printTable								0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:33:	Complete								0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:38:	Validate								0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:43:	Run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:47:	NewPluginManagerCommand							0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:78:	addFlagsForOptions							0.0%
github.com/konveyor/crane/cmd/plugin-manager/plugin-manager.go:86:	run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/remove/remove.go:33:	Complete								0.0%
github.com/konveyor/crane/cmd/plugin-manager/remove/remove.go:38:	Validate								0.0%
github.com/konveyor/crane/cmd/plugin-manager/remove/remove.go:43:	Run									0.0%
github.com/konveyor/crane/cmd/plugin-manager/remove/remove.go:47:	NewRemoveCommand							0.0%
github.com/konveyor/crane/cmd/plugin-manager/remove/remove.go:77:	run									0.0%
github.com/konveyor/crane/cmd/skopeo-sync-gen/skopeo-sync-gen.go:61:	Complete								0.0%
github.com/konveyor/crane/cmd/skopeo-sync-gen/skopeo-sync-gen.go:65:	Validate								0.0%
github.com/konveyor/crane/cmd/skopeo-sync-gen/skopeo-sync-gen.go:69:	NewSkopeoSyncGenCommand							0.0%
github.com/konveyor/crane/cmd/skopeo-sync-gen/skopeo-sync-gen.go:103:	shouldAddImageStream							0.0%
github.com/konveyor/crane/cmd/skopeo-sync-gen/skopeo-sync-gen.go:114:	Run									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:37:		NewRsyncLogStream							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:50:		Init									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:138:		writeProgressToFile							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:148:		Close									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:154:		Streams									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:190:		addDataSize								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:215:		String									100.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:219:		MarshalJSON								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:223:		AsString								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:271:		NewProgress								100.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:291:		Completed								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:296:		Status									38.5%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:321:		Merge									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:376:		newDataSize								72.7%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:399:		parseRsyncLogs								76.1%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:479:		waitForPodRunning							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/progress.go:513:		getFinalPodStatus							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:89:		Validate								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:117:		Validate								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:133:		NewTransferPVCCommand							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:169:		addFlagsToTransferPVCCommand						0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:189:		Complete								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:220:		Validate								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:246:		Run									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:250:		getClientFromContext							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:271:		getRestConfigFromContext						0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:278:		run									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:485:		getValidatedResourceName						0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:495:		getNodeNameForPVC							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:515:		getIDsForNamespace							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:541:		getRsyncClientPodSecurityContext					0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:553:		getRsyncServerPodSecurityContext					0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:565:		garbageCollect								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:602:		deleteResourcesIteratively						0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:628:		deleteResourcesForGVK							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:649:		followClientLogs							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:678:		waitForEndpoint								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:690:		createEndpoint								0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:735:		getRouteHostName							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:752:		buildDestinationPVC							0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:773:		ApplyTo									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:793:		ApplyTo									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:805:		ApplyTo									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:821:		String									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:825:		Set									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:835:		Type									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:841:		parseSourceDestinationMapping						100.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:863:		String									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:867:		Set									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:876:		Type									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:880:		String									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:884:		Set									0.0%
github.com/konveyor/crane/cmd/transfer-pvc/transfer-pvc.go:894:		Type									0.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:33:	Complete								0.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:38:	Validate								0.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:43:	Run									0.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:47:	NewListPluginsCommand							0.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:80:	GetPluginNames								85.7%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:95:	getFilteredPlugins							75.0%
github.com/konveyor/crane/cmd/transform/listplugins/listplugins.go:104:	run									0.0%
github.com/konveyor/crane/cmd/transform/optionals/optionals.go:31:	Complete								0.0%
github.com/konveyor/crane/cmd/transform/optionals/optionals.go:36:	Validate								0.0%
github.com/konveyor/crane/cmd/transform/optionals/optionals.go:41:	Run									0.0%
github.com/konveyor/crane/cmd/transform/optionals/optionals.go:45:	NewOptionalsCommand							0.0%
github.com/konveyor/crane/cmd/transform/optionals/optionals.go:78:	run									0.0%
github.com/konveyor/crane/cmd/transform/transform.go:56:		Complete								0.0%
github.com/konveyor/crane/cmd/transform/transform.go:62:		Validate								83.3%
github.com/konveyor/crane/cmd/transform/transform.go:81:		Run									0.0%
github.com/konveyor/crane/cmd/transform/transform.go:86:		getPluginCompletions							100.0%
github.com/konveyor/crane/cmd/transform/transform.go:111:		NewTransformCommand							0.0%
github.com/konveyor/crane/cmd/transform/transform.go:154:		addFlagsForOptions							0.0%
github.com/konveyor/crane/cmd/transform/transform.go:176:		run									11.8%
github.com/konveyor/crane/cmd/transform/transform.go:327:		optionalFlagsToLower							100.0%
github.com/konveyor/crane/cmd/transform/transform.go:337:		runStageWithCleanup							0.0%
github.com/konveyor/crane/cmd/transform/transform.go:353:		reconcileInstructionStages						81.0%
github.com/konveyor/crane/cmd/transform/transform.go:396:		ensurePreviousStagesRun							83.3%
github.com/konveyor/crane/cmd/transform/transform.go:413:		ensureStagesHaveOutput							92.9%
github.com/konveyor/crane/cmd/transform/transform.go:452:		createDefaultStagesForAllPlugins					94.7%
github.com/konveyor/crane/cmd/transform/transform.go:504:		validateStageNameToken							100.0%
github.com/konveyor/crane/cmd/transform/transform.go:519:		findStageByDirName							100.0%
github.com/konveyor/crane/cmd/transform/transform.go:531:		findStagesByName							100.0%
github.com/konveyor/crane/cmd/transform/transform.go:543:		createStageDirectory							77.8%
github.com/konveyor/crane/cmd/transform/transform.go:564:		createCustomStageWithExplicitName					100.0%
github.com/konveyor/crane/cmd/transform/transform.go:580:		createCustomStageWithAutoPriority					71.4%
github.com/konveyor/crane/cmd/transform/transform.go:602:		createPluginStage							0.0%
github.com/konveyor/crane/cmd/transform/transform.go:635:		resolveAndValidateStages						58.5%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:35:		NewTunnelAPIOptions							0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:65:		addFlagsForTunnelAPIOptions						0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:77:		Complete								0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:100:		Validate								0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:116:		Run									0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:120:		getClientFromContext							0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:129:		getRestConfigFromContext						0.0%
github.com/konveyor/crane/cmd/tunnel-api/tunnel-api.go:136:		run									0.0%
github.com/konveyor/crane/cmd/validate/validate.go:37:			Complete								90.0%
github.com/konveyor/crane/cmd/validate/validate.go:55:			Validate								100.0%
github.com/konveyor/crane/cmd/validate/validate.go:100:			Run									17.5%
github.com/konveyor/crane/cmd/validate/validate.go:203:			NewValidateCommand							50.0%
github.com/konveyor/crane/cmd/version/version.go:20:			Complete								0.0%
github.com/konveyor/crane/cmd/version/version.go:25:			Validate								0.0%
github.com/konveyor/crane/cmd/version/version.go:30:			Run									0.0%
github.com/konveyor/crane/cmd/version/version.go:34:			NewVersionCommand							0.0%
github.com/konveyor/crane/cmd/version/version.go:60:			run									100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:21:			CreateTempDir								100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:28:			ListFilesRecursively							91.7%
github.com/konveyor/crane/e2e-tests/utils/utils.go:51:			ListFilesRecursivelyAsList						80.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:75:			HasFilesRecursively							80.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:86:			ReadTestdataFile							88.9%
github.com/konveyor/crane/e2e-tests/utils/utils.go:105:			TestdataFilePath							0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:125:			GoldenManifestsDir							90.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:147:			GoldenManifestsDirForPlatform						0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:170:			CompareDirectoryFileSets						78.9%
github.com/konveyor/crane/e2e-tests/utils/utils.go:205:			CompareDirectoryYAMLSemantics						82.4%
github.com/konveyor/crane/e2e-tests/utils/utils.go:239:			CompareDirectoryYAMLSemanticsExport					100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:247:			CompareDirectoryYAMLSemanticsExportAllowOptionalOCPOutputDefaults	100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:251:			compareDirectoryYAMLSemanticsExport					92.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:330:			isOptionalOCPOutputIdentity						100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:357:			buildNormalizedExportIndex						81.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:397:			canonicalizeDocs							87.5%
github.com/konveyor/crane/e2e-tests/utils/utils.go:411:			extractResourceIdentity							79.5%
github.com/konveyor/crane/e2e-tests/utils/utils.go:482:			parseYAMLDocuments							100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:498:			canonicalOpenShiftDockercfgSecretName					80.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:514:			compareYAMLFileBytes							100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:541:			AssertNoKindsInOutput							0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:597:			AssertKindsInOutput							0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:649:			LooksLikeYAMLFile							100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:663:			normalizeUnstableFields							100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:724:			normalizePodServiceAccountVolumeNames					90.9%
github.com/konveyor/crane/e2e-tests/utils/utils.go:781:			normalizeServiceAccountDockercfgReferences				94.1%
github.com/konveyor/crane/e2e-tests/utils/utils.go:815:			normalizeWithPath							83.3%
github.com/konveyor/crane/e2e-tests/utils/utils.go:853:			shouldDropField								100.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:909:			AssertWhiteoutResourceFilesExist					0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:949:			AssertWhiteoutResourceFileCount						0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:981:			AssertWhiteoutCommentsInKustomization					0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:1036:		AssertKindsNotInActiveKustomizeResources				0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:1078:		CaptureAPISurfaceScriptPath						75.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:1097:		ToInt64									0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:1114:		ExtractCPUAverageUtilization						0.0%
github.com/konveyor/crane/e2e-tests/utils/utils.go:1147:		AssertFilesExist							0.0%
github.com/konveyor/crane/internal/apply/kustomize.go:31:		ApplySingleStage							0.0%
github.com/konveyor/crane/internal/apply/kustomize.go:80:		ApplyMultiStage								0.0%
github.com/konveyor/crane/internal/apply/kustomize.go:134:		runKustomizeBuild							0.0%
github.com/konveyor/crane/internal/apply/kustomize.go:143:		filterClusterScopedResources						82.4%
github.com/konveyor/crane/internal/apply/kustomize.go:199:		splitMultiDocYAMLToFiles						86.7%
github.com/konveyor/crane/internal/buildinfo/buildinfo.go:25:		readKustomizeVersion							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:22:		ReadFiles								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:32:		readFiles								84.0%
github.com/konveyor/crane/internal/file/file_helper.go:91:		GetWhiteOutFilePath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:95:		GetTransformPath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:99:		GetIgnoredPatchesPath							0.0%
github.com/konveyor/crane/internal/file/file_helper.go:103:		updateTransformDirPath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:107:		updateIgnoredPatchesDirPath						0.0%
github.com/konveyor/crane/internal/file/file_helper.go:114:		updatePath								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:121:		GetOutputFilePath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:131:		GetStageDir								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:137:		GetInputDir								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:143:		GetPatchesDir								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:149:		GetKustomizationPath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:155:		GetMetadataPath								100.0%
github.com/konveyor/crane/internal/file/file_helper.go:161:		GetResourceTypeFilePath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:167:		GetPatchFilePath							100.0%
github.com/konveyor/crane/internal/file/file_helper.go:174:		GetStageTransformDir							0.0%
github.com/konveyor/crane/internal/file/file_helper.go:180:		GetStageOutputDir							0.0%
github.com/konveyor/crane/internal/file/file_helper.go:187:		GetResourceFilename							75.0%
github.com/konveyor/crane/internal/file/ordering.go:82:			GetResourceOrder							100.0%
github.com/konveyor/crane/internal/file/ordering.go:92:			GetOrderedResourceFilename						100.0%
github.com/konveyor/crane/internal/flags/global_flags.go:14:		ApplyFlags								0.0%
github.com/konveyor/crane/internal/flags/global_flags.go:21:		GetLogger								0.0%
github.com/konveyor/crane/internal/flags/global_flags.go:29:		initConfig								0.0%
github.com/konveyor/crane/internal/flags/help_groups.go:12:		KubernetesClientInheritedFlagNames					0.0%
github.com/konveyor/crane/internal/flags/help_groups.go:40:		SetGroupedHelp								0.0%
github.com/konveyor/crane/internal/kustomize/args.go:20:		ParseAndValidateArgs							100.0%
github.com/konveyor/crane/internal/kustomize/args.go:92:		splitArgs								100.0%
github.com/konveyor/crane/internal/kustomize/runner.go:21:		Build									82.4%
github.com/konveyor/crane/internal/kustomize/runner.go:55:		buildOptions								100.0%
github.com/konveyor/crane/internal/kustomize/runner.go:105:		setEnvVars								46.2%
github.com/konveyor/crane/internal/plugin/plugin_helper.go:21:		GetPlugins								0.0%
github.com/konveyor/crane/internal/plugin/plugin_helper.go:38:		getBinaryPlugins							0.0%
github.com/konveyor/crane/internal/plugin/plugin_helper.go:63:		IsExecAny								0.0%
github.com/konveyor/crane/internal/plugin/plugin_helper.go:67:		GetFilteredPlugins							0.0%
github.com/konveyor/crane/internal/plugin/plugin_helper.go:109:		isPluginInList								0.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:24:	BuildManifestMap							0.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:68:	GetYamlFromUrl								75.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:82:	YamlToManifest								72.7%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:104:	FilterPluginForOsArch							100.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:119:	GetDefaultSource							0.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:128:	LocateBinaryInPluginDir							0.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:140:	IsUrl									100.0%
github.com/konveyor/crane/internal/plugin/plugin_manager_helper.go:146:	getData									80.0%
github.com/konveyor/crane/internal/transform/instructions.go:31:	LoadInstructions							61.1%
github.com/konveyor/crane/internal/transform/instructions.go:63:	friendlyInstructionsDecodeError						87.5%
github.com/konveyor/crane/internal/transform/instructions.go:78:	ValidateInstructions							100.0%
github.com/konveyor/crane/internal/transform/instructions.go:112:	GenerateStageDirNames							100.0%
github.com/konveyor/crane/internal/transform/orchestrator.go:41:	RunMultiStage								75.6%
github.com/konveyor/crane/internal/transform/orchestrator.go:142:	executeStage								72.7%
github.com/konveyor/crane/internal/transform/orchestrator.go:194:	transformResources							68.4%
github.com/konveyor/crane/internal/transform/orchestrator.go:245:	formatResourceID							0.0%
github.com/konveyor/crane/internal/transform/orchestrator.go:252:	getPluginForStage							90.9%
github.com/konveyor/crane/internal/transform/orchestrator.go:279:	getAvailablePluginNames							0.0%
github.com/konveyor/crane/internal/transform/orchestrator.go:292:	applyStageTransforms							82.1%
github.com/konveyor/crane/internal/transform/orchestrator.go:359:	loadResourcesFromDirectory						85.7%
github.com/konveyor/crane/internal/transform/orchestrator.go:374:	writeResourcesToDirectory						73.1%
github.com/konveyor/crane/internal/transform/stages.go:22:		DiscoverStages								90.5%
github.com/konveyor/crane/internal/transform/stages.go:83:		FilterStages								100.0%
github.com/konveyor/crane/internal/transform/stages.go:112:		GetFirstStage								100.0%
github.com/konveyor/crane/internal/transform/stages.go:122:		GetLastStage								66.7%
github.com/konveyor/crane/internal/transform/stages.go:132:		GetPreviousStage							100.0%
github.com/konveyor/crane/internal/transform/stages.go:142:		GetNextStage								100.0%
github.com/konveyor/crane/internal/transform/stages.go:152:		ValidateStageName							100.0%
github.com/konveyor/crane/internal/transform/stages.go:161:		GenerateStageName							100.0%
github.com/konveyor/crane/internal/transform/test_helpers.go:8:		hasKustomizeCommand							100.0%
github.com/konveyor/crane/internal/transform/test_helpers.go:14:	contains								100.0%
github.com/konveyor/crane/internal/transform/test_helpers.go:23:	findInString								100.0%
github.com/konveyor/crane/internal/transform/writer.go:28:		NewKustomizeWriter							100.0%
github.com/konveyor/crane/internal/transform/writer.go:37:		WriteStage								68.4%
github.com/konveyor/crane/internal/transform/writer.go:218:		getResourceID								100.0%
github.com/konveyor/crane/internal/transform/writer.go:231:		filterValidRemoveOps							76.2%
github.com/konveyor/crane/internal/transform/writer.go:275:		pathExists								93.5%
github.com/konveyor/crane/internal/transform/writer.go:352:		generateKustomizationWithComments					93.8%
github.com/konveyor/crane/internal/transform/writer.go:383:		checkStageDirectory							23.1%
github.com/konveyor/crane/internal/validate/api_resources.go:24:	ParseAPIResourcesJSON							89.7%
github.com/konveyor/crane/internal/validate/matcher.go:25:		MatchResults								75.0%
github.com/konveyor/crane/internal/validate/matcher.go:36:		MatchResultsFromIndex							100.0%
github.com/konveyor/crane/internal/validate/matcher.go:76:		buildDiscoveryIndex							71.4%
github.com/konveyor/crane/internal/validate/matcher.go:110:		matchEntry								100.0%
github.com/konveyor/crane/internal/validate/matcher.go:139:		buildKindIndex								100.0%
github.com/konveyor/crane/internal/validate/matcher.go:151:		addSuggestion								91.7%
github.com/konveyor/crane/internal/validate/report.go:17:		FormatTable								91.3%
github.com/konveyor/crane/internal/validate/report.go:60:		FormatJSON								100.0%
github.com/konveyor/crane/internal/validate/report.go:67:		FormatYAML								0.0%
github.com/konveyor/crane/internal/validate/report.go:79:		WriteFailures								0.0%
github.com/konveyor/crane/internal/validate/report.go:115:		failureFileName								0.0%
github.com/konveyor/crane/internal/validate/report.go:129:		safeFilePart								0.0%
github.com/konveyor/crane/internal/validate/report.go:145:		parseAPIVersion								0.0%
github.com/konveyor/crane/internal/validate/scanner.go:34:		ScanManifests								76.5%
github.com/konveyor/crane/internal/validate/types.go:46:		HasIncompatible								100.0%
github.com/konveyor/crane/internal/validate/types.go:49:		IncompatibleResults							0.0%
github.com/konveyor/crane/main.go:21:					main									0.0%
total:									(statements)								47.6%

Posted by CI

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@e2e-tests/framework/rbac.go`:
- Around line 141-145: The partial admin-mode setup in the namespace creation
path can leave the source namespace behind when
scenario.KubectlSrc.CreateNamespace succeeds but
scenario.KubectlTgt.CreateNamespace fails. Update the helper in rbac.go to clean
up the already-created source namespace before returning the target-side error,
using the same namespace variable and the KubectlSrc/KubectlTgt setup flow so
the failure path does not leak resources.

In `@e2e-tests/framework/scenario.go`:
- Around line 34-37: Add focused test coverage for the RunAs context rewrite in
NewMigrationScenario, since the config.RunAs == "admin" branch changes both
non-admin contexts. Create a small table-driven test around NewMigrationScenario
that exercises default mode and admin mode, and assert the resulting
srcNonAdminCtx and tgtNonAdminCtx behavior so the branch is covered and won’t
regress.

In `@e2e-tests/tests/tier0/mta_805_sets_test.go`:
- Around line 49-50: Preserve the existing skip behavior in the MTA 805 test
setup when --run-as is not admin, since SetupActiveKubectlRunners and
SetupNamespaceAdminUsersForScenario still require the non-admin kubectl
contexts. Restore the preflight Skip(...) before calling
SetupActiveKubectlRunners in the test flow so environments without admin mode
continue to be skipped instead of failing. Use the relevant setup path around
SetupActiveKubectlRunners, SetupNamespaceAdminUsersForScenario, and the
Kubectl*NonAdmin.Context handling to locate the change.

In `@e2e-tests/tests/tier0/mta_811_mongodb_non_admin_test.go`:
- Around line 123-124: The non-admin setup path in this test now hard-fails
instead of preserving the previous skip behavior when non-admin contexts are
unset. Update the test around SetupActiveKubectlRunners /
SetupNamespaceAdminUsersForScenario so that when --run-as is not "admin" and
either non-admin context is empty, it skips the test rather than returning an
error, matching the prior behavior when --run-as is not provided.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0c67c994-672a-4d90-85cb-50de19da1c0a

📥 Commits

Reviewing files that changed from the base of the PR and between 9fdeaae and 43b539a.

📒 Files selected for processing (26)
  • e2e-tests/config/config.go
  • e2e-tests/framework/rbac.go
  • e2e-tests/framework/scenario.go
  • e2e-tests/tests/tier0/e2e_suite_test.go
  • e2e-tests/tests/tier0/mta_804_empty_pvc_migration_test.go
  • e2e-tests/tests/tier0/mta_805_sets_test.go
  • e2e-tests/tests/tier0/mta_806_pvc_data_integrity_test.go
  • e2e-tests/tests/tier0/mta_807_data_validation_test.go
  • e2e-tests/tests/tier0/mta_809_initcontainer_test.go
  • e2e-tests/tests/tier0/mta_810_configmap_test.go
  • e2e-tests/tests/tier0/mta_811_mongodb_non_admin_test.go
  • e2e-tests/tests/tier0/mta_812_role_migration_test.go
  • e2e-tests/tests/tier0/mta_813_cronJob_PVC_test.go
  • e2e-tests/tests/tier0/mta_827_custom_transformation_stage_test.go
  • e2e-tests/tests/tier0/mta_828_instructions_file_migration_test.go
  • e2e-tests/tests/tier0/mta_831_validate_compatible_resources_offline_test.go
  • e2e-tests/tests/tier0/mta_833_compatible_resources_live_test.go
  • e2e-tests/tests/tier0/mta_844_validate_mixed_resources_live_test.go
  • e2e-tests/tests/tier0/mta_845_validate_mixed_resources_offline_test.go
  • e2e-tests/tests/tier0/mta_846_validate_single_incompatible_route_live_test.go
  • e2e-tests/tests/tier1/e2e_suite_test.go
  • e2e-tests/tests/tier1/mta_829_validate_alternative_gv_suggestion_test.go
  • e2e-tests/tests/tier1/mta_830_instructions_file_force_reconcile_test.go
  • e2e-tests/tests/tier1/mta_832_validate_alternative_gv_suggestion_offline_test.go
  • e2e-tests/tests/tier1/mta_836_validate_core_group_omitted_offline_test.go
  • e2e-tests/tests/tier1/mta_850_validate_duplicate_gvk_test.go
💤 Files with no reviewable changes (2)
  • e2e-tests/tests/tier0/mta_846_validate_single_incompatible_route_live_test.go
  • e2e-tests/tests/tier1/mta_850_validate_duplicate_gvk_test.go

Comment thread e2e-tests/framework/rbac.go
Comment thread e2e-tests/framework/scenario.go
Comment thread e2e-tests/tests/tier0/mta_805_sets_test.go
Comment thread e2e-tests/tests/tier0/mta_811_mongodb_non_admin_test.go
@midays midays self-assigned this Jun 24, 2026
@midays midays moved this from Todo to In review in Crane Development Jun 24, 2026
@midays midays linked an issue Jun 24, 2026 that may be closed by this pull request
- Added `RunAs` field to the configuration to allow tests to run with cluster-admin credentials.
- Updated `SetupActiveNamespaceAdmin` and `SetupActiveKubectlRunners` functions to utilize the new `RunAs` configuration for managing namespace access.
- Refactored multiple test cases to replace direct calls to `SetupNamespaceAdminUsersForScenario` with `SetupActiveKubectlRunners`, streamlining the process for both admin and non-admin contexts.
- Removed redundant context checks in tests, simplifying the setup process.

This change improves flexibility in test execution and aligns with the new configuration structure.

Signed-off-by: midays <midays@redhat.com>
@midays midays force-pushed the run_tests_as_admin branch from 43b539a to b7a9ea8 Compare June 29, 2026 10:04
@midays

midays commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

/rfr

@stillalearner stillalearner left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

- Introduced a new GitHub Actions workflow to enforce compliance checks on non-admin e2e test files.
- The workflow verifies that tests do not use deprecated functions and ensures proper context handling.
- Outputs results indicating compliance status for all relevant test files.

This addition enhances the testing framework by ensuring adherence to best practices in test configurations.

Signed-off-by: midays <midays@redhat.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test-compliance.yml:
- Line 16: The checkout step currently uses actions/checkout@v4 without
disabling persisted credentials, which leaves the GitHub token in local git
config unnecessarily. Update the checkout configuration to set
persist-credentials to false in the test-compliance workflow so the job can
still read files without storing credentials.
- Around line 23-24: Scope the compliance scan in the workflow so it only checks
test files changed in the current pull request instead of every *_test.go under
e2e-tests/tests. Update the file-gathering logic in the workflow step that sets
CHANGED, and keep the later violation check pointing at that PR-touched file
list so pre-existing issues like the one in mta_853_split_apply_test.go do not
fail unrelated PRs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 215c641e-939c-4130-b08f-1e6375fa8a96

📥 Commits

Reviewing files that changed from the base of the PR and between b7a9ea8 and b53d66d.

📒 Files selected for processing (1)
  • .github/workflows/test-compliance.yml

Comment thread .github/workflows/test-compliance.yml
Comment thread .github/workflows/test-compliance.yml Outdated
- Updated the compliance workflow to collect and report violations for non-admin test files more effectively.
- Replaced deprecated function calls with `SetupActiveKubectlRunners` in relevant test cases.
- Removed empty context checks to streamline compliance checks and improve clarity in test configurations.

This change enhances the compliance verification process and aligns with best practices for non-admin test setups.

Signed-off-by: midays <midays@redhat.com>
@istein1

istein1 commented Jul 1, 2026

Copy link
Copy Markdown
Member

Claude Review: PR #574 — feat(e2e): add --run-as flag to run all tests as cluster-admin

This PR adds a --run-as=admin flag that overrides non-admin e2e test contexts to use cluster-admin credentials. It introduces two new helpers
(SetupActiveKubectlRunners, SetupActiveNamespaceAdmin) that bypass RBAC setup in admin mode, removes empty-context Skip guards from 21 test files, and adds a CI
compliance workflow to enforce the new patterns. The admin-mode path is clean and well-structured. However, the removal of Skip guards introduces a behavioral
regression in the non-admin, non-run-as path.

Findings

  1. e2e-tests/tests/tier0/mta_804_empty_pvc_migration_test.go:23 (and 18 other test files) — Removing Skip guards changes behavior from graceful Skip to test Failure
    when non-admin contexts aren't provided (affects all 19 tests that call SetupActiveKubectlRunners)

  2. When --run-as is omitted AND --source-nonadmin-context/--target-nonadmin-context are also omitted, NewMigrationScenario sets KubectlSrcNonAdmin.Context = "".
    SetupActiveKubectlRunners delegates to SetupNamespaceAdminUsersForScenario, which calls SetupNamespaceAdminUser at rbac.go:64 where nonAdminContext == "" triggers
    fmt.Errorf("non-admin context is required"). Previously, the Skip guards caught this and tests showed as Skipped (green). Now they Fail (red). The PR description
    claims "When --run-as is omitted, behavior is unchanged" — this is incorrect for environments that don't provide non-admin contexts. Consider adding an early Skip
    inside SetupActiveKubectlRunners when RunAs == "" and the non-admin context is empty, preserving the original Skip semantics in one place.

** The fix is small: add an empty-context Skip inside SetupActiveKubectlRunners so
the guard lives in one place instead of 19 test files.

  1. .github/workflows/test-compliance.yml:28 — Compliance workflow misses non-admin tests that don't call SetupActiveKubectlRunners

  2. The grep filter SetupActiveKubectlRunners|SetupNamespaceAdminUsersForScenario skips any file not containing these symbols. Tests mta_846 and mta_850 had their Skip
    guards removed in this PR but use scenario.CraneNonAdmin / scenario.KubectlTgtNonAdmin.Context directly — they escape the compliance check entirely. Future non-admin
    tests following this pattern will also go undetected. Consider matching on NonAdmin field usage (e.g. CraneNonAdmin|NonAdmin) as an additional detection signal.

  3. e2e-tests/tests/tier0/mta_846_validate_single_incompatible_route_live_test.go:32 — Skip guard removed but test uses empty non-admin context directly without any
    setup or fallback

  4. Unlike the other 19 tests, mta_846 doesn't call SetupActiveKubectlRunners. After Skip guard removal, when --target-nonadmin-context is empty,
    scenario.KubectlTgtNonAdmin.Context is "" which gets passed to runner.Validate(ValidateOptions{Context: ""}). The Validate function omits --context when empty, so
    crane silently falls back to the default kubeconfig context (likely admin). The test won't crash, but it silently runs as admin instead of non-admin — the opposite of
    what the test intends. The same issue applies to mta_850.

Findings importance
Finding 1 is the one that matters. It's a real behavioral regression: tests that used to Skip now Fail in any environment that doesn't provide non-admin contexts,
contradicting the PR's own claim that behavior is unchanged without --run-as.

Findings 2 and 3 are minor — they're about two validate-only tests where the non-admin distinction barely matters (they test API compatibility, not RBAC).
Finding 4 (no flag validation) is trivial.

// When config.RunAs == "admin", it creates the namespace with admin credentials and returns
// admin runners directly (bypassing RBAC setup). Otherwise it delegates to
// SetupNamespaceAdminUsersForScenario to grant namespace-scoped permissions to the non-admin user.
func SetupActiveKubectlRunners(scenario MigrationScenario, namespace string) (KubectlRunner, KubectlRunner, func(), error) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @midays — I found one behavior change while testing this PR locally.

I checked out the PR branch and ran a focused tier0 test (MTA-810) without passing non-admin contexts (and without --run-as=admin). It now fails at setup with:

non-admin context is required

So in default mode, this path is now fail instead of skip. Previously these non-admin tests would skip when non-admin contexts were missing.

Could we restore that previous skip behavior when --run-as != admin and non-admin contexts are not provided? That would keep “when --run-as is omitted, behavior is unchanged” true.

Please let me know if there was a strong reason for failing these tests deliberately then I'll retract this comment.

Thanks.

------------------------------
ConfigMap Migration [MTA-810] Should migrate a configmap with data intact as nonadmin user [tier0]
/Users/mmansoor/Desktop/git_repos/crane-testing/crane/.worktrees/pr574-review/e2e-tests/tests/tier0/mta_810_configmap_test.go:16
  STEP: Grant ns admin permissions to nonadmin user on source and target @ 07/01/26 16:29:48.801
  [FAILED] in [It] - /Users/mmansoor/Desktop/git_repos/crane-testing/crane/.worktrees/pr574-review/e2e-tests/tests/tier0/mta_810_configmap_test.go:41 @ 07/01/26 16:29:48.801

[CRANE-RESULT] FAILED MTA-810
• [FAILED] [0.001 seconds]
ConfigMap Migration [It] [MTA-810] Should migrate a configmap with data intact as nonadmin user [tier0]
/Users/mmansoor/Desktop/git_repos/crane-testing/crane/.worktrees/pr574-review/e2e-tests/tests/tier0/mta_810_configmap_test.go:16

  [FAILED] Unexpected error:
      <*errors.errorString | 0x14000326470>: 
      non-admin context is required
      {
          s: "non-admin context is required",
      }
  occurred
  In [It] at: /Users/mmansoor/Desktop/git_repos/crane-testing/crane/.worktrees/pr574-review/e2e-tests/tests/tier0/mta_810_configmap_test.go:41 @ 07/01/26 16:29:48.801

@midays midays Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for the detailed feedback and for testing this locally.

The FAIL behavior is intentional. These tests were built specifically to run with non-admin context, so if the context isn't provided, that's a misconfiguration of the test run rather than an expected condition, so failing loudly is more helpful than a silent skip in that case.

Also, the Jenkins pipeline always passes --source-nonadmin-context and --target-nonadmin-context regardless of the RUN_AS_ADMIN setting, so there's no scenario in a real pipeline run where these contexts would be missing.

WDYT ?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right , makes sense @midays , thanks for clearing it up.

// When config.RunAs == "admin", it creates the namespace with admin credentials and returns
// admin runners directly (bypassing RBAC setup). Otherwise it delegates to
// SetupNamespaceAdminUsersForScenario to grant namespace-scoped permissions to the non-admin user.
func SetupActiveKubectlRunners(scenario MigrationScenario, namespace string) (KubectlRunner, KubectlRunner, func(), error) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right , makes sense @midays , thanks for clearing it up.

midays added 2 commits July 1, 2026 16:56
Signed-off-by: midays <midays@redhat.com>
- Added checks to ensure that the target-nonadmin-context is not empty in both the single incompatible route and duplicate GVK validation tests.
- This improvement ensures that the necessary context is available for the tests to execute correctly.

Signed-off-by: midays <midays@redhat.com>
@midays

midays commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@istein1 thank you for sharing it, i've updated PR to fix accordingly, please note regarding the first one:

e2e-tests/tests/tier0/mta_804_empty_pvc_migration_test.go:23 (and 18 other test files) — Removing Skip guards changes behavior from graceful Skip to test Failure
when non-admin contexts aren't provided (affects all 19 tests that call SetupActiveKubectlRunners)

this is intentional and has been addressed: #574 (comment)

@istein1 istein1 merged commit 4e8ee63 into migtools:main Jul 1, 2026
6 checks passed
@github-project-automation github-project-automation Bot moved this from In review to Done in Crane Development Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

add option to run test as both admin and non-admin

5 participants