KMM: Add filesToSign glob pattern signing tests#1331
Open
ybrodsky-rh wants to merge 3 commits intorh-ecosystem-edge:mainfrom
Open
KMM: Add filesToSign glob pattern signing tests#1331ybrodsky-rh wants to merge 3 commits intorh-ecosystem-edge:mainfrom
ybrodsky-rh wants to merge 3 commits intorh-ecosystem-edge:mainfrom
Conversation
Contributor
📝 WalkthroughWalkthroughAdds multi-module kernel-module Dockerfile templates, new test namespace constant, helper configmap functions, two signing-check helpers (MultiModuleSigned, ModuleNotSigned), and a Ginkgo test suite exercising filesToSign glob patterns including custom directory cases. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~30 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Add 5 Ginkgo tests validating KMM module signing with glob patterns in filesToSign: explicit path, *.ko wildcard, ? single-char glob, [ab] character class, and custom dirName support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ybrodsky-rh
force-pushed
the
feat/kmm-filestosign-glob-tests
branch
from
0866a86 to
028d950
Compare
cdvultur
requested changes
Apr 16, 2026
Collaborator
cdvultur
left a comment
cdvultur
left a comment
There was a problem hiding this comment.
overall looks good,. some notes on defer and the proper IDs
Replace defer-based pod cleanup with inline delete to match existing patterns. Update reportxml IDs to match assigned test case numbers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@tests/hw-accel/kmm/internal/check/check.go`:
- Around line 251-255: The current code ignores errors from testPod.Delete(),
which can leave stale pods named "multi-sign-checker"/"unsigned-checker" and
break later tests; change both places that call testPod.Delete() to capture its
error (e.g., err := testPod.Delete()), and if non-nil return a wrapped/formatted
error (including the pod name or context) instead of discarding it, only
returning success when both deletion and the signing verification (errs)
succeed. Ensure you update both occurrences that call testPod.Delete() around
the signing verification blocks.
In `@tests/hw-accel/kmm/modules/tests/filestosign-glob-test.go`:
- Around line 431-435: The verification currently calls
check.MultiModuleSigned(APIClient, []string{"kmm_ci_a", "kmm_ci_b"}, signerCN,
nsName, image, "/custom") but omits the built module test_mod, so a regression
that fails to sign /custom/lib/modules/$KERNEL_FULL_VERSION/test_mod.ko would
not be caught; update the call to include "test_mod" (or otherwise assert the
wildcard /custom/lib/modules/$KERNEL_FULL_VERSION/*.ko contains test_mod.ko) so
check.MultiModuleSigned (or its equivalent assertion) verifies signing for
kmm_ci_a, kmm_ci_b and test_mod under /custom.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 8be9c80e-42bb-47e6-8e80-65e9f6e72c5e
📒 Files selected for processing (5)
tests/hw-accel/kmm/internal/check/check.gotests/hw-accel/kmm/internal/define/configmap.gotests/hw-accel/kmm/internal/kmmparams/const.gotests/hw-accel/kmm/modules/internal/tsparams/kmm-vars.gotests/hw-accel/kmm/modules/tests/filestosign-glob-test.go
ggordaniRed
previously approved these changes
Apr 19, 2026
… verification Handle delete errors in MultiModuleSigned and ModuleNotSigned instead of discarding them. Add test_mod to the custom dirName verification since the Dockerfile produces all three .ko files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
tests/hw-accel/kmm/internal/check/check.go (1)
264-267: Consider parameterizing the module root for parity with custom-dir checks.
ModuleNotSignedis fixed to/opt, whileMultiModuleSignedacceptsdirName. If custom-dir glob tests need negative assertions, this helper cannot be reused without duplicating path logic. A small wrapper can preserve the current default behavior.♻️ Optional refactor to support custom module directories
// ModuleNotSigned verifies that a module in an image is NOT signed with the given signer. func ModuleNotSigned(apiClient *clients.Settings, modName, signerCN, nsname, image string) error { - modulePath := fmt.Sprintf("modinfo /opt/lib/modules/*/%s.ko", modName) + return ModuleNotSignedInDir(apiClient, modName, signerCN, nsname, image, "/opt") +} + +// ModuleNotSignedInDir verifies that a module in an image directory is NOT signed with the given signer. +func ModuleNotSignedInDir(apiClient *clients.Settings, modName, signerCN, nsname, image, dirName string) error { + modulePath := fmt.Sprintf("modinfo %s/lib/modules/*/%s.ko", dirName, modName) command := []string{"bash", "-c", modulePath}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/hw-accel/kmm/internal/check/check.go` around lines 264 - 267, ModuleNotSigned currently hardcodes modulePath under /opt making it incompatible with MultiModuleSigned's dirName; change ModuleNotSigned signature to accept a moduleRoot (e.g., moduleRoot string) and build modulePath using that root instead of "/opt", update internal use of modulePath and the command slice accordingly, add a small wrapper ModuleNotSignedDefault (or keep old ModuleNotSigned as a wrapper) that calls the new ModuleNotSigned with "/opt" to preserve existing callers, and update any callers/tests to pass dirName where custom dirs are needed (referencing ModuleNotSigned, MultiModuleSigned, and dirName).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@tests/hw-accel/kmm/internal/check/check.go`:
- Around line 264-267: ModuleNotSigned currently hardcodes modulePath under /opt
making it incompatible with MultiModuleSigned's dirName; change ModuleNotSigned
signature to accept a moduleRoot (e.g., moduleRoot string) and build modulePath
using that root instead of "/opt", update internal use of modulePath and the
command slice accordingly, add a small wrapper ModuleNotSignedDefault (or keep
old ModuleNotSigned as a wrapper) that calls the new ModuleNotSigned with "/opt"
to preserve existing callers, and update any callers/tests to pass dirName where
custom dirs are needed (referencing ModuleNotSigned, MultiModuleSigned, and
dirName).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: fb09727b-4049-4a80-8f88-74f0022b8664
📒 Files selected for processing (2)
tests/hw-accel/kmm/internal/check/check.gotests/hw-accel/kmm/modules/tests/filestosign-glob-test.go
✅ Files skipped from review due to trivial changes (1)
- tests/hw-accel/kmm/modules/tests/filestosign-glob-test.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add 5 tests for validating KMM module signing with glob patterns in filesToSign:
Summary by CodeRabbit