OCPBUGS-57049: TLS registry: refactor testcase annotations

[vrutkovs]

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

[openshift-ci-robot]

@vrutkovs: This pull request references API-1853 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@vrutkovs: No Jira issue is referenced in the title of this pull request.
To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

In response to this:

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[wangke19]

/retest

[openshift-trt]

Job Failure Risk Analysis for sha: 7300f64

Job Name	Failure Risk
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2	IncompleteTests Tests for this run (24) are below the historical average (1241): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	IncompleteTests Tests for this run (102) are below the historical average (1916): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

[sjenning]

/lgtm

[openshift-ci-robot]

@vrutkovs: This pull request explicitly references no jira issue.

In response to this:

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@vrutkovs: This pull request references Jira Issue OCPBUGS-57049, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bertinatto]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bertinatto, sjenning, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [bertinatto]
• tls/violations/OWNERS [sjenning]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 9c87080 and 2 for PR HEAD 1843b4c in total

[openshift-ci]

@vrutkovs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-metal-ipi-ovn-dualstack-bgp-techpreview	7300f64	link	false	/test e2e-metal-ipi-ovn-dualstack-bgp-techpreview
ci/prow/e2e-gcp-fips-serial	7300f64	link	false	/test e2e-gcp-fips-serial
ci/prow/e2e-aws-disruptive	1843b4c	link	false	/test e2e-aws-disruptive
ci/prow/e2e-aws-ovn-etcd-scaling	1843b4c	link	false	/test e2e-aws-ovn-etcd-scaling
ci/prow/e2e-gcp-ovn-etcd-scaling	1843b4c	link	false	/test e2e-gcp-ovn-etcd-scaling
ci/prow/e2e-gcp-disruptive	1843b4c	link	false	/test e2e-gcp-disruptive
ci/prow/e2e-aws-ovn-single-node-upgrade	1843b4c	link	false	/test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-azure-ovn-upgrade	1843b4c	link	false	/test e2e-azure-ovn-upgrade
ci/prow/e2e-vsphere-ovn-dualstack-primaryv6	1843b4c	link	false	/test e2e-vsphere-ovn-dualstack-primaryv6
ci/prow/e2e-aws-ovn-serial-publicnet-1of2	1843b4c	link	false	/test e2e-aws-ovn-serial-publicnet-1of2
ci/prow/e2e-gcp-fips-serial-1of2	1843b4c	link	false	/test e2e-gcp-fips-serial-1of2
ci/prow/okd-e2e-gcp	1843b4c	link	false	/test okd-e2e-gcp
ci/prow/e2e-openstack-ovn	1843b4c	link	false	/test e2e-openstack-ovn
ci/prow/e2e-aws-ovn	1843b4c	link	false	/test e2e-aws-ovn
ci/prow/4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback	1843b4c	link	false	/test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback
ci/prow/e2e-vsphere-ovn-etcd-scaling	1843b4c	link	false	/test e2e-vsphere-ovn-etcd-scaling
ci/prow/e2e-gcp-fips-serial-2of2	1843b4c	link	false	/test e2e-gcp-fips-serial-2of2
ci/prow/e2e-azure-ovn-etcd-scaling	1843b4c	link	false	/test e2e-azure-ovn-etcd-scaling

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 235412f and 1 for PR HEAD 1843b4c in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 235412f and 2 for PR HEAD 1843b4c in total

[openshift-trt]

Job Failure Risk Analysis for sha: 1843b4c

Job Name	Failure Risk
pull-ci-openshift-origin-main-4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback	IncompleteTests Tests for this run (94) are below the historical average (201): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-main-e2e-aws-ovn-etcd-scaling	High [bz-etcd][invariant] alert/etcdMembersDown should not be at or above info This test has passed 100.00% of 2 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:aws SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-main-e2e-azure-ovn-etcd-scaling	Low [bz-Cloud Compute] clusteroperator/control-plane-machine-set should not change condition/Degraded This test has passed 0.00% of 1 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-main-e2e-gcp-disruptive	High [bz-Etcd] clusteroperator/etcd should not change condition/Available This test has passed 99.78% of 3672 runs on release 4.20 [Overall] in the last week.
pull-ci-openshift-origin-main-e2e-gcp-ovn-etcd-scaling	Low [bz-Cloud Compute] clusteroperator/control-plane-machine-set should not change condition/Degraded This test has passed 0.00% of 1 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:gcp SecurityMode:default Topology:ha Upgrade:none] in the last week. --- [bz-kube-storage-version-migrator] clusteroperator/kube-storage-version-migrator should not change condition/Available This test has passed 0.00% of 1 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:gcp SecurityMode:default Topology:ha Upgrade:none] in the last week. Open Bugs [CI] e2e-openstack-ovn-etcd-scaling job permanent fails at many openshift-test tests
pull-ci-openshift-origin-main-e2e-vsphere-ovn-etcd-scaling	Low [bz-Cloud Compute] clusteroperator/control-plane-machine-set should not change condition/Degraded This test has passed 0.00% of 1 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:vsphere SecurityMode:default Topology:ha Upgrade:none] in the last week. --- [sig-instrumentation] disruption/metrics-api connection/new should be available throughout the test This test has passed 0.00% of 1 runs on release 4.20 [Architecture:amd64 FeatureSet:default Installer:ipi JobTier:rare Network:ovn NetworkStack:ipv4 Owner:eng Platform:vsphere SecurityMode:default Topology:ha Upgrade:none] in the last week.

[openshift-ci-robot]

@vrutkovs: An error was encountered updating to the MODIFIED state for bug OCPBUGS-57049 on the Jira server at https://issues.redhat.com/. No known errors were detected, please see the full error message for details.

Full error message.

No response returned: Post "https://issues.redhat.com/rest/api/2/issue/OCPBUGS-57049/transitions": POST https://issues.redhat.com/rest/api/2/issue/OCPBUGS-57049/transitions giving up after 5 attempt(s)

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

In response to this:

Instead of specifying a testcase in every annotation this change requires a separate annotation for test case name. The reason being is that this test case will be repeated in annotations multiple times, as we need to verify that certkey pair is refreshed, regenerated after expiry and more. As a result, autoregenerate annotation now shorted to just "true" or "false".

This also adds a new "refresh period" annotation so that we could check which certificates are being rotated during normal cluster lifecycle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.