CNTRLPLANE-2610: Create network policies for AUTH components

[liouk]

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them.

In some cases there might be some overlap in the policy rules, but this is intentional for the sake of documentation/future reference.

Summary by CodeRabbit

• New Features
  • Added Kubernetes NetworkPolicy resources to enforce network security rules for OAuth and authentication components across multiple namespaces.
  • Implemented default-deny network policies restricting ingress and egress traffic unless explicitly permitted between authorized services.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

This pull request introduces Kubernetes NetworkPolicy resources for the OAuth API server, OAuth server, and authentication operator components across multiple namespaces. It defines ingress and egress traffic rules to restrict communication between services and includes code changes to register these policies in the static resource provisioning system.

Changes

Cohort / File(s)	Summary
OAuth API Server Network Policies bindata/oauth-apiserver/networkpolicy_namespace_default-deny-all.yaml, bindata/oauth-apiserver/networkpolicy_oauth-apiserver.yaml	Adds default-deny and service-specific NetworkPolicies for the openshift-oauth-apiserver namespace. Defines ingress rules allowing TLS 8443 from authentication and operator components, and egress rules for DNS and etcd communication.
OAuth Server (Authentication) Network Policies bindata/oauth-openshift/networkpolicy_namespace_default-deny-all.yaml, bindata/oauth-openshift/networkpolicy_oauth-server.yaml	Adds default-deny and service-specific NetworkPolicies for the openshift-authentication namespace. Defines ingress rules for metrics (6443) from routers and operators, and egress rules for DNS and oauth-apiserver communication.
Authentication Operator Network Policies manifests/0000_10_networkpolicy_00_authentication-operator.yaml, manifests/0000_10_networkpolicy_99_namespace_default-deny-all.yaml	Adds NetworkPolicies for authentication-operator components in openshift-authentication-operator namespace with ingress on 8443 and egress rules for DNS, oauth-openshift, and oauth-apiserver.
Resource Registration Updates pkg/cmd/mom/output_resources_command.go, pkg/operator/starter.go	Updates operator code to register and provision the new NetworkPolicy resources in the static resource controllers.
Test Expected Output Files test-data/apply-configuration/overall/...	Updates expected test output manifests reflecting the addition of NetworkPolicy resources and associated event logs, including deletions of obsolete event records.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title directly and concisely describes the main change: adding network policies for authentication components, which is the core objective of the changeset.
Stable And Deterministic Test Names	✅ Passed	This PR contains no Ginkgo test files; changes are YAML manifests and Go source code only.
Test Structure And Quality	✅ Passed	PR does not modify any *_test.go files or Ginkgo test code; only adds NetworkPolicy manifests and updates non-test Go source files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[liouk]

/jira refresh

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[liouk]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[liouk]

@coderabbitai help

[coderabbitai]

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

CodeRabbit commands

These commands are invoked using PR/Issue comments.

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai evaluate custom pre-merge check --instructions <custom-checks-instructions> --name <custom-checks-title> [--mode <error|warning>] to validate the custom pre-merge checks instructions. Defaults to error when --mode is omitted.
  • @coderabbitai ignore pre-merge checks to override pre-merge checks and get an approval on PR.
  • @coderabbitai run pre-merge checks to run pre-merge checks on the pull request.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve to resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai generate configuration to create a PR that adds the current resolved configuration as .coderabbit.yaml (or show it if already present).
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit configuration file (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, support, documentation and community

• Visit our status page to check the current availability of CodeRabbit.
• Create a ticket on our support page for assistance with any issues or questions.
• Visit our documentation site for detailed information on how to use CodeRabbit.
• Join our Discord community to connect with other users and get help from the community.
• Follow us on X/Twitter for updates and announcements.

[kaleemsiddiqu]

/retest

[liouk]

I'd like a review from a member of each of the auth and network policy feature teams -- holding until we get both.

Holding PR until we get:

• a review from the auth team
• a review from the network policies team
• successful payload jobs

/hold

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them.

In some cases there might be some overlap in the policy rules, but this is intentional for the sake of documentation/future reference.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[everettraven]

Does MOM need to also know the manifests for deploying the cluster-authentication-operator itself?

[liouk]

Actually good point, I don't believe OM needs these operator manifests.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@bindata/oauth-openshift/networkpolicy_oauth-server.yaml`:
- Around line 44-68: The NetworkPolicy in networkpolicy_oauth-server.yaml
currently uses a wide namespaceSelector: {} allowing ingress to port 6443 from
any namespace and an egress rule with only ports: - protocol: TCP (no `to`)
permitting all TCP egress; tighten or document this: replace namespaceSelector:
{} with a scoped namespaceSelector/podSelector or ipBlock that targets known
oauth-proxy/sidecar namespaces or pods (reference the ingress block targeting
port 6443), and restrict the egress rule (the egress entry listing ports with
protocol: TCP) by adding specific `to:` destinations (podSelector,
namespaceSelector or ipBlock) for kube-apiserver and configured IDPs;
alternatively, if the broad scope is intentional, add an explicit comment in the
manifest near the ingress (port 6443) and the TCP-only egress rule explaining
the rationale and approved clients/endpoints.

🧹 Nitpick comments (1)

bindata/oauth-apiserver/networkpolicy_oauth-apiserver.yaml (1)

77-80: Egress rule allows all TCP ports to any destination.

This rule permits unrestricted TCP egress, which is quite permissive. The comment indicates this is for kube-apiserver communication, but kube-apiserver typically runs on port 6443. Consider whether this could be tightened to specific ports (e.g., 6443 for API server) to reduce attack surface, or document why unrestricted TCP is required.

[everettraven]

This LGTM in general.

We should probably run payload jobs for a sanity check that this won't cause component readiness issues and payload build failures.

/lgtm

[liouk]

Pushed changes to better align with the "Egress to the APIServer" guidance.

[dusk125]

Cesar warned against having these applied in hypershift since they already do their own network policies in the hosted control planes. I would suggest removing this include.release.openshift.io/ibm-cloud-managed: "true".

[dusk125]

Same: #825 (comment)

[liouk]

Pushed fixes as per comments from @dusk125 and also more alignment with guidance (allow all ingress to metrics, not just prometheus pods).

[liouk]

/retest

[liouk]

/retest

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them.

In some cases there might be some overlap in the policy rules, but this is intentional for the sake of documentation/future reference.

Summary by CodeRabbit

• New Features
• Added network policies to enforce network traffic restrictions across OAuth and authentication components, improving security isolation.
• Implemented default-deny-all network policies in authentication operator, OAuth authentication, and OAuth API server namespaces.
• Configured ingress and egress rules to allow necessary inter-component communication while blocking unauthorized traffic.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@liouk: This pull request references CNTRLPLANE-2610 which is a valid jira issue.

Details

In response to this:

This PR adds network policies to the authentication operator, oauth-server and oauth-apiserver. For each component, there are two policies:

• one to allow all Ingress/Egress known traffic for each component
• one to deny all other Ingress/Egress traffic for each component

All known and required connections must be reflected to respective allow rules.

Note that, in case of pods that require traffic to/from hostNetwork pods (such as the kube-apiserver), we need to allow all ingress/egress TCP traffic; NetworkPolicies do not affect pods on hostNetwork, but we still need a rule to allow ingress/egress from/to them.

In some cases there might be some overlap in the policy rules, but this is intentional for the sake of documentation/future reference.

Summary by CodeRabbit

• New Features
• Added Kubernetes NetworkPolicy resources to enforce network security rules for OAuth and authentication components across multiple namespaces.
• Implemented default-deny network policies restricting ingress and egress traffic unless explicitly permitted between authorized services.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/fcd4-body-oauth-apiserver-networkpolicy.yaml`:
- Line 30: The NetworkPolicy named in the patch
(fcd4-body-oauth-apiserver-networkpolicy) currently uses "egress: - {}" which
permits all outbound traffic; replace that open egress rule with a constrained
egress entry that limits traffic to TCP only (e.g., specify protocol: TCP and an
appropriate ports list or port range) while preserving the hostNetwork exception
logic so the deny-by-default posture is maintained for the targeted pods.

In
`@test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-body-oauth-server-networkpolicy.yaml`:
- Line 30: The network policy contains an empty egress rule ("egress: - {}")
that effectively allows all outbound traffic and defeats the intended
restrictive posture with "policyTypes: [Egress]"; remove the empty egress entry
from the NetworkPolicy (or replace it with explicit, scoped egress rules) so
only the intended DNS and OAuth API server egress rules remain; if an exception
is required (e.g., hostNetwork pods), implement a narrowly scoped egress rule
instead of using the empty rule.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6e565ba7-1936-4f6a-b7a4-398a3f0992a1

📥 Commits

Reviewing files that changed from the base of the PR and between 71b325e and 492e9e7.

📒 Files selected for processing (189)

• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/config.openshift.io/clusteroperators/913e-body-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/config.openshift.io/clusteroperators/913e-metadata-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/7360-body-openshift-oauth-apiserver.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/7360-metadata-openshift-oauth-apiserver.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/8528-body-openshift-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/8528-metadata-openshift-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0bf3-body-authentication-operator.17fe72c59b829800.c1403ea8.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0bf3-metadata-authentication-operator.17fe72c59b829800.c1403ea8.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/115f-body-authentication-operator.17fe72c59b829800.e6f3afa2.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/115f-metadata-authentication-operator.17fe72c59b829800.e6f3afa2.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-body-authentication-operator.17fe72c59b829800.87c2a194.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/1225-metadata-authentication-operator.17fe72c59b829800.87c2a194.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/21ea-body-authentication-operator.17fe72c59b829800.103eb7f4.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/21ea-metadata-authentication-operator.17fe72c59b829800.103eb7f4.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2bcd-body-authentication-operator.17fe72c59b829800.a18021d9.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/2bcd-metadata-authentication-operator.17fe72c59b829800.a18021d9.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f86-body-authentication-operator.17fe72c59b829800.05fbd8b8.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f86-metadata-authentication-operator.17fe72c59b829800.05fbd8b8.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/41f0-body-authentication-operator.17fe72c59b829800.adf05e91.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/41f0-metadata-authentication-operator.17fe72c59b829800.adf05e91.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/4287-body-authentication-operator.17fe72c59b829800.07abf400.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/4287-metadata-authentication-operator.17fe72c59b829800.07abf400.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5196-body-authentication-operator.17fe72c59b829800.327a2f38.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5196-metadata-authentication-operator.17fe72c59b829800.327a2f38.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5203-body-authentication-operator.17fe72c59b829800.6c145ec7.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5203-metadata-authentication-operator.17fe72c59b829800.6c145ec7.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/53aa-body-authentication-operator.17fe72c59b829800.ec96ffd6.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/53aa-metadata-authentication-operator.17fe72c59b829800.ec96ffd6.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-body-authentication-operator.17fe72c59b829800.49fb0e36.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5b77-metadata-authentication-operator.17fe72c59b829800.49fb0e36.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5db5-body-authentication-operator.17fe72c59b829800.c1353886.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5db5-metadata-authentication-operator.17fe72c59b829800.c1353886.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6393-body-authentication-operator.17fe72c59b829800.c879600c.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6393-metadata-authentication-operator.17fe72c59b829800.c879600c.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-body-authentication-operator.17fe72c59b829800.57eb8535.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/66df-body-authentication-operator.17fe72c59b829800.c605caf3.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/66df-metadata-authentication-operator.17fe72c59b829800.c605caf3.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75eb-body-authentication-operator.17fe72c59b829800.b8ffb9fd.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/75eb-metadata-authentication-operator.17fe72c59b829800.b8ffb9fd.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/78e6-body-authentication-operator.17fe72c59b829800.9dfc3b5d.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/78e6-metadata-authentication-operator.17fe72c59b829800.9dfc3b5d.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/8379-body-authentication-operator.17fe72c59b829800.da44325f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/8379-metadata-authentication-operator.17fe72c59b829800.da44325f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/8daf-body-authentication-operator.17fe72c59b829800.a8ecfbce.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/8daf-metadata-authentication-operator.17fe72c59b829800.a8ecfbce.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/953f-body-authentication-operator.17fe72c59b829800.fd7c2a06.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/953f-metadata-authentication-operator.17fe72c59b829800.fd7c2a06.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9a63-body-authentication-operator.17fe72c59b829800.f737230b.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9a63-metadata-authentication-operator.17fe72c59b829800.f737230b.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9bec-body-authentication-operator.17fe72c59b829800.9b8e044a.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/9bec-metadata-authentication-operator.17fe72c59b829800.9b8e044a.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-body-authentication-operator.17fe72c59b829800.7cfd43de.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a2b3-metadata-authentication-operator.17fe72c59b829800.7cfd43de.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-body-authentication-operator.17fe72c59b829800.44a05c38.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ab40-metadata-authentication-operator.17fe72c59b829800.44a05c38.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/abe3-body-authentication-operator.17fe72c59b829800.cc404894.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/abe3-metadata-authentication-operator.17fe72c59b829800.cc404894.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ad2e-body-authentication-operator.17fe72c59b829800.651f7f3f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ad2e-metadata-authentication-operator.17fe72c59b829800.651f7f3f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/b8a3-body-authentication-operator.17fe72c59b829800.8953695d.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/b8a3-metadata-authentication-operator.17fe72c59b829800.8953695d.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/bffe-body-authentication-operator.17fe72c59b829800.df0f8e47.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/bffe-metadata-authentication-operator.17fe72c59b829800.df0f8e47.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ccdf-body-authentication-operator.17fe72c59b829800.616f1c0f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ccdf-metadata-authentication-operator.17fe72c59b829800.616f1c0f.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cedd-body-authentication-operator.17fe72c59b829800.96072a72.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cedd-metadata-authentication-operator.17fe72c59b829800.96072a72.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-body-authentication-operator.17fe72c59b829800.2a24f1b5.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e212-body-authentication-operator.17fe72c59b829800.52f3c122.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e212-metadata-authentication-operator.17fe72c59b829800.52f3c122.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e2d5-body-authentication-operator.17fe72c59b829800.ce8a3f4a.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/e2d5-metadata-authentication-operator.17fe72c59b829800.ce8a3f4a.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fb69-body-authentication-operator.17fe72c59b829800.2a6d0210.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fb69-metadata-authentication-operator.17fe72c59b829800.2a6d0210.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/5f92-body-audit.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/5f92-metadata-audit.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/a742-body-v4-0-config-system-trusted-ca-bundle.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/a742-metadata-v4-0-config-system-trusted-ca-bundle.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/4034-body-v4-0-config-system-ocp-branding-template.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/4034-metadata-v4-0-config-system-ocp-branding-template.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/serviceaccounts/a3dc-body-oauth-openshift.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/serviceaccounts/a3dc-metadata-oauth-openshift.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/services/31c0-body-oauth-openshift.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/services/31c0-metadata-oauth-openshift.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-body-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-body-oauth-server-networkpolicy.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-metadata-oauth-server-networkpolicy.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/rolebindings/735c-body-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/rolebindings/735c-metadata-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/roles/a92b-body-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/roles/a92b-metadata-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/312e-body-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/312e-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/fcd4-body-oauth-apiserver-networkpolicy.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/fcd4-metadata-oauth-apiserver-networkpolicy.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/policy/poddisruptionbudgets/9c75-body-oauth-apiserver-pdb.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/policy/poddisruptionbudgets/9c75-metadata-oauth-apiserver-pdb.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/7130-body-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/7130-metadata-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/apiextensions.k8s.io/customresourcedefinitions/c340-body-rolebindingrestrictions.authorization.openshift.io.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/apiextensions.k8s.io/customresourcedefinitions/c340-metadata-rolebindingrestrictions.authorization.openshift.io.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/a204-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/a204-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/4b1b-body-system-COLON-openshift-COLON-openshift-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/4b1b-metadata-system-COLON-openshift-COLON-openshift-authentication.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/af44-body-system-COLON-openshift-COLON-oauth-apiserver.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/af44-metadata-system-COLON-openshift-COLON-oauth-apiserver.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/c9fd-body-system-COLON-openshift-COLON-useroauthaccesstoken-manager.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/c9fd-metadata-system-COLON-openshift-COLON-useroauthaccesstoken-manager.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterroles/e7c9-body-system-COLON-openshift-COLON-useroauthaccesstoken-manager.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterroles/e7c9-metadata-system-COLON-openshift-COLON-useroauthaccesstoken-manager.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/namespaces/openshift-oauth-apiserver/core/serviceaccounts/47ac-body-oauth-apiserver-sa.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/namespaces/openshift-oauth-apiserver/core/serviceaccounts/47ac-metadata-oauth-apiserver-sa.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/namespaces/openshift-oauth-apiserver/core/services/0908-body-api.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/namespaces/openshift-oauth-apiserver/core/services/0908-metadata-api.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f97-body-authentication-operator.18599d2230299800.a8ecfbce.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f97-metadata-authentication-operator.18599d2230299800.a8ecfbce.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/76e5-body-authentication-operator.18599d2230299800.6182ed8c.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/76e5-metadata-authentication-operator.18599d2230299800.6182ed8c.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/78cb-body-authentication-operator.18599d2230299800.44a05c38.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/78cb-metadata-authentication-operator.18599d2230299800.44a05c38.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a240-body-authentication-operator.18599d2230299800.49fb0e36.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a240-metadata-authentication-operator.18599d2230299800.49fb0e36.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/b702-body-authentication-operator.18599d2230299800.1d05f9ac.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/b702-metadata-authentication-operator.18599d2230299800.1d05f9ac.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d9cf-body-authentication-operator.18599d2230299800.560dcb58.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d9cf-metadata-authentication-operator.18599d2230299800.560dcb58.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ebf1-body-authentication-operator.18599d2230299800.2df24af9.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ebf1-metadata-authentication-operator.18599d2230299800.2df24af9.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/f4a3-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/f4a3-metadata-authentication-operator.18599d2230299800.6d9ca9b2.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d8ba-body-authentication-operator.18599d2230299800.64fe3b99.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d8ba-metadata-authentication-operator.18599d2230299800.64fe3b99.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication/apps/deployments/2280-body-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication/apps/deployments/2280-metadata-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/407c-body-authentication-operator.18599d2230299800.18b41977.yaml
• test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/407c-metadata-authentication-operator.18599d2230299800.18b41977.yaml
• test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/2260-body-v4-0-config-system-cliconfig.yaml
• test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/2260-metadata-v4-0-config-system-cliconfig.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/8528-body-openshift-authentication.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/cluster-scoped-resources/core/namespaces/8528-metadata-openshift-authentication.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0517-body-authentication-operator.18599d2230299800.6c145ec7.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0517-metadata-authentication-operator.18599d2230299800.6c145ec7.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0a35-body-authentication-operator.18599d2230299800.c1403ea8.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0a35-metadata-authentication-operator.18599d2230299800.c1403ea8.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/15fd-body-authentication-operator.18599d2230299800.ce8a3f4a.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/15fd-metadata-authentication-operator.18599d2230299800.ce8a3f4a.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3257-body-authentication-operator.18599d2230299800.2a6d0210.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3257-metadata-authentication-operator.18599d2230299800.2a6d0210.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5409-body-authentication-operator.18599d2230299800.ec96ffd6.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/5409-metadata-authentication-operator.18599d2230299800.ec96ffd6.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/55c4-body-authentication-operator.18599d2230299800.df0f8e47.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/55c4-metadata-authentication-operator.18599d2230299800.df0f8e47.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6114-body-authentication-operator.18599d2230299800.07abf400.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6114-metadata-authentication-operator.18599d2230299800.07abf400.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/96ee-body-authentication-operator.18599d2230299800.a18021d9.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/96ee-metadata-authentication-operator.18599d2230299800.a18021d9.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a4b0-body-authentication-operator.18599d2230299800.fd7c2a06.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a4b0-metadata-authentication-operator.18599d2230299800.fd7c2a06.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/bcca-body-authentication-operator.18599d2230299800.327a2f38.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/bcca-metadata-authentication-operator.18599d2230299800.327a2f38.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/dbdf-body-authentication-operator.18599d2230299800.8953695d.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/dbdf-metadata-authentication-operator.18599d2230299800.8953695d.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fd80-body-authentication-operator.18599d2230299800.e6f3afa2.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fd80-metadata-authentication-operator.18599d2230299800.e6f3afa2.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/5f92-body-audit.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/5f92-metadata-audit.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/a742-body-v4-0-config-system-trusted-ca-bundle.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/configmaps/a742-metadata-v4-0-config-system-trusted-ca-bundle.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/4034-body-v4-0-config-system-ocp-branding-template.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/4034-metadata-v4-0-config-system-ocp-branding-template.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/serviceaccounts/a3dc-body-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/serviceaccounts/a3dc-metadata-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/services/31c0-body-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/core/services/31c0-metadata-oauth-openshift.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-body-default-deny-all.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-body-oauth-server-networkpolicy.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-metadata-oauth-server-networkpolicy.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/rolebindings/735c-body-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/rolebindings/735c-metadata-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/roles/a92b-body-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-config-managed/rbac.authorization.k8s.io/roles/a92b-metadata-system-COLON-openshift-COLON-oauth-servercert-trust.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/UserWorkload/Create/cluster-scoped-resources/apiextensions.k8s.io/customresourcedefinitions/c340-body-rolebindingrestrictions.authorization.openshift.io.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/UserWorkload/Create/cluster-scoped-resources/apiextensions.k8s.io/customresourcedefinitions/c340-metadata-rolebindingrestrictions.authorization.openshift.io.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/4b1b-body-system-COLON-openshift-COLON-openshift-authentication.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/UserWorkload/Create/cluster-scoped-resources/rbac.authorization.k8s.io/clusterrolebindings/4b1b-metadata-system-COLON-openshift-COLON-openshift-authentication.yaml

💤 Files with no reviewable changes (12)

• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/b702-body-authentication-operator.18599d2230299800.1d05f9ac.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f97-body-authentication-operator.18599d2230299800.a8ecfbce.yaml
• test-data/apply-configuration/overall/oauth-server-creation-minimal/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d8ba-body-authentication-operator.18599d2230299800.64fe3b99.yaml
• test-data/apply-configuration/overall/oauth-server-payloadcontroller/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/407c-body-authentication-operator.18599d2230299800.18b41977.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/76e5-body-authentication-operator.18599d2230299800.6182ed8c.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/de10-body-authentication-operator.17fe72c59b829800.2a24f1b5.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ebf1-body-authentication-operator.18599d2230299800.2df24af9.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/78cb-body-authentication-operator.18599d2230299800.44a05c38.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6471-body-authentication-operator.17fe72c59b829800.57eb8535.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/0dc4-body-authentication-operator.18599d2230299800.5f2cc1a1.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/f4a3-body-authentication-operator.18599d2230299800.6d9ca9b2.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/a240-body-authentication-operator.18599d2230299800.49fb0e36.yaml

🚧 Files skipped from review as they are similar to previous changes (16)

• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ccdf-body-authentication-operator.17fe72c59b829800.616f1c0f.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/312e-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/ccdf-metadata-authentication-operator.17fe72c59b829800.616f1c0f.yaml
• test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-body-default-deny-all.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6393-metadata-authentication-operator.17fe72c59b829800.c879600c.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cedd-body-authentication-operator.17fe72c59b829800.96072a72.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/3f86-metadata-authentication-operator.17fe72c59b829800.05fbd8b8.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fb69-body-authentication-operator.17fe72c59b829800.2a6d0210.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/4519-metadata-default-deny-all.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d9cf-body-authentication-operator.18599d2230299800.560dcb58.yaml
• test-data/apply-configuration/overall/oauth-server-configobserver/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/d9cf-metadata-authentication-operator.18599d2230299800.560dcb58.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/cedd-metadata-authentication-operator.17fe72c59b829800.96072a72.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/fb69-metadata-authentication-operator.17fe72c59b829800.2a6d0210.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/53aa-body-authentication-operator.17fe72c59b829800.ec96ffd6.yaml
• test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication-operator/core/events/6393-body-authentication-operator.17fe72c59b829800.c879600c.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

egress: - {} makes egress effectively unrestricted.

Line 30 allows all egress (any destination/port/protocol), which weakens the intended deny-by-default posture for selected pods. If the hostNetwork exception is the goal, constrain this to TCP-only instead of fully open egress.

Suggested fix

-  - {}
+  - ports:
+    - protocol: TCP

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- {}
	- ports:
	- protocol: TCP

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-oauth-apiserver/networking.k8s.io/networkpolicies/fcd4-body-oauth-apiserver-networkpolicy.yaml`
at line 30, The NetworkPolicy named in the patch
(fcd4-body-oauth-apiserver-networkpolicy) currently uses "egress: - {}" which
permits all outbound traffic; replace that open egress rule with a constrained
egress entry that limits traffic to TCP only (e.g., specify protocol: TCP and an
appropriate ports list or port range) while preserving the hostNetwork exception
logic so the deny-by-default posture is maintained for the targeted pods.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Find and read the full network policy file
find . -name "9eb2-body-oauth-server-networkpolicy.yaml" -type f

Repository: openshift/cluster-authentication-operator

Length of output: 500

---

🏁 Script executed:

# Read the full content of the file to understand context
cat -n "test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-body-oauth-server-networkpolicy.yaml"

Repository: openshift/cluster-authentication-operator

Length of output: 1753

---

🌐 Web query:

Kubernetes NetworkPolicy empty egress rule semantics "{}" all traffic

💡 Result:

In Kubernetes NetworkPolicy, an empty egress rule item:

spec:
  policyTypes: [Egress]
  egress:
  - {}

means “allow all egress” (all destinations, all ports, all protocols that your CNI enforces for NetworkPolicy). Kubernetes’ own example for “Allow all egress traffic” uses exactly egress: - {} and states that with it in place, outgoing connections from the selected pods cannot be denied by additional policies. [1] The same “empty rule matches all traffic” explanation is also shown in Google’s training material. [2]

By contrast, if you select pods for egress isolation but provide no allow rules, you get deny-all egress, e.g.:

spec:
  podSelector: {}
  policyTypes: [Egress]
  # no egress: rules

Kubernetes documents this as the “default deny all egress traffic” pattern. [1]

Summary: egress: - {} ⇒ allow-all egress; policyTypes: [Egress] with no egress rules ⇒ deny-all egress. [1]

Sources: [1] Kubernetes NetworkPolicy docs; [2] Google Kubernetes Engine Networking training PDF.

---

egress: - {} allows all egress traffic, defeating the restrictive intent of this policy.

The empty egress rule at line 30 permits outbound traffic to all destinations on all ports and protocols. With policyTypes: [Egress] set, this rule makes the specific DNS and OAuth apiserver rules above it redundant and undermines any default-deny egress posture. Remove this line unless there is a documented exception (e.g., hostNetwork pods requiring unrestricted egress); if an exception is necessary, explicitly scope it rather than using an empty rule.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@test-data/apply-configuration/overall/oauth-server-staticresource/expected-output/Management/Create/namespaces/openshift-authentication/networking.k8s.io/networkpolicies/9eb2-body-oauth-server-networkpolicy.yaml`
at line 30, The network policy contains an empty egress rule ("egress: - {}")
that effectively allows all outbound traffic and defeats the intended
restrictive posture with "policyTypes: [Egress]"; remove the empty egress entry
from the NetworkPolicy (or replace it with explicit, scoped egress rules) so
only the intended DNS and OAuth API server egress rules remain; if an exception
is required (e.g., hostNetwork pods), implement a narrowly scoped egress rule
instead of using the empty rule.

[openshift-ci]

@liouk: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-2of2	492e9e7	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-1of2	492e9e7	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-1of2
ci/prow/e2e-aws-operator-parallel-ote	492e9e7	link	false	/test e2e-aws-operator-parallel-ote
ci/prow/e2e-aws-operator-encryption-serial-ote-1of2	492e9e7	link	false	/test e2e-aws-operator-encryption-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-serial-ote-2of2	492e9e7	link	false	/test e2e-aws-operator-encryption-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-1of2	492e9e7	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-2of2	492e9e7	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-1of2	492e9e7	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-1of2
ci/prow/e2e-aws-operator-serial-ote	492e9e7	link	false	/test e2e-aws-operator-serial-ote
ci/prow/e2e-gcp-operator-disruptive	492e9e7	link	true	/test e2e-gcp-operator-disruptive
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-2of2	492e9e7	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-2of2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[liouk]

/retest-required

[gangwgr]

/verified by https://github.com/openshift/cluster-authentication-operator/pull/831/checks?check_run_id=66254516590

[openshift-ci-robot]

@gangwgr: This PR has been marked as verified by https://github.com/openshift/cluster-authentication-operator/pull/831/checks?check_run_id=66254516590.

Details

In response to this:

/verified by https://github.com/openshift/cluster-authentication-operator/pull/831/checks?check_run_id=66254516590

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@gangwgr: trigger 14 job(s) of type blocking for the nightly release of OCP 4.21

• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-upgrade-fips
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-upgrade-fips-no-nat-instance
• periodic-ci-openshift-release-main-ci-4.21-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade
• periodic-ci-openshift-hypershift-release-4.21-periodics-e2e-aws-ovn-conformance
• periodic-ci-openshift-release-main-nightly-4.21-e2e-metal-ipi-ovn-bm
• periodic-ci-openshift-release-main-nightly-4.21-e2e-metal-ipi-ovn-ipv6

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/8c2802b0-1bbc-11f1-992c-670fa0983e22-0

[openshift-ci]

@gangwgr: trigger 14 job(s) of type blocking for the nightly release of OCP 4.21

• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-upgrade-fips
• periodic-ci-openshift-release-main-nightly-4.21-e2e-aws-ovn-upgrade-fips-no-nat-instance
• periodic-ci-openshift-release-main-ci-4.21-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade
• periodic-ci-openshift-hypershift-release-4.21-periodics-e2e-aws-ovn-conformance
• periodic-ci-openshift-release-main-nightly-4.21-e2e-metal-ipi-ovn-bm
• periodic-ci-openshift-release-main-nightly-4.21-e2e-metal-ipi-ovn-ipv6

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/91204e12-1bbc-11f1-9bd9-3709c9fb6888-0

[everettraven]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven, liouk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [liouk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[liouk]

/payload 4.22 nightly blocking
/payload 4.22 nightly informing

[openshift-ci]

@liouk: trigger 14 job(s) of type blocking for the nightly release of OCP 4.22

• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-upgrade-fips
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-main-ci-4.22-upgrade-from-stable-4.21-e2e-gcp-ovn-rt-upgrade
• periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-aws-ovn-conformance
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-upgrade-fips-no-nat-instance
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-ipv4
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-ipv6

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4d3a5cd0-1bbf-11f1-91c5-3168c8d0f85b-0

trigger 65 job(s) of type informing for the nightly release of OCP 4.22

• periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-azure-aks-ovn-conformance
• periodic-ci-openshift-release-main-nightly-4.22-console-aws
• periodic-ci-openshift-cluster-control-plane-machine-set-operator-release-4.22-periodics-e2e-aws
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-csi
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-cgroupsv2
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-fips
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-single-node
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-single-node-csi
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-single-node-serial
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-single-node-techpreview
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-single-node-techpreview-serial
• periodic-ci-openshift-release-main-nightly-4.22-upgrade-from-stable-4.21-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-upgrade-out-of-change
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-upi
• periodic-ci-openshift-cluster-control-plane-machine-set-operator-release-4.22-periodics-e2e-azure
• periodic-ci-openshift-release-main-nightly-4.22-e2e-azure-csi
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn-serial
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn-techpreview
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn-techpreview-serial
• periodic-ci-openshift-release-main-ci-4.22-e2e-azure-ovn-upgrade-out-of-change
• periodic-ci-openshift-release-main-cnv-nightly-4.22-deploy-azure-kubevirt-ovn
• periodic-ci-openshift-cluster-control-plane-machine-set-operator-release-4.22-periodics-e2e-gcp
• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn
• periodic-ci-openshift-release-main-nightly-4.22-e2e-gcp-ovn-csi
• periodic-ci-openshift-release-main-nightly-4.22-e2e-gcp-ovn-rt
• periodic-ci-openshift-release-main-nightly-4.22-e2e-gcp-ovn-serial
• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-techpreview
• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-techpreview-serial
• periodic-ci-openshift-release-main-ci-4.22-upgrade-from-stable-4.21-e2e-gcp-ovn-upgrade
• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-upgrade
• periodic-ci-openshift-hypershift-release-4.22-periodics-e2e-azure-kubevirt-ovn
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-dualstack
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-dualstack-techpreview
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-ipv6-techpreview
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-serial-ipv4
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-serial-virtualmedia-1of2
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-serial-virtualmedia-2of2
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-techpreview
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-ovn-upgrade
• periodic-ci-openshift-release-main-nightly-4.22-upgrade-from-stable-4.21-e2e-metal-ipi-ovn-upgrade
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-serial-ovn-ipv6
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-serial-ovn-dualstack
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ipi-upgrade-ovn-ipv6
• periodic-ci-openshift-release-main-nightly-4.22-upgrade-from-stable-4.21-e2e-metal-ipi-upgrade-ovn-ipv6
• periodic-ci-openshift-release-main-nightly-4.22-metal-ovn-single-node-recert-cluster-rename
• periodic-ci-openshift-osde2e-main-nightly-4.22-osd-aws
• periodic-ci-openshift-release-main-nightly-4.22-e2e-osd-ccs-gcp
• periodic-ci-openshift-osde2e-main-nightly-4.22-osd-gcp
• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-proxy
• periodic-ci-openshift-release-main-nightly-4.22-e2e-metal-ovn-single-node-live-iso
• periodic-ci-openshift-eng-ocp-qe-perfscale-ci-main-aws-4.22-nightly-x86-payload-control-plane-6nodes
• periodic-ci-openshift-release-main-nightly-4.22-e2e-telco5g
• periodic-ci-openshift-release-main-ci-4.22-upgrade-from-stable-4.21-e2e-aws-ovn-upgrade
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-csi
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-serial
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-techpreview
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-techpreview-serial
• periodic-ci-openshift-release-main-ci-4.22-e2e-vsphere-ovn-upgrade
• periodic-ci-openshift-release-main-ci-4.22-upgrade-from-stable-4.21-e2e-vsphere-ovn-upgrade
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-upi
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-upi-serial
• periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-static-ovn

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4d3a5cd0-1bbf-11f1-91c5-3168c8d0f85b-1