From 7f4c1129f41ce68ecc7cc69e89b3dda9694c44b9 Mon Sep 17 00:00:00 2001 From: Evan Hearne Date: Tue, 10 Feb 2026 12:05:27 +0000 Subject: [PATCH 1/3] UPSTREAM: : add service account to curl job --- .../tests-extension/test/olmv1-catalog.go | 39 +++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/openshift/tests-extension/test/olmv1-catalog.go b/openshift/tests-extension/test/olmv1-catalog.go index 5e1bfab1b..d3c227184 100644 --- a/openshift/tests-extension/test/olmv1-catalog.go +++ b/openshift/tests-extension/test/olmv1-catalog.go @@ -11,6 +11,7 @@ import ( batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -76,12 +77,43 @@ func verifyCatalogEndpoint(ctx SpecContext, catalog, endpoint, query string) { strings.ReplaceAll(endpoint, "?", ""), strings.ReplaceAll(catalog, "-", "")) - job := buildCurlJob(jobNamePrefix, "default", serviceURL) + // create service account object + serviceAccount := &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: jobNamePrefix, + Namespace: "default", + }, + } + + serviceAccount.SetName(jobNamePrefix) + serviceAccount.SetNamespace("default") + + err = k8sClient.Create(ctx, serviceAccount) + Expect(err).NotTo(HaveOccurred(), "failed to create Service Account") + + if err != nil && !apierrors.IsAlreadyExists(err) { + Fail(fmt.Sprintf("Failed to ensure ServiceAccount %s: %v", jobNamePrefix, err)) + } + + job := buildCurlJob(jobNamePrefix, "default", serviceURL, serviceAccount) + err = k8sClient.Create(ctx, job) Expect(err).NotTo(HaveOccurred(), "failed to create Job") + DeferCleanup(func(ctx SpecContext) { + _ = k8sClient.Delete(ctx, serviceAccount) + }) + DeferCleanup(func(ctx SpecContext) { _ = k8sClient.Delete(ctx, job) + // We poll for deletion success so that the cleanup succeeds only when + // the job is deleted. Then, we can move onto deleting the service + // account without issue. + Eventually(func(g Gomega) { + recheck := &batchv1.Job{} + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(job), recheck) + g.Expect(apierrors.IsNotFound(err)).To(BeTrue(), fmt.Sprintf("Job %v should be deleted", job.Name)) + }).WithTimeout(helpers.DefaultTimeout).WithPolling(helpers.DefaultPolling).Should(Succeed()) }) By("Waiting for Job to succeed") @@ -203,7 +235,7 @@ var _ = Describe("[sig-olmv1][OCPFeatureGate:NewOLM][Skipped:Disconnected] OLMv1 }) }) -func buildCurlJob(prefix, namespace, url string) *batchv1.Job { +func buildCurlJob(prefix, namespace, url string, serviceAccount *corev1.ServiceAccount) *batchv1.Job { backoff := int32(1) // This means the k8s garbage collector will automatically delete the job 5 minutes // after it has completed or failed. @@ -232,7 +264,8 @@ func buildCurlJob(prefix, namespace, url string) *batchv1.Job { BackoffLimit: &backoff, Template: corev1.PodTemplateSpec{ Spec: corev1.PodSpec{ - RestartPolicy: corev1.RestartPolicyNever, + ServiceAccountName: serviceAccount.Name, + RestartPolicy: corev1.RestartPolicyNever, Containers: []corev1.Container{{ Name: "api-tester", Image: "registry.redhat.io/rhel8/httpd-24:latest", From b3199bf96123e5a1d6063bfb532a588779bce782 Mon Sep 17 00:00:00 2001 From: Evan Hearne Date: Wed, 18 Feb 2026 17:28:51 +0000 Subject: [PATCH 2/3] cleanup redundant err + setters --- openshift/tests-extension/test/olmv1-catalog.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/openshift/tests-extension/test/olmv1-catalog.go b/openshift/tests-extension/test/olmv1-catalog.go index d3c227184..191f2f893 100644 --- a/openshift/tests-extension/test/olmv1-catalog.go +++ b/openshift/tests-extension/test/olmv1-catalog.go @@ -85,11 +85,7 @@ func verifyCatalogEndpoint(ctx SpecContext, catalog, endpoint, query string) { }, } - serviceAccount.SetName(jobNamePrefix) - serviceAccount.SetNamespace("default") - err = k8sClient.Create(ctx, serviceAccount) - Expect(err).NotTo(HaveOccurred(), "failed to create Service Account") if err != nil && !apierrors.IsAlreadyExists(err) { Fail(fmt.Sprintf("Failed to ensure ServiceAccount %s: %v", jobNamePrefix, err)) From 6628bddbbf12028ccf903b3580eb5e7717b06664 Mon Sep 17 00:00:00 2001 From: Evan Hearne Date: Thu, 19 Feb 2026 13:54:21 +0000 Subject: [PATCH 3/3] move sa defercleanup up so gets cleaned up properly --- openshift/tests-extension/test/olmv1-catalog.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openshift/tests-extension/test/olmv1-catalog.go b/openshift/tests-extension/test/olmv1-catalog.go index 191f2f893..976c084ee 100644 --- a/openshift/tests-extension/test/olmv1-catalog.go +++ b/openshift/tests-extension/test/olmv1-catalog.go @@ -91,15 +91,15 @@ func verifyCatalogEndpoint(ctx SpecContext, catalog, endpoint, query string) { Fail(fmt.Sprintf("Failed to ensure ServiceAccount %s: %v", jobNamePrefix, err)) } + DeferCleanup(func(ctx SpecContext) { + _ = k8sClient.Delete(ctx, serviceAccount) + }) + job := buildCurlJob(jobNamePrefix, "default", serviceURL, serviceAccount) err = k8sClient.Create(ctx, job) Expect(err).NotTo(HaveOccurred(), "failed to create Job") - DeferCleanup(func(ctx SpecContext) { - _ = k8sClient.Delete(ctx, serviceAccount) - }) - DeferCleanup(func(ctx SpecContext) { _ = k8sClient.Delete(ctx, job) // We poll for deletion success so that the cleanup succeeds only when