CM-873: Add comprehensive scenario-based e2e tests for the trust-manager

[chiragkyal]

Summary

Adds comprehensive scenario-based e2e tests for the trust-manager Bundle CR, covering the full lifecycle from Bundle creation through target sync verification under various TrustManager configurations.

Test Coverage

Group 1 — Default TrustManager (no optional features):

• Inline / ConfigMap / Secret source → ConfigMap target
• Multiple sources, custom metadata, namespace selector filtering
• Target data drift reconciliation, source update propagation, Bundle deletion cleanup
• Negative: Secret target without SecretTargets enabled, useDefaultCAs without DefaultCAPackage enabled, ConfigMap source outside trust namespace

Group 2 — SecretTargets enabled:

• Inline / ConfigMap source → Secret target, dual ConfigMap + Secret targets
• Negative: Bundle name not in authorizedSecrets list

Group 3 — DefaultCAPackage enabled:

• useDefaultCAs → ConfigMap target, useDefaultCAs + Inline combined data

Group 4 — SecretTargets + DefaultCAPackage enabled:

• useDefaultCAs + Inline → ConfigMap + Secret dual targets

Group 5 — Custom TrustNamespace:

• ConfigMap source in custom trust namespace → ConfigMap target
• Negative: ConfigMap source in default namespace not synced when custom trust namespace is configured

Group 6 — FilterExpiredCertificates enabled:

• ConfigMap source with valid + expired certs → only valid cert in ConfigMap target
• Transition to Disabled → same Bundle re-syncs with both certs in target

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 99ae0fce-0936-42dc-9967-c675be50d21f

📥 Commits

Reviewing files that changed from the base of the PR and between b931304 and dcea7cc.

📒 Files selected for processing (5)

• test/e2e/suite_test.go
• test/e2e/trustmanager_bundle_test.go
• test/e2e/trustmanager_helpers_test.go
• test/e2e/trustmanager_test.go
• test/e2e/utils_test.go

✅ Files skipped from review due to trivial changes (3)

• test/e2e/trustmanager_helpers_test.go
• test/e2e/trustmanager_test.go
• test/e2e/trustmanager_bundle_test.go

---

Walkthrough

Added extensive e2e tests and helpers for TrustManager Bundle CRs, updated e2e suite to register APIs and create a controller-runtime client, removed an old TrustManager builder helper, and bumped/added module dependencies in go.mod files.

Changes

Cohort / File(s)	Summary
Go module files go.mod, test/go.mod, tools/go.mod	Bumped sigs.k8s.io/structured-merge-diff/v6 v6.3.0→v6.3.1 across modules; added github.com/cert-manager/trust-manager v0.20.3 to test/go.mod; bumped github.com/go-errors/errors in tools/go.mod.
E2E suite setup test/e2e/suite_test.go	Added imports for core types and cert-manager trust API, introduced package-level bundleClient crclient.Client, built a runtime.Scheme with trust-manager and core/v1 registered, and initialized controller-runtime client in BeforeSuite with expectation checks.
New E2E tests test/e2e/trustmanager_bundle_test.go	Added a large ordered Ginkgo e2e test exercising Bundle CR sync behavior across six TrustManager configurations (multiple feature-flag and policy permutations, positive/negative and transition checks).
E2E test helpers (new) test/e2e/trustmanager_helpers_test.go	Added internal fluent builders and reusable helpers for TrustManager and trust.cert-manager.io Bundle CRs, plus CRUD, polling, and assertion utilities used by new tests.
E2E test refactors test/e2e/trustmanager_test.go, test/e2e/utils_test.go	Removed legacy trustManagerCRBuilder and related methods; updated tests to use explicit ctx-based helpers (createTrustManager(ctx, ...), waitForTrustManagerReady(ctx)); switched to dot-imported Gomega in utils and updated related assertions.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chiragkyal
Once this PR has been reviewed and has the lgtm label, please assign mytreya-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@chiragkyal: This pull request references CM-873 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "cert-manager-1.19" instead.

Details

In response to this:

Summary

Adds comprehensive scenario-based e2e tests for the trust-manager Bundle CR, covering the full lifecycle from Bundle creation through target sync verification under various TrustManager configurations.

Test Coverage

Group 1 — Default TrustManager (no optional features):

• Inline / ConfigMap / Secret source → ConfigMap target
• Multiple sources, custom metadata, namespace selector filtering
• Target data drift reconciliation, source update propagation, Bundle deletion cleanup
• Negative: Secret target without SecretTargets enabled, useDefaultCAs without DefaultCAPackage enabled, ConfigMap source outside trust namespace

Group 2 — SecretTargets enabled:

• Inline / ConfigMap source → Secret target, dual ConfigMap + Secret targets
• Negative: Bundle name not in authorizedSecrets list

Group 3 — DefaultCAPackage enabled:

• useDefaultCAs → ConfigMap target, useDefaultCAs + Inline combined data

Group 4 — SecretTargets + DefaultCAPackage enabled:

• useDefaultCAs + Inline → ConfigMap + Secret dual targets

Group 5 — Custom TrustNamespace:

• ConfigMap source in custom trust namespace → ConfigMap target
• Negative: ConfigMap source in default namespace not synced when custom trust namespace is configured

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@chiragkyal: This pull request references CM-873 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "cert-manager-1.19" instead.

Details

In response to this:

Summary

Adds comprehensive scenario-based e2e tests for the trust-manager Bundle CR, covering the full lifecycle from Bundle creation through target sync verification under various TrustManager configurations.

Test Coverage

Group 1 — Default TrustManager (no optional features):

• Inline / ConfigMap / Secret source → ConfigMap target
• Multiple sources, custom metadata, namespace selector filtering
• Target data drift reconciliation, source update propagation, Bundle deletion cleanup
• Negative: Secret target without SecretTargets enabled, useDefaultCAs without DefaultCAPackage enabled, ConfigMap source outside trust namespace

Group 2 — SecretTargets enabled:

• Inline / ConfigMap source → Secret target, dual ConfigMap + Secret targets
• Negative: Bundle name not in authorizedSecrets list

Group 3 — DefaultCAPackage enabled:

• useDefaultCAs → ConfigMap target, useDefaultCAs + Inline combined data

Group 4 — SecretTargets + DefaultCAPackage enabled:

• useDefaultCAs + Inline → ConfigMap + Secret dual targets

Group 5 — Custom TrustNamespace:

• ConfigMap source in custom trust namespace → ConfigMap target
• Negative: ConfigMap source in default namespace not synced when custom trust namespace is configured

Group 6 — FilterExpiredCertificates enabled:

• ConfigMap source with valid + expired certs → only valid cert in ConfigMap target
• Transition to Disabled → same Bundle re-syncs with both certs in target

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[chiragkyal]

/cc @bharath-b-rh

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

test/e2e/trustmanager_helpers_test.go (1)

232-249: Split exact-match and contains-match target waiters.

The single-source and source-update scenarios in test/e2e/trustmanager_bundle_test.go use these helpers too. With substring matching, those specs still pass if the controller appends new PEM data and leaves stale certificates behind.

Also applies to: 254-271

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/trustmanager_helpers_test.go` around lines 232 - 249, The current
waitForConfigMapTarget function mixes substring and exact matching which allows
false positives; split it into two clear helpers (e.g.,
waitForConfigMapTargetContains and waitForConfigMapTargetExact) and update
callers to use the appropriate one: keep the existing substring behavior in
waitForConfigMapTargetContains (use strings.Contains on trimmed values) and make
waitForConfigMapTargetExact require exact trimmed equality (compare
strings.TrimSpace(data) == strings.TrimSpace(expectedContent)); change any
usages in test/e2e/trustmanager_bundle_test.go and the other helper referenced
(the similar function at the 254-271 range) to call the new exact or contains
variant as appropriate so single-source/source-update tests use the exact
matcher.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/trustmanager_bundle_test.go`:
- Around line 487-517: The test currently only waits for
trustapi.BundleConditionSynced == False, which is too generic; replace or add a
check to assert the specific SecretTargetsDisabled condition. Use
waitForBundleCondition(bundleClient, bundleSecretDisable,
trustapi.BundleConditionSecretTargetsDisabled, metav1.ConditionTrue,
highTimeout) (or similar call) to wait for the SecretTargetsDisabled condition
to become True after disabling secretTargets; keep using bundleClient,
bundleSecretDisable, metav1.ConditionTrue and highTimeout to locate and time the
check.
- Around line 80-90: The BeforeAll block that calls patchSubscriptionWithEnvVars
to set "UNSUPPORTED_ADDON_FEATURES":"TrustManager=true" mutates cluster state
but does not restore it; capture the original UNSUPPORTED_ADDON_FEATURES value
before calling patchSubscriptionWithEnvVars (e.g., read it via the same
subscription helper), store it in a package-scoped variable, and add a matching
AfterAll/AfterSuite teardown that calls patchSubscriptionWithEnvVars to restore
the original value (or unset it if it was empty) and then waits for rollout with
waitForDeploymentEnvVarAndRollout to ensure the operator returns to the original
env state; update trustmanager_bundle_test.go to implement this restore logic
around the existing BeforeAll/patchSubscriptionWithEnvVars and
waitForDeploymentEnvVarAndRollout calls.

In `@test/e2e/trustmanager_helpers_test.go`:
- Around line 303-311: The helper createBundleWithCleanup is incorrectly
treating apierrors.IsAlreadyExists as a successful creation, which can hide
stale objects; update the logic in createBundleWithCleanup so that
bundleClient.Create(ctx, bundle) does not swallow AlreadyExists errors—remove
the special-case that returns nil for apierrors.IsAlreadyExists and instead
return the error so Eventually will retry/fail; keep the
DeferCleanup(deleteBundle...) call as-is so the bundle is still removed if the
create eventually succeeds.

---

Nitpick comments:
In `@test/e2e/trustmanager_helpers_test.go`:
- Around line 232-249: The current waitForConfigMapTarget function mixes
substring and exact matching which allows false positives; split it into two
clear helpers (e.g., waitForConfigMapTargetContains and
waitForConfigMapTargetExact) and update callers to use the appropriate one: keep
the existing substring behavior in waitForConfigMapTargetContains (use
strings.Contains on trimmed values) and make waitForConfigMapTargetExact require
exact trimmed equality (compare strings.TrimSpace(data) ==
strings.TrimSpace(expectedContent)); change any usages in
test/e2e/trustmanager_bundle_test.go and the other helper referenced (the
similar function at the 254-271 range) to call the new exact or contains variant
as appropriate so single-source/source-update tests use the exact matcher.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1db54250-194f-4f03-add6-8c909c257034

📥 Commits

Reviewing files that changed from the base of the PR and between 2beb5f9 and ef7e84c.

⛔ Files ignored due to path filters (28)

• go.sum is excluded by !**/*.sum
• go.work.sum is excluded by !**/*.sum
• test/go.sum is excluded by !**/*.sum
• tools/go.sum is excluded by !**/*.sum
• vendor/github.com/cert-manager/trust-manager/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/LICENSES is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/conversion.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/types_bundle.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/zz_generated.conversion.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2/conversion.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2/register.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2/types_cluster_bundle.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/.travis.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/error_1_13.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/error_backward.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/join_unwrap_1_20.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-errors/errors/join_unwrap_backward.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**
• vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go is excluded by !vendor/**, !**/vendor/**
• vendor/sigs.k8s.io/structured-merge-diff/v6/typed/remove.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (8)

• go.mod
• test/e2e/suite_test.go
• test/e2e/trustmanager_bundle_test.go
• test/e2e/trustmanager_helpers_test.go
• test/e2e/trustmanager_test.go
• test/e2e/utils_test.go
• test/go.mod
• tools/go.mod

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Assert SecretTargetsDisabled, not just Synced=False.

This spec name promises a specific disabled-policy result, but the assertion only waits for a false Synced condition. Any unrelated reconciliation failure would satisfy the test.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/trustmanager_bundle_test.go` around lines 487 - 517, The test
currently only waits for trustapi.BundleConditionSynced == False, which is too
generic; replace or add a check to assert the specific SecretTargetsDisabled
condition. Use waitForBundleCondition(bundleClient, bundleSecretDisable,
trustapi.BundleConditionSecretTargetsDisabled, metav1.ConditionTrue,
highTimeout) (or similar call) to wait for the SecretTargetsDisabled condition
to become True after disabling secretTargets; keep using bundleClient,
bundleSecretDisable, metav1.ConditionTrue and highTimeout to locate and time the
check.

[chiragkyal]

/test e2e-operator-tech-preview

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

test/e2e/trustmanager_test.go (1)

975-980: Strengthen propagation assertions to avoid false positives.

Using only ShouldNot(Equal(original...)) can pass on unrelated background drift. Prefer asserting the injected bundle/package includes the test CA you added (or its fingerprint), not just “different from baseline.”

As per coding guidelines “Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.”

Also applies to: 985-990

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/trustmanager_test.go` around lines 975 - 980, The current test only
checks the injected CA bundle differs from originalInjectedData which can yield
false positives; instead, within the Eventually block that fetches the ConfigMap
via clientset.CoreV1().ConfigMaps(operatorNamespace).Get(...), assert that
cm.Data[trustedCABundleKey] specifically contains the test CA you added (or a
stable identifier like its fingerprint) — use the test fixture variable (e.g.,
the test CA PEM or its fingerprint) rather than inequality; apply the same
change to the similar assertion around lines 985-990 so both checks verify
presence of the expected CA content instead of mere difference.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/trustmanager_test.go`:
- Around line 828-1000: This test (It("should propagate CNO CA bundle update to
package ConfigMap and restart pod")) mutates cluster-global state
(configClient.Proxies() updates to Proxy/cluster and the openshift-config
user-ca-bundle ConfigMap) and must not run in parallel; mark the spec as
serial/isolated by adding the appropriate Ginkgo serial label or moving it into
a dedicated Serial/SerialDescribe block so it runs alone (e.g., apply
Label("Serial") or wrap in a SerialDescribe) to prevent cross-test flakiness
when touching Proxy/cluster and openshift-config/user-ca-bundle and keep the
DeferCleanup logic as-is.

---

Nitpick comments:
In `@test/e2e/trustmanager_test.go`:
- Around line 975-980: The current test only checks the injected CA bundle
differs from originalInjectedData which can yield false positives; instead,
within the Eventually block that fetches the ConfigMap via
clientset.CoreV1().ConfigMaps(operatorNamespace).Get(...), assert that
cm.Data[trustedCABundleKey] specifically contains the test CA you added (or a
stable identifier like its fingerprint) — use the test fixture variable (e.g.,
the test CA PEM or its fingerprint) rather than inequality; apply the same
change to the similar assertion around lines 985-990 so both checks verify
presence of the expected CA content instead of mere difference.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d50dffbe-8271-46fa-ae6c-202aad05ce38

📥 Commits

Reviewing files that changed from the base of the PR and between 34e8d32 and 24857d9.

📒 Files selected for processing (1)

• test/e2e/trustmanager_test.go

[chiragkyal]

/test e2e-operator-tech-preview

[coderabbitai]

♻️ Duplicate comments (2)

test/e2e/trustmanager_bundle_test.go (2)

515-517: ⚠️ Potential issue | 🟡 Minor

Test assertion does not verify SecretTargetsDisabled condition.

The spec name promises verification of SecretTargetsDisabled, but line 516 only waits for Synced=False. Any unrelated failure would satisfy this assertion. Consider additionally waiting for trustapi.BundleConditionSecretTargetsDisabled to be True for a precise assertion.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/trustmanager_bundle_test.go` around lines 515 - 517, The test
currently only asserts Synced=False using waitForBundleCondition(bundleClient,
bundleSecretDisable, trustapi.BundleConditionSynced, metav1.ConditionFalse,
highTimeout); add an additional wait that asserts the
BundleConditionSecretTargetsDisabled condition is True to precisely verify
secret targets were disabled—call waitForBundleCondition with bundleClient,
bundleSecretDisable, trustapi.BundleConditionSecretTargetsDisabled,
metav1.ConditionTrue and the same timeout (highTimeout) and ensure the
Expect(err).ShouldNot(HaveOccurred()) check follows that call as well.

---

80-90: ⚠️ Potential issue | 🟠 Major

Missing teardown to restore UNSUPPORTED_ADDON_FEATURES.

The BeforeAll mutates the subscription with TrustManager=true but there's no corresponding AfterAll at the suite level to restore the original value. This can leave the cluster in a modified state affecting subsequent test suites or manual testing.

Consider capturing the original value before patching and restoring it in an AfterAll block.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/trustmanager_bundle_test.go` around lines 80 - 90, Before mutating
the subscription in BeforeAll (where patchSubscriptionWithEnvVars and
waitForDeploymentEnvVarAndRollout are used to set
"UNSUPPORTED_ADDON_FEATURES=TrustManager=true"), capture the current value of
"UNSUPPORTED_ADDON_FEATURES" first, then add an AfterAll block that restores
that captured original value by calling patchSubscriptionWithEnvVars (or a
corresponding restore helper) to reset the environment variable; ensure the
restore runs unconditionally (even on failures) and references the same
subscription/loader used in BeforeAll so the cluster state is returned to its
original value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@test/e2e/trustmanager_bundle_test.go`:
- Around line 515-517: The test currently only asserts Synced=False using
waitForBundleCondition(bundleClient, bundleSecretDisable,
trustapi.BundleConditionSynced, metav1.ConditionFalse, highTimeout); add an
additional wait that asserts the BundleConditionSecretTargetsDisabled condition
is True to precisely verify secret targets were disabled—call
waitForBundleCondition with bundleClient, bundleSecretDisable,
trustapi.BundleConditionSecretTargetsDisabled, metav1.ConditionTrue and the same
timeout (highTimeout) and ensure the Expect(err).ShouldNot(HaveOccurred()) check
follows that call as well.
- Around line 80-90: Before mutating the subscription in BeforeAll (where
patchSubscriptionWithEnvVars and waitForDeploymentEnvVarAndRollout are used to
set "UNSUPPORTED_ADDON_FEATURES=TrustManager=true"), capture the current value
of "UNSUPPORTED_ADDON_FEATURES" first, then add an AfterAll block that restores
that captured original value by calling patchSubscriptionWithEnvVars (or a
corresponding restore helper) to reset the environment variable; ensure the
restore runs unconditionally (even on failures) and references the same
subscription/loader used in BeforeAll so the cluster state is returned to its
original value.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 10d99ed0-bcdb-487e-a3a3-0b5c91ca48a0

📥 Commits

Reviewing files that changed from the base of the PR and between 24857d9 and b931304.

📒 Files selected for processing (1)

• test/e2e/trustmanager_bundle_test.go

[chiragkyal]

/test e2e-operator-tech-preview

[openshift-ci]

@chiragkyal: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.