MTV-5824: Add ca.crt provider secret field migration test

[AmenB]

Summary

• Add tier1 cold migration test verifying Forklift accepts the standard Kubernetes ca.crt field in provider secrets (MTV-4561 / MTV-4647 | Support standard Kubernetes ca.crt field in provider secrets kubev2v/forklift#5549)
• Add ca_cert_key parameter to _fetch_and_store_cacert() and create_source_provider() — defaults to "cacert", no behavior change for existing tests
• Supported providers: vSphere, ESXi, RHV, OpenStack (skipped for OpenShift/OVA via collection-time hook)
• Uses existing mtv-tests-rhel8 VM — no new infrastructure required

Test plan

• Run uv run pytest -s --collect-only -m tier1 and verify TestCaCrtColdMigration is collected
• Run with vSphere provider: confirm provider secret has ca.crt key (not cacert)
• Run regression alongside TestSanityColdMtvMigration to verify legacy cacert path is unaffected
• Verify test is skipped for OpenShift/OVA providers
• Verify test is skipped when source_provider_insecure_skip_verify=true

🤖 Generated with Claude Code

Summary by CodeRabbit

• Tests
  • Added class-scoped pytest fixtures to create CA-certificate–based source providers with a configurable secret key (ca.crt) and to build the matching inventory.
  • Added cold-migration test coverage (MTV-4561) that verifies the referenced CA secret uses ca.crt (not cacert) and creates Storagemap, NetworkMap, and Plan resources.
  • Added new test configuration for the single-VM cold migration scenario.
• Chores
  • Made CA certificate secret field naming configurable (ca_cert_key), defaulting to cacert.
  • Refactored inventory creation to use a provider-based factory.

[redhat-qe-bot]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: Disabled for this repository
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: All label categories are enabled (default configuration)

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message
• /security-override - Set security check runs to pass (maintainers only)
• /security-override cancel - Re-run security checks

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest conventional-title - Validate commit message format
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3
• /cherry-pick-retry <branch> - Retry a failed cherry-pick (merged PRs only)

Branch Management

• /rebase - Rebase this PR branch onto its base branch

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. Status Checks: All required status checks must pass
3. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
4. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• krcmarik
• myakove
• solenoci

Reviewers:

• krcmarik
• myakove
• solenoci

Available Labels

• hold
• verified
• wip
• lgtm
• approve
• automerge

AI Features

• Conventional Title: Mode: fix (claude/claude-opus-4-6[1m])
• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])
• Test Oracle: Triggers: approved (cursor/gpt-5.4-xhigh-fast); /test-oracle can be used anytime

Security Checks

• Suspicious Path Detection: Monitors paths: .claude/, .vscode/, .cursor/, .devcontainer/, .pi/, .github/workflows/, .github/actions/
• Committer Identity Check: Verifies last committer matches PR author
• Mandatory: Security checks block merge (use /security-override to bypass — maintainers only)

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[qodo-code-review]

PR Summary by Qodo

Add tier1 cold migration test for provider secret ca.crt field
🧪 Tests ✨ Enhancement 🕐 20-40 Minutes

Description

• Add tier1 cold migration test validating provider secrets accept standard ca.crt.
• Add ca_cert_key option to generate CA cert secret fields without changing defaults.
• Skip ca_crt tests for providers/modes that don’t use CA certificates.

Diagram

graph TD
  A[["TestCaCrtColdMigration"]] --> B["ca_crt fixtures"] --> C["create_source_provider()"] --> D["_fetch_and_store_cacert()"] --> E[("Provider Secret")] --> F(["Provider CR"]) --> G["Plan/Maps"] --> H["Execute migration"]
  subgraph Legend
    direction LR
    _t[["Pytest test"]] ~~~ _f["Fixture/Function"] ~~~ _s[("K8s Secret")] ~~~ _cr(["K8s CR"])
  end

Loading

High-Level Assessment

The following are alternative approaches to this PR:

1. Parametrize existing cold migration test by CA cert key

• ➕ Avoids adding a separate test module/class
• ➕ Guarantees legacy cacert and new ca.crt paths run in identical flow
• ➖ Increases runtime (two full migrations) for any environment where it’s enabled
• ➖ Harder to selectively skip/gate without impacting the baseline cold migration suite

2. Write both `cacert` and `ca.crt` into the Secret by default

• ➕ Maximizes compatibility while Forklift transitions between field names
• ➖ Masks regressions: Forklift could ignore ca.crt and still pass
• ➖ Changes Secret schema/content for all providers, beyond the test’s intent

Recommendation: Current approach is the best fit: a focused tier1 test with a dedicated provider fixture validates ca.crt behavior without perturbing existing tests. The ca_cert_key parameter cleanly scopes the change while preserving the legacy default (cacert), and the collection-time/provider-mode skips keep the suite deterministic.

Files changed (6) +272 / -12

Enhancement (1) +17 / -12

utils.pyAllow configurable CA cert secret key ('cacert' vs 'ca.crt') +17/-12

Allow configurable CA cert secret key ('cacert' vs 'ca.crt')

• Adds a 'ca_cert_key' parameter to '_fetch_and_store_cacert()' and 'create_source_provider()' (defaulting to '"cacert"') and threads it through VMware/RHV/OpenStack secret creation flows. This enables tests to validate Forklift’s support for the standard Kubernetes 'ca.crt' field without changing existing behavior.

utilities/utils.py

Tests (3) +248 / -0

conftest.pySkip 'ca_crt' tests for providers without CA cert secrets +13/-0

Skip 'ca_crt' tests for providers without CA cert secrets

• Extends 'pytest_collection_modifyitems' to skip tests marked 'ca_crt' when the configured source provider is OpenShift or OVA. This prevents invalid test execution for provider types that don’t use CA certificates in provider secrets.

conftest.py

conftest.pyAdd fixtures to create a source provider using 'ca.crt' +79/-0

Add fixtures to create a source provider using 'ca.crt'

• Introduces 'ca_crt_source_provider' which creates a separate Provider/Secret using the standard 'ca.crt' secret field via 'create_source_provider(ca_cert_key="ca.crt")'. Adds a matching inventory fixture to enable VM ID population and map generation for the newly created provider.

tests/cold/conftest.py

test_ca_crt_migration.pyAdd tier1 cold migration test for 'ca.crt' provider secret field +156/-0

Add tier1 cold migration test for 'ca.crt' provider secret field

• Adds 'TestCaCrtColdMigration', following the standard 5-step cold migration pattern (maps, plan, execute, validate) but using the 'ca_crt_source_provider'. The test is marked 'ca_crt', gated to supported providers, and skipped when 'source_provider_insecure_skip_verify' is enabled.

tests/cold/test_ca_crt_migration.py

Other (2) +7 / -0

pytest.iniRegister 'ca_crt' pytest marker +1/-0

Register 'ca_crt' pytest marker

• Adds a 'ca_crt' marker description so pytest marker validation ('--strict-markers') accepts the new test annotation.

pytest.ini

config.pyAdd test plan config for 'test_ca_crt_cold_migration' +6/-0

Add test plan config for 'test_ca_crt_cold_migration'

• Adds a new 'tests_params' entry selecting the existing 'mtv-tests-rhel8' VM for the new cold migration test, avoiding additional infrastructure requirements.

tests/tests_config/config.py

[coderabbitai]

Walkthrough

Adds configurable CA certificate storage, a shared inventory factory, and a cold migration test scenario that expects the source secret to use ca.crt.

Changes

ca.crt Secret Field and Cold Migration Test

Layer / File(s)	Summary
Configurable CA cert key and inventory factory utilities/utils.py, libs/forklift_inventory.py, conftest.py	_fetch_and_store_cacert and create_source_provider accept ca_cert_key, create_forklift_inventory(...) validates provider.ocp_resource and instantiates the matching inventory class, and source_provider_inventory now delegates to that factory.
ca.crt fixtures and shared inventory helper tests/cold/conftest.py	The cold fixtures create a provider with ca_cert_key="ca.crt" and then build its inventory from that provider, with explicit disconnect after yield.
Cold migration scenario and test parameters tests/tests_config/config.py, tests/cold/test_ca_crt_migration.py	tests_params gains test_ca_crt_cold_migration, and the new test class adds the scenario markers, skip condition, parameterization, class state, and secret validation step.
Storage, network, and plan creation tests/cold/test_ca_crt_migration.py	The scenario creates StorageMap, NetworkMap, and Plan resources from the prepared plan, source inventory, and multus network name.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

verified, commented-AmenB

Suggested reviewers

• krcmarik
• myakove
• solenoci

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a migration test for the provider secret's ca.crt field.
Docstring Coverage	✅ Passed	Docstring coverage is 83.33% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (4) 📜 Skill insights (0)

Context used

✅ Compliance rules (platform): 81 rules

1. DynamicClient used at runtime ✗ Dismissed 📘 Rule violation ☼ Reliability

Description

create_forklift_inventory() introduces a runtime type annotation using DynamicClient, which
violates the requirement to keep DynamicClient imports/type references in TYPE_CHECKING only.
This increases runtime coupling to the kubernetes dynamic client and breaks the project's
DynamicClient-avoidance policy.

Code

libs/forklift_inventory.py[R32-36]

+def create_forklift_inventory(
+    client: DynamicClient,
+    mtv_namespace: str,
+    provider: "BaseProvider",
+) -> "ForkliftInventory":

Relevance

⭐⭐⭐ High

Team previously accepted moving DynamicClient to TYPE_CHECKING/string hints to avoid runtime
coupling (PR #284).

PR-#284

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The rule forbids runtime imports/references to DynamicClient; the new function signature
explicitly types client as DynamicClient, creating a runtime reference via annotation evaluation
in this module.

Rule 70439: Avoid runtime imports and usage of kubernetes.DynamicClient
libs/forklift_inventory.py[32-36]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`create_forklift_inventory()` uses `DynamicClient` as a runtime type in its signature, but compliance requires `DynamicClient` to be referenced only in type-checking contexts (e.g., `if TYPE_CHECKING:`) and via string annotations.

## Issue Context
This module currently imports `DynamicClient` at runtime and uses it in annotations. The new function extends that pattern and should be refactored to comply with the DynamicClient restriction policy.

## Fix Focus Areas
- libs/forklift_inventory.py[32-36]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. type: ignore lacks reason ✗ Dismissed 📘 Rule violation ⚙ Maintainability

Description

A new # type: ignore[call-arg] was added without an inline justification comment, which makes it
hard to audit why the type checker suppression is safe. This violates the requirement that every
type: ignore include a nearby human-readable rationale.

Code

libs/forklift_inventory.py[R61-63]

+    # Subclasses use 'namespace' param while base class uses 'mtv_namespace'
+    return provider_class(  # type: ignore[call-arg]
+        client=client,

Relevance

⭐⭐ Medium

No prior accepted/rejected reviews found enforcing inline rationale for type: ignore in this repo.

PR-#206
PR-#355

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

PR Compliance ID 1260822 requires justification comments for all type: ignore usages. The added
call site uses # type: ignore[call-arg] without an inline justification on the same line.

Rule 1260822: Require justification comments for all type: ignore usages
libs/forklift_inventory.py[61-63]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`# type: ignore[call-arg]` was introduced without the required inline justification comment.

## Issue Context
Compliance requires each `type: ignore` to include a short reason (e.g., mismatch between runtime kwargs and stub/signature) so reviewers can validate it is safe and intentional.

## Fix Focus Areas
- libs/forklift_inventory.py[61-66]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Unjustified Any in fixtures ✗ Dismissed 📘 Rule violation ⚙ Maintainability

Description

The newly added cold-migration test code introduces Any in type hints—both in the
ca_crt_source_provider fixture and in TestCaCrtColdMigration method parameters—without an inline
justification comment. This reduces type precision and violates the compliance rule that permits
Any only in documented, unavoidable cases.

Code

tests/cold/conftest.py[R17-26]

+@pytest.fixture(scope="class")  # Class-scoped: separate provider per test class with ca.crt in the secret
+def ca_crt_source_provider(
+    fixture_store: dict[str, Any],
+    session_uuid: str,
+    source_provider_data: dict[str, Any],
+    target_namespace: str,
+    ocp_admin_client: "DynamicClient",
+    tmp_path_factory: pytest.TempPathFactory,
+    destination_ocp_secret: "Secret",  # pragma: allowlist secret
+) -> Generator[BaseProvider, None, None]:

Relevance

⭐⭐ Medium

No historical evidence found that this repo enforces “Any requires inline justification comment” in
tests/fixtures.

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

PR Compliance ID 1256238 requires that every new or modified use of Any include an inline
justification comment explaining why a more precise type cannot be used. The cited additions in
tests/cold/conftest.py show Any used in fixture annotations (e.g., dict[str, Any]) with no
accompanying justification, and the cited sections in tests/cold/test_ca_crt_migration.py
similarly introduce Any in method parameter type hints such as prepared_plan: dict[str, Any]
without an explanatory comment near those annotations, demonstrating noncompliance.

Rule 1256238: Restrict use of Any to documented, unavoidable cases
tests/cold/conftest.py[17-26]
tests/cold/test_ca_crt_migration.py[57-66]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
New/modified type hints in the cold-migration tests use `Any` (e.g., `dict[str, Any]` in the `ca_crt_source_provider` fixture and `prepared_plan: dict[str, Any]` in `TestCaCrtColdMigration` methods) without an inline justification comment explaining why a more precise type is not feasible.

## Issue Context
Per PR Compliance ID 1256238, each `Any` usage must be justified with a specific limitation (e.g., dynamic external schema, third-party/untyped data) via an inline comment on the same line or immediately above the annotation. Where the structure is well-known, prefer replacing `Any` with a concrete/narrower type such as a `TypedDict`, `Protocol`, `Union`, or another appropriate mapping/value type (e.g., `Mapping[str, object]`) to keep types precise.

## Fix Focus Areas
- tests/cold/conftest.py[17-26]
- tests/cold/test_ca_crt_migration.py[57-66]
- tests/cold/test_ca_crt_migration.py[80-90]
- tests/cold/test_ca_crt_migration.py[105-114]
- tests/cold/test_ca_crt_migration.py[145-154]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

View more (2)

4. PROVIDER_INVENTORY_MAP not at top 📘 Rule violation ⚙ Maintainability

Description

The new module-level constant PROVIDER_INVENTORY_MAP is declared after LOGGER, rather than in a
constants block immediately after imports. This violates the project rule for consistent placement
of module-level constants and reduces scanability.

Code

libs/forklift_inventory.py[R16-18]

LOGGER = get_logger(__name__)

+PROVIDER_INVENTORY_MAP: dict[str, type["ForkliftInventory"]] = {}

Relevance

⭐⭐ Medium

No historical review suggestions found enforcing “UPPERCASE constants block after imports” ordering
in libs files.

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

PR Compliance ID 1263221 requires module-level constants (UPPERCASE names) to be declared as a block
directly after imports. In libs/forklift_inventory.py, PROVIDER_INVENTORY_MAP is introduced
after LOGGER = ..., which is not permitted by the rule.

Rule 1263221: Place module-level constants at the top of the file after imports
libs/forklift_inventory.py[16-19]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`PROVIDER_INVENTORY_MAP` is a module-level constant but it is not placed in the required location (top of file right after imports). This breaks the project's constant-ordering convention.

## Issue Context
The rule requires all UPPERCASE module constants be grouped immediately after the last import (and module docstring, if present), before other module-level statements like logger initialization.

## Fix Focus Areas
- libs/forklift_inventory.py[16-19]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

5. ca_crt_source_provider docstring incomplete ✓ Resolved 📘 Rule violation ✧ Quality

Description

Newly added fixtures and test methods include docstrings but do not contain the required labeled
"Args:", "Returns:", and "Raises:" sections. This reduces clarity and violates the project’s
docstring compliance requirement for newly added functions/methods.

Code

tests/cold/conftest.py[R23-37]

+@pytest.fixture(scope="class")
+def ca_crt_source_provider(
+    fixture_store: dict[str, Any],
+    session_uuid: str,
+    source_provider_data: dict[str, Any],
+    target_namespace: str,
+    ocp_admin_client: "DynamicClient",
+    tmp_path_factory: pytest.TempPathFactory,
+    destination_ocp_secret: "Secret",
+) -> Generator[BaseProvider, None, None]:
+    """Create a source provider with ca.crt secret field instead of cacert.
+
+    Uses the standard Kubernetes ca.crt convention (MTV-4561) to verify
+    Forklift accepts the new field name for CA certificates.
+    """

Evidence

PR Compliance ID 70457 requires that every newly added function/method has a docstring with explicit
"Args:", "Returns:", and "Raises:" sections. In the cited changes, the new fixtures
ca_crt_source_provider and ca_crt_source_provider_inventory have docstrings that omit these
labeled sections, and the newly added test methods (e.g., test_create_storagemap,
test_migrate_vms, test_check_vms) similarly use brief one-line docstrings without the required
sections, demonstrating non-compliance across both fixture and test method additions.

Rule 70457: Require docstrings with Args/Returns/Raises for new functions
tests/cold/conftest.py[23-37]
tests/cold/conftest.py[55-63]
tests/cold/test_ca_crt_migration.py[46-57]
tests/cold/test_ca_crt_migration.py[120-127]
tests/cold/test_ca_crt_migration.py[134-146]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Newly added fixtures and test methods have docstrings, but they are missing the required labeled sections "Args:", "Returns:", and "Raises:", which is required for compliance.

## Issue Context
PR Compliance ID 70457 requires that every newly added function/method in the diff (including fixtures and test methods) has a docstring immediately under the `def` line and that the docstring contains explicit labeled sections: "Args:", "Returns:", and "Raises:".

## Fix Focus Areas
- tests/cold/conftest.py[23-37]
- tests/cold/conftest.py[55-63]
- tests/cold/test_ca_crt_migration.py[46-57]
- tests/cold/test_ca_crt_migration.py[69-81]
- tests/cold/test_ca_crt_migration.py[94-106]
- tests/cold/test_ca_crt_migration.py[120-133]
- tests/cold/test_ca_crt_migration.py[134-156]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

6. ocp_resource checked by truthiness ✓ Resolved 📘 Rule violation ≡ Correctness

Description

The new code uses truthiness checks (if not ...) where the intent appears to be a None check,
which can mis-handle valid falsy values. Use explicit is None / is not None comparisons for
None-sensitive logic.

Code

tests/cold/conftest.py[R61-73]

+    """Create a ForkliftInventory for the ca.crt provider."""
+    if not ca_crt_source_provider.ocp_resource:
+        raise ValueError("ca_crt_source_provider.ocp_resource is not set")
+
+    providers: dict[str, type[ForkliftInventory]] = {
+        Provider.ProviderType.RHV: OvirtForkliftInventory,
+        Provider.ProviderType.VSPHERE: VsphereForkliftInventory,
+        Provider.ProviderType.OPENSTACK: OpenstackForliftinventory,
+    }
+    provider_class = providers.get(ca_crt_source_provider.type)
+
+    if not provider_class:
+        raise ValueError(f"Provider {ca_crt_source_provider.type} does not use CA certificates")

Evidence

PR Compliance ID 70433 requires explicit None checks for None-sensitive logic. The added checks `if
not ca_crt_source_provider.ocp_resource: and if not provider_class:` are presence/absence checks
and should be expressed with is None to avoid conflating None with other falsy values.

Rule 70433: Use explicit is None checks instead of truthiness for None-sensitive logic
tests/cold/conftest.py[61-73]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
None-sensitive checks are implemented using truthiness (`if not x:`) instead of explicit `is None` comparisons.

## Issue Context
Compliance requires explicit `is None` / `is not None` checks when the conditional is about absence/presence rather than general falsiness.

## Fix Focus Areas
- tests/cold/conftest.py[61-73]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

7. _register_inventory_classes() single-use helper 📘 Rule violation ✧ Quality ⭐ New

Description

The newly introduced _register_inventory_classes() helper is only called from
create_forklift_inventory(), making it a single-use abstraction that adds indirection without
reuse. This increases maintenance overhead and makes the provider-inventory mapping harder to audit.

Code

libs/forklift_inventory.py[R21-53]

+def _register_inventory_classes() -> None:
+    """Populate PROVIDER_INVENTORY_MAP after all classes are defined."""
+    PROVIDER_INVENTORY_MAP.update({
+        Provider.ProviderType.OVA: OvaForkliftInventory,
+        Provider.ProviderType.RHV: OvirtForkliftInventory,
+        Provider.ProviderType.VSPHERE: VsphereForkliftInventory,
+        Provider.ProviderType.OPENSHIFT: OpenshiftForkliftInventory,
+        Provider.ProviderType.OPENSTACK: OpenstackForliftinventory,
+    })
+
+
+def create_forklift_inventory(
+    client: DynamicClient,
+    mtv_namespace: str,
+    provider: "BaseProvider",
+) -> "ForkliftInventory":
+    """ForkliftInventory instance for the given provider.
+
+    Args:
+        client (DynamicClient): OpenShift admin client.
+        mtv_namespace (str): MTV operator namespace.
+        provider (BaseProvider): Source provider instance.
+
+    Returns:
+        ForkliftInventory: Inventory instance matching the provider type.
+
+    Raises:
+        ValueError: If ocp_resource is not set on the provider.
+        ValueError: If the provider type is not supported.
+    """
+    if not PROVIDER_INVENTORY_MAP:
+        _register_inventory_classes()
+

Relevance

⭐ Low

History favors extracting helpers for clarity/duplication; no precedent enforcing removal of
single-call-site helper.

PR-#550
PR-#219
PR-#415

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

PR Compliance ID 70422 requires avoiding new abstractions that only have a single concrete call
site. In libs/forklift_inventory.py, _register_inventory_classes() is defined and only invoked
from create_forklift_inventory() when PROVIDER_INVENTORY_MAP is empty.

Rule 70422: Avoid premature abstractions for single-use or loosely similar code
libs/forklift_inventory.py[21-60]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`_register_inventory_classes()` is a new helper that has only one caller (`create_forklift_inventory()`), which is a premature abstraction per the compliance rule.

## Issue Context
The provider->inventory mapping can be expressed directly without a dedicated registration function. Keeping it as a single-use helper adds indirection without reuse.

## Fix Focus Areas
- libs/forklift_inventory.py[16-60]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

8. Unused inventory imports 🐞 Bug ⚙ Maintainability

Description

After refactoring source_provider_inventory() to use create_forklift_inventory(), conftest.py still
imports several concrete *ForkliftInventory classes that are no longer referenced. This adds
maintenance noise and increases the chance of confusing/incorrect future edits in this central
fixture file.

Code

conftest.py[R50-54]

    OvaForkliftInventory,
    OvirtForkliftInventory,
    VsphereForkliftInventory,
+    create_forklift_inventory,
)

Relevance

⭐⭐⭐ High

Team accepted removing unused imports as noise cleanup (PR #550 removed unused runtime import per
review).

PR-#550

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The inventory subclasses are imported in conftest.py but the only inventory-related usage now is the
factory call in source_provider_inventory(), so the concrete class imports are dead.

conftest.py[45-54]
conftest.py[1485-1490]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`conftest.py` still imports multiple concrete `*ForkliftInventory` classes even though `source_provider_inventory()` was refactored to return `create_forklift_inventory(...)` directly. These imports are now unused.

### Issue Context
The old implementation built an in-function provider->inventory-class map and directly referenced those concrete classes. After the refactor, only `ForkliftInventory` (type) and `create_forklift_inventory` (factory) are needed.

### Fix Focus Areas
- conftest.py[45-54]
- conftest.py[1485-1490]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

9. Over-specific provider map 🐞 Bug ⚙ Maintainability

Description

In ca_crt_source_provider_inventory(), the providers mapping is annotated as a union of concrete
inventory classes, even though the code treats all values uniformly as ForkliftInventory
subclasses. This creates unnecessary typing churn when adding another provider inventory and reduces
clarity in a repo configured to run mypy.

Code

tests/cold/conftest.py[R89-91]

+    providers: dict[
+        str, type[OvirtForkliftInventory] | type[VsphereForkliftInventory] | type[OpenstackForliftinventory]
+    ] = {

Relevance

⭐⭐ Medium

Team accepts mypy/typing cleanup in tests (e.g., postponed annotations, full typing), but no prior
base-vs-union precedent.

PR-#317
PR-#328
PR-#415

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The focused hunk shows the providers map is typed as a union of concrete classes. The referenced
inventory classes are all ForkliftInventory subclasses, and the repository has mypy enabled,
making type clarity/maintainability relevant.

tests/cold/conftest.py[89-91]
libs/forklift_inventory.py[233-354]
pyproject.toml[13-19]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`providers` is typed as a union of specific inventory subclasses, even though all entries are used polymorphically.

### Issue Context
All mapped classes inherit from `ForkliftInventory` and share the same constructor shape used at the call site.

### Fix Focus Areas
- tests/cold/conftest.py[89-91]

### Suggested change
Replace the union value type with the common base type, e.g.:

```py
providers: dict[str, type[ForkliftInventory]] = {
   ...
}
```

(Or `Mapping[str, type[ForkliftInventory]]` if you want it read-only.)

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

View more (3)

10. prepared_plan fixture unused 📘 Rule violation ▣ Testability

Description

test_verify_ca_crt_secret requests the prepared_plan fixture but never uses its return value in
the test body. This violates the requirement to use @pytest.mark.usefixtures for side-effect-only
fixtures instead of requesting them as parameters.

Code

tests/cold/test_ca_crt_migration.py[R60-78]

+    def test_verify_ca_crt_secret(
+        self,
+        prepared_plan: dict[str, Any],
+        ca_crt_source_provider: BaseProvider,
+        ocp_admin_client: "DynamicClient",
+    ) -> None:
+        """Verify the provider secret uses ca.crt field instead of cacert."""
+        assert ca_crt_source_provider.ocp_resource is not None, "ocp_resource is not set"
+        secret_ref = ca_crt_source_provider.ocp_resource.instance.spec.secret
+        secret = Secret(
+            client=ocp_admin_client,
+            name=secret_ref.name,
+            namespace=secret_ref.namespace,
+        )
+        secret_data_keys = list(secret.instance.data.keys())
+        assert "ca.crt" in secret_data_keys, f"Expected 'ca.crt' in secret keys, got: {secret_data_keys}"
+        assert "cacert" not in secret_data_keys, (
+            f"Legacy 'cacert' should not be in secret keys, got: {secret_data_keys}"
+        )

Relevance

⭐ Low

Similar “use usefixtures instead of unused fixture param” suggestions were rejected in tests (PR
#487, #369).

PR-#487
PR-#369

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The compliance rule requires parameter fixtures to have their returned value used; in
test_verify_ca_crt_secret, prepared_plan is declared but not referenced anywhere in the test
body.

Rule 70435: Use parameter fixtures only when their return value is needed; use @pytest.mark.usefixtures for side‑effect‑only fixtures
tests/cold/test_ca_crt_migration.py[60-78]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`prepared_plan` is included as a test parameter but is not referenced in the test body, indicating it is being used only for setup side effects.

## Issue Context
For side-effect-only fixtures, tests should apply them via `@pytest.mark.usefixtures(...)` instead of listing them as function parameters.

## Fix Focus Areas
- tests/cold/test_ca_crt_migration.py[60-78]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

11. Class state read via self 📘 Rule violation ▣ Testability

Description

TestCaCrtColdMigration stores shared state on the class (via self.__class__....) but later reads
it via instance attributes (self.storage_map, self.network_map, self.plan_resource). In
pytest, each test method gets a new instance, so instance access can be misleading and risks
accidental instance-shadowing/flaky state handling.

Code

tests/cold/test_ca_crt_migration.py[R123-124]

+            storage_map=self.storage_map,
+            network_map=self.network_map,

Relevance

⭐ Low

Class-state via self is prevalent in class-based tests; no historical push to force self.__class__
reads (e.g., PR #274).

PR-#274
PR-#262
PR-#268

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The rule requires shared state in test classes to be accessed via the class (e.g.,
self.__class__.attr). In TestCaCrtColdMigration, state is written to class attributes but read
via instance attributes (self.storage_map / self.network_map), violating the requirement.

Rule 70454: Use class attributes for shared state in test classes
tests/cold/test_ca_crt_migration.py[69-78]
tests/cold/test_ca_crt_migration.py[123-124]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The test class writes shared state to class attributes (e.g., `self.__class__.storage_map = ...`) but reads them via `self.storage_map` / `self.network_map` / `self.plan_resource`. Per policy, shared state in test classes must be accessed through the class to avoid instance shadowing and make the sharing explicit.

## Issue Context
Pytest creates a new instance of the test class per test method; reading via `self.attr` may implicitly fall back to the class attribute today, but it is easy to accidentally create an instance attribute later and break sequential tests.

## Fix Focus Areas
- tests/cold/test_ca_crt_migration.py[69-166]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

12. Tier1 unsupported provider error 🐞 Bug ☼ Reliability

Description

TestCaCrtColdMigration is marked tier1, but ca_crt_source_provider_inventory raises
ValueError for any provider type outside RHV/VSPHERE/OPENSTACK, causing hard test errors instead
of skipping when -m tier1 is run under other providers. This makes the tier1 category brittle and
contradicts the repo’s documented guidance to switch test categories by changing only the -m
marker.

Code

tests/cold/conftest.py[R96-99]

+    provider_class = providers.get(ca_crt_source_provider.type)
+
+    if provider_class is None:
+        raise ValueError(f"Provider {ca_crt_source_provider.type} does not use CA certificates")

Relevance

⭐ Low

Repo uses provider-marker collection hook; fixtures commonly raise ValueError for invalid
provider/config (PRs #323,#328).

PR-#323
PR-#328
PR-#454

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The test is selected as part of the tier1 category, and there is no repository-wide hook that skips
tests based on the vsphere/rhv/openstack markers; the new inventory fixture instead raises a
ValueError when the provider type is outside its mapping, which surfaces as a test error. The
README explicitly documents changing only -m (e.g., to tier1) to run different categories,
making this failure mode user-visible.

tests/cold/test_ca_crt_migration.py[29-38]
tests/cold/conftest.py[86-105]
conftest.py[280-336]
README.md[263-275]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The new tier1 CA-cert migration test introduces fixtures that raise `ValueError` for unsupported provider types. Because tier1 runs are documented as being selected by switching the `-m` marker, this can produce unexpected hard failures when tier1 is executed in environments where the source provider is not RHV/vSphere/OpenStack.

### Issue Context
Provider-type gating is generally implemented as *skips* (e.g., warm migration gating in `pytest_collection_modifyitems`), not as exceptions thrown during fixture setup.

### Fix Focus Areas
- tests/cold/conftest.py[23-65]
- tests/cold/conftest.py[86-100]

### Suggested fix
1. In `ca_crt_source_provider` (best place, before creating any resources), check `source_provider_data["type"]` against the supported set `{Provider.ProviderType.RHV, Provider.ProviderType.VSPHERE, Provider.ProviderType.OPENSTACK}` and call `pytest.skip(...)` with a clear reason when unsupported.
2. In `ca_crt_source_provider_inventory`, replace the `ValueError` for unsupported provider types with `pytest.skip(...)` as a defensive fallback.

This ensures `-m tier1` runs won’t error out on unsupported providers, and the test will only execute where it actually validates the `ca.crt` behavior.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

utilities/utils.py (1)

163-189: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

LOW: Fail fast on invalid ca_cert_key values

ca_cert_key is used directly as a Secret field key. If it is empty (or malformed), failure is deferred to Secret creation and the error becomes harder to diagnose. Validate early in _fetch_and_store_cacert().

Suggested fix

 def _fetch_and_store_cacert(
     source_provider_data: dict[str, Any],
     secret_string_data: dict[str, Any],
     tmp_dir: pytest.TempPathFactory | None,
     session_uuid: str,
     ca_cert_key: str = "cacert",
 ) -> Path:
@@
+    if not ca_cert_key:
+        raise ValueError("ca_cert_key must be a non-empty secret field name")
+
     cert_file = generate_ca_cert_file(
         provider_fqdn=source_provider_data["fqdn"],
         cert_file=tmp_dir.mktemp(source_provider_type.upper()) / f"{source_provider_type}_{session_uuid}_cert.crt",
     )
     secret_string_data[ca_cert_key] = cert_file.read_text()

As per coding guidelines, “Code must never result in None when None is not valid. Fail early with clear errors.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@utilities/utils.py` around lines 163 - 189, The ca_cert_key parameter in the
_fetch_and_store_cacert() function is used directly as a dictionary key without
validation, which can lead to cryptic errors during Secret creation if an empty
or malformed value is passed. Add early validation at the start of the
_fetch_and_store_cacert() function to check if ca_cert_key is a non-empty
string, and raise a ValueError with a clear message if it is invalid. This
ensures failures are caught immediately with diagnostic context rather than
being deferred to downstream Secret creation.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/cold/conftest.py`:
- Around line 62-73: The code uses truthiness-based checks with `if not
ca_crt_source_provider.ocp_resource:` and `if not provider_class:` when checking
for None values. Replace these with explicit `is None` checks to follow the
coding guidelines and avoid unexpected behavior from custom `__bool__`
implementations. Change `if not ca_crt_source_provider.ocp_resource:` to `if
ca_crt_source_provider.ocp_resource is None:` and change `if not
provider_class:` to `if provider_class is None:`.

In `@tests/cold/test_ca_crt_migration.py`:
- Around line 134-144: The test_check_vms method declares target_namespace as a
fixture parameter but does not use it anywhere in the method body. Remove the
target_namespace parameter from the method signature of test_check_vms to comply
with the guideline that each test method should only request the fixtures it
actually needs, avoiding unnecessary fixture setup overhead.
- Around line 46-156: Add complete type annotations to all five test methods
(test_create_storagemap, test_create_networkmap, test_create_plan,
test_migrate_vms, and test_check_vms) in the test class. For each method, add
type hints to all parameters based on their fixture types and add the return
type annotation `-> None` since test methods do not return values. The
parameters should be annotated with their appropriate types from the fixture
definitions to ensure fixture API changes are caught at type-check time.

---

Outside diff comments:
In `@utilities/utils.py`:
- Around line 163-189: The ca_cert_key parameter in the
_fetch_and_store_cacert() function is used directly as a dictionary key without
validation, which can lead to cryptic errors during Secret creation if an empty
or malformed value is passed. Add early validation at the start of the
_fetch_and_store_cacert() function to check if ca_cert_key is a non-empty
string, and raise a ValueError with a clear message if it is invalid. This
ensures failures are caught immediately with diagnostic context rather than
being deferred to downstream Secret creation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 95055e79-867b-4c84-816a-79a532d48550

📥 Commits

Reviewing files that changed from the base of the PR and between 9c64122 and 868fd78.

📒 Files selected for processing (6)

• conftest.py
• pytest.ini
• tests/cold/conftest.py
• tests/cold/test_ca_crt_migration.py
• tests/tests_config/config.py
• utilities/utils.py

[qodo-code-review]

Code review by qodo was updated up to the latest commit b04ff09

[qodo-code-review]

Code review by qodo was updated up to the latest commit 5bb596d

[AmenB]

/verified

[myakove]

Code Review

Found 1 issue(s) in this PR:

💡 Suggestions (1)

File	Line	Issue
utilities/utils.py	278	[SUGGESTION] create_source_provider has no docstring despite signature cha

---

Review generated by pi

[qodo-code-review]

Code review by qodo was updated up to the latest commit 7ec4f26

[rh-bot-1]

Clean rebase detected — no code changes compared to previous head (7ec4f26).

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/cold/test_ca_crt_migration.py`:
- Around line 57-129: The CA CRT migration test currently validates only the
downstream flow, not the provider Secret contents being generated. In
test_create_storagemap or test_create_networkmap, add a direct assertion on the
created provider Secret before proceeding, verifying it contains ca.crt and does
not contain cacert. Use the existing helpers and fixtures around
get_storage_migration_map/get_network_migration_map and the provider Secret
object so the key under test is checked explicitly rather than inferred from
StorageMap/Plan success.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 031e7783-eba1-43f6-b71f-d5544b31c7c1

📥 Commits

Reviewing files that changed from the base of the PR and between ef70050 and 7ec4f26.

📒 Files selected for processing (6)

• conftest.py
• libs/forklift_inventory.py
• tests/cold/conftest.py
• tests/cold/test_ca_crt_migration.py
• tests/tests_config/config.py
• utilities/utils.py

[qodo-code-review]

Code review by qodo was updated up to the latest commit 023a1df

[qodo-code-review]

Code review by qodo was updated up to the latest commit e3f1d98

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

utilities/utils.py (1)

158-164: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

HIGH: Reject unsupported ca_cert_key values up front.

This patch only documents "cacert" and "ca.crt", but the new API accepts any string and blindly writes it into the provider Secret. A typo here silently changes the field under test instead of failing fast.

Possible fix

+_SUPPORTED_CA_CERT_KEYS = {"cacert", "ca.crt"}
+
 def _fetch_and_store_cacert(
     source_provider_data: dict[str, Any],
     secret_string_data: dict[str, Any],
     tmp_dir: pytest.TempPathFactory | None,
     session_uuid: str,
     ca_cert_key: str = "cacert",
 ) -> Path:
@@
+    if ca_cert_key not in _SUPPORTED_CA_CERT_KEYS:
+        raise ValueError(
+            f"Unsupported ca_cert_key '{ca_cert_key}'. Expected one of {_SUPPORTED_CA_CERT_KEYS}."
+        )
+
     source_provider_type = source_provider_data["type"]

As per coding guidelines, "Use ValueError for invalid input/config."

Also applies to: 278-279

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@utilities/utils.py` around lines 158 - 164, The _fetch_and_store_cacert
helper now accepts ca_cert_key as free-form input, so add an upfront validation
step in this function (and any related call site around the provider Secret
write path) to allow only the documented values like "cacert" and "ca.crt". If
an unsupported key is passed, raise ValueError immediately instead of silently
writing a different field, so typos fail fast and the secret shape stays
predictable.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/cold/test_ca_crt_migration.py`:
- Around line 58-63: The test_verify_ca_crt_secret method is requesting an extra
pytest fixture that is never used. Remove target_namespace from the
test_ca_crt_migration test signature so the fixture list matches the actual
dependencies and pytest does not resolve unnecessary setup.

---

Outside diff comments:
In `@utilities/utils.py`:
- Around line 158-164: The _fetch_and_store_cacert helper now accepts
ca_cert_key as free-form input, so add an upfront validation step in this
function (and any related call site around the provider Secret write path) to
allow only the documented values like "cacert" and "ca.crt". If an unsupported
key is passed, raise ValueError immediately instead of silently writing a
different field, so typos fail fast and the secret shape stays predictable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c1d0fa21-66ed-46fb-8231-4fd2be373a2c

📥 Commits

Reviewing files that changed from the base of the PR and between 7ec4f26 and e3f1d98.

📒 Files selected for processing (6)

• conftest.py
• libs/forklift_inventory.py
• tests/cold/conftest.py
• tests/cold/test_ca_crt_migration.py
• tests/tests_config/config.py
• utilities/utils.py

[qodo-code-review]

Code review by qodo was updated up to the latest commit 1c10f86

[AmenB]

/verified

[qodo-code-review]

Code review by qodo was updated up to the latest commit 2dfb2f3

[AmenB]

/verified

[myakove]

Code Review

Found 2 issue(s) in this PR:

💡 Suggestions (2)

File	Line	Issue
libs/forklift_inventory.py	62	type: ignore[call-arg] without explanation
utilities/utils.py	282	[SUGGESTION] Docstring Args missing type annotations per project standard.

---

Review generated by pi

[AmenB]

/verified

[qodo-code-review]

Code review by qodo was updated up to the latest commit 461e73a

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/cold/test_ca_crt_migration.py`:
- Around line 60-65: The test_verify_ca_crt_secret step is requesting an unused
prepared_plan fixture, which adds unnecessary pytest setup. Remove prepared_plan
from the test_verify_ca_crt_secret method signature and keep only the fixtures
actually used there, namely ca_crt_source_provider and ocp_admin_client, so the
incremental test step stays lean.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0183cf5b-c200-4c3a-b29b-b06e350cf8fa

📥 Commits

Reviewing files that changed from the base of the PR and between 26f61d8 and 461e73a.

📒 Files selected for processing (6)

• conftest.py
• libs/forklift_inventory.py
• tests/cold/conftest.py
• tests/cold/test_ca_crt_migration.py
• tests/tests_config/config.py
• utilities/utils.py

[coderabbitai]

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

LOW: Drop the unused prepared_plan fixture from this step.

Line 62 is never read, so pytest resolves extra setup for the first incremental step with no benefit.

Possible fix

     def test_verify_ca_crt_secret(
         self,
-        prepared_plan: dict[str, Any],
         ca_crt_source_provider: BaseProvider,
         ocp_admin_client: "DynamicClient",
     ) -> None:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def test_verify_ca_crt_secret(
	self,
	prepared_plan: dict[str, Any],
	ca_crt_source_provider: BaseProvider,
	ocp_admin_client: "DynamicClient",
	) -> None:
	def test_verify_ca_crt_secret(
	self,
	ca_crt_source_provider: BaseProvider,
	ocp_admin_client: "DynamicClient",
	) -> None:

🧰 Tools

🪛 Ruff (0.15.18)

[warning] 62-62: Unused method argument: prepared_plan

(ARG002)

---

[warning] 64-64: Remove quotes from type annotation

Remove quotes

(UP037)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/cold/test_ca_crt_migration.py` around lines 60 - 65, The
test_verify_ca_crt_secret step is requesting an unused prepared_plan fixture,
which adds unnecessary pytest setup. Remove prepared_plan from the
test_verify_ca_crt_secret method signature and keep only the fixtures actually
used there, namely ca_crt_source_provider and ocp_admin_client, so the
incremental test step stays lean.

Source: Linters/SAST tools

[myakove]

Code Review

Found 1 issue(s) in this PR:

💡 Suggestions (1)

File	Line	Issue
tests/cold/conftest.py	53	[SUGGESTION] insecure receives None instead of bool when config key is

---

Review generated by pi

[myakove]

[SUGGESTION] insecure receives None instead of bool when config key is absent.

get_value_from_py_config(...) returns None when the key doesn't exist, but create_source_provider declares insecure: bool. Works because None is falsy, but type mismatch.

Suggested change

	insecure=get_value_from_py_config(value="source_provider_insecure_skip_verify"),
	insecure=bool(get_value_from_py_config(value="source_provider_insecure_skip_verify")),