OCPCLOUD-2208: Add E2E test for CAPI controllers cluster-wide proxy support

[lunarwhite]

Depends on openshift/cluster-capi-operator#517

Summary

• Refactor proxy env var verification helpers from MAPI-specific to generic, enabling reuse for CAPI proxy tests
• Skip self MITM proxy deployment for pre-configured proxy clusters (can be obtained via prow CI workflow like openshift-e2e-aws-proxy)
• Add E2E test verifying CAPI provider deployments get proxy env vars injected when cluster-wide proxy is configured

Validation

I didn't follow the MAPI ones to add a dedicate test for testing machine provisioning through a proxy, since it might require a bit refactor/framework work, which better to be a follow-up. Instead I ran the full set of CAPI tests on some pj-rehearsal clusters.

• Clusters with proxy enabled by default

• New CAPI proxy test passing

• Existing MAPI tests still passing

• Clusters without proxy enabled

• New CAPI proxy test passing

• Existing MAPI tests still passing

[openshift-ci-robot]

@lunarwhite: This pull request references OCPCLOUD-2208 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Depends on openshift/cluster-capi-operator#517

Summary

• Refactor proxy env var verification helpers from MAPI-specific to generic, enabling reuse for CAPI proxy tests
• Skip self MITM proxy deployment for pre-configured proxy clusters (can be obtained via prow CI workflow like openshift-e2e-aws-proxy)
• Add E2E test verifying CAPI provider deployments get proxy env vars injected when cluster-wide proxy is configured

Validation

I didn't follow the MAPI ones to add a dedicate test for testing machine provisioning through a proxy, since it might require a bit refactor/framework work, which better to be a follow-up. Instead I ran the full set of CAPI tests on some pj-rehearsal clusters.

• Clusters with proxy enabled by default

• New CAPI proxy test passing

• Existing MAPI tests still passing

• Clusters without proxy enabled

• New CAPI proxy test passing

• Existing MAPI tests still passing

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign nrb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 15587b50-c4e7-4127-a720-3c13f7754877

📥 Commits

Reviewing files that changed from the base of the PR and between 3bab34a and af21b1d.

📒 Files selected for processing (3)

• pkg/framework/proxies.go
• pkg/operators/cluster-capi-operator.go
• pkg/operators/machine-api-operator.go

---

Walkthrough

Refactored proxy configuration testing framework by removing deployment-specific constants from proxies.go, introducing generalized helper functions for cluster proxy verification and environment variable validation across all deployment containers, and updating test suites to conditionally handle proxy configuration based on pre-existing cluster state.

Changes

Cohort / File(s)	Summary
Framework Proxy Utilities pkg/framework/proxies.go	Replaced deployment-specific constants with general proxy-related constants. Added IsClusterProxyEnabled() to determine cluster proxy status by reading the cluster Proxy configuration. Introduced WaitForAllContainersProxyEnvVars() and WaitForAllContainersNoProxyEnvVars() helper functions for validating environment variable presence/absence across all containers in target deployments.
Cluster API Operator Test pkg/operators/cluster-capi-operator.go	New Ginkgo end-to-end test suite validating Cluster API provider deployments under cluster-wide proxy configuration. Tests proxy environment variable injection in provider containers and verifies cleanup. Conditionally deploys/removes MITM proxy based on pre-existing cluster configuration.
Machine API Operator Test pkg/operators/machine-api-operator.go	Updated to conditionally deploy and clean up MITM proxy based on existing cluster proxy state. Integrated new IsClusterProxyEnabled() check and proxy environment variable wait helpers for validating injection and removal in machine-api-controllers containers.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @lunarwhite. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[damdo]

/ok-to-test

[openshift-ci]

@lunarwhite: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mdbooth]

/lgtm

Some comments, but this looks good to me. I'd approve, but I don't feel qualified to review the important-looking label.

[mdbooth]

I don't know how to review this label, but I suspect it's important. @damdo ?

[mdbooth]

I don't think we should continue to rely on these labels. Maybe the installer revision label? That would unambiguously identify any CAPI operand.

[mdbooth]

Skip if the CAPIMachineManagement (or whatever) feature gate is not set?

[mdbooth]

For extra robustness I'd add a wait, probably in BeforeEach, that generation == observedRevisionGeneration and desiredRevision == currentRevision on the ClusterAPI object.