ROSAENG-8186 | feat: add new env for rosa e2e test

[marcolan018]

read env SLACK_WEBHOOK_URL and CONSOLE_CLIENT_SECET from vault

Summary by CodeRabbit

This PR adds support for two additional environment variables in the ROSA e2e test infrastructure by reading them from vault credentials and injecting them into test job execution contexts.

Changes made:

1. YAML Configuration Update (openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-integration.yaml): Modified the OCM FVT periodic ROSA HCP integration test job configuration to inject SLACK_WEBHOOK_URL and CONSOLE_CLIENT_SECRET environment variables into multiple command blocks. These values are read from credential files mounted at /usr/local/cs-qe-credentials/.

2. Shell Script Update (rosa-e2e-ocm-fvt-commands.sh): Enhanced the test setup script to read the slack_webhook_url and console_client_secret credentials from the vault directory and append them as environment variables to the podman execution environment before running tests.

Impact: These changes enable ROSA e2e tests to access Slack webhook credentials for notifications and console client secrets for test execution, supporting expanded testing capabilities and improved test observability for the ROSA HCP integration testing pipeline.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0dbac126-768b-4d52-8a93-33be4c98de60

📥 Commits

Reviewing files that changed from the base of the PR and between 07efae4 and ad60b0c.

📒 Files selected for processing (2)

• ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-integration.yaml
• ci-operator/step-registry/rosa/e2e/ocm-fvt/rosa-e2e-ocm-fvt-commands.sh

---

Walkthrough

This PR adds credential injection for Slack webhook and OCM console client secret to OCM FVT ROSA HCP integration test jobs. A shell script implementation reads these secrets from mounted credential files and exports them as environment variables, which are then referenced in six periodic job configurations.

Changes

Credentials Environment Variables

Layer / File(s)	Summary
Shell script credential injection implementation ci-operator/step-registry/rosa/e2e/ocm-fvt/rosa-e2e-ocm-fvt-commands.sh	Script reads slack_webhook_url and console_client_secret from /usr/local/cs-qe-credentials/ and appends them as SLACK_WEBHOOK_URL and CONSOLE_CLIENT_SECRET to the Podman environment file.
Periodic job configuration updates ci-operator/config/openshift-online/rosa-e2e/openshift-online-rosa-e2e-main__ocm-fvt-rosa-hcp-integration.yaml	Six periodic job definitions are updated to export the same SLACK_WEBHOOK_URL and CONSOLE_CLIENT_SECRET environment variables, reading from credential files before existing credential sourcing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	The PR exposes sensitive credentials (SLACK_WEBHOOK_URL and CONSOLE_CLIENT_SECRET) in CI logs via command substitution expansion of secret files, violating the no-sensitive-data-in-logs check.	Avoid command substitution expansion of secrets in logged commands; instead read secrets directly into environment file without echoing values, or mark them as masked in CI.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding new environment variables for ROSA e2e tests. It is specific, concise, and directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR modifies CI test infrastructure files (YAML config and shell script), not Ginkgo test files. No test titles (It(), Describe(), etc.) are present in the changes.
Test Structure And Quality	✅ Passed	Custom check requires reviewing Ginkgo test code, but this PR only modifies YAML config and bash scripts with no Go test code.
Microshift Test Compatibility	✅ Passed	PR does not add any new Ginkgo e2e tests; it only modifies CI/CD configuration and shell scripts to inject environment variables into existing tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are only to CI configuration (YAML) and shell scripts for environment variable setup, not test code.
Topology-Aware Scheduling Compatibility	✅ Passed	Changes are CI test infrastructure (config and scripts), not deployment manifests or operator code. No scheduling constraints, affinity rules, topology assumptions, or node selectors are introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies only CI configuration YAML and shell environment setup scripts, not OTE binary or Go test code subject to stdout contract rules.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds environment variables to CI/CD configuration files, not Ginkgo test definitions. The check applies only to new Ginkgo tests; this PR adds none.
No-Weak-Crypto	✅ Passed	No weak cryptography (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or insecure secret comparisons detected in the code changes.
Container-Privileges	✅ Passed	PR adds environment variables to test jobs without introducing privileged containers, hostPID/Network/IPC, SYS_ADMIN capabilities, allowPrivilegeEscalation, or root user elevation.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: marcolan018
Once this PR has been reviewed and has the lgtm label, please assign ravitri for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift-online/rosa-e2e/OWNERS
• ci-operator/step-registry/rosa/e2e/ocm-fvt/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@marcolan018: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-amd64-upgrade-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-backup-rest-integration-main	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-backup-scale-2-integration-main	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-osd-gcp-staging-ocm-fvt-periodic-cs-osd-ccs-gcp-marketplace-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-adobe-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-backup-rest-2-integration-main	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-rosa-sts-shared-vpc-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-backup-cp-up-2-integration-main	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-amd64-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-osd-gcp-staging-ocm-fvt-periodic-cs-osd-ccs-gcp-ad-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-osd-gcp-staging-ocm-fvt-periodic-cs-osd-gcp-non-cross-proj-wif-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-zero-egress-upgrade-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-rosa-sts-ad-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-rosa-hcp-upgrade-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-backup-cp-up-integration-main	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-rosa-ad-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-rosa-sts-pl-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-pl-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-integration-ocm-fvt-periodic-cs-rosa-hcp-autonode-integration-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-osd-gcp-staging-ocm-fvt-periodic-cs-osd-gcp-wif-sv-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-arm-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-y-upgrade-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-integration-ocm-fvt-periodic-cs-rosa-sts-ad-integration-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-hcp-staging-ocm-fvt-periodic-cs-rosa-hcp-zero-egress-staging-main	N/A	periodic	Registry content changed
periodic-ci-openshift-online-rosa-e2e-main-ocm-fvt-rosa-classic-staging-ocm-fvt-periodic-cs-osd-rh-aws-staging-main	N/A	periodic	Registry content changed

A total of 33 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@marcolan018: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.