CNTRLPLANE-3576: add RestartDateAnnotation propagation tests

[mgencur]

What this PR does / why we need it:

• Convert an E2E test from openshift-tests-private into a unit test that covers the missing functionality as follows:
  • Verify that setDefaultOptions propagates RestartDateAnnotation from HCP to the pod template when set, and omits it when absent. This covers the mechanism that triggers rolling restarts via pod template annotation changes. Rolling out the new ReplicaSet is then Kubernetes' concern. The annotation propagation from HostedCluster to HostedControlPlane is already tested in TestReconcileHostedControlPlaneAnnotations.
• Fix nil-map bug in SetRestartAnnotationAndPatch - The intermediate variable podMeta := patch.Spec.Template.ObjectMeta copied ObjectMeta by value, so when Annotations was nil, the new map
  was created on the copy and never written back to the patch object. Access annotations directly on the patch to fix.

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-3576

Special notes for your reviewer:

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • None

• Bug Fixes

  • Improved handling of the restart-date annotation so it is reliably applied to pod template annotations while preserving any existing pod template annotations.

• Tests

  • Added coverage to verify restart-date annotation behavior on deployments, including preservation of pre-existing pod template annotations.
  • Expanded and reorganized default-option tests to validate security context defaults, resource request/limit defaulting, and restart-date propagation/omission behavior.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@mgencur: This pull request references CNTRLPLANE-3576 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

This PR is WIP because it builds on top of #8731 and will need a rebase once this PR is meged

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-3576

Special notes for your reviewer:

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: dba11f80-f125-4d51-9955-401ebe71a36b

📥 Commits

Reviewing files that changed from the base of the PR and between 8b1e0ae and 928c70f.

📒 Files selected for processing (3)

• control-plane-operator/controllers/hostedcontrolplane/v2/cno/component.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cno/component_test.go
• support/controlplane-component/defaults_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• support/controlplane-component/defaults_test.go

---

📝 Walkthrough

Walkthrough

SetRestartAnnotationAndPatch in the CNO component was refactored to eliminate a podMeta local variable; the annotations map is now initialized and populated directly on patch.Spec.Template.ObjectMeta.Annotations. Accompanying this, TestSetRestartAnnotationAndPatch was added to the CNO test file, verifying behavior with a fake controller-runtime client across scenarios: deployment exists or not, restart annotation set or absent, and pre-existing pod template annotations preserved. In the controlplane-component package, TestSetDefaultOptions was expanded with a shared scheme and parallel subtests covering etcd pod security context, table-driven container resource defaulting, and RestartDateAnnotation propagation from HostedControlPlane to pod template annotations.

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Tests are standard Go testing (not Ginkgo), raising applicability questions. However, assertion messages lack meaningful failure context (e.g., Expect(err).NotTo(HaveOccurred()) without messages)...	Add meaningful failure messages to assertions: Expect(err).NotTo(HaveOccurred(), "description of what failed") across all test assertions for better debugging.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main changes: adding tests for RestartDateAnnotation propagation, which directly aligns with the primary objectives and file changes in the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Modified tests use standard Go testing (t.Run/table-driven), not Ginkgo framework. The check targets Ginkgo test names (It/Describe/etc.) which don't apply here. Test names are stable/deterministic...
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies only unit tests and fixes a nil-map bug in SetRestartAnnotationAndPatch. It introduces no new deployment manifests, scheduling constraints, affinity rules, nodeSelectors, or pod di...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds standard Go unit tests (TestSetRestartAnnotationAndPatch, TestSetDefaultOptions) using the testing package, not Ginkgo e2e tests. The check applies only to Ginkgo e2e tests with It(),...
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms, custom crypto implementations, or insecure secret comparisons detected in the pull request code.
Container-Privileges	✅ Passed	No container privilege settings found (privileged, hostPID/hostNetwork/hostIPC, SYS_ADMIN, allowPrivilegeEscalation, or root execution) in the PR's Go source code and unit test modifications.
No-Sensitive-Data-In-Logs	✅ Passed	No logging statements that expose sensitive data (passwords, tokens, API keys, PII, session IDs, etc.) found. Error messages are generic and don't log annotation values.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mgencur
Once this PR has been reviewed and has the lgtm label, please assign sjenning for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@support/controlplane-component/defaults_test.go`:
- Around line 526-528: In support/controlplane-component/defaults_test.go at
lines 526-528, replace each `_ = ...AddToScheme(scheme)` statement (for hyperv1,
corev1, and appsv1) by capturing the error return value and checking it
explicitly: if the error is not nil, call t.Fatalf with an appropriate failure
message. In
control-plane-operator/controllers/hostedcontrolplane/v2/cno/component_test.go
at line 83, apply the same fix to the appsv1.AddToScheme call by capturing its
error return value and checking it with t.Fatalf on failure. This ensures test
initialization errors in scheme registration are properly caught and reported
rather than silently ignored.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 340b6197-2c17-4dde-8101-7a1e8f3c4713

📥 Commits

Reviewing files that changed from the base of the PR and between 712ba58 and fe42d7c.

📒 Files selected for processing (3)

• control-plane-operator/controllers/hostedcontrolplane/v2/cno/component.go
• control-plane-operator/controllers/hostedcontrolplane/v2/cno/component_test.go
• support/controlplane-component/defaults_test.go

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.71%. Comparing base (f0536b8) to head (928c70f).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8733      +/-   ##
==========================================
+ Coverage   41.69%   41.71%   +0.01%     
==========================================
  Files         758      758              
  Lines       93945    93944       -1     
==========================================
+ Hits        39175    39190      +15     
+ Misses      52025    52009      -16     
  Partials     2745     2745              

Files with missing lines	Coverage Δ
...controllers/hostedcontrolplane/v2/cno/component.go	15.38% <100.00%> (+10.29%)	⬆️

... and 1 file with indirect coverage changes

Flag	Coverage Δ
cmd-support	35.03% <ø> (+<0.01%)	⬆️
cpo-hostedcontrolplane	44.08% <100.00%> (+0.07%)	⬆️
cpo-other	43.45% <ø> (ø)
hypershift-operator	51.70% <ø> (ø)
other	31.56% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hypershift-jira-solve-ci]

Now I have the full picture. Here's the report:

Test Failure Analysis Complete

Job Information

• Prow Job: lint / Lint (GitHub Actions)
• Build ID: 27535310133 / job 81383093446
• PR: CNTRLPLANE-3576: add RestartDateAnnotation propagation tests #8733 — [WIP] CNTRLPLANE-3576: add RestartDateAnnotation propagation tests
• Author: mgencur
• Head SHA: fe42d7c

Test Failure Analysis

Error

control-plane-operator/controllers/hostedcontrolplane/v2/cno/component_test.go:14:1: File is not properly formatted (gci)
make: *** [Makefile:120: lint] Error 1
##[error]Process completed with exit code 2.

Summary

The golangci-lint gci (Go Imports Checker) linter flagged component_test.go at line 14 for incorrect import grouping. The project's .golangci.yml defines a strict 9-section custom import order, and the PR's new imports mix k8s.io/ and sigs.k8s.io/ packages in a single block instead of separating them into distinct groups. This is the sole lint error in the job run.

Root Cause

The .golangci.yml configures gci with custom-order: true and defines these import sections in order:

1. standard — Go stdlib (context, testing)
2. dot — dot-imports (. "github.com/onsi/gomega")
3. prefix(github.com/openshift/hypershift) — hypershift packages
4. prefix(github.com/openshift) — other openshift packages
5. prefix(github.com/aws) — AWS SDK
6. prefix(github.com/Azure) — Azure SDK
7. prefix(k8s.io) — Kubernetes API packages
8. prefix(sigs.k8s.io) — controller-runtime / SIG packages
9. default — everything else

The PR adds six new imports to component_test.go. Four belong to section 7 (k8s.io/) and two belong to section 8 (sigs.k8s.io/). However, all six are grouped into a single continuous block with no blank-line separator:

appsv1 "k8s.io/api/apps/v1"          // section 7
corev1 "k8s.io/api/core/v1"          // section 7
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // section 7
"k8s.io/apimachinery/pkg/runtime"     // section 7
crclient "sigs.k8s.io/controller-runtime/pkg/client"  // section 8 ← wrong group
"sigs.k8s.io/controller-runtime/pkg/client/fake"      // section 8 ← wrong group

The gci linter requires a blank line between each configured section. The sigs.k8s.io imports must be separated from the k8s.io imports by a blank line.

Recommendations

1. Fix the import ordering — Add a blank line between k8s.io and sigs.k8s.io imports in component_test.go:

import (
	"context"
	"testing"

	. "github.com/onsi/gomega"

	hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1"

	appsv1 "k8s.io/api/apps/v1"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/runtime"

	crclient "sigs.k8s.io/controller-runtime/pkg/client"
	"sigs.k8s.io/controller-runtime/pkg/client/fake"
)

2. Or run auto-fix locally before pushing:

   make lint-fix
   # or directly:
   golangci-lint run --fix ./control-plane-operator/controllers/hostedcontrolplane/v2/cno/...

Evidence

Evidence	Detail
Failing file	control-plane-operator/controllers/hostedcontrolplane/v2/cno/component_test.go:14:1
Linter	gci (Go Imports Checker) — import section ordering
golangci-lint version	2.11.4 (built with go1.25.7)
Config file	.golangci.yml with custom-order: true and 9 sections
Violated rule	k8s.io (section 7) and sigs.k8s.io (section 8) imports not separated by blank line
Error count	1 (sole lint error in the entire run)
Other changed files	component.go and defaults_test.go — no lint errors
Exit code	make lint exited with code 1 → GitHub Actions exit code 2

---

[openshift-ci]

@mgencur: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.