Azure / ARO-RP / 25899653565
38%

DEFAULT BRANCH: master
Ran
Jobs 6
Files 960
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 38.438% (-0.1%) from 38.534%
25899653565

push

github

web-flow 
feat: add Holmes investigation admin API endpoint (ARO-25791) (#4754)

* feat: integrate Holmes investigation API into ARO-RP admin API

Add POST /admin/.../openShiftClusters/{name}/investigate endpoint that
runs HolmesGPT diagnostic investigations on ARO clusters.

The endpoint:
- Generates a short-lived (1h) read-only kubeconfig for system:aro-diagnostics
  on each request using the cluster CA from the persisted graph
- Creates an investigation pod on the Hive AKS cluster
- Mounts the ephemeral kubeconfig as a temporary secret
- Streams pod logs back to the client in real-time
- Cleans up pod, configmap, and secret after completion

The diagnostics identity uses a dedicated ClusterRole with read-only
(get/list/watch) permissions, following the principle of least privilege.
No long-lived credentials are stored in CosmosDB.

Relates: ARO-25791

* fix: address code review findings for Holmes investigate API

- Wrap all errors with context in kubeconfig generation
- Move activeInvestigations counter from global to frontend struct
- Use pointerutils.ToPtr() instead of &[]bool{true}[0]

* fix: regenerate bindata with correct octal literal formatting

gofumpt requires 0o755 octal prefix instead of 0755.

* fix: address Copilot PR review feedback

- Fix Content-Type handling: only set text/plain before streaming,
  let adminReply set JSON content-type on error paths
- Only call adminReply on error to avoid corrupting streamed response
- Add automountServiceAccountToken: false to investigation pod
- Add 30s timeout to cleanup context to prevent hanging deletes
- Add GoDoc comment on exported GenerateKubeconfig function

* fix: address remaining Copilot PR review feedback

- Validate Holmes config (API key, base, image) before creating K8s resources
- Only set InsecureSkipTLSVerify when api-int→api rewrite actually occurred
- Set test env vars for Holmes config validation in unit tests

* fix: address second round of Copilot PR review feedback

- Mount only k... (continued)

142 of 568 new or added lines in 9 files covered. (25.0%)

29520 of 76800 relevant lines covered (38.44%)

0.44 hits per line

Uncovered Changes

Lines Coverage File
292
0.0
 pkg/hive/investigate.go
37
0.0
 pkg/frontend/admin_openshiftcluster_investigate_kubeconfig.go
30
68.09
 pkg/frontend/admin_openshiftcluster_investigate.go
28
0.0
 0.0% pkg/operator/controllers/rbac/bindata.go
24
72.41
 pkg/util/holmes/config.go
10
0.0
 0.0% pkg/util/mocks/hive/hive.go
3
0.0
 0.0% pkg/util/version/const.go
1
58.74
 0.0% pkg/cluster/kubeconfig.go
1
93.84
 -0.05% pkg/frontend/frontend.go
Jobs
ID Job ID Ran Files Coverage
1 pkg-util - 25899653565.1 313
20.54
 GitHub Action Run
2 pkg-operator - 25899653565.2 76
48.49
 GitHub Action Run
3 pkg-other - 25899653565.3 293
32.49
 GitHub Action Run
4 cmd - 25899653565.4 13
0.0
 GitHub Action Run
5 pkg-api - 25899653565.5 163
65.85
 GitHub Action Run
6 pkg-frontend - 25899653565.6 102
74.13
 GitHub Action Run
Source Files on build 25899653565