Azure / ARO-RP / 25899653565 / 3
38%
master: 38%

DEFAULT BRANCH: master
Ran
Files 293
Run time 7s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 32.494% (-0.3%) from 32.768%
25899653565.3

push

github

web-flow 
feat: add Holmes investigation admin API endpoint (ARO-25791) (#4754)

* feat: integrate Holmes investigation API into ARO-RP admin API

Add POST /admin/.../openShiftClusters/{name}/investigate endpoint that
runs HolmesGPT diagnostic investigations on ARO clusters.

The endpoint:
- Generates a short-lived (1h) read-only kubeconfig for system:aro-diagnostics
  on each request using the cluster CA from the persisted graph
- Creates an investigation pod on the Hive AKS cluster
- Mounts the ephemeral kubeconfig as a temporary secret
- Streams pod logs back to the client in real-time
- Cleans up pod, configmap, and secret after completion

The diagnostics identity uses a dedicated ClusterRole with read-only
(get/list/watch) permissions, following the principle of least privilege.
No long-lived credentials are stored in CosmosDB.

Relates: ARO-25791

* fix: address code review findings for Holmes investigate API

- Wrap all errors with context in kubeconfig generation
- Move activeInvestigations counter from global to frontend struct
- Use pointerutils.ToPtr() instead of &[]bool{true}[0]

* fix: regenerate bindata with correct octal literal formatting

gofumpt requires 0o755 octal prefix instead of 0755.

* fix: address Copilot PR review feedback

- Fix Content-Type handling: only set text/plain before streaming,
  let adminReply set JSON content-type on error paths
- Only call adminReply on error to avoid corrupting streamed response
- Add automountServiceAccountToken: false to investigation pod
- Add 30s timeout to cleanup context to prevent hanging deletes
- Add GoDoc comment on exported GenerateKubeconfig function

* fix: address remaining Copilot PR review feedback

- Validate Holmes config (API key, base, image) before creating K8s resources
- Only set InsecureSkipTLSVerify when api-int→api rewrite actually occurred
- Set test env vars for Holmes config validation in unit tests

* fix: address second round of Copilot PR review feedback

- Mount only k... (continued)

11100 of 34160 relevant lines covered (32.49%)

0.37 hits per line

Source Files on job pkg-other - 25899653565.3