Merge branch 'main' into test_CK

Author: lnatapov

.pre-commit-config.yaml

@@ -45,3 +45,15 @@ repos:
         additional_dependencies:
           - netaddr
           - jmespath
+
+  # Sync test_operator README with defaults/main.yml
+  - repo: local
+    hooks:
+      - id: sync-test-operator-readme
+        name: Sync test_operator README
+        entry: python scripts/sync_test_operator_var_readme.py
+        language: python
+        files: ^roles/test_operator/defaults/main\.yml$
+        pass_filenames: false
+        additional_dependencies:
+          - PyYAML

CONTRIBUTING.md

@@ -45,19 +45,6 @@ Here is an example, based on a common use-case, on how to use those variables
     oc get openstackdataplane -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
 ~~~
 
-## A few words about using Git
-
-Before you make a pull request, make sure that:
-
-* the title of your git commit message begins with the role
-  name in brackets: `[my_wonderful_role]` or `(my_wonderful_role)`
-* the git commit body message is longer than 10 characters and describes
-  the reason why you added this change
-* sign your git commit using the `Signed-Off-By` option by
-  adding: `--signoff` or `-s` when using the command: `git commit`.
-* if you already make a commit, and you want to add `Signed-Off-By`,
-  use command: `git commit --amend --signoff`
-
 ### Documentation
 
 A new role must get proper documentation. Please edit the README.md located in
@@ -99,6 +86,71 @@ role, and re-run `make role_molecule` to re-generate the the jobs and project li
 
 Please add a note in the role README.md for future reference.
 
+## A few words about using Git
+
+Before you make a pull request, make sure that:
+
+* the title of your git commit message begins with the role
+  name in brackets: `[my_wonderful_role]` or `(my_wonderful_role)`
+* the git commit body message is longer than 10 characters and describes
+  the reason why you added this change
+* sign your git commit using the `Signed-Off-By` option by
+  adding: `--signoff` or `-s` when using the command: `git commit`.
+* if you already make a commit, and you want to add `Signed-Off-By`,
+  use command: `git commit --amend --signoff`
+
+## AI/LLM Assisted Development
+
+When using AI tools for contributions, follow these guidelines to ensure transparency and code quality.
+
+### Attribution Requirements
+
+* **Major AI contribution** (substantial code/logic generation): Use `Co-Authored-By:`
+* **Minor AI assistance** (refactoring/optimization): Use `Assisted-By:`
+
+~~~
+[role_name] Add EDPM validation logic
+
+Implements connectivity tests and health monitoring for EDPM nodes.
+
+Co-Authored-By: Claude Code <noreply@anthropic.com>
+Signed-off-by: Your Name <your.email@example.com>
+~~~
+
+~~~
+[role_name] Refactor validation error handling
+
+Simplified logic and improved debugging messages.
+
+Assisted-By: Gemini <noreply@google.com>
+Signed-off-by: Your Name <your.email@example.com>
+~~~
+
+### Code Quality Requirements
+
+Before submitting AI-assisted code:
+
+* Review all generated code for correctness and security
+* Ensure compliance with existing project patterns and naming conventions
+* Verify no hardcoded credentials or sensitive data exposure
+* Test thoroughly, especially edge cases and error scenarios
+* Add proper documentation and comments
+
+### Review Process
+
+* Complete thorough self-review before PR submission
+* Standard review policy applies (minimum 2 reviewers)
+* Security-sensitive code requires additional maintainer review
+* Disclose AI assistance scope in PR description
+
+### Security and Best Practices
+
+* Never share sensitive project data with AI tools
+* Don't use AI for credential generation or security policy decisions
+* Provide relevant project context when prompting AI tools
+* Use AI as a starting point, not final solution
+* Maintain human oversight throughout development process
+
 ## Adding new script
 
 If you want/need to add a new script (python, bash, perl, ...), please provide

OWNERS_ALIASES

@@ -29,15 +29,13 @@ aliases:
     - lmiccini
     - ccamposr
     - eduolivares
-    - frenzyfriday
 
   dcn-team:
     - fultonj
     - jokke-ilujo
 
   must-gather-team:
     - dprince
-    - olliewalsh
     - gibizer
     - fmount
     - abays

ci/playbooks/collect-logs.yml

@@ -177,7 +177,7 @@
       become: true
       ansible.builtin.shell: |
           journalctl -u kubelet > kubelet.log
-      no_log: true
+      no_log: "{{ cifmw_nolog | default(true) | bool }}"
       args:
         chdir: "{{ ansible_user_dir }}/zuul-output/logs/"
 

ci/playbooks/e2e-collect-logs.yml

@@ -47,7 +47,7 @@
       become: true
       ansible.builtin.shell: |
         journalctl -u kubelet > kubelet.log
-      no_log: true
+      no_log: "{{ cifmw_nolog | default(true) | bool }}"
       args:
         chdir: "{{ ansible_user_dir }}/zuul-output/logs/"
 

ci/playbooks/multinode-customizations.yml

@@ -213,7 +213,7 @@
 
     - name: Set insecure registry on crc node
       ansible.builtin.include_tasks: tasks/set_crc_insecure_registry.yml
-      when: content_provider_registry_ip is defined
+      when: content_provider_registry_ip is defined or cifmw_crc_registry_mirror_content is defined
 
 - hosts: controller
   name: "Tweak Controller"

ci/playbooks/tasks/inherit_parent_scenario.yml

@@ -27,4 +27,4 @@
     - item is exists
   ansible.builtin.include_vars:
     file: "{{ item }}"
-  loop: "{{ _file_list }}"
+  loop: "{{ _file_list | from_yaml }}"

ci/playbooks/tasks/set_crc_insecure_registry.yml

@@ -1,6 +1,7 @@
 ---
 # noqa: schema[playbook]
 - name: Patch the image.config.openshift.io resource to include insecure registry
+  when: content_provider_registry_ip is defined
   ansible.builtin.shell: >-
     oc patch --type=merge --patch='{
     "spec": {
@@ -13,6 +14,7 @@
     }' image.config.openshift.io/cluster
 
 - name: Patch the image.config.openshift.io resource to allow registries
+  when: content_provider_registry_ip is defined
   ansible.builtin.shell: |
     oc patch --type=merge --patch='{
     "spec": {
@@ -28,14 +30,24 @@
     }
     }' image.config.openshift.io/cluster
 
+- name: Add additional allowed registries
+  when: cifmw_crc_additional_allowed_registries is defined
+  ansible.builtin.shell: |
+    oc patch --type=json \
+    --patch='[{"op": "add", "path": "/spec/registrySources/allowedRegistries/-", "value": "{{ item }}"}]' \
+    image.config.openshift.io/cluster
+  loop: "{{ cifmw_crc_additional_allowed_registries }}"
+
 - name: Ensure registries.conf.d exists
   become: true
+  when: cifmw_crc_registry_mirror_content is defined or content_provider_registry_ip is defined
   ansible.builtin.file:
     path: /etc/containers/registries.conf.d
     state: directory
 
 - name: Set Insecure registry for content provider
   become: true
+  when: content_provider_registry_ip is defined
   ansible.builtin.blockinfile:
     state: present
     insertafter: EOF
@@ -49,7 +61,18 @@
       mirror-by-digest-only = false
       prefix = ""
 
+- name: Set registry mirror override
+  when: cifmw_crc_registry_mirror_content is defined
+  become: true
+  ansible.builtin.blockinfile:
+    state: present
+    insertafter: EOF
+    dest: /etc/containers/registries.conf.d/12-override.conf
+    create: true
+    content: "{{ cifmw_crc_registry_mirror_content }}"
+
 - name: Restart crio
+  when: cifmw_crc_registry_mirror_content is defined or content_provider_registry_ip is defined
   become: true
   ansible.builtin.service:
     name: crio

ci/templates/projects.yaml

@@ -8,6 +8,7 @@
     templates:
       - podified-multinode-edpm-ci-framework-pipeline
       - data-plane-adoption-ci-framework-pipeline
+      - whitebox-neutron-tempest-plugin-podified-pipeline
     github-check:
       jobs:
         - noop

common-requirements.txt

@@ -1,7 +1,7 @@
 ansible-core==2.15.13
 oauthlib==3.2.2
-kubernetes==31.0.0
-kubernetes-validate==1.31.0
+kubernetes==35.0.0
+kubernetes-validate==1.35.0
 openstacksdk==4.1.0
 jsonschema==4.23.0
 pyOpenSSL==24.2.1