Skip to content

Add multi-violation CEL integration tests for OIDCConfigRef and AuthzConfigRef#4309

Open
ChrisJBurns wants to merge 1 commit intomainfrom
claude/pr-4299-20260321-1418
Open

Add multi-violation CEL integration tests for OIDCConfigRef and AuthzConfigRef#4309
ChrisJBurns wants to merge 1 commit intomainfrom
claude/pr-4299-20260321-1418

Conversation

@ChrisJBurns
Copy link
Collaborator

@ChrisJBurns ChrisJBurns commented Mar 21, 2026
edited
Loading

Summary

Adds some extra test cases to the CEL scenarios

@github-actions @ChrisJBurns
Add multi-violation CEL integration tests for OIDCConfigRef and Authz…
ac2c37d 
…ConfigRef

Test that the API server surfaces multiple CEL violations simultaneously:
- OIDCConfigRef: type=configMap with only inline set triggers both the
  missing-configMap and extra-inline rules at once
- OIDCConfigRef: type=inline with inline+kubernetes set triggers the
  kubernetes-not-allowed rule
- AuthzConfigRef: type=configMap with only inline set triggers both the
  missing-configMap and extra-inline rules at once

Co-authored-by: Chris Burns <ChrisJBurns@users.noreply.github.com>
@github-actions github-actions bot added the size/XS Extra small PR: < 100 lines changed label Mar 21, 2026
@ChrisJBurns
Copy link
Collaborator Author

ChrisJBurns commented Mar 21, 2026

@claude please update the pr description

@claude
Copy link
Contributor

claude bot commented Mar 21, 2026
edited
Loading

Claude finished @ChrisJBurns's task in 1m 18s —— View job

Updating PR Description

  • Gather context
  • Read changed files
  • Update PR description — gh pr edit needs tool approval

The gh pr edit command requires approval from the tool permission system. Below is the proposed PR description — please approve the command or copy it manually into the PR body.

Summary

  • CEL validation added in Add CEL validation to OIDCConfigRef and AuthzConfigRef union types #4299 can surface multiple rule violations in a single API response. This PR verifies that behaviour by adding integration tests that assert multiple violations are reported simultaneously — ensuring users see all their errors at once rather than one at a time.
  • Extends mcpserver_cel_validation_integration_test.go with two new Describe contexts: OIDCConfigRef multi-violation CEL validation and AuthzConfigRef multi-violation CEL validation, each covering scenarios where conflicting field combinations trigger more than one CEL rule failure.

Type of change

  • Other (describe): Integration test coverage for existing CEL validation behaviour

Test plan

  • E2E tests (task test-e2e)

Changes

File Change
cmd/thv-operator/test-integration/mcp-server/mcpserver_cel_validation_integration_test.go Add multi-violation integration test cases for OIDCConfigRef and AuthzConfigRef

Does this introduce a user-facing change?

No

Generated with Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

@JAORMX JAORMX Awaiting requested review from JAORMX JAORMX is a code owner

@jerm-dro jerm-dro Awaiting requested review from jerm-dro jerm-dro is a code owner

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XS Extra small PR: < 100 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ChrisJBurns