Correcting vertex credentials

[JoaoFula]

This PR updates the OpenShift CI configuration for the openshift/lightspeed-service repository to consistently read provider credentials from mounted token files and adds a small debugging step to the main e2e job to help diagnose credential mounting.

Concretely:

• Affected CI configs: ci-operator/config/openshift/lightspeed-service/* (main and per-OCP-version variants).
• What changed:
  • The various e2e and periodic job command blocks were changed to set provider key environment variables to token-file paths (e.g., VERTEX_PROVIDER_KEY_PATH, RHAIIS_PROVIDER_KEY_PATH, AZUREOPENAI_PROVIDER_KEY_PATH, etc.) under /var/run//token instead of the previous directory paths.
  • A debugging line, ls /var/run/vertex, was added to the e2e-ols-cluster test commands in ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main.yaml (placed immediately after exporting VERTEX_PROVIDER_KEY_PATH) to verify the Vertex credential mount.
• Scope and intent: These are CI/operator YAML changes only (no code or public API changes). The change is marked WIP and was intended to trigger a rehearsal run to validate credential mounting and token path usage across e2e and periodic jobs for multiple OCP variants.

[coderabbitai]

Warning

Rate limit exceeded

@JoaoFula has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 7 minutes and 44 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: ae6ee9c5-ec16-4c34-b499-38fab10237b4

📥 Commits

Reviewing files that changed from the base of the PR and between fa37f70 and 593e669.

📒 Files selected for processing (7)

• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.16.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.17.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.18.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.19.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.20.yaml
• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main__4.21.yaml

Walkthrough

Update CI e2e command environment exports to read provider keys from token files (paths end in /token) across multiple OpenShift CI job variants; add a diagnostic ls /var/run/vertex step to the main e2e cluster test command.

Changes

E2E test command environment and diagnostic

Layer / File(s)	Summary
Provider key path -> token file ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main*.yaml (includes ..., __4.16.yaml, __4.17.yaml, __4.18.yaml, __4.19.yaml, __4.20.yaml, __4.21.yaml)	Replaced RHAIIS_PROVIDER_KEY_PATH and VERTEX_PROVIDER_KEY_PATH environment exports that pointed at /var/run/rhaiis and /var/run/vertex with explicit token file paths /var/run/rhaiis/token and /var/run/vertex/token in the e2e and periodic test commands blocks.
Diagnostic listing added ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main.yaml	Inserted ls /var/run/vertex into the e2e-ols-cluster command sequence alongside the updated VERTEX_PROVIDER_KEY_PATH export to surface mounted token contents during test execution.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels: rehearsals-ack

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Correcting vertex credentials' accurately describes the main change across all modified files—updating vertex (and RHAIIS) provider key paths from directories to token files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains only YAML CI configuration changes, no Ginkgo test code. Check for stable test names is not applicable.
Test Structure And Quality	✅ Passed	This PR modifies only YAML CI operator configuration files, not Ginkgo test code. The custom check is for reviewing Ginkgo test code quality, which is not present in this PR.
Microshift Test Compatibility	✅ Passed	MicroShift Test Compatibility check is not applicable. PR only modifies CI configuration YAML files; no new Ginkgo e2e tests are added. Check applies only when new test code is introduced.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are limited to CI operator configuration YAML files that modify environment variable paths for provider credentials. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI operator test configuration files, updating environment variable paths. No deployment manifests, scheduling constraints, or workload definitions are present. Check not applicable.
Ote Binary Stdout Contract	✅ Passed	PR only modifies YAML CI config files. No OTE binary code in PR - OTE binaries are in openshift-tests repo. The ls command is a shell command in test container, not OTE process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are limited to CI operator YAML configuration files updating environment variables and credential paths. Custom check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main.yaml`:
- Line 94: Remove the temporary diagnostic command "ls /var/run/vertex" from the
container command list in the openshift deployment YAML; locate the entry that
runs that shell command (the plain ls /var/run/vertex line) and delete it so the
container spec no longer executes this debugging step before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e340fc93-c379-4ff5-8e07-33c24e0d9952

📥 Commits

Reviewing files that changed from the base of the PR and between 55c6069 and 8ed066c.

📒 Files selected for processing (1)

• ci-operator/config/openshift/lightspeed-service/openshift-lightspeed-service-main.yaml

[JoaoFula]

/pj-rehearse pull-ci-openshift-lightspeed-service-main-e2e-ols-cluster

[openshift-merge-bot]

@JoaoFula: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@JoaoFula: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-lightspeed-service-main-e2e-ols-cluster	openshift/lightspeed-service	presubmit	Ci-operator config changed
pull-ci-openshift-lightspeed-service-main-ols-evaluation	openshift/lightspeed-service	presubmit	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.17-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.21-ols-evaluation-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.19-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.21-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.20-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.20-ols-evaluation-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.16-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.18-e2e-ols-cluster-periodics	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-lightspeed-service-main-4.19-ols-evaluation-periodics	N/A	periodic	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@JoaoFula: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/lightspeed-service/main/e2e-ols-cluster	12361e5	link	unknown	/pj-rehearse pull-ci-openshift-lightspeed-service-main-e2e-ols-cluster

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[sriroopar]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: JoaoFula, sriroopar
Once this PR has been reviewed and has the lgtm label, please assign xrajesh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/lightspeed-service/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[JoaoFula]

/pj-rehearse skip

[openshift-merge-bot]

@JoaoFula: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.