OCPBUGS-86299: skip upstream LB tests on dual-stack and patch NLB service IPFamilyPolicy

[mtulio]

Summary

Upstream cloud-provider-aws load balancer tests do not support dual-stack clusters — they create single-stack NLB services that fail when the cluster network requires dual-stack IPFamilyPolicy. This PR detects dual-stack configuration from the CCM cloud-config and adapts the test suite accordingly.

Changes

• Exclude upstream LB tests on dual-stack clusters: Detect dual-stack at startup by reading the ipFamilies key from the cloud-config ConfigMap. When the cluster is dual-stack, upstream [cloud-provider-aws-e2e] loadbalancer tests are excluded from the spec selector. When detection fails, upstream LB tests are also excluded (fail-closed) to avoid false positives.

• Patch NLB services for dual-stack: The downstream createServiceNLB helper now sets IPFamilyPolicy=RequireDualStack on NLB services when dual-stack is detected, so the AWSServiceLBNetworkSecurityGroup tests create services matching the cluster's network configuration.

• Add IsDualStack helper: New common.IsDualStack() function parses the ipFamilies config key from the cloud-config ConfigMap and returns true when both IPv4 and IPv6 are present.

Dependencies

Blocked by #464 — this PR builds on top of the HyperShift e2e fixes which introduce GetCloudConfig(), IsConfigPresentCloudConfig(), and the topology-aware cloud-config retrieval required by the dual-stack detection.

Test plan

• Verify upstream LB tests are excluded on dual-stack clusters (list tests should not contain [cloud-provider-aws-e2e] loadbalancer entries)
• Verify upstream LB tests are included on single-stack clusters
• Verify AWSServiceLBNetworkSecurityGroup tests create dual-stack NLB services on dual-stack clusters
• Verify no behavior change on single-stack standalone and HyperShift clusters

🤖 Generated with Claude Code

---

Summary by CodeRabbit

• Documentation

  • Updated AWS Cloud Controller Manager e2e test guide with prerequisites, build instructions, and test execution examples for standalone and HyperShift clusters.

• New Features

  • Added dual-stack configuration detection and support for Network Load Balancers.
  • Added test-skipping capability for management-cluster-dependent tests in HyperShift environments.

• Bug Fixes

  • Improved AWS region resolution with fallback to cluster Infrastructure resource.
  • Fixed regional endpoint handling for AWS client connectivity from management clusters.

[openshift-ci-robot]

@mtulio: This pull request references Jira Issue OCPBUGS-86299, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

This PR adds infrastructure to support OpenShift e2e testing for the AWS Cloud Controller Manager on HyperShift and dual-stack clusters. It introduces shared test helpers for cloud-config retrieval and cluster topology detection, implements region-aware AWS client configuration, integrates dual-stack detection into test selection, and provides comprehensive documentation for the test binary operations.

Changes

Test infrastructure for HyperShift and dual-stack

Layer / File(s)	Summary
Shared helpers for cloud-config and cluster topology openshift-tests/ccm-aws-tests/e2e/common/helper.go, openshift-tests/ccm-aws-tests/go.mod	New GetKubeClient(ctx) loads a typed Kubernetes client; IsExternalTopology(ctx) detects HyperShift; GetCloudConfig(ctx, cs) retrieves cloud-config from standalone or HyperShift management clusters; helpers like IsConfigPresentCloudConfig(cm, key), IsNLBSecurityGroupModeManaged(cm), and IsDualStack(cm) parse cloud-config INI-style values; SkipIfManagementClusterTestsDisabled() conditionally skips tests. go.mod now includes github.com/openshift/api as a direct dependency.
AWS client region validation and endpoint configuration openshift-tests/ccm-aws-tests/e2e/aws/helper.go	Adds awsRegionPattern validator and loadAWSConfig helper that falls back to cluster Infrastructure when SDK region is invalid (e.g., lease UUIDs). ELBv2 and EC2 client construction now conditionally force public regional endpoints via BaseEndpoint, avoiding private endpoint DNS issues when running from a management cluster.
Load balancer test integration with shared helpers openshift-tests/ccm-aws-tests/e2e/aws/loadbalancer.go	Updates NLB security group mode test to use shared common.GetCloudConfig and common.IsNLBSecurityGroupModeManaged instead of direct ConfigMap queries. Removes local cloud-config constants. Enhances createServiceNLB to detect dual-stack configuration and conditionally set IPFamilyPolicy to RequireDualStack.
Test orchestration with dual-stack detection openshift-tests/ccm-aws-tests/main.go	After framework initialization, loads kubeconfig, retrieves cloud-config, and detects dual-stack state. Dynamically excludes upstream loadbalancer tests when dual-stack is detected or detection fails; includes them only on non-dual-stack clusters with successful detection.
E2E test binary documentation docs/dev/e2e-ote-ccm-aws.md	Comprehensive guide covering OTE AWS CCM test binary purpose, spec curation via dot imports, repository structure, prerequisites, build/run instructions for standalone clusters, HyperShift-specific kubeconfig and environment variable handling, management-cluster test skipping via SKIP_MANAGEMENT_CLUSTER_TESTS, and CI integration details including periodic job names and HyperShift environment setup.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

jira/valid-bug, jira/valid-reference

Suggested reviewers

• racheljpg
• theobarberbany
• mfbonfigli

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Microshift Test Compatibility	⚠️ Warning	Tests access FeatureGate and Infrastructure APIs (config.openshift.io/v1) unavailable on MicroShift without any protective tags or checks.	Add [apigroup:config.openshift.io] tag to test name or wrap tests with exutil.IsMicroShiftCluster() check to skip on MicroShift.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 87.50% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names use only static constants; no dynamic values like pod names, timestamps, UUIDs, or node names are embedded in test titles. Test names are stable and deterministic across runs.
Test Structure And Quality	✅ Passed	Tests satisfy all five quality criteria: single responsibility per test, proper BeforeEach/DeferCleanup setup, timeouts on cluster operations, meaningful assertion messages, and consistent patterns.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Six new NLB tests create backend pods on single nodes with no affinity/topology constraints, node scaling, or multi-node assumptions. SNO-compatible from topology perspective.
Topology-Aware Scheduling Compatibility	✅ Passed	All PR changes are in openshift-tests/ccm-aws-tests/ (e2e test code), docs/, and go.mod. No deployment manifests, operator code, controllers, or pod scheduling constraints were added or modified.
Ote Binary Stdout Contract	✅ Passed	No OTE stdout violations. Main.go uses logrus (stderr default), panic/fmt.Errorf (stderr), and framework.Logf only in test context. No fmt.Print or log.SetOutput(os.Stdout) calls found.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	New tests are IPv6 and disconnected-network compatible. They use cluster-internal resources only, detect dual-stack dynamically, and set IPFamilyPolicy accordingly. No hardcoded IPv4 addresses found.
Title check	✅ Passed	The title accurately describes the main changes: skipping upstream load balancer tests on dual-stack clusters and patching NLB service IPFamilyPolicy, which aligns with the dual-stack detection logic and NLB configuration changes throughout the changeset.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mdbooth for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@mtulio: This pull request references Jira Issue OCPBUGS-86299, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Summary by CodeRabbit

• Documentation

• Updated AWS Cloud Controller Manager e2e test guide with prerequisites, build instructions, and test execution examples for standalone and HyperShift clusters.

• New Features

• Added dual-stack configuration detection and support for Network Load Balancers.

• Added test-skipping capability for management-cluster-dependent tests in HyperShift environments.

• Bug Fixes

• Improved AWS region resolution with fallback to cluster Infrastructure resource.

• Fixed regional endpoint handling for AWS client connectivity from management clusters.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@mtulio: This pull request references Jira Issue OCPBUGS-86299, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

Upstream cloud-provider-aws load balancer tests do not support dual-stack clusters — they create single-stack NLB services that fail when the cluster network requires dual-stack IPFamilyPolicy. This PR detects dual-stack configuration from the CCM cloud-config and adapts the test suite accordingly.

Changes

• Exclude upstream LB tests on dual-stack clusters: Detect dual-stack at startup by reading the ipFamilies key from the cloud-config ConfigMap. When the cluster is dual-stack, upstream [cloud-provider-aws-e2e] loadbalancer tests are excluded from the spec selector. When detection fails, upstream LB tests are also excluded (fail-closed) to avoid false positives.

• Patch NLB services for dual-stack: The downstream createServiceNLB helper now sets IPFamilyPolicy=RequireDualStack on NLB services when dual-stack is detected, so the AWSServiceLBNetworkSecurityGroup tests create services matching the cluster's network configuration.

• Add IsDualStack helper: New common.IsDualStack() function parses the ipFamilies config key from the cloud-config ConfigMap and returns true when both IPv4 and IPv6 are present.

Dependencies

Blocked by #464 — this PR builds on top of the HyperShift e2e fixes which introduce GetCloudConfig(), IsConfigPresentCloudConfig(), and the topology-aware cloud-config retrieval required by the dual-stack detection.

Test plan

• Verify upstream LB tests are excluded on dual-stack clusters (list tests should not contain [cloud-provider-aws-e2e] loadbalancer entries)
• Verify upstream LB tests are included on single-stack clusters
• Verify AWSServiceLBNetworkSecurityGroup tests create dual-stack NLB services on dual-stack clusters
• Verify no behavior change on single-stack standalone and HyperShift clusters

🤖 Generated with Claude Code

---

Summary by CodeRabbit

• Documentation

• Updated AWS Cloud Controller Manager e2e test guide with prerequisites, build instructions, and test execution examples for standalone and HyperShift clusters.

• New Features

• Added dual-stack configuration detection and support for Network Load Balancers.

• Added test-skipping capability for management-cluster-dependent tests in HyperShift environments.

• Bug Fixes

• Improved AWS region resolution with fallback to cluster Infrastructure resource.

• Fixed regional endpoint handling for AWS client connectivity from management clusters.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[mtulio]

/payload-job periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-installer-dualstack-ipv6-primary-techpreview

[openshift-ci]

@mtulio: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-installer-dualstack-ipv6-primary-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/dfe82140-5551-11f1-976e-fc5230192bd3-0

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

openshift-tests/ccm-aws-tests/main.go (1)

50-65: 💤 Low value

Consider using a context with timeout for dual-stack detection.

The detection uses context.TODO() which has no timeout. If the cluster is unreachable or slow, this could block indefinitely during test initialization. A bounded context would make startup behavior more predictable.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift-tests/ccm-aws-tests/main.go` around lines 50 - 65, Replace the
unbounded context.TODO() used in the dual-stack detection call chain with a
bounded context: create a context with timeout (e.g.
context.WithTimeout(context.Background(), 30*time.Second)), defer its cancel,
and pass that context into common.GetCloudConfig instead of context.TODO();
ensure error handling/log messages for the LoadConfig -> kclientset.NewForConfig
-> common.GetCloudConfig -> common.IsDualStack sequence still log the error
(including timeout) and that isDualStackCluster and dualStackDetectionReady are
only set when detection completes successfully, and keep the existing
log.Debugf("Dual-stack cluster detected: %v", isDualStackCluster) after
successful detection.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/dev/e2e-ote-ccm-aws.md`:
- Around line 166-168: The quoted test name in the HyperShift run example passed
to the run-test command is missing a closing quote around Managed; update the
test string used in the
./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run-test invocation
(the long bracketed test selector starting with
"[cloud-provider-aws-e2e-openshift] ... with 'Managed value in cloud-config") to
close the single quote around Managed (e.g., "with 'Managed' value in
cloud-config ...") so the quoted test name is well-formed.

In `@openshift-tests/ccm-aws-tests/e2e/common/helper.go`:
- Around line 161-164: The error returned when fetching the ConfigMap via
mgmtClient.CoreV1().ConfigMaps(hcpNamespace).Get(...) drops the underlying err;
update the return to include/wrap the original error (e.g., append ": %w" or
include err with %v) so the failure from Get is preserved and actionable; change
the fmt.Errorf call that currently formats "failed to get HCP cloud-config
ConfigMap %s/%s" to include the err and wrap it using the original err variable
(referencing hcpNamespace and hcpCloudConfigName to locate the site).
- Around line 151-159: The error returns for BuildConfigFromFlags and
NewForConfig discard the underlying error; update the error wrapping in the
blocks where restConfig is built (clientcmd.BuildConfigFromFlags with
mgmtKubeconfig) and where mgmtClient is created (clientset.NewForConfig) to
include the original err (e.g. use fmt.Errorf with %w or include %v) so callers
see the underlying failure details; locate the two error branches around
restConfig and mgmtClient and wrap or append err to the returned fmt.Errorf
messages.

---

Nitpick comments:
In `@openshift-tests/ccm-aws-tests/main.go`:
- Around line 50-65: Replace the unbounded context.TODO() used in the dual-stack
detection call chain with a bounded context: create a context with timeout (e.g.
context.WithTimeout(context.Background(), 30*time.Second)), defer its cancel,
and pass that context into common.GetCloudConfig instead of context.TODO();
ensure error handling/log messages for the LoadConfig -> kclientset.NewForConfig
-> common.GetCloudConfig -> common.IsDualStack sequence still log the error
(including timeout) and that isDualStackCluster and dualStackDetectionReady are
only set when detection completes successfully, and keep the existing
log.Debugf("Dual-stack cluster detected: %v", isDualStackCluster) after
successful detection.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ec60e4a6-62e6-4798-a902-08de766c83c7

📥 Commits

Reviewing files that changed from the base of the PR and between 7f6aa93 and 1d39590.

📒 Files selected for processing (7)

• docs/dev/e2e-ote-ccm-aws.md
• docs/dev/ote-ccm-aws.md
• openshift-tests/ccm-aws-tests/e2e/aws/helper.go
• openshift-tests/ccm-aws-tests/e2e/aws/loadbalancer.go
• openshift-tests/ccm-aws-tests/e2e/common/helper.go
• openshift-tests/ccm-aws-tests/go.mod
• openshift-tests/ccm-aws-tests/main.go

💤 Files with no reviewable changes (1)

• docs/dev/ote-ccm-aws.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix malformed quoted test name in the HyperShift run example.

The example test string appears to miss a closing quote around Managed (with 'Managed value...), which can cause failed copy/paste execution for run-test.

Suggested doc fix

 ./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run-test \
-  "[cloud-provider-aws-e2e-openshift] loadbalancer NLB [OCPFeatureGate:AWSServiceLBNetworkSecurityGroup] should have NLBSecurityGroupMode with 'Managed value in cloud-config [Suite:openshift/conformance/parallel]"
+  "[cloud-provider-aws-e2e-openshift] loadbalancer NLB [OCPFeatureGate:AWSServiceLBNetworkSecurityGroup] should have NLBSecurityGroupMode with 'Managed' value in cloud-config [Suite:openshift/conformance/parallel]"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run-test \
	"[cloud-provider-aws-e2e-openshift] loadbalancer NLB [OCPFeatureGate:AWSServiceLBNetworkSecurityGroup] should have NLBSecurityGroupMode with 'Managed value in cloud-config [Suite:openshift/conformance/parallel]"
	```
	./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run-test \
	"[cloud-provider-aws-e2e-openshift] loadbalancer NLB [OCPFeatureGate:AWSServiceLBNetworkSecurityGroup] should have NLBSecurityGroupMode with 'Managed' value in cloud-config [Suite:openshift/conformance/parallel]"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/dev/e2e-ote-ccm-aws.md` around lines 166 - 168, The quoted test name in
the HyperShift run example passed to the run-test command is missing a closing
quote around Managed; update the test string used in the
./openshift-tests/bin/cloud-controller-manager-aws-tests-ext run-test invocation
(the long bracketed test selector starting with
"[cloud-provider-aws-e2e-openshift] ... with 'Managed value in cloud-config") to
close the single quote around Managed (e.g., "with 'Managed' value in
cloud-config ...") so the quoted test name is well-formed.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Include underlying errors in error messages for better diagnostics.

Lines 153 and 158 discard the underlying error, making debugging harder when these calls fail.

Proposed fix

 	restConfig, err := clientcmd.BuildConfigFromFlags("", mgmtKubeconfig)
 	if err != nil {
-		return nil, fmt.Errorf("failed to load management cluster kubeconfig")
+		return nil, fmt.Errorf("failed to load management cluster kubeconfig: %w", err)
 	}

 	mgmtClient, err := clientset.NewForConfig(restConfig)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create management cluster client")
+		return nil, fmt.Errorf("failed to create management cluster client: %w", err)
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	restConfig, err := clientcmd.BuildConfigFromFlags("", mgmtKubeconfig)
	if err != nil {
	return nil, fmt.Errorf("failed to load management cluster kubeconfig")
	}
	mgmtClient, err := clientset.NewForConfig(restConfig)
	if err != nil {
	return nil, fmt.Errorf("failed to create management cluster client")
	}
	restConfig, err := clientcmd.BuildConfigFromFlags("", mgmtKubeconfig)
	if err != nil {
	return nil, fmt.Errorf("failed to load management cluster kubeconfig: %w", err)
	}
	mgmtClient, err := clientset.NewForConfig(restConfig)
	if err != nil {
	return nil, fmt.Errorf("failed to create management cluster client: %w", err)
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift-tests/ccm-aws-tests/e2e/common/helper.go` around lines 151 - 159,
The error returns for BuildConfigFromFlags and NewForConfig discard the
underlying error; update the error wrapping in the blocks where restConfig is
built (clientcmd.BuildConfigFromFlags with mgmtKubeconfig) and where mgmtClient
is created (clientset.NewForConfig) to include the original err (e.g. use
fmt.Errorf with %w or include %v) so callers see the underlying failure details;
locate the two error branches around restConfig and mgmtClient and wrap or
append err to the returned fmt.Errorf messages.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Include underlying error for ConfigMap fetch failure.

Proposed fix

 	cm, err := mgmtClient.CoreV1().ConfigMaps(hcpNamespace).Get(ctx, hcpCloudConfigName, metav1.GetOptions{})
 	if err != nil {
-		return nil, fmt.Errorf("failed to get HCP cloud-config ConfigMap %s/%s", hcpNamespace, hcpCloudConfigName)
+		return nil, fmt.Errorf("failed to get HCP cloud-config ConfigMap %s/%s: %w", hcpNamespace, hcpCloudConfigName, err)
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cm, err := mgmtClient.CoreV1().ConfigMaps(hcpNamespace).Get(ctx, hcpCloudConfigName, metav1.GetOptions{})
	if err != nil {
	return nil, fmt.Errorf("failed to get HCP cloud-config ConfigMap %s/%s", hcpNamespace, hcpCloudConfigName)
	}
	cm, err := mgmtClient.CoreV1().ConfigMaps(hcpNamespace).Get(ctx, hcpCloudConfigName, metav1.GetOptions{})
	if err != nil {
	return nil, fmt.Errorf("failed to get HCP cloud-config ConfigMap %s/%s: %w", hcpNamespace, hcpCloudConfigName, err)
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift-tests/ccm-aws-tests/e2e/common/helper.go` around lines 161 - 164,
The error returned when fetching the ConfigMap via
mgmtClient.CoreV1().ConfigMaps(hcpNamespace).Get(...) drops the underlying err;
update the return to include/wrap the original error (e.g., append ": %w" or
include err with %v) so the failure from Get is preserved and actionable; change
the fmt.Errorf call that currently formats "failed to get HCP cloud-config
ConfigMap %s/%s" to include the err and wrap it using the original err variable
(referencing hcpNamespace and hcpCloudConfigName to locate the site).