cno: Check CNO network CRD status

[qinqon]

Short description:

Replace the multi-network-policy CRD existence check with a Cluster Network Operator (CNO) status check when toggling useMultiNetworkPolicy.

More details:

The previous wait only verified the multi-networkpolicies.k8s.cni.cncf.io CRD existed/disappeared. That signal is insufficient: enabling/disabling useMultiNetworkPolicy triggers a CNO reconcile that restarts ovn-kubernetes pods, and the CRD can flip ahead of the operator finishing its rollout. Tests proceeded while the cluster network was still converging, leading to flakes.

What this PR does / why we need it:

When multi network policy is activated the tests were just checking that the CRD exists. This is not enough since ovn-kubernetes pods get restarted; the proper way is to wait for the cluster network operator to finish reconciling via its status conditions.

Which issue(s) this PR fixes:

NONE

Special notes for reviewer:

NONE

jira-ticket:

https://redhat.atlassian.net/browse/CNV-83350

Summary by CodeRabbit

• Chores
  • Improved test infrastructure to enable/disable multi-network policy wiring more reliably and to wait for network operator stability using explicit reference timestamps.
• Tests
  • Updated test utilities and fixtures to monitor ClusterOperator reconciliation before and after changes; adjusted test markers/annotations for related scenarios.

[coderabbitai]

Warning

Rate limit exceeded

@qinqon has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 41 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: d3436676-1d1a-4bdb-8c48-e8146e44b341

📥 Commits

Reviewing files that changed from the base of the PR and between e918b1d and 428e47e.

📒 Files selected for processing (3)

• tests/network/flat_overlay/conftest.py
• tests/network/flat_overlay/test_multi_network_policy.py
• tests/network/flat_overlay/utils.py

📝 Walkthrough

Walkthrough

This PR shifts network operator readiness checking from polling a MNP CustomResourceDefinition to monitoring ClusterOperator/network condition states. The fixture now takes explicit reference timestamps before patch operations to verify that operator reconciliation occurred after configuration changes, removing admin_client dependency.

Changes

Network Operator Stability Waiting

Layer / File(s)	Summary
Wait Function & Imports tests/network/flat_overlay/utils.py	Imports replaced: removed CustomResourceDefinition, NamespacedResource, TimeoutExpiredError, and TIMEOUT_3MIN; added datetime, ClusterOperator, and TIMEOUT_10MIN. Function wait_for_multi_network_policy_resources removed. New wait_for_network_operator_stable_conditions(reference_time) polls ClusterOperator(name="network") until Progressing=False, Available=True, Degraded=False, and Progressing.lastTransitionTime >= reference_time.
Fixture Synchronization tests/network/flat_overlay/conftest.py	Fixture enable_multi_network_policy_usage signature changed from (admin_client, network_operator) to (network_operator). Now checks network_operator.instance.spec.get("useMultiNetworkPolicy"), patches the operator spec conditionally, and calls wait_for_network_operator_stable_conditions with explicit datetime.now(tz=UTC) timestamps to synchronize both enable and disable transitions.
Test Marker Updates tests/network/flat_overlay/test_multi_network_policy.py	Removed @pytest.mark.jira("CNV-83350", run=False) and added @pytest.mark.polarion("CNV-10645") in the affected test annotation block; no test logic changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'cno: Check CNO network CRD status' directly addresses the main change: replacing CRD existence checks with CNO status checks for multi-network-policy toggling.
Description check	✅ Passed	The description provides a comprehensive explanation of the problem, the solution, and the rationale. It covers all required template sections with sufficient detail about why the change was needed and what it accomplishes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot-2]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest verify-bugs-are-open - verify-bugs-are-open
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
5. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• EdDev

Reviewers:

• Anatw
• EdDev
• azhivovk
• frenzyfriday
• nirdothan
• orelmisan
• servolkov
• yossisegev

Available Labels

• hold
• verified
• wip
• lgtm
• approve

AI Features

• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/network/flat_overlay/utils.py`:
- Around line 71-79: Add a Google-style "Args" and "Raises" section to the
docstring of wait_for_network_operator_stable_conditions describing the
parameters (reference_time: timezone-aware datetime required), what the function
does (blocks until ClusterOperator/network has reconciled and is stable, up to
TIMEOUT_10MIN), and its return/side effects; in "Raises" document that it raises
TimeoutExpiredError on timeout and any other exceptions it may propagate. Ensure
the Args entry notes the timezone-aware requirement for reference_time and that
the function may block for up to TIMEOUT_10MIN so callers can handle waiting
appropriately.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: fcf90a57-a8a0-4cde-91cc-7e3270221077

📥 Commits

Reviewing files that changed from the base of the PR and between bdafe7b and 8117d28.

📒 Files selected for processing (2)

• tests/network/flat_overlay/conftest.py
• tests/network/flat_overlay/utils.py

[coderabbitai]

♻️ Duplicate comments (1)

tests/network/flat_overlay/utils.py (1)

71-79: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Google-format Args and Raises sections are still missing from the docstring.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/network/flat_overlay/utils.py` around lines 71 - 79, The docstring
shown in tests/network/flat_overlay/utils.py is missing Google-style "Args" and
"Raises" sections; update this docstring (the function that waits for
ClusterOperator/network reconciliation) to include a Google-format Args section
listing parameters (e.g., reference_time, timeout, poll_interval or whatever
parameters the function signature uses) with types and brief descriptions, and a
Raises section that documents exceptions the function can raise (e.g.,
TimeoutError or other runtime exceptions), ensuring formatting follows Google
docstring conventions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@tests/network/flat_overlay/utils.py`:
- Around line 71-79: The docstring shown in tests/network/flat_overlay/utils.py
is missing Google-style "Args" and "Raises" sections; update this docstring (the
function that waits for ClusterOperator/network reconciliation) to include a
Google-format Args section listing parameters (e.g., reference_time, timeout,
poll_interval or whatever parameters the function signature uses) with types and
brief descriptions, and a Raises section that documents exceptions the function
can raise (e.g., TimeoutError or other runtime exceptions), ensuring formatting
follows Google docstring conventions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b1ba7daf-8315-4bc0-813b-704ae4a244c2

📥 Commits

Reviewing files that changed from the base of the PR and between 8117d28 and c02e853.

📒 Files selected for processing (3)

• tests/network/flat_overlay/conftest.py
• tests/network/flat_overlay/test_multi_network_policy.py
• tests/network/flat_overlay/utils.py

💤 Files with no reviewable changes (1)

• tests/network/flat_overlay/test_multi_network_policy.py

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/network/flat_overlay/utils.py`:
- Line 95: Update the function signature for _is_reconciled_and_healthy to
include an explicit boolean return type (add -> bool) so the definition reads
with a return annotation; locate def _is_reconciled_and_healthy() in
tests/network/flat_overlay/utils.py and change it to def
_is_reconciled_and_healthy() -> bool:, leaving the implementation unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f153dfa2-8438-46e7-872a-680a06be49f0

📥 Commits

Reviewing files that changed from the base of the PR and between c02e853 and e918b1d.

📒 Files selected for processing (1)

• tests/network/flat_overlay/utils.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add -> bool return type annotation to _is_reconciled_and_healthy.

Ruff ANN202 flags the missing return type. Per the project guideline — fix the code, never suppress the linter.

🔧 Proposed fix

-    def _is_reconciled_and_healthy():
+    def _is_reconciled_and_healthy() -> bool:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def _is_reconciled_and_healthy():
	def _is_reconciled_and_healthy() -> bool:

🧰 Tools

🪛 Ruff (0.15.12)

[warning] 95-95: Missing return type annotation for private function _is_reconciled_and_healthy

(ANN202)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/network/flat_overlay/utils.py` at line 95, Update the function
signature for _is_reconciled_and_healthy to include an explicit boolean return
type (add -> bool) so the definition reads with a return annotation; locate def
_is_reconciled_and_healthy() in tests/network/flat_overlay/utils.py and change
it to def _is_reconciled_and_healthy() -> bool:, leaving the implementation
unchanged.

[openshift-virtualization-qe-bot-3]

Clean rebase detected — no code changes compared to previous head (e918b1d).
The following labels were preserved: commented-qinqon, commented-coderabbitai[bot].