OCPBUGS-15157: Replace wildcard permissions with explicit verbs and resources in MCC ClusterRole

[isabella-janssen]

Closes: OCPBUGS-15157

- What I did
This replaces the wildcard permissions in the MCC ClusterRole with explicit verbs and resources. Note that this PR was written with the assistance of Claude.

- How to verify it
All tests should continue passing.

- Description for the changelog
OCPBUGS-15157: Replace wildcard permissions with explicit verbs and resources in MCC ClusterRole

Summary by CodeRabbit

• Chores
  • Tightened RBAC for the machine-config-controller by replacing broad wildcard permissions with explicit, resource-scoped rules across relevant API groups, reducing privilege scope.
• New Features
  • Added a dedicated role and rolebinding to grant controlled configmap management (get/list/watch/create/update/delete) for the controller in target namespaces.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

This PR tightens machine-config-controller RBAC by replacing wildcard ClusterRole rules with explicit resource-scoped rules, adds a namespace-scoped Role and RoleBinding for configmaps, and wires those new manifests into the operator sync logic.

Changes

RBAC Permission Refinement and Namespace-Scoped Access

Layer / File(s)	Summary
ClusterRole Rule Consolidation manifests/machineconfigcontroller/clusterrole.yaml	Replaces broad wildcard RBAC rules with explicit, narrowly-scoped rules across multiple apiGroups: adds detailed machineconfiguration.openshift.io rules (including finalizers subresource), explicit core secrets rule (including delete), splits config.openshift.io into general and status rules, expands operator.openshift.io to include machineconfigurations and machineconfigurations/status, adds machine.openshift.io read/patch rules for machine resources, narrows coordination.k8s.io lease verbs to create/get/update, and adds aro.openshift.io clusters get.
Namespace-Scoped ConfigMaps Role & Binding manifests/machineconfigcontroller/configmaps-role-target.yaml, manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml	Adds a new Role machine-config-controller-configmaps in {{.TargetNamespace}} granting get,list,watch,create,update,delete on core configmaps, and a RoleBinding that binds the machine-config-controller ServiceAccount to that Role.
Operator Sync Integration pkg/operator/sync.go	Adds constants mccConfigMapsRoleTargetManifestPath and mccConfigMapsRoleBindingTargetManifestPath, and includes them in syncMachineConfigController by appending to the paths.roles and paths.roleBindings manifest lists so the new Role/RoleBinding are rendered/applied.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo test files or test name definitions were modified in this PR. The check is not applicable—PR contains only RBAC manifest changes and Go source code constants, no test code.
Test Structure And Quality	✅ Passed	Custom check for Ginkgo test structure is not applicable. The PR modifies YAML manifests and a Go source file (pkg/operator/sync.go) but contains no test files or test code.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. Changes are limited to RBAC manifests and pkg/operator/sync.go. MicroShift test compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. Changes are limited to Kubernetes RBAC manifests and Go operator code. The custom check for SNO test compatibility is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR introduces RBAC manifests only (ClusterRole, Role, RoleBinding). No scheduling constraints, pod affinity rules, topology spread constraints, or topology-specific assumptions are introduced.
Ote Binary Stdout Contract	✅ Passed	OTE Binary Stdout Contract check is not applicable. PR modifies RBAC manifests and operator sync code, not OTE binaries or test entry points. No process-level stdout writes detected.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes consist only of RBAC manifest updates and operator sync code modifications. The check does not apply.
Title check	✅ Passed	The title accurately summarizes the main change: replacing wildcard permissions with explicit verbs and resources in the MCC ClusterRole, which is the primary focus of the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: isabella-janssen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [isabella-janssen]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

manifests/machineconfigcontroller/clusterrole.yaml (1)

12-14: 💤 Low value

Cluster-wide secrets management flagged by static analysis.

Trivy flags this rule (KSV-0041) for granting cluster-wide secrets management permissions. While this may be necessary for the MCC to function (e.g., managing pull secrets, certificates), consider whether these permissions could be scoped to specific namespaces via a namespaced Role instead of a ClusterRole to follow the principle of least privilege.

If cluster-wide access is genuinely required, this is acceptable but should be documented.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@manifests/machineconfigcontroller/clusterrole.yaml` around lines 12 - 14, The
ClusterRole grants cluster-wide secret and configmap management; either narrow
it to a namespaced Role or document justification: replace the ClusterRole that
contains resources ["configmaps","secrets"] and verbs
["get","list","watch","create","update","delete"] with a Role scoped to the
specific namespace(s) the controller operates in and update any RoleBinding(s)
(instead of ClusterRoleBinding) to bind the controller ServiceAccount, or if
cluster-wide access is truly required, keep the ClusterRole but add a clear
comment/markdown entry documenting why cluster scope is necessary and reference
the ClusterRole name so auditors can find the justification.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@manifests/machineconfigcontroller/clusterrole.yaml`:
- Around line 9-11: The RBAC rule for apiGroups:
["machineconfiguration.openshift.io"] is missing the machineosconfigs and
machineosbuilds resources used by pkg/operator/sync.go (list at line ~1613) and
pkg/controller/build/reconciler.go (status updates); update the resources array
in clusterrole.yaml to include "machineosconfigs", "machineosconfigs/status",
"machineosbuilds", and "machineosbuilds/status" and ensure the verbs for those
entries include the same verbs as the other resources (e.g.,
"get","list","watch","create","update","patch") so list operations and status
updates are permitted.

---

Nitpick comments:
In `@manifests/machineconfigcontroller/clusterrole.yaml`:
- Around line 12-14: The ClusterRole grants cluster-wide secret and configmap
management; either narrow it to a namespaced Role or document justification:
replace the ClusterRole that contains resources ["configmaps","secrets"] and
verbs ["get","list","watch","create","update","delete"] with a Role scoped to
the specific namespace(s) the controller operates in and update any
RoleBinding(s) (instead of ClusterRoleBinding) to bind the controller
ServiceAccount, or if cluster-wide access is truly required, keep the
ClusterRole but add a clear comment/markdown entry documenting why cluster scope
is necessary and reference the ClusterRole name so auditors can find the
justification.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: adf54928-9c34-47b3-8b98-75fe20947d21

📥 Commits

Reviewing files that changed from the base of the PR and between 74b5b1b and 6568736.

📒 Files selected for processing (1)

• manifests/machineconfigcontroller/clusterrole.yaml

[coderabbitai]

🧹 Nitpick comments (1)

manifests/machineconfigcontroller/clusterrole.yaml (1)

15-17: 💤 Low value

Cluster-wide secrets access is intentional but warrants documentation.

Static analysis flags this as a security concern (KSV-0041), but per the PR objectives, secrets remain cluster-scoped due to the cluster-wide informer requirement. The controller accesses secrets from multiple namespaces (MCO namespace, openshift-config, openshift-config-managed).

Consider adding a comment in the manifest or documentation explaining why cluster-wide secret access is necessary, to help future reviewers understand this architectural decision.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@manifests/machineconfigcontroller/clusterrole.yaml` around lines 15 - 17, Add
a clear justification comment/annotation to the ClusterRole that grants
cluster-scoped access to "secrets" (apiGroups: [""], resources: ["secrets"],
verbs: ["get","list","watch","create","update","delete"]) explaining that the
controller requires a cluster-wide secrets informer to read secrets from the MCO
namespace as well as openshift-config and openshift-config-managed; include the
security reference (KSV-0041) and note that this is an intentional architectural
choice to aid future reviewers and auditors.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@manifests/machineconfigcontroller/clusterrole.yaml`:
- Around line 15-17: Add a clear justification comment/annotation to the
ClusterRole that grants cluster-scoped access to "secrets" (apiGroups: [""],
resources: ["secrets"], verbs:
["get","list","watch","create","update","delete"]) explaining that the
controller requires a cluster-wide secrets informer to read secrets from the MCO
namespace as well as openshift-config and openshift-config-managed; include the
security reference (KSV-0041) and note that this is an intentional architectural
choice to aid future reviewers and auditors.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: dfc0e9e6-2b6b-4d1b-87ce-b0b1e877f573

📥 Commits

Reviewing files that changed from the base of the PR and between 6568736 and 3047a2e.

📒 Files selected for processing (4)

• manifests/machineconfigcontroller/clusterrole.yaml
• manifests/machineconfigcontroller/configmaps-role-target.yaml
• manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml
• pkg/operator/sync.go

✅ Files skipped from review due to trivial changes (1)

• manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml

[isabella-janssen]

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2 periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

[openshift-ci]

@isabella-janssen: trigger 8 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/9a54aeb0-4948-11f1-97df-c2fe2d4c9954-0

[isabella-janssen]

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2 periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

[openshift-ci]

@isabella-janssen: trigger 8 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/c04fe680-494c-11f1-9a60-486def3e988a-0

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml`:
- Around line 6-8: The RoleBinding's roleRef is missing the required apiGroup;
update the roleRef for the Role named "machine-config-controller-configmaps" by
adding apiGroup: rbac.authorization.k8s.io alongside kind: Role and name:
machine-config-controller-configmaps so the RoleBinding's roleRef explicitly
includes apiGroup for consistent behavior across Kubernetes versions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 445d8f66-cfe6-48ec-bdb0-daf4ebadddf7

📥 Commits

Reviewing files that changed from the base of the PR and between 3047a2e and 3fdce3c.

📒 Files selected for processing (4)

• manifests/machineconfigcontroller/clusterrole.yaml
• manifests/machineconfigcontroller/configmaps-role-target.yaml
• manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml
• pkg/operator/sync.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@manifests/machineconfigcontroller/clusterrole.yaml`:
- Around line 10-14: Restore the missing RBAC permissions by adding "delete"
back to the verbs array for the machineconfiguration.openshift.io rule (the rule
that currently has verbs: ["get","list","watch","create","update","patch"]) and
ensure the apiGroups: ["machineconfiguration.openshift.io"] entry is present for
that rule; also include "machineosbuilds/finalizers" in the finalizers resources
array (the list containing "controllerconfigs/finalizers",
"kubeletconfigs/finalizers", etc.) so MachineConfigNodes, MachineConfigs,
MachineOSBuilds Delete() calls and MachineOSBuilds.UpdateStatus() have the
required permissions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a2d3a6fd-b551-4542-956a-a6055fc2c9af

📥 Commits

Reviewing files that changed from the base of the PR and between 3fdce3c and e963398.

📒 Files selected for processing (4)

• manifests/machineconfigcontroller/clusterrole.yaml
• manifests/machineconfigcontroller/configmaps-role-target.yaml
• manifests/machineconfigcontroller/configmaps-rolebinding-target.yaml
• pkg/operator/sync.go

[isabella-janssen]

/test all

[isabella-janssen]

/test e2e-gcp-op-ocl-part1
/test e2e-gcp-op-ocl-part2
/test images
/test e2e-aws-ovn
/test e2e-aws-ovn-upgrade
/test e2e-gcp-op-part1
/test e2e-gcp-op-part2
/test e2e-gcp-op-single-node
/test e2e-hypershift

[openshift-ci]

@isabella-janssen: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-op-single-node	091180b	link	true	/test e2e-gcp-op-single-node
ci/prow/e2e-gcp-op-part2	091180b	link	true	/test e2e-gcp-op-part2
ci/prow/e2e-gcp-op-ocl-part1	091180b	link	true	/test e2e-gcp-op-ocl-part1
ci/prow/e2e-gcp-op-part1	091180b	link	true	/test e2e-gcp-op-part1
ci/prow/e2e-gcp-op-ocl-part2	091180b	link	true	/test e2e-gcp-op-ocl-part2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[isabella-janssen]

/retest-required

[isabella-janssen]

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2 periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

[openshift-ci]

@isabella-janssen: trigger 8 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/12c767a0-4a3b-11f1-8d1f-40bcd12b6d31-0

[openshift-ci-robot]

@isabella-janssen: This pull request references Jira Issue OCPBUGS-15157, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sergiordlr

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Closes: OCPBUGS-15157

- What I did
This replaces the wildcard permissions in the MCC ClusterRole with explicit verbs and resources. Note that this PR was written with the assistance of Claude.

- How to verify it
All tests should continue passing.

- Description for the changelog
OCPBUGS-15157: Replace wildcard permissions with explicit verbs and resources in MCC ClusterRole

Summary by CodeRabbit

• Chores
• Tightened RBAC for the machine-config-controller by replacing broad wildcard permissions with explicit, resource-scoped rules across relevant API groups, reducing privilege scope.
• New Features
• Added a dedicated role and rolebinding to grant controlled configmap management (get/list/watch/create/update/delete) for the controller in target namespaces.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[isabella-janssen]

/retest

[isabella-janssen]

/retest

[isabella-janssen]

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2 periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3 periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3 periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

[openshift-ci]

@isabella-janssen: trigger 8 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-1of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-2of3
• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/6bd7ac00-4d43-11f1-8e6e-00ce6a3901d2-0

[isabella-janssen]

/payload-job periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

[openshift-ci]

@isabella-janssen: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-machine-config-operator-release-4.22-periodics-e2e-aws-mco-disruptive-techpreview-3of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/69898960-4d5b-11f1-9ee0-f58eaf1aac78-0

[isabella-janssen]

/test e2e-gcp-op-part1