[release-4.20] OCPBUGS-61705: Revert "Handle service-ca cert availability/rotation"

[openshift-cherrypick-robot]

This is an automated cherry-pick of #460

/assign jianzhangbjz

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-60868 has been cloned as Jira Issue OCPBUGS-61705. Will retitle bug to link to clone.
/retitle [release-4.20] OCPBUGS-61705: Revert "Handle service-ca cert availability/rotation"

Details

In response to this:

This is an automated cherry-pick of #460

/assign jianzhangbjz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-61705, which is invalid:

• release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #460

/assign jianzhangbjz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jianzhangbjz]

/jira refresh

[openshift-ci-robot]

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-61705, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-60868 is in the state Verified, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
• dependent Jira Issue OCPBUGS-60868 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (jiazha@redhat.com), skipping review request.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/openshift-e2e-aws-techpreview	7f1f52e	link	false	/test openshift-e2e-aws-techpreview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jianzhangbjz]

Test passed.

1. Build OCP4.20 with this unmerged PR via the cluster-bot.
launch 4.20,openshift/operator-framework-operator-controller#474 aws
jiazha-mac:openshift-tests-private jiazha$ oc get clusterversion
NAME      VERSION                                                AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.20.0-0-2025-09-15-051344-test-ci-ln-w16c692-latest   True        False         17m     Cluster version is 4.20.0-0-2025-09-15-051344-test-ci-ln-w16c692-latest

2. Run the test case
jiazha-mac:openshift-tests-private jiazha$ ./bin/extended-platform-tests run all --dry-run|grep "80458" |./bin/extended-platform-tests run -f -
  I0915 14:12:18.790443 41223 test.go:165] Found authentication type used: 
  I0915 14:12:18.790844 41223 test_context.go:563] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
  I0915 14:12:19.704184 41223 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get node -l node-role.kubernetes.io/worker -o=jsonpath={.items[*].metadata.name}'
  I0915 14:12:21.320943 41223 api.go:57] EnvIsKubernetesCluster = no, start monitoring ClusterOperators and ClusterVersions
started: (0/1/1) "[sig-operators] OLM v1 oprun should Author:jiazha-LEVEL0-ROSA-OSD_CCS-ARO-NonHyperShiftHOST-ConnectedOnly-Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically [Serial]"

  I0915 14:12:25.792976 41229 openshift-tests.go:202] Is kubernetes cluster: no, is external OIDC cluster: no
  I0915 14:12:25.793327 41229 test_context.go:563] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
  I0915 14:12:25.969551 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get node -l node-role.kubernetes.io/worker -o=jsonpath={.items[*].metadata.name}'
  [1757916741] openshift extended e2e - 1/1 specs I0915 14:12:28.316367 41229 clusters.go:324] it is not external oidc cluster
  I0915 14:12:30.533961 41229 client.go:223] configPath is now "/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436"
  I0915 14:12:30.534048 41229 client.go:503] The user is now "e2e-test-default-k4lqm-user"
  I0915 14:12:30.534062 41229 client.go:506] Creating project "e2e-test-default-k4lqm"
  I0915 14:12:30.868509 41229 client.go:515] Waiting on permissions in project "e2e-test-default-k4lqm" ...
  I0915 14:12:31.930720 41229 client.go:576] Waiting for ServiceAccount "default" to be provisioned...
  I0915 14:12:32.296256 41229 client.go:576] Waiting for ServiceAccount "builder" to be provisioned...
  I0915 14:12:32.662340 41229 client.go:576] Waiting for ServiceAccount "deployer" to be provisioned...
  I0915 14:12:33.026762 41229 client.go:586] Waiting for RoleBinding "system:image-builders" to be provisioned...
  I0915 14:12:33.639981 41229 client.go:586] Waiting for RoleBinding "system:deployers" to be provisioned...
  I0915 14:12:34.218471 41229 client.go:586] Waiting for RoleBinding "system:image-pullers" to be provisioned...
  I0915 14:12:34.745986 41229 client.go:617] Project "e2e-test-default-k4lqm" has been fully provisioned.
  I0915 14:12:34.746510 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 new-app --image quay.io/openshifttest/registry@sha256:1106aedc1b2e386520bc2fb797d9a7af47d651db31d8e7ab472f2352da37d1b3 -n e2e-test-default-k4lqm REGISTRY_STORAGE_DELETE_ENABLED=true --import-mode=PreserveOriginal'
  --> Found container image 1106aed (2 seconds old) from quay.io for "quay.io/openshifttest/registry@sha256:1106aedc1b2e386520bc2fb797d9a7af47d651db31d8e7ab472f2352da37d1b3"

      * An image stream tag will be created as "registry:latest" that will track this image

  --> Creating resources ...
      imagestream.image.openshift.io "registry" created
      deployment.apps "registry" created
      service "registry" created
  --> Success
      Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
       'oc expose service/registry' 
      Run 'oc status' to view your app.
  I0915 14:12:41.745770 41229 olmv1_oprun.go:169] Get registry pods: [registry-6bd65cf8f-qh9sl]
  I0915 14:12:41.746258 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 create route edge my-route --service=registry -n e2e-test-default-k4lqm'
  I0915 14:12:42.924722 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 get route my-route -o=jsonpath={.spec.host} -n e2e-test-default-k4lqm'
  I0915 14:12:43.884442 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 set volume deploy registry --add -t pvc --claim-size=30G -m /var/lib/registry --overwrite -n e2e-test-default-k4lqm'
  I0915 14:12:45.340591 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig extract secret/router-ca -n openshift-ingress-operator --to=/tmp --confirm'
  I0915 14:12:46.244159 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig create -n openshift-config configmap trusted-ca-80458 --from-file=my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org=/tmp/tls.crt'
  I0915 14:12:47.163361 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig patch image.config.openshift.io/cluster -p {"spec": {"additionalTrustedCA": {"name": "trusted-ca-80458"}}} --type=merge'
  image.config.openshift.io/cluster patched
  I0915 14:12:52.017752 41229 client.go:1038] showInfo is true
  I0915 14:12:52.018031 41229 client.go:1040] Running 'oc --namespace=e2e-test-default-k4lqm --kubeconfig=/Users/jiazha/bot-kubeconfig process --ignore-unknown-parameters=true -f /var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/fixture-testdata-dir971746908/test/extended/testdata/olm/v1/clustercatalog.yaml -p NAME=clustercatalog-80458 IMAGE=my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/redhat/redhat-operator-index:v4.17'
  I0915 14:12:53.027279 41229 template.go:76] the file of resource is /tmp/e2e-test-default-k4lqm-9qnshmt0config.json.stdout
  I0915 14:12:53.027592 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig apply -f /tmp/e2e-test-default-k4lqm-9qnshmt0config.json.stdout'
  clustercatalog.olm.operatorframework.io/clustercatalog-80458 created
  I0915 14:12:54.202392 41229 catalog.go:112] ========= check clustercatalog clustercatalog-80458 Progressing message expect is manifest unknown =========
  I0915 14:12:59.203888 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}'
  I0915 14:13:00.266883 41229 resource_op.go:186] $oc get [clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}], the returned resource:source catalog content: error creating image source: pinging container registry my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org: Get "https://my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
  I0915 14:13:00.266996 41229 catalog.go:121] got is source catalog content: error creating image source: pinging container registry my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org: Get "https://my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority, not manifest unknown, and try next
  I0915 14:13:04.205387 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}'
  I0915 14:13:05.174842 41229 resource_op.go:186] $oc get [clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}], the returned resource:source catalog content: error creating image source: reading manifest v4.17 in my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/redhat/redhat-operator-index: manifest unknown
  I0915 14:13:05.174985 41229 catalog.go:177] =========Delete clustercatalog clustercatalog-80458=========
  I0915 14:13:05.175014 41229 catalog.go:172] =========DeleteWithoutCheck clustercatalog clustercatalog-80458=========
  I0915 14:13:05.175304 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig delete clustercatalog clustercatalog-80458'
  I0915 14:13:10.459205 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458'
  I0915 14:13:11.356652 41229 client.go:1022] Error running /usr/local/bin/oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458:
  Error from server (NotFound): clustercatalogs.olm.operatorframework.io "clustercatalog-80458" not found
  I0915 14:13:11.356730 41229 resource_op.go:245] the resource is delete successfully
  I0915 14:13:11.356914 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig patch image.config.openshift.io/cluster -p {"spec": {"additionalTrustedCA": {"name": ""}}} --type=merge'
  image.config.openshift.io/cluster patched
  I0915 14:13:13.012227 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig delete -n openshift-config configmap trusted-ca-80458'
  configmap "trusted-ca-80458" deleted
  I0915 14:13:14.453647 41229 client.go:703] Deleted {user.openshift.io/v1, Resource=users  e2e-test-default-k4lqm-user}, err: <nil>
  I0915 14:13:14.720707 41229 client.go:703] Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-default-k4lqm}, err: <nil>
  I0915 14:13:14.987929 41229 client.go:703] Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~K_7rKHcIxSUbG6Fx-KZanGFB612YQm12GrOQlfL6M7M}, err: <nil>
  • SUCCESS! 47.749061333s 
passed: (53.9s) 2025-09-15T06:13:15 "[sig-operators] OLM v1 oprun should Author:jiazha-LEVEL0-ROSA-OSD_CCS-ARO-NonHyperShiftHOST-ConnectedOnly-Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically [Serial]"

1 pass, 0 skip (53.9s)

/verified by Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically
/label qe-approved

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-61705, which is valid.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-60868 is in the state Verified, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
• dependent Jira Issue OCPBUGS-60868 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (jiazha@redhat.com), skipping review request.

Details

In response to this:

This is an automated cherry-pick of #460

/assign jianzhangbjz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jianzhangbjz: This PR has been marked as verified by Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically.

Details

In response to this:

Test passed.

1. Build OCP4.20 with this unmerged PR via the cluster-bot.
launch 4.20,openshift/operator-framework-operator-controller#474 aws
jiazha-mac:openshift-tests-private jiazha$ oc get clusterversion
NAME      VERSION                                                AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.20.0-0-2025-09-15-051344-test-ci-ln-w16c692-latest   True        False         17m     Cluster version is 4.20.0-0-2025-09-15-051344-test-ci-ln-w16c692-latest

2. Run the test case
jiazha-mac:openshift-tests-private jiazha$ ./bin/extended-platform-tests run all --dry-run|grep "80458" |./bin/extended-platform-tests run -f -
 I0915 14:12:18.790443 41223 test.go:165] Found authentication type used: 
 I0915 14:12:18.790844 41223 test_context.go:563] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
 I0915 14:12:19.704184 41223 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get node -l node-role.kubernetes.io/worker -o=jsonpath={.items[*].metadata.name}'
 I0915 14:12:21.320943 41223 api.go:57] EnvIsKubernetesCluster = no, start monitoring ClusterOperators and ClusterVersions
started: (0/1/1) "[sig-operators] OLM v1 oprun should Author:jiazha-LEVEL0-ROSA-OSD_CCS-ARO-NonHyperShiftHOST-ConnectedOnly-Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically [Serial]"

 I0915 14:12:25.792976 41229 openshift-tests.go:202] Is kubernetes cluster: no, is external OIDC cluster: no
 I0915 14:12:25.793327 41229 test_context.go:563] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
 I0915 14:12:25.969551 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get node -l node-role.kubernetes.io/worker -o=jsonpath={.items[*].metadata.name}'
 [1757916741] openshift extended e2e - 1/1 specs I0915 14:12:28.316367 41229 clusters.go:324] it is not external oidc cluster
 I0915 14:12:30.533961 41229 client.go:223] configPath is now "/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436"
 I0915 14:12:30.534048 41229 client.go:503] The user is now "e2e-test-default-k4lqm-user"
 I0915 14:12:30.534062 41229 client.go:506] Creating project "e2e-test-default-k4lqm"
 I0915 14:12:30.868509 41229 client.go:515] Waiting on permissions in project "e2e-test-default-k4lqm" ...
 I0915 14:12:31.930720 41229 client.go:576] Waiting for ServiceAccount "default" to be provisioned...
 I0915 14:12:32.296256 41229 client.go:576] Waiting for ServiceAccount "builder" to be provisioned...
 I0915 14:12:32.662340 41229 client.go:576] Waiting for ServiceAccount "deployer" to be provisioned...
 I0915 14:12:33.026762 41229 client.go:586] Waiting for RoleBinding "system:image-builders" to be provisioned...
 I0915 14:12:33.639981 41229 client.go:586] Waiting for RoleBinding "system:deployers" to be provisioned...
 I0915 14:12:34.218471 41229 client.go:586] Waiting for RoleBinding "system:image-pullers" to be provisioned...
 I0915 14:12:34.745986 41229 client.go:617] Project "e2e-test-default-k4lqm" has been fully provisioned.
 I0915 14:12:34.746510 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 new-app --image quay.io/openshifttest/registry@sha256:1106aedc1b2e386520bc2fb797d9a7af47d651db31d8e7ab472f2352da37d1b3 -n e2e-test-default-k4lqm REGISTRY_STORAGE_DELETE_ENABLED=true --import-mode=PreserveOriginal'
 --> Found container image 1106aed (2 seconds old) from quay.io for "quay.io/openshifttest/registry@sha256:1106aedc1b2e386520bc2fb797d9a7af47d651db31d8e7ab472f2352da37d1b3"

     * An image stream tag will be created as "registry:latest" that will track this image

 --> Creating resources ...
     imagestream.image.openshift.io "registry" created
     deployment.apps "registry" created
     service "registry" created
 --> Success
     Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
      'oc expose service/registry' 
     Run 'oc status' to view your app.
 I0915 14:12:41.745770 41229 olmv1_oprun.go:169] Get registry pods: [registry-6bd65cf8f-qh9sl]
 I0915 14:12:41.746258 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 create route edge my-route --service=registry -n e2e-test-default-k4lqm'
 I0915 14:12:42.924722 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 get route my-route -o=jsonpath={.spec.host} -n e2e-test-default-k4lqm'
 I0915 14:12:43.884442 41229 client.go:1013] Running 'oc --kubeconfig=/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile1045864436 set volume deploy registry --add -t pvc --claim-size=30G -m /var/lib/registry --overwrite -n e2e-test-default-k4lqm'
 I0915 14:12:45.340591 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig extract secret/router-ca -n openshift-ingress-operator --to=/tmp --confirm'
 I0915 14:12:46.244159 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig create -n openshift-config configmap trusted-ca-80458 --from-file=my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org=/tmp/tls.crt'
 I0915 14:12:47.163361 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig patch image.config.openshift.io/cluster -p {"spec": {"additionalTrustedCA": {"name": "trusted-ca-80458"}}} --type=merge'
 image.config.openshift.io/cluster patched
 I0915 14:12:52.017752 41229 client.go:1038] showInfo is true
 I0915 14:12:52.018031 41229 client.go:1040] Running 'oc --namespace=e2e-test-default-k4lqm --kubeconfig=/Users/jiazha/bot-kubeconfig process --ignore-unknown-parameters=true -f /var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/fixture-testdata-dir971746908/test/extended/testdata/olm/v1/clustercatalog.yaml -p NAME=clustercatalog-80458 IMAGE=my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/redhat/redhat-operator-index:v4.17'
 I0915 14:12:53.027279 41229 template.go:76] the file of resource is /tmp/e2e-test-default-k4lqm-9qnshmt0config.json.stdout
 I0915 14:12:53.027592 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig apply -f /tmp/e2e-test-default-k4lqm-9qnshmt0config.json.stdout'
 clustercatalog.olm.operatorframework.io/clustercatalog-80458 created
 I0915 14:12:54.202392 41229 catalog.go:112] ========= check clustercatalog clustercatalog-80458 Progressing message expect is manifest unknown =========
 I0915 14:12:59.203888 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}'
 I0915 14:13:00.266883 41229 resource_op.go:186] $oc get [clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}], the returned resource:source catalog content: error creating image source: pinging container registry my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org: Get "https://my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
 I0915 14:13:00.266996 41229 catalog.go:121] got is source catalog content: error creating image source: pinging container registry my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org: Get "https://my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority, not manifest unknown, and try next
 I0915 14:13:04.205387 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}'
 I0915 14:13:05.174842 41229 resource_op.go:186] $oc get [clustercatalog clustercatalog-80458 -o jsonpath={.status.conditions[?(@.type=="Progressing")].message}], the returned resource:source catalog content: error creating image source: reading manifest v4.17 in my-route-e2e-test-default-k4lqm.apps.ci-ln-w16c692-76ef8.aws-2.ci.openshift.org/redhat/redhat-operator-index: manifest unknown
 I0915 14:13:05.174985 41229 catalog.go:177] =========Delete clustercatalog clustercatalog-80458=========
 I0915 14:13:05.175014 41229 catalog.go:172] =========DeleteWithoutCheck clustercatalog clustercatalog-80458=========
 I0915 14:13:05.175304 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig delete clustercatalog clustercatalog-80458'
 I0915 14:13:10.459205 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458'
 I0915 14:13:11.356652 41229 client.go:1022] Error running /usr/local/bin/oc --kubeconfig=/Users/jiazha/bot-kubeconfig get clustercatalog clustercatalog-80458:
 Error from server (NotFound): clustercatalogs.olm.operatorframework.io "clustercatalog-80458" not found
 I0915 14:13:11.356730 41229 resource_op.go:245] the resource is delete successfully
 I0915 14:13:11.356914 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig patch image.config.openshift.io/cluster -p {"spec": {"additionalTrustedCA": {"name": ""}}} --type=merge'
 image.config.openshift.io/cluster patched
 I0915 14:13:13.012227 41229 client.go:1013] Running 'oc --kubeconfig=/Users/jiazha/bot-kubeconfig delete -n openshift-config configmap trusted-ca-80458'
 configmap "trusted-ca-80458" deleted
 I0915 14:13:14.453647 41229 client.go:703] Deleted {user.openshift.io/v1, Resource=users  e2e-test-default-k4lqm-user}, err: <nil>
 I0915 14:13:14.720707 41229 client.go:703] Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-default-k4lqm}, err: <nil>
 I0915 14:13:14.987929 41229 client.go:703] Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~K_7rKHcIxSUbG6Fx-KZanGFB612YQm12GrOQlfL6M7M}, err: <nil>
 • SUCCESS! 47.749061333s 
passed: (53.9s) 2025-09-15T06:13:15 "[sig-operators] OLM v1 oprun should Author:jiazha-LEVEL0-ROSA-OSD_CCS-ARO-NonHyperShiftHOST-ConnectedOnly-Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically [Serial]"

1 pass, 0 skip (53.9s)

/verified by Critical-80458-clustercatalog get x509 error since it cannot get the custom CA automatically
/label qe-approved

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[perdasilva]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: openshift-cherrypick-robot, perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tmshort]

/label backport-risk-assessed

[openshift-ci]

@tmshort: Can not set label backport-risk-assessed: Must be member in one of these teams: [openshift-patch-managers openshift-release-oversight openshift-staff-engineers openshift-sustaining-engineers]

Details

In response to this:

/label backport-risk-assessed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[joelanford]

/label backport-risk-assessed

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue Verification Checks: Jira Issue OCPBUGS-61705
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-61705 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

This is an automated cherry-pick of #460

/assign jianzhangbjz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.