STP for Live Update NetworkAttachmentDefinition Reference (VEP 140)

[yossisegev]

STP Metadata

VEP issue: https://github.com/kubevirt/enhancements/blob/main/veps/sig-network/hotpluggable-nad-ref.md

What this PR does

STP for covering updating network (NAD) reference on live VMs.

Special notes for your reviewer

Summary by CodeRabbit

• Documentation
  • Added a comprehensive test plan for the Live Update NetworkAttachmentDefinition Reference feature, covering metadata and conventions, feature overview, motivation and requirements, scope, detailed test strategy (functional, automation, regression, compatibility, upgrade and backward-compatibility), test environment and tools, entry criteria, risks and known limitations, traceability, enumerated test scenarios, and sign-off.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a new Software Test Plan document for LiveUpdateNADRef (hotpluggable NAD reference) covering metadata, conventions, feature overview, requirements, test strategy, detailed test cases (TC-0..TC-11), environment/tooling, risks/limitations, traceability, and sign-off criteria.

Changes

Cohort / File(s)

Summary

Test Planning Documentation stps/sig-network/hotpluggable-nad-ref-stp.md

Adds a comprehensive Software Test Plan for the LiveUpdateNADRef feature: metadata/conventions, feature overview (live-update NAD ref via live migration, bridge binding, LiveUpdateNADRef gate), scope (update spec.networks[].multus.networkName on running VMs), detailed testing strategy (functional, automation, regression, compatibility, upgrade, etc.), environment and tooling requirements, extensive test scenarios (TC-0..TC-11), entry criteria, risks/known limitations, traceability, and sign-off process.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'STP for Live Update NetworkAttachmentDefinition Reference (VEP 140)' accurately and specifically describes the main change: adding a Software Test Plan document for the Live Update NAD Reference feature.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot-3]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest all - Run all available tests

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No WIP, hold, conflict labels
5. Verified: PR must be marked as verified (if verification is enabled)

📊 Review Process

Approvers and Reviewers

Approvers:

• EdDev

Reviewers:

• Anatw
• EdDev
• azhivovk
• servolkov
• yossisegev

Available Labels

• hold
• verified
• wip
• lgtm
• approve

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is automatically removed on each new commit
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@stps/sig-network/hotpluggable-nad-ref-stp.md`:
- Line 32: Fix the typos across the document by replacing the incorrect tokens
with the corrected spellings: change "NAd reference" to "NAD reference",
"dependecny" -> "dependency", "implmenetation" -> "implementation", "backgrond"
-> "background", "letncy cannot be measured,for example" -> "latency cannot be
measured, for example", "evetually" -> "eventually", "is mot affected" -> "is
not affected", "dependancy" -> "dependency", "migartion" -> "migration",
"refelcted" -> "reflected", "environemnt" -> "environment", and "migratin" ->
"migration"; ensure you update each occurrence of the quoted phrases (e.g., the
header/text containing "NAd reference", the paragraphs with
"dependecny"/"implmenetation", the sentence with "letncy...", etc.) so the
document reads correctly and consistently.
- Around line 156-162: Update the traceability table to add a Requirement row
for the "P1 feature-gate disabled behavior" mapping the in-scope item "Verify
behavior when LiveUpdateNADRef feature-gate is disabled (attempting to change
NAD reference produces failure/error)" to a Test Scenario that attempts a
networkName update with the feature-gate off and asserts failure/error, and add
another Requirement row for "MAC preservation" mapping the in-scope item
"Verifying that guest interface identity (e.g. MAC) is preserved where
applicable" to a Test Scenario that changes NAD reference and verifies the guest
MAC is unchanged; also update the existing VEP-140 (NFR) regression row to
explicitly mention "interface hot-plug regression" in the Requirement
Summary/Test Scenario to reflect the specific regression concern named elsewhere
in the document.

[frenzyfriday]

Thanks for the STP! Lgtm in general, just a few questions/comments

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

stps/sig-network/hotpluggable-nad-ref-stp.md (1)

91-92: ⚠️ Potential issue | 🟡 Minor

Fix remaining spelling errors in strategy table entries.

There are still typos in these rows (exisiting, reqiurement, byt, hance). Please correct them to avoid ambiguity in a formal STP.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@stps/sig-network/hotpluggable-nad-ref-stp.md` around lines 91 - 92, Fix typos
in the strategy table entries: in the row that begins with "Dependencies"
replace "exisiting" with "existing" and "reqiurement" with "requirement" (the
cell containing "KubeVirt virt-controller; Multus (just exisiting functionality,
no new reqiurement); optional DNC"), and in the "Cross Integrations" row replace
"byt" with "by" and "hance" with "hence" (the cell containing "Bridge binding in
VMs is tested byt network SIG, hance changes in bridge binding are also under
the network sig testing domain."); update only those words so the rest of the
phrasing remains unchanged.

🧹 Nitpick comments (2)

stps/sig-network/hotpluggable-nad-ref-stp.md (2)

155-161: Optionally reduce Requirement ID repetition in traceability rows.

For rows under the same epic, consider keeping the first Requirement ID populated and leaving subsequent Requirement ID cells empty to reduce redundancy.

Based on learnings: In the openshift-virtualization-tests-design-docs repository, when documenting test scenarios in the "Test Scenarios & Traceability" table where multiple test scenarios fall under the same epic, it's acceptable and preferred to leave the Requirement ID cells empty for subsequent rows after the first row which contains the epic ID.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@stps/sig-network/hotpluggable-nad-ref-stp.md` around lines 155 - 161, The
table repeats the same Requirement ID "VEP-140" across multiple rows; update the
"Test Scenarios & Traceability" table so only the first row for the epic
contains "VEP-140" in the Requirement ID column and remove (empty) the
Requirement ID cells for the subsequent rows that belong to the same epic (rows
containing the summaries "Change NAD reference on running VM...", "Migration
triggered and completes...", "RestartRequired not set...", "No regression in
secondary network...", and "Guest interface identity preserved...") to reduce
redundancy while keeping the Test Scenario(s), Tier, and Priority columns
unchanged.

---

102-102: Consider using version-range wording for long-lived STP clarity.

Instead of a single fixed version (4.22), consider phrasing as 4.22 onward (and optionally note backportability if applicable) to keep this plan accurate across releases.

Based on learnings: In the openshift-virtualization-tests-design-docs repository, when documenting "OCP & OpenShift Virtualization Version(s)" in STP test environment tables, features may specify "v4.X onward" while also noting "Can be backported to all versions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@stps/sig-network/hotpluggable-nad-ref-stp.md` at line 102, Update the version
wording in the STP table entry for "OCP & OpenShift Virtualization Version(s)"
where "4.22" is currently used for the LiveUpdateNADRef feature: replace the
fixed "4.22" with a range-style phrase such as "4.22 onward" and optionally
append a short parenthetical note like "(can be backported where applicable)"
next to the LiveUpdateNADRef mention to indicate long-lived applicability and
backportability.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@stps/sig-network/hotpluggable-nad-ref-stp.md`:
- Line 64: The P2 goal "Verify behavior when LiveUpdateNADRef feature-gate is
disabled (e.g. attempting to change NAD reference produces failure/error)" is
not present in the traceability table; either add a corresponding mapping row in
the traceability table that references this exact P2 goal and points to the
related test cases/requirements, or remove that P2 goal line entirely if it is
out of scope; update the traceability table entries that enumerate
goals-to-tests so the P2 feature-gate-disabled scenario is consistently
represented (or removed) throughout the document.

---

Duplicate comments:
In `@stps/sig-network/hotpluggable-nad-ref-stp.md`:
- Around line 91-92: Fix typos in the strategy table entries: in the row that
begins with "Dependencies" replace "exisiting" with "existing" and "reqiurement"
with "requirement" (the cell containing "KubeVirt virt-controller; Multus (just
exisiting functionality, no new reqiurement); optional DNC"), and in the "Cross
Integrations" row replace "byt" with "by" and "hance" with "hence" (the cell
containing "Bridge binding in VMs is tested byt network SIG, hance changes in
bridge binding are also under the network sig testing domain."); update only
those words so the rest of the phrasing remains unchanged.

---

Nitpick comments:
In `@stps/sig-network/hotpluggable-nad-ref-stp.md`:
- Around line 155-161: The table repeats the same Requirement ID "VEP-140"
across multiple rows; update the "Test Scenarios & Traceability" table so only
the first row for the epic contains "VEP-140" in the Requirement ID column and
remove (empty) the Requirement ID cells for the subsequent rows that belong to
the same epic (rows containing the summaries "Change NAD reference on running
VM...", "Migration triggered and completes...", "RestartRequired not set...",
"No regression in secondary network...", and "Guest interface identity
preserved...") to reduce redundancy while keeping the Test Scenario(s), Tier,
and Priority columns unchanged.
- Line 102: Update the version wording in the STP table entry for "OCP &
OpenShift Virtualization Version(s)" where "4.22" is currently used for the
LiveUpdateNADRef feature: replace the fixed "4.22" with a range-style phrase
such as "4.22 onward" and optionally append a short parenthetical note like
"(can be backported where applicable)" next to the LiveUpdateNADRef mention to
indicate long-lived applicability and backportability.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 540b2da and e844d5c.

📒 Files selected for processing (1)

• stps/sig-network/hotpluggable-nad-ref-stp.md

[EdDev]

I reviewed this STP until the out-of-scope section including.
There are enough items that need attention to stop there.

[EdDev]

Following up on my previous review - there are still 5 items that need attention before approval.

[EdDev]

This is an implementation detail and should not be mentioned. Users don't need to know how the feature is implemented internally. Please rephrase to focus on the user-facing behavior.

Suggested change:

Suggested change

This feature enables VM owners to change the NetworkAttachmentDefinition reference (`networkName`) of a secondary network on a **running** VM without rebooting. When the user updates `spec.networks[].multus.networkName` in the VM spec, the system triggers a Live Migration, so the VM’s new pod will now be plumbed to the new network (e.g., a different VLAN). Today, changing the NAD reference requires a VM restart. The enhancement uses the existing migration path: no reboot, and guest interface properties (e.g., MAC) stay the same.\

This feature enables VM owners to change the NetworkAttachmentDefinition reference (`networkName`) of a secondary network on a **running** VM without rebooting. When the user updates `spec.networks[].multus.networkName` in the VM spec, the VM will be reconnected to the new network (e.g., a different VLAN) without requiring a restart.\

[EdDev]

The LiveUpdateNADRef feature gate is NOT exposed to users and should not be mentioned in the STP. Please remove this reference.

Suggested change:

Suggested change

	| **Special Configurations** | Feature gate | LiveUpdateNADRef enabled for positive tests |
	| **Special Configurations** | N/A | None required |

[EdDev]

The LiveUpdateNADRef feature gate is NOT exposed to users and should not be mentioned in the STP. Please remove this entire line.

[EdDev]

Please use only product/downstream terms, not upstream ones like "Beta/GA".

Suggested change:

Suggested change

	| **Non-Functional Requirements (NFRs)** | [x] | No new NFRs called out. Documentation and E2E coverage required for Beta/GA. | |
	| **Non-Functional Requirements (NFRs)** | [x] | No new NFRs called out. Documentation and E2E coverage required. | |

[EdDev]

Verifying MAC address preservation is too low level. No one changed the NIC identity when updating the VM spec, so it's not expected to change. Instead, check higher-level behavior that actually matters to users, like TCP connection preservation or continuous connectivity. If you need to verify identity preservation in a general manner, use other means.

Consider replacing TC-1 with a test that verifies continuous connectivity or TCP connection preservation during NAD reference change, rather than checking MAC addresses.

[EdDev]

Typo: "exisiting" should be "existing"

Suggested change:

Suggested change

	| Dependencies | Dependent on deliverables from other components/products? | Y | KubeVirt virt-controller; Multus (just exisiting functionality, no new requirement); optional DNC |
	| Dependencies | Dependent on deliverables from other components/products? | Y | KubeVirt virt-controller; Multus (just existing functionality, no new requirement); optional DNC |

[EdDev]

Two issues here:

1. Typo: "exisitng" should be "existing"
2. "via migration" is an implementation detail and should be removed

Suggested change:

Suggested change

	| TC-0 | As a VM owner, I want to be able to connect an exisitng interface to a different network while preserving connectivity. | Change NAD reference on running VM (bridge) via migration; VM on new network and has connectivity | Tier 2 | P0 |
	| TC-0 | As a VM owner, I want to be able to connect an existing interface to a different network while preserving connectivity. | Change NAD reference on running VM (bridge); VM on new network and has connectivity | Tier 2 | P0 |