automate ocp-85743 and ocp-85745

[Xia-Zhao-rh]

Add security validation tests for OLM and Marketplace operator metrics endpoints

This PR adds two test cases to validate that operator metrics endpoints are
properly secured with authentication mechanisms.

Test Cases

OCP-85743: OLM operator metrics endpoints authentication

Validates that OLM core operator metrics endpoints require Bearer token authentication:

• Tests 3 operators: catalog-operator, olm-operator, package-server-manager
• Verifies unauthorized access returns "Unauthorized" error
• Verifies authorized access with prometheus-k8s token successfully retrieves metrics
• Namespace: openshift-operator-lifecycle-manager

OCP-85745: Marketplace operator metrics endpoint mTLS authentication

Validates that marketplace-operator-metrics endpoint requires client certificate (mTLS):

• Verifies unauthorized access fails with "certificate required" error
• Verifies authorized access with client certificate from prometheus pod succeeds
• Uses https-metrics port (8081) specifically
• Namespace: openshift-marketplace
• Skips if marketplace capability is not available

xzha@xzha1-mac tests-extension % ~/run-tests-ote.sh v0 "85743|85745"                                                                                
Generating test list from case IDs...
Found 2 test(s) matching the case IDs

================================================
OLM Version: v0
Test Binary: /Users/xzha/go/src/github.com/openshift/operator-framework-olm/tests-extension/bin/olmv0-tests-ext
Test Source: Case List (85743|85745)
Total tests to run: 2
Log file: result.log
================================================

================================================
[1/2] Running test:
[sig-operator][Jira:OLM] OLMv0 should PolarionID:85743-[OTP]metrics endpoints should be properly secured
================================================

✓ Test PASSED (67s)

================================================
[2/2] Running test:
[sig-operator][Jira:OLM] OLMv0 should PolarionID:85745-[OTP]marketplace-operator-metrics endpoint should require client certificate
================================================

✓ Test PASSED (43s)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Xia-Zhao-rh
Once this PR has been reviewed and has the lgtm label, please assign perdasilva for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Xia-Zhao-rh]

/payload-job periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-azure-ovn-extended-f2

[openshift-ci]

@Xia-Zhao-rh: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-azure-ovn-extended-f2

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/d26e3420-f2b7-11f0-93e6-8ebe5756a111-0

[Xia-Zhao-rh]

/payload-job periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-gcp-ovn-ipi-disconnected-extended-f1

[openshift-ci]

@Xia-Zhao-rh: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-gcp-ovn-ipi-disconnected-extended-f1

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/24716c50-f2b9-11f0-83de-3cabcbe93a9b-0

[openshift-ci]

@Xia-Zhao-rh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Xia-Zhao-rh]

/payload-job periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-gcp-ovn-ipi-disconnected-extended-f1

[openshift-ci]

@Xia-Zhao-rh: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-operator-framework-olm-release-4.22-periodics-e2e-gcp-ovn-ipi-disconnected-extended-f1

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/f6438970-f2e1-11f0-9e9d-576b0e6ba991-0

[Xia-Zhao-rh]

/verified by @Xia-Zhao-rh

[openshift-ci-robot]

@Xia-Zhao-rh: This PR has been marked as verified by @Xia-Zhao-rh.

Details

In response to this:

/verified by @Xia-Zhao-rh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.