HIVE-3097: Go+K8s bump + Installer revendor#2901
Open
suhanime wants to merge 7 commits into
Open
Conversation
suhanime
changed the title
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughBumps Go toolchain and builder/base images to Go 1.25 across CI/Docker; removes the vendored gogo/protobuf runtime; updates many OpenShift API types/validations and generated deepcopy/swagger/CRD manifests; refreshes multiple vendored libraries and small vendor fixes. ChangesBuild & Toolchain
Vendored runtime removal & API model changes
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
openshift-ci-robot
added
the
jira/valid-reference
|
@suhanime: This pull request references HIVE-3097 which is a valid jira issue. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: suhanime The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apis/vendor/github.com/openshift/api/config/v1/types_authentication.go`:
- Line 8: The ExternalOIDCWithUpstreamParity feature gate is declared for
oidcProviders validation but not wired to enable the corresponding enum path and
status fields; update the feature-gate plumbing so enabling
ExternalOIDCWithUpstreamParity unlocks AuthenticationTypeOIDC and populates
AuthenticationStatus.OIDCClients. Concretely, extend the
FeatureGateAwareXValidation annotations that reference spec.oidcProviders (and
the similar annotations at the other locations noted) to also allow the enum
value AuthenticationTypeOIDC and the status field OIDCClients when
ExternalOIDCWithUpstreamParity is enabled, and ensure the server-side
schema/validation that governs the Authentication type enum (AuthenticationType)
and the AuthenticationStatus struct checks feature gate
ExternalOIDCWithUpstreamParity before rejecting or omitting OIDCClients; target
the validation blocks referencing oidcProviders, AuthenticationTypeOIDC, and
AuthenticationStatus.OIDCClients so the new gate consistently enables the enum
path and status field.
- Around line 628-630: Update the Kubebuilder validation comment markers that
currently use the wrong assignment operator; change the two markers containing
"kubebuilder:validation:MinLength:=1" and
"kubebuilder:validation:MaxLength:=256" to use "=" instead of ":=" so they read
"kubebuilder:validation:MinLength=1" and "kubebuilder:validation:MaxLength=256"
(these comments are adjacent to the optional field marker in
types_authentication.go).
In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go`:
- Around line 899-903: The doc comment for the "conditions" field currently says
the list "must not contain more than one entry" but the kubebuilder validation
tags (XValidation exists_one, +kubebuilder:validation:MaxItems=8,
+kubebuilder:validation:MinItems=1) allow 1–8 entries; update the comment on the
conditions field in types_cluster_version.go to reflect the actual schema (e.g.,
state that conditions must contain between 1 and 8 entries and must include a
condition of type 'Applies'), keeping the existing validation tags intact.
In `@apis/vendor/github.com/openshift/api/config/v1/types_feature.go`:
- Around line 56-61: Add the OKD value to the hive API validation and mapping:
update the FeatureSet enum validation (the +kubebuilder:validation:Enum tag on
the FeatureSet type) to include "OKD", and add an "OKD" entry to the FeatureSets
map (the FeatureSets variable) mapping to the same set of enabled feature gates
intended for OKD so lookups like fg.FeatureSet == "OKD" return the populated
feature-gates slice; modify hiveconfig_types.go where FeatureSet and FeatureSets
are declared and ensure the OKD entry mirrors the correct enabled gates used by
other fixed sets.
In `@apis/vendor/github.com/openshift/api/config/v1/types_ingress.go`:
- Line 46: Replace the CEL XValidation rule on the domain field so it allows
initial population but enforces immutability thereafter; specifically update the
kubebuilder validation tag (the line with
"+kubebuilder:validation:XValidation:rule="self == oldSelf"") to use the pattern
"!has(oldSelf) || self == oldSelf" so CREATE (when oldSelf is absent) is
permitted and UPDATE requires equality to oldSelf.
In
`@apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go`:
- Line 2933: The docstring for the "profileCustomizations" swagger entry
contains a stray apostrophe in "enabled by' default"; open
zz_generated.swagger_doc_generated.go and update the string value for
"profileCustomizations" to read "enabled by default" (remove the extra
apostrophe), then regenerate or re-run the swagger/code generation that produced
zz_generated.swagger_doc_generated.go so the change persists in generated
artifacts.
In
`@apis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go`:
- Line 56: The unconditional DNS1123 subdomain validation was applied to
CPMSMachineNamePrefix by removing the FeatureGateAwareXValidation marker; either
restore the FeatureGateAwareXValidation annotation for CPMSMachineNamePrefix
with the correct feature gate name to make the rule conditional, or, if the
field should now always be validated, update the API/comments to reflect that
the field is no longer feature-gated and ensure any feature-gate checks or
gating logic for CPMSMachineNamePrefix elsewhere in the codebase are
removed/adjusted to avoid inconsistent behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: a7c082f4-03b7-4b34-a340-cdc01e30b550
⛔ Files ignored due to path filters (18)
apis/go.sumis excluded by!**/*.sumapis/vendor/k8s.io/api/authorization/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.gois excluded by!**/*.pb.gogo.sumis excluded by!**/*.sum
📒 Files selected for processing (282)
.tekton/hive-mce-210-pull-request.yaml.tekton/hive-mce-210-push.yaml.tekton/hive-mce-211-pull-request.yaml.tekton/hive-mce-211-push.yaml.tekton/hive-mce-217-pull-request.yaml.tekton/hive-mce-217-push.yaml.tekton/hive-mce-26-pull-request.yaml.tekton/hive-mce-26-push.yaml.tekton/hive-mce-27-pull-request.yaml.tekton/hive-mce-27-push.yaml.tekton/hive-mce-28-pull-request.yaml.tekton/hive-mce-28-push.yaml.tekton/hive-mce-29-pull-request.yaml.tekton/hive-mce-29-push.yaml.tekton/hive-mce-50-pull-request.yaml.tekton/hive-mce-50-push.yaml.tekton/hive-mce-51-pull-request.yaml.tekton/hive-mce-51-push.yaml.tekton/hive-pull-request.yaml.tekton/hive-push.yamlDockerfileMakefileapis/go.modapis/vendor/github.com/gogo/protobuf/AUTHORSapis/vendor/github.com/gogo/protobuf/CONTRIBUTORSapis/vendor/github.com/gogo/protobuf/LICENSEapis/vendor/github.com/gogo/protobuf/proto/Makefileapis/vendor/github.com/gogo/protobuf/proto/clone.goapis/vendor/github.com/gogo/protobuf/proto/custom_gogo.goapis/vendor/github.com/gogo/protobuf/proto/decode.goapis/vendor/github.com/gogo/protobuf/proto/deprecated.goapis/vendor/github.com/gogo/protobuf/proto/discard.goapis/vendor/github.com/gogo/protobuf/proto/duration.goapis/vendor/github.com/gogo/protobuf/proto/duration_gogo.goapis/vendor/github.com/gogo/protobuf/proto/encode.goapis/vendor/github.com/gogo/protobuf/proto/encode_gogo.goapis/vendor/github.com/gogo/protobuf/proto/equal.goapis/vendor/github.com/gogo/protobuf/proto/extensions.goapis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.goapis/vendor/github.com/gogo/protobuf/proto/lib.goapis/vendor/github.com/gogo/protobuf/proto/lib_gogo.goapis/vendor/github.com/gogo/protobuf/proto/message_set.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.goapis/vendor/github.com/gogo/protobuf/proto/properties.goapis/vendor/github.com/gogo/protobuf/proto/properties_gogo.goapis/vendor/github.com/gogo/protobuf/proto/skip_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_merge.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text.goapis/vendor/github.com/gogo/protobuf/proto/text_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text_parser.goapis/vendor/github.com/gogo/protobuf/proto/timestamp.goapis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.goapis/vendor/github.com/gogo/protobuf/proto/wrappers.goapis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.goapis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.goapis/vendor/github.com/openshift/api/config/v1/types_apiserver.goapis/vendor/github.com/openshift/api/config/v1/types_authentication.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_version.goapis/vendor/github.com/openshift/api/config/v1/types_feature.goapis/vendor/github.com/openshift/api/config/v1/types_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_infrastructure.goapis/vendor/github.com/openshift/api/config/v1/types_ingress.goapis/vendor/github.com/openshift/api/config/v1/types_insights.goapis/vendor/github.com/openshift/api/config/v1/types_network.goapis/vendor/github.com/openshift/api/config/v1/types_scheduling.goapis/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.goapis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/operator/v1/types_console.goapis/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.goapis/vendor/github.com/openshift/api/operator/v1/types_network.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.goapis/vendor/k8s.io/api/authorization/v1/doc.goapis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/core/v1/doc.goapis/vendor/k8s.io/api/core/v1/generated.protoapis/vendor/k8s.io/api/core/v1/toleration.goapis/vendor/k8s.io/api/core/v1/types.goapis/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.goapis/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.goapis/vendor/k8s.io/api/core/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/rbac/v1/doc.goapis/vendor/k8s.io/api/rbac/v1/generated.protoapis/vendor/k8s.io/api/rbac/v1/types.goapis/vendor/k8s.io/api/rbac/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protoapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/constraints/constraints.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/errors.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protoapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/labels/selector.goapis/vendor/k8s.io/apimachinery/pkg/runtime/doc.goapis/vendor/k8s.io/apimachinery/pkg/runtime/scheme.goapis/vendor/k8s.io/apimachinery/pkg/runtime/types_proto.goapis/vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protoapis/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/sets/set.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/validation.goapis/vendor/k8s.io/kube-openapi/LICENSEapis/vendor/k8s.io/kube-openapi/pkg/util/trie.goapis/vendor/k8s.io/kube-openapi/pkg/util/util.goapis/vendor/modules.txtgo.modhack/ubi-build-deps.shpkg/azureclient/mock/client_generated.gotest/ote/go.modvendor/github.com/AlecAivazis/survey/v2/README.mdvendor/github.com/AlecAivazis/survey/v2/confirm.govendor/github.com/AlecAivazis/survey/v2/core/template.govendor/github.com/AlecAivazis/survey/v2/core/write.govendor/github.com/AlecAivazis/survey/v2/input.govendor/github.com/AlecAivazis/survey/v2/multiselect.govendor/github.com/AlecAivazis/survey/v2/password.govendor/github.com/AlecAivazis/survey/v2/renderer.govendor/github.com/AlecAivazis/survey/v2/select.govendor/github.com/AlecAivazis/survey/v2/survey.govendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/error.govendor/github.com/AlecAivazis/survey/v2/terminal/output.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.govendor/github.com/AlecAivazis/survey/v2/transform.govendor/github.com/AlecAivazis/survey/v2/validate.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txtvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.jsonvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.ymlvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.govendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/logger.govendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.govendor/github.com/aws/aws-sdk-go-v2/aws/credentials.govendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.govendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.govendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.govendor/github.com/aws/aws-sdk-go-v2/config/shared_config.govendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.govendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.jsonvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txtvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go
💤 Files with no reviewable changes (39)
- apis/vendor/github.com/gogo/protobuf/CONTRIBUTORS
- apis/vendor/github.com/gogo/protobuf/AUTHORS
- apis/vendor/github.com/gogo/protobuf/LICENSE
- apis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml
- apis/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/deprecated.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
- apis/vendor/github.com/gogo/protobuf/proto/equal.go
- apis/vendor/github.com/gogo/protobuf/proto/Makefile
- apis/vendor/github.com/gogo/protobuf/proto/skip_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/clone.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/duration.go
- apis/vendor/github.com/gogo/protobuf/proto/discard.go
- apis/vendor/github.com/gogo/protobuf/proto/table_merge.go
- apis/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text.go
- apis/vendor/github.com/gogo/protobuf/proto/lib.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp.go
- apis/vendor/github.com/gogo/protobuf/proto/text_parser.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers.go
- apis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go
- apis/vendor/github.com/gogo/protobuf/proto/decode.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/message_set.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions.go
- apis/vendor/github.com/gogo/protobuf/proto/encode.go
Comment on lines
+56
to
+61
| // OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters. | ||
| // Once enabled, this feature set cannot be changed back to Default, but can be changed to other feature sets and it allows upgrades. | ||
| OKD FeatureSet = "OKD" | ||
|
|
||
| // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead | ||
| AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} | ||
| AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD} |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -nC 2 --type=go '\bOKD\b|\bAllFixedFeatureSets\b|\bFeatureSets\s*\['Repository: openshift/hive
Length of output: 10491
🏁 Script executed:
#!/bin/bash
# Find the definition of FeatureSets in hive package
rg -nC 5 'FeatureSets\s*[=:]\s*' --type=go pkg/operator/hive/ || true
echo "---"
# Also check the hive api types for FeatureSet definitions
fd -e '.go' -x grep -l 'FeatureSets' {} \; | grep -i hive | head -10Repository: openshift/hive
Length of output: 198
🏁 Script executed:
#!/bin/bash
# Check the actual FeatureSets map definition in hive types
rg -B 5 -A 30 'FeatureSets\s*=' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 1357
🏁 Script executed:
#!/bin/bash
# Check context around the configmap.go usage to see impact of nil/missing map entry
cat -n ./pkg/operator/hive/configmap.go | sed -n '275,295p'Repository: openshift/hive
Length of output: 803
🏁 Script executed:
#!/bin/bash
# Search for other switch/map uses of FeatureSet that might need OKD
rg -n 'switch.*FeatureSet|FeatureSet.*switch|case.*FeatureSet|case.*DefaultFeatureSet' --type=goRepository: openshift/hive
Length of output: 1857
🏁 Script executed:
#!/bin/bash
# More specific search for hive FeatureSet handling
rg -n 'hivev1\.(DefaultFeatureSet|CustomFeatureSet|OKD|FeatureSet)' --type=go pkg/ apis/ | head -20Repository: openshift/hive
Length of output: 243
🏁 Script executed:
#!/bin/bash
# Verify the FeatureSet type definition in hive types to ensure OKD is not defined there either
rg -B 2 -A 8 'type FeatureSet' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 641
🏁 Script executed:
#!/bin/bash
# Check the kubebuilder validation constraint to confirm OKD is not in hive's enum
cat -n ./apis/hive/v1/hiveconfig_types.go | sed -n '195,215p'Repository: openshift/hive
Length of output: 1166
🏁 Script executed:
#!/bin/bash
# Search more directly for the FeatureSet type definition with kubebuilder constraint
rg -B 3 'type FeatureSet string' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 192
Update hive's FeatureSets map and validation enum to include OKD.
The new OKD feature set is added to AllFixedFeatureSets here, but the hive package's FeatureSet enum and FeatureSets map are missing the OKD entry. This causes a silent failure in pkg/operator/hive/configmap.go:283: when fg.FeatureSet == "OKD", the map lookup returns nil and val stays empty instead of being populated with the intended feature gates.
Add OKD to:
./apis/hive/v1/hiveconfig_types.go: Update the+kubebuilder:validation:Enumconstraint onFeatureSetto includeOKD./apis/hive/v1/hiveconfig_types.go: Add anOKDentry to theFeatureSetsmap with the appropriate enabled feature gates
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/config/v1/types_feature.go` around lines
56 - 61, Add the OKD value to the hive API validation and mapping: update the
FeatureSet enum validation (the +kubebuilder:validation:Enum tag on the
FeatureSet type) to include "OKD", and add an "OKD" entry to the FeatureSets map
(the FeatureSets variable) mapping to the same set of enabled feature gates
intended for OKD so lookups like fg.FeatureSet == "OKD" return the populated
feature-gates slice; modify hiveconfig_types.go where FeatureSet and FeatureSets
are declared and ensure the OKD entry mirrors the correct enabled gates used by
other fixed sets.
| // default ingresscontroller domain will follow this pattern: "*.<domain>". | ||
| // | ||
| // Once set, changing domain is not currently supported. | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n apis/vendor/github.com/openshift/api/config/v1/types_ingress.go | head -100Repository: openshift/hive
Length of output: 5813
🏁 Script executed:
rg -i "domain" apis/vendor/github.com/openshift/api/config/v1/ -A 2 -B 2 --type goRepository: openshift/hive
Length of output: 50371
🏁 Script executed:
rg -A 5 "type IngressSpec" apis/vendor/github.com/openshift/api/config/v1/types_ingress.goRepository: openshift/hive
Length of output: 364
🏁 Script executed:
sed -n '37,58p' apis/vendor/github.com/openshift/api/config/v1/types_ingress.goRepository: openshift/hive
Length of output: 1111
🏁 Script executed:
find . -type f -name "*.go" -exec grep -l "Domain.*string\|IngressSpec" {} \; | head -20Repository: openshift/hive
Length of output: 14699
🌐 Web query:
Kubernetes CEL XValidation rule oldSelf optional field transition semantics
💡 Result:
In Kubernetes CRD XValidation rules using CEL, the oldSelf variable represents the previous state of the object during updates (available since Kubernetes 1.25 via transition rules). By default, on CREATE operations, oldSelf is absent (null/undefined), so rules referencing oldSelf.field fail unless prefixed with !has(oldSelf.field) || to handle creation gracefully. This idiom checks if the field existed before (using the global has function) or applies the transition condition. The optionalOldSelf: true field (introduced in Kubernetes 1.29 with CRDValidationRatcheting feature, now stable) changes oldSelf to a CEL optional type. This enables direct access via optional-aware methods like oldSelf.hasValue, oldSelf.value, or oldSelf.optMap without has. Example without optionalOldSelf (standard approach): x-kubernetes-validations: - rule: '!has(oldSelf.replicas) || has(self.replicas)' message: 'replicas cannot be unset once set' This prevents unsetting an optional field after it's been set. With optionalOldSelf: true (cleaner syntax): x-kubernetes-validations: - rule: 'oldSelf.hasValue == self.hasValue' message: '.spec.replicas cannot be unset once set' optionalOldSelf: true Here, oldSelf is optional, so oldSelf.hasValue returns false on CREATE (no prior value), allowing the rule to pass if self matches the presence expectation. self is not optional by default; a proposed optionalSelf: true (open issue as of 2025) would make it symmetric. Rules using optional types require Kubernetes 1.29+ (CEL Optional Values feature). This semantics enables precise transition validation (immutability, monotonic increases, state machines) while supporting CREATE/UPDATE uniformly.
Citations:
- 1: CEL Validation: Add 'optionalSelf: true' config for consistency with 'optionalOldSelf: true' kubernetes/kubernetes#132510
- 2: Support CEL CRD validation expressions that reference existing object state. kubernetes/kubernetes#108073
- 3: https://kubernetes.io/docs/reference/using-api/cel/
- 4: https://kubernetes.io/blog/2022/09/29/enforce-immutability-using-cel/
- 5: kube-core: add optionalOldSelf to CEL
Rulekube-rs/kube#1947 - 6: KEP-4008: CRDValidationRatcheting: Add support for optional
oldSelfkubernetes/kubernetes#121034 - 7: kubernetes-sigs/controller-tools@a57ec68
🏁 Script executed:
rg "spec.domain\|\.Domain\s*=" apis/ --type go -B 2 -A 2 | head -100Repository: openshift/hive
Length of output: 40
🏁 Script executed:
rg "Ingress\{" apis/ --type go | head -20Repository: openshift/hive
Length of output: 551
🌐 Web query:
Kubernetes CEL validation rule !has(oldSelf) pattern syntax examples
💡 Result:
The Kubernetes CEL validation rule pattern !has(oldSelf) (or more precisely !has(oldSelf.field)) is used in Custom Resource Definition (CRD) validation rules under x-kubernetes-validations to handle CREATE operations gracefully while enforcing constraints on UPDATE operations. oldSelf represents the previous state of the resource (absent on CREATE). The has macro checks field existence. !has(oldSelf.field) returns true on CREATE (when the field didn't exist before) or if the old field was absent, allowing the rule to pass during creation while validating transitions on updates. Common pattern syntax: - !has(oldSelf.field) || self.field >= oldSelf.field (prevent decreasing a value) - !has(oldSelf.field) || self.field == oldSelf.field (immutable field) - !has(oldSelf) || self.field == oldSelf.field (whole object or top-level checks) Examples from authoritative sources: 1. Storage size cannot decrease: - rule: "!has(oldSelf.storageGB) || self.storageGB >= oldSelf.storageGB" message: "Storage size cannot be decreased" 2. Engine cannot change after creation: - rule: "!has(oldSelf.engine) || self.engine == oldSelf.engine" message: "Database engine cannot be changed after creation" 3. Immutable field: - rule: "!has(oldSelf) || self.immutableField == oldSelf.immutableField" message: "immutableField cannot be changed after creation" 4. Prevent unsetting replicas: - rule: "!has(oldSelf.replicas) || has(self.replicas)" message: "replicas can't be unset" 5. State transition (multi-line): - rule: | !has(oldSelf.state) || oldSelf.state != 'draft' || self.state in ['draft', 'pending'] message: "From draft state, can only transition to pending" This pattern is standard in Kubernetes CRD CEL validation (available since ~1.23+). Official docs confirm self/oldSelf variables and has usage but show general examples; practical patterns appear in tutorials and GitHub issues matching official behavior.
Citations:
- 1: https://oneuptime.com/blog/post/2026-02-09-custom-resource-validation-transition-rules/view
- 2: http://k8s.io/docs/reference/using-api/cel/
- 3: https://kubernetes.io/docs/reference/using-api/cel/
- 4: CEL Validation: Add 'optionalSelf: true' config for consistency with 'optionalOldSelf: true' kubernetes/kubernetes#132510
- 5: https://oneuptime.com/blog/post/2026-02-09-cel-validation-rules-crds-constraints/view
- 6: https://oneuptime.com/blog/post/2026-02-09-crd-validation-cel-expressions/view
🌐 Web query:
OpenShift Ingress config domain field required at creation time initialization
💡 Result:
No, the domain field in the OpenShift Ingress configuration (config.openshift.io/v1, cluster Ingress resource) is not strictly required at creation time. Official documentation states it as a string field without "required" designation, and multiple sources explicitly note: "If empty, the default value is ingress.config.openshift.io/cluster.spec.domain". This indicates the API accepts creation without it, likely defaulting during cluster installation from install-config.yaml. However, it must be set before Ingress Controllers or Routes rely on it, and cannot be changed after initial use. For IngressController resources (operator.openshift.io/v1), the spec.domain is also optional, explicitly defaulting to the cluster Ingress domain if empty.
Citations:
- 1: https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/config_apis/ingress-config-openshift-io-v1
- 2: https://docs.okd.io/latest/rest_api/config_apis/ingress-config-openshift-io-v1.html
- 3: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/networking/configuring-ingress
- 4: https://docs.okd.io/4.14/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.html
- 5: https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html
- 6: https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/operator_apis/ingresscontroller-operator-openshift-io-v1
- 7: https://github.com/openshift/api/blob/master/operator/v1/types_ingress.go
- 8: https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/config_apis/ingress-config-openshift-io-v1
- 9: https://docs.openshift.com/container-platform/4.17/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.html
Fix the CEL validation rule to allow initial domain population while maintaining immutability afterward.
The current rule self == oldSelf will reject attempts to populate an initially empty domain field because it treats any change as invalid. However, OpenShift documentation confirms the domain field can be empty at creation and is populated during cluster initialization. The rule should allow the field to transition from empty to a value, then become immutable. Use the proper CEL pattern: !has(oldSelf) || self == oldSelf to skip validation on CREATE (when oldSelf is undefined) while enforcing immutability on UPDATE. This aligns with the comment's intent ("Once set, changing domain is not currently supported") by allowing the initial SET while preventing subsequent changes.
Suggested adjustment
- // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="!has(oldSelf) || self == oldSelf",message="domain is immutable once set"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set" | |
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf) || self == oldSelf",message="domain is immutable once set" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/config/v1/types_ingress.go` at line 46,
Replace the CEL XValidation rule on the domain field so it allows initial
population but enforces immutability thereafter; specifically update the
kubebuilder validation tag (the line with
"+kubebuilder:validation:XValidation:rule="self == oldSelf"") to use the pattern
"!has(oldSelf) || self == oldSelf" so CREATE (when oldSelf is absent) is
permitted and UPDATE requires equality to oldSelf.
Contributor
Author
|
/hold Need to bump the image on CI for the tests to succeed |
openshift-ci
Bot
added
the
do-not-merge/hold
There was a problem hiding this comment.
Actionable comments posted: 4
♻️ Duplicate comments (1)
apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go (1)
895-903:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winKeep the
conditionsdocs aligned with the schema.The comment still says this list “must not contain more than one entry”, but the validation allows 1–8 unique conditions as long as one is
Applies.Suggested doc fix
- // conditions must not contain more than one entry. + // conditions must contain between 1 and 8 entries and include a condition of type Applies.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go` around lines 895 - 903, Update the doc comment for the conditions field to match the validation rules: remove the incorrect phrase "must not contain more than one entry" and state that conditions must contain between 1 and 8 unique entries and must include a condition of type 'Applies' (reflecting the +kubebuilder:validation:MinItems=1, +kubebuilder:validation:MaxItems=8 and the XValidation rule). Edit the comment above the conditions definition in types_cluster_version.go to mention uniqueness of types and the required 'Applies' condition so docs align with the schema.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go`:
- Around line 118-125: Restore the commented-out HostPlacement field in
AWSMachineProviderConfig (re-add the HostPlacement *HostPlacement
`json:"hostPlacement,omitempty"` field and keep its
+openshift:enable:FeatureGate=AWSDedicatedHosts and +optional markers) and mark
it as deprecated in the comment so the v1beta1 schema continues to accept the
old JSON name; then update the v1beta1 <-> internal conversion logic for
AWSMachineProviderConfig (the ConvertTo/ConvertFrom implementations or the
generated conversion functions for AWSMachineProviderConfig) to map
HostPlacement <-> Placement.Host (read HostPlacement into Placement.Host during
ConvertFrom and write Placement.Host back to HostPlacement during ConvertTo) so
existing manifests round-trip intact.
In `@apis/vendor/github.com/openshift/api/operator/v1/types_network.go`:
- Around line 401-403: Add FeatureGateAwareXValidation rules to explicitly
forbid bgpManagedConfig unless we are in NoOverlay managed mode: update the
validation annotations around the existing rules that reference transport,
noOverlayConfig and noOverlayConfig.routing to include a rule that errors when
has(self.bgpManagedConfig) is true while either self.?transport.orValue('') !=
'NoOverlay' or self.?noOverlayConfig.routing.orValue('') != 'Managed'; ensure
the message matches the field docs (e.g., "bgpManagedConfig is forbidden unless
transport is NoOverlay and noOverlayConfig.routing is Managed") so
bgpManagedConfig is rejected outside the managed no-overlay case.
- Around line 476-489: The field-level immutability validation on Transport
(Transport TransportOption `json:"transport,omitempty"`) currently enforces
"self == oldSelf" unconditionally, preventing an omission→"Geneve" update;
change the validation to allow the documented exception by replacing the strict
equality rule with a conditional that permits the transition when oldSelf is
empty and new self == "Geneve" (i.e., allow self == oldSelf OR (oldSelf == ""
AND self == "Geneve")), or remove this field-level FeatureGateAwareXValidation
tag and rely on the struct-level validation that already implements the allowed
unset→"Geneve" transition. Ensure the message and FeatureGate=NoOverlayMode
metadata remain consistent.
In `@apis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go`:
- Around line 41-48: The current priorityUpdateBuf struct holds only a single
global slot (streamID + priority), which causes lost PRIORITY_UPDATEs when
multiple unopened streams get updates; change the buffering to track the most
recent PriorityParam per stream by replacing priorityUpdateBuf with a
map[uint32]PriorityParam (e.g., priorityUpdateBuf map[streamID]PriorityParam)
and update all code that reads/writes it: store incoming PRIORITY_UPDATEs keyed
by their stream ID, look up and consume the entry when OpenStream() (or the
method that applies buffered priority on stream creation) is called, and delete
the map entry after applying; ensure any code that previously checked
streamID==0 is adapted to check map presence.
---
Duplicate comments:
In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go`:
- Around line 895-903: Update the doc comment for the conditions field to match
the validation rules: remove the incorrect phrase "must not contain more than
one entry" and state that conditions must contain between 1 and 8 unique entries
and must include a condition of type 'Applies' (reflecting the
+kubebuilder:validation:MinItems=1, +kubebuilder:validation:MaxItems=8 and the
XValidation rule). Edit the comment above the conditions definition in
types_cluster_version.go to mention uniqueness of types and the required
'Applies' condition so docs align with the schema.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 8f1d6f06-72de-4b67-a824-c36458f1d4e6
⛔ Files ignored due to path filters (18)
apis/go.sumis excluded by!**/*.sumapis/vendor/k8s.io/api/authorization/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.gois excluded by!**/*.pb.gogo.sumis excluded by!**/*.sum
📒 Files selected for processing (238)
.tekton/hive-mce-210-pull-request.yaml.tekton/hive-mce-210-push.yaml.tekton/hive-mce-211-pull-request.yaml.tekton/hive-mce-211-push.yaml.tekton/hive-mce-217-pull-request.yaml.tekton/hive-mce-217-push.yaml.tekton/hive-mce-26-pull-request.yaml.tekton/hive-mce-26-push.yaml.tekton/hive-mce-27-pull-request.yaml.tekton/hive-mce-27-push.yaml.tekton/hive-mce-28-pull-request.yaml.tekton/hive-mce-28-push.yaml.tekton/hive-mce-29-pull-request.yaml.tekton/hive-mce-29-push.yaml.tekton/hive-mce-50-pull-request.yaml.tekton/hive-mce-50-push.yaml.tekton/hive-mce-51-pull-request.yaml.tekton/hive-mce-51-push.yaml.tekton/hive-pull-request.yaml.tekton/hive-push.yamlDockerfileMakefileapis/go.modapis/vendor/github.com/gogo/protobuf/AUTHORSapis/vendor/github.com/gogo/protobuf/CONTRIBUTORSapis/vendor/github.com/gogo/protobuf/LICENSEapis/vendor/github.com/gogo/protobuf/proto/Makefileapis/vendor/github.com/gogo/protobuf/proto/clone.goapis/vendor/github.com/gogo/protobuf/proto/custom_gogo.goapis/vendor/github.com/gogo/protobuf/proto/decode.goapis/vendor/github.com/gogo/protobuf/proto/deprecated.goapis/vendor/github.com/gogo/protobuf/proto/discard.goapis/vendor/github.com/gogo/protobuf/proto/duration.goapis/vendor/github.com/gogo/protobuf/proto/duration_gogo.goapis/vendor/github.com/gogo/protobuf/proto/encode.goapis/vendor/github.com/gogo/protobuf/proto/encode_gogo.goapis/vendor/github.com/gogo/protobuf/proto/equal.goapis/vendor/github.com/gogo/protobuf/proto/extensions.goapis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.goapis/vendor/github.com/gogo/protobuf/proto/lib.goapis/vendor/github.com/gogo/protobuf/proto/lib_gogo.goapis/vendor/github.com/gogo/protobuf/proto/message_set.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.goapis/vendor/github.com/gogo/protobuf/proto/properties.goapis/vendor/github.com/gogo/protobuf/proto/properties_gogo.goapis/vendor/github.com/gogo/protobuf/proto/skip_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_merge.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text.goapis/vendor/github.com/gogo/protobuf/proto/text_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text_parser.goapis/vendor/github.com/gogo/protobuf/proto/timestamp.goapis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.goapis/vendor/github.com/gogo/protobuf/proto/wrappers.goapis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.goapis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.goapis/vendor/github.com/openshift/api/config/v1/types_apiserver.goapis/vendor/github.com/openshift/api/config/v1/types_authentication.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_version.goapis/vendor/github.com/openshift/api/config/v1/types_feature.goapis/vendor/github.com/openshift/api/config/v1/types_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_infrastructure.goapis/vendor/github.com/openshift/api/config/v1/types_ingress.goapis/vendor/github.com/openshift/api/config/v1/types_insights.goapis/vendor/github.com/openshift/api/config/v1/types_network.goapis/vendor/github.com/openshift/api/config/v1/types_scheduling.goapis/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.goapis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/operator/v1/types_console.goapis/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.goapis/vendor/github.com/openshift/api/operator/v1/types_network.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.goapis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables17.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.goapis/vendor/golang.org/x/text/unicode/norm/forminfo.goapis/vendor/golang.org/x/text/unicode/norm/tables10.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables11.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables12.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables13.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables15.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables17.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables9.0.0.goapis/vendor/k8s.io/api/authorization/v1/doc.goapis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/core/v1/doc.goapis/vendor/k8s.io/api/core/v1/generated.protoapis/vendor/k8s.io/api/core/v1/toleration.goapis/vendor/k8s.io/api/core/v1/types.goapis/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.goapis/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.goapis/vendor/k8s.io/api/core/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/rbac/v1/doc.goapis/vendor/k8s.io/api/rbac/v1/generated.protoapis/vendor/k8s.io/api/rbac/v1/types.goapis/vendor/k8s.io/api/rbac/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protoapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/constraints/constraints.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/errors.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protoapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/labels/selector.goapis/vendor/k8s.io/apimachinery/pkg/runtime/doc.goapis/vendor/k8s.io/apimachinery/pkg/runtime/scheme.goapis/vendor/k8s.io/apimachinery/pkg/runtime/types_proto.goapis/vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protoapis/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/sets/set.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/validation.goapis/vendor/k8s.io/kube-openapi/LICENSEapis/vendor/k8s.io/kube-openapi/pkg/util/trie.goapis/vendor/k8s.io/kube-openapi/pkg/util/util.goapis/vendor/modules.txtgo.modhack/ubi-build-deps.shpkg/azureclient/mock/client_generated.gotest/ote/go.modvendor/github.com/AlecAivazis/survey/v2/README.mdvendor/github.com/AlecAivazis/survey/v2/confirm.govendor/github.com/AlecAivazis/survey/v2/core/template.govendor/github.com/AlecAivazis/survey/v2/core/write.govendor/github.com/AlecAivazis/survey/v2/input.govendor/github.com/AlecAivazis/survey/v2/multiselect.govendor/github.com/AlecAivazis/survey/v2/password.govendor/github.com/AlecAivazis/survey/v2/renderer.govendor/github.com/AlecAivazis/survey/v2/select.govendor/github.com/AlecAivazis/survey/v2/survey.govendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/error.govendor/github.com/AlecAivazis/survey/v2/terminal/output.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.govendor/github.com/AlecAivazis/survey/v2/transform.govendor/github.com/AlecAivazis/survey/v2/validate.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txtvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.jsonvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.ymlvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.govendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/logger.govendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.govendor/github.com/aws/aws-sdk-go-v2/aws/credentials.govendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.govendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.govendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.govendor/github.com/aws/aws-sdk-go-v2/config/shared_config.govendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.govendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.jsonvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txtvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go
💤 Files with no reviewable changes (41)
- apis/vendor/github.com/gogo/protobuf/CONTRIBUTORS
- apis/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
- apis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp.go
- apis/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/Makefile
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
- apis/vendor/github.com/gogo/protobuf/proto/equal.go
- apis/vendor/github.com/gogo/protobuf/proto/skip_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/deprecated.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
- apis/vendor/github.com/gogo/protobuf/proto/duration.go
- apis/vendor/github.com/gogo/protobuf/proto/message_set.go
- apis/vendor/github.com/gogo/protobuf/proto/clone.go
- apis/vendor/github.com/gogo/protobuf/proto/discard.go
- apis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties.go
- apis/vendor/github.com/gogo/protobuf/proto/text.go
- apis/vendor/github.com/gogo/protobuf/LICENSE
- apis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions.go
- apis/vendor/github.com/gogo/protobuf/proto/text_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/lib.go
- apis/vendor/github.com/gogo/protobuf/proto/encode.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
- apis/vendor/github.com/gogo/protobuf/AUTHORS
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
- apis/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/table_merge.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
- apis/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text_parser.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/decode.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
✅ Files skipped from review due to trivial changes (20)
- apis/vendor/k8s.io/api/core/v1/doc.go
- .tekton/hive-push.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_insights.go
- .tekton/hive-mce-217-push.yaml
- apis/vendor/k8s.io/api/authorization/v1/doc.go
- .tekton/hive-mce-211-pull-request.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_scheduling.go
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule.go
- .tekton/hive-mce-27-push.yaml
- .tekton/hive-pull-request.yaml
- apis/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
- .tekton/hive-mce-26-push.yaml
- Dockerfile
- apis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.go
- apis/vendor/github.com/openshift/api/config/v1/types_authentication.go
- .tekton/hive-mce-29-pull-request.yaml
- .tekton/hive-mce-51-push.yaml
- .tekton/hive-mce-28-pull-request.yaml
- .tekton/hive-mce-210-pull-request.yaml
- .tekton/hive-mce-50-pull-request.yaml
🚧 Files skipped from review as they are similar to previous changes (18)
- .tekton/hive-mce-28-push.yaml
- .tekton/hive-mce-50-push.yaml
- .tekton/hive-mce-26-pull-request.yaml
- .tekton/hive-mce-51-pull-request.yaml
- .tekton/hive-mce-211-push.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_image_policy.go
- apis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
- apis/vendor/github.com/openshift/api/config/v1/types_ingress.go
- .tekton/hive-mce-29-push.yaml
- .tekton/hive-mce-217-pull-request.yaml
- apis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go
- .tekton/hive-mce-210-push.yaml
- apis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
- .tekton/hive-mce-27-pull-request.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_network.go
- apis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
- Makefile
- apis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go
Comment on lines
+118
to
+125
| // Tombstone: This field was moved into the Placement struct to belong w/ the Tenancy field due to involvement with the setting. | ||
| // hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host | ||
| // for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), | ||
| // and to gain visibility and control over instance placement on a physical server. | ||
| // When omitted, the instance is not constrained to a dedicated host. | ||
| // +openshift:enable:FeatureGate=AWSDedicatedHosts | ||
| // +optional | ||
| HostPlacement *HostPlacement `json:"hostPlacement,omitempty"` | ||
| //HostPlacement *HostPlacement `json:"hostPlacement,omitempty"` |
There was a problem hiding this comment.
Preserve hostPlacement compatibility in v1beta1.
Commenting this field out removes it from the served schema entirely. Existing AWSMachineProviderConfig manifests/objects that still use hostPlacement will stop round-tripping in the same compatibility-level-2 API and can be silently pruned on write. Please keep the old JSON field as a deprecated/read-compatible alias, or add an explicit versioned conversion path before removing it in favor of placement.host.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go`
around lines 118 - 125, Restore the commented-out HostPlacement field in
AWSMachineProviderConfig (re-add the HostPlacement *HostPlacement
`json:"hostPlacement,omitempty"` field and keep its
+openshift:enable:FeatureGate=AWSDedicatedHosts and +optional markers) and mark
it as deprecated in the comment so the v1beta1 schema continues to accept the
old JSON name; then update the v1beta1 <-> internal conversion logic for
AWSMachineProviderConfig (the ConvertTo/ConvertFrom implementations or the
generated conversion functions for AWSMachineProviderConfig) to map
HostPlacement <-> Placement.Host (read HostPlacement into Placement.Host during
ConvertFrom and write Placement.Host back to HostPlacement during ConvertTo) so
existing manifests round-trip intact.
Comment on lines
+401
to
+403
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? self.?routeAdvertisements.orValue('') == 'Enabled' : true",message="routeAdvertisements must be Enabled when transport is NoOverlay" | ||
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? has(self.noOverlayConfig) : !has(self.noOverlayConfig)",message="noOverlayConfig must be set if transport is NoOverlay, and is forbidden otherwise" | ||
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?noOverlayConfig.routing.orValue('') == 'Managed' ? has(self.bgpManagedConfig) : true",message="bgpManagedConfig is required when noOverlayConfig.routing is Managed" |
There was a problem hiding this comment.
Reject bgpManagedConfig outside managed no-overlay mode.
The new rule only makes bgpManagedConfig required when noOverlayConfig.routing == "Managed", but it never forbids the inverse. As written, the API still accepts bgpManagedConfig when transport="Geneve" or routing="Unmanaged", which contradicts the field docs and leaves an unsupported config shape valid.
Also applies to: 499-506
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/operator/v1/types_network.go` around
lines 401 - 403, Add FeatureGateAwareXValidation rules to explicitly forbid
bgpManagedConfig unless we are in NoOverlay managed mode: update the validation
annotations around the existing rules that reference transport, noOverlayConfig
and noOverlayConfig.routing to include a rule that errors when
has(self.bgpManagedConfig) is true while either self.?transport.orValue('') !=
'NoOverlay' or self.?noOverlayConfig.routing.orValue('') != 'Managed'; ensure
the message matches the field docs (e.g., "bgpManagedConfig is forbidden unless
transport is NoOverlay and noOverlayConfig.routing is Managed") so
bgpManagedConfig is rejected outside the managed no-overlay case.
Contributor
Author
|
/retest |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2901 +/- ##
==========================================
- Coverage 50.42% 50.39% -0.04%
==========================================
Files 281 281
Lines 34345 34368 +23
==========================================
Hits 17320 17320
- Misses 15673 15696 +23
Partials 1352 1352
🚀 New features to boost your workflow:
|
Contributor
Author
|
/retest |
suhanime
force-pushed
the
HIVE-3097
branch
5 times, most recently
from
86e4f66 to
9dcc9d1
Compare
Member
|
May need to fix this one too. |
suhanime
force-pushed
the
HIVE-3097
branch
2 times, most recently
from
ae18a9b to
d62e3ae
Compare
Member
|
This is looking hopeful 🤞 |
Member
Womp womp. Side note: since client creation is now a multiline thing, we should see if it's possible to DRY it into a util func. |
Contributor
Author
|
/retest |
Contributor
|
@suhanime: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Member
|
I think this client will probably need the fixup. |
openshift-ci
Bot
added
the
needs-rebase
Subsequent bump of openshift/api in apis/ to v0.0.0-20260318185450-1f2fa3f09f4e to reflect the version in repo level go.mod
Installer has now bumped govmomi to 0.53, however machine-api-operator needs 0.52.0 or lower to work since 0.53.0 has a breaking change. This commit includes the related vendor changes, as well as the errant config and hack directory changes that were picked up by running a make update
github.com/aws/aws-sdk-go-v2/service/s3 -> v1.97 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream -> v1.7.8 go.opentelemetry.io/otel/sdk -> v1.43.0
Fix e2e tests hanging during post-install phase across all platforms by enabling Kubernetes watch bookmark support. Without bookmarks, watches timeout with "bookmark expired" errors after the apiserver's bookmark window expires. Changes: - Enable watch bookmarks globally in controller-runtime cache (manager and operator DefaultEnableWatchBookmarks=true) - Add AllowWatchBookmarks to all clientwatch.UntilWithSync calls throughout the codebase (contrib, pkg, test/e2e) - Replace controller-runtime cache with client-go informers in e2e test helpers (machine, machineset, node) since the cache API doesn't expose AllowWatchBookmarks - Create helper functions to reduce code duplication in watch setup (newDynamicListWatchWithBookmarks, waitForResourceWithInformer) Also update generic-admission-server dependency to master branch (5df3cca1e3cd) for K8s v0.35.x compatibility. The previous version caused hiveadmission pods to crash with "unable to get openapi models" error when using k8s.io/apiserver v0.35.4. The managedns enable command was particularly critical to fix since it runs during test setup and blocks all e2e tests if it hangs. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
openshift-ci
Bot
removed
the
needs-rebase
Contributor
Author
This function is still needed for the CRUD operations. The e2e fails were likely due to an accidental bug introduced by switching the cache's GetInformer function to manual informer with its distinct ListFunc and WatchFunc -> the context.Background was accidentally changed to context.ToDo. 🤞 it works this time. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
Chores
New Features
Documentation