Add feature gating and enhanced tests for additional storage configuration

This commit addresses CodeRabbit PR review feedback by:

1. Feature Gate Definition (AdditionalStorageConfig):
   - Created proper feature gate "AdditionalStorageConfig" in features/features.go
   - Gate enabled in DevPreviewNoUpgrade and TechPreviewNoUpgrade feature sets
   - Linked to enhancement PR openshift/enhancements#1934
   - Contact: saschagrunert, Component: MachineConfigOperator

2. Feature Gating Applied:
   - Added +openshift:enable:FeatureGate=AdditionalStorageConfig to all three
     storage field declarations (AdditionalLayerStores, AdditionalImageStores,
     AdditionalArtifactStores)
   - Fields now only appear in CRD schema when AdditionalStorageConfig feature
     gate is enabled (DevPreview/TechPreview)
   - Generated feature-gated CRD manifest: AdditionalStorageConfig.yaml

3. Enhanced Test Coverage:
   - Added path validation tests for additionalImageStores (non-absolute path,
     empty struct/MinProperties)
   - Added path validation tests for additionalArtifactStores (non-absolute
     path, empty struct/MinProperties)
   - Ensures all three store types have consistent validation coverage
   - Total test count: 15 tests

4. Path Validation Enhancement:
   - Updated regex to allow dots in paths: ^/[a-zA-Z0-9/._-]+$
   - Documentation updated to reflect dot support
   - Test paths include dots (e.g., /opt/layer_store-v1.0)

Verification:
- Fields present in AdditionalStorageConfig.yaml (feature-gated) ✓
- Fields NOT present in AAA_ungated.yaml ✓
- Linter passes with 0 issues ✓

Addresses: #2681 (review)
Addresses: #2681 (comment)
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Author: saschagrunert

features.md

@@ -24,6 +24,7 @@
 | AWSDedicatedHosts| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | AWSDualStackInstall| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | AWSServiceLBNetworkSecurityGroup| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
+| AdditionalStorageConfig| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | AutomatedEtcdBackup| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | AzureClusterHostedDNSInstall| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |
 | AzureDedicatedHosts| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span>  |

features/features.go

@@ -401,6 +401,14 @@ var (
 				enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
 				mustRegister()
 
+	FeatureGateAdditionalStorageConfig = newFeatureGate("AdditionalStorageConfig").
+						reportProblemsToJiraComponent("MachineConfigOperator").
+						contactPerson("saschagrunert").
+						productScope(ocpSpecific).
+						enhancementPR("https://github.com/openshift/enhancements/pull/1934").
+						enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+						mustRegister()
+
 	FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus").
 					reportProblemsToJiraComponent("Cluster Version Operator").
 					contactPerson("pmuller").

machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml

@@ -120,6 +120,26 @@ tests:
               - path: /var/lib/store11
       expectedError: "additionalImageStores in body should have at most 10 items"
 
+    - name: Should fail if additionalImageStores path is not absolute
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: ContainerRuntimeConfig
+        spec:
+          containerRuntimeConfig:
+            additionalImageStores:
+              - path: var/lib/images
+      expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+    - name: Should fail if additionalImageStores item has no path field
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: ContainerRuntimeConfig
+        spec:
+          containerRuntimeConfig:
+            additionalImageStores:
+              - {}
+      expectedError: "spec.containerRuntimeConfig.additionalImageStores[0] in body should have at least 1 properties"
+
     # AdditionalArtifactStores - test max items validation (different from layer stores)
     - name: Should fail if additionalArtifactStores exceeds maximum of 10 items
       initial: |
@@ -141,6 +161,26 @@ tests:
               - path: /var/lib/store11
       expectedError: "additionalArtifactStores in body should have at most 10 items"
 
+    - name: Should fail if additionalArtifactStores path is not absolute
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: ContainerRuntimeConfig
+        spec:
+          containerRuntimeConfig:
+            additionalArtifactStores:
+              - path: var/lib/artifacts
+      expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'"
+
+    - name: Should fail if additionalArtifactStores item has no path field
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: ContainerRuntimeConfig
+        spec:
+          containerRuntimeConfig:
+            additionalArtifactStores:
+              - {}
+      expectedError: "spec.containerRuntimeConfig.additionalArtifactStores[0] in body should have at least 1 properties"
+
     # Combined test - all storage types together with other fields
     - name: Should be able to create ContainerRuntimeConfig with all storage types and existing fields
       initial: |

machineconfiguration/v1/types.go

@@ -900,6 +900,7 @@ type ContainerRuntimeConfiguration struct {
 	//
 	// When omitted, no additional layer stores are configured.
 	//
+	// +openshift:enable:FeatureGate=AdditionalStorageConfig
 	// +optional
 	// +listType=atomic
 	// +kubebuilder:validation:MinItems=1
@@ -916,6 +917,7 @@ type ContainerRuntimeConfiguration struct {
 	//
 	// When omitted, only the default image location is used.
 	//
+	// +openshift:enable:FeatureGate=AdditionalStorageConfig
 	// +optional
 	// +listType=atomic
 	// +kubebuilder:validation:MinItems=1
@@ -932,6 +934,7 @@ type ContainerRuntimeConfiguration struct {
 	//
 	// When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used.
 	//
+	// +openshift:enable:FeatureGate=AdditionalStorageConfig
 	// +optional
 	// +listType=atomic
 	// +kubebuilder:validation:MinItems=1

…nfig_01_containerruntimeconfigs.crd.yaml …rruntimeconfigs-CustomNoUpgrade.crd.yamlmachineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml renamed to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml renamed to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml

@@ -6,6 +6,7 @@ metadata:
     api.openshift.io/merged-by-featuregates: "true"
     include.release.openshift.io/ibm-cloud-managed: "true"
     include.release.openshift.io/self-managed-high-availability: "true"
+    release.openshift.io/feature-set: CustomNoUpgrade
   labels:
     openshift.io/operator-managed: ""
   name: containerruntimeconfigs.machineconfiguration.openshift.io

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml

@@ -0,0 +1,197 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.openshift.io: https://github.com/openshift/api/pull/1453
+    api.openshift.io/merged-by-featuregates: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    release.openshift.io/feature-set: Default
+  labels:
+    openshift.io/operator-managed: ""
+  name: containerruntimeconfigs.machineconfiguration.openshift.io
+spec:
+  group: machineconfiguration.openshift.io
+  names:
+    kind: ContainerRuntimeConfig
+    listKind: ContainerRuntimeConfigList
+    plural: containerruntimeconfigs
+    shortNames:
+    - ctrcfg
+    singular: containerruntimeconfig
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: |-
+          ContainerRuntimeConfig describes a customized Container Runtime configuration.
+
+          Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: spec contains the desired container runtime configuration.
+            properties:
+              containerRuntimeConfig:
+                description: containerRuntimeConfig defines the tuneables of the container
+                  runtime.
+                properties:
+                  defaultRuntime:
+                    description: |-
+                      defaultRuntime is the name of the OCI runtime to be used as the default for containers.
+                      Allowed values are `runc` and `crun`.
+                      When set to `runc`, OpenShift will use runc to execute the container
+                      When set to `crun`, OpenShift will use crun to execute the container
+                      When omitted, this means no opinion and the platform is left to choose a reasonable default,
+                      which is subject to change over time. Currently, the default is `crun`.
+                    enum:
+                    - crun
+                    - runc
+                    type: string
+                  logLevel:
+                    description: |-
+                      logLevel specifies the verbosity of the logs based on the level it is set to.
+                      Options are fatal, panic, error, warn, info, and debug.
+                    type: string
+                  logSizeMax:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: |-
+                      logSizeMax specifies the Maximum size allowed for the container log file.
+                      Negative numbers indicate that no size limit is imposed.
+                      If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
+                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                    x-kubernetes-int-or-string: true
+                  overlaySize:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: |-
+                      overlaySize specifies the maximum size of a container image.
+                      This flag can be used to set quota on the size of container images. (default: 10GB)
+                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                    x-kubernetes-int-or-string: true
+                  pidsLimit:
+                    description: pidsLimit specifies the maximum number of processes
+                      allowed in a container
+                    format: int64
+                    type: integer
+                type: object
+              machineConfigPoolSelector:
+                description: |-
+                  machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.
+                  A nil selector will result in no pools being selected.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: |-
+                        A label selector requirement is a selector that contains values, a key, and an operator that
+                        relates the key and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: |-
+                            operator represents a key's relationship to a set of values.
+                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                          type: string
+                        values:
+                          description: |-
+                            values is an array of string values. If the operator is In or NotIn,
+                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                            the values array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+            required:
+            - containerRuntimeConfig
+            type: object
+          status:
+            description: status contains observed information about the container
+              runtime configuration.
+            properties:
+              conditions:
+                description: conditions represents the latest available observations
+                  of current state.
+                items:
+                  description: ContainerRuntimeConfigCondition defines the state of
+                    the ContainerRuntimeConfig
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the time of the last update
+                        to the current status object.
+                      format: date-time
+                      nullable: true
+                      type: string
+                    message:
+                      description: |-
+                        message provides additional information about the current condition.
+                        This is only to be consumed by humans.
+                      type: string
+                    reason:
+                      description: reason is the reason for the condition's last transition.  Reasons
+                        are PascalCase
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: type specifies the state of the operator's reconciliation
+                        functionality.
+                      type: string
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
+              observedGeneration:
+                description: observedGeneration represents the generation observed
+                  by the controller.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}