CNTRLPLANE-2241: Update library-go to get KMS encryption

[ardaguclu]

This PR is to update library-go to get openshift/library-go#2086

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Walkthrough

Updated dependency versions in go.mod: bumped github.com/openshift/api and github.com/openshift/library-go to newer pseudo-versions; no other file or API changes detected.

Changes

Cohort / File(s)	Summary
Go Module Configuration go.mod	Bumped github.com/openshift/api from v0.0.0-20260126183958-606bd613f9f7 to v0.0.0-20260212193555-c06ab675261f; bumped github.com/openshift/library-go from v0.0.0-20260209094534-b6adacbfccda to v0.0.0-20260223145824-7b234b47a906. No other changes to exports, control flow, or files.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions updating library-go for KMS encryption, but the changeset only updates go.mod dependencies (openshift/api and openshift/library-go versions) without showing implementation of KMS encryption functionality.	Clarify whether the KMS encryption is implemented in the actual code changes or if the title refers to a dependency that enables it downstream; the title's specificity about 'KMS encryption' doesn't clearly align with what appears to be a routine dependency bump.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR only updates Go module dependencies without modifying any test files, making the stable test names check not applicable.
Test Structure And Quality	✅ Passed	PR contains only dependency version updates with no test code changes, so custom check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@go.mod`:
- Around line 138-141: The go.mod replace for github.com/ardaguclu/library-go is
missing documentation of why the fork is used and when it can be reverted; add a
concise comment directly above the replace directive that states the purpose
(e.g., temporary patch for KMSEncryption, reference to the specific upstream
issue/PR or commit), the intended revert condition or timeline, and a contact
(Arda Güçlü) or issue/PR URL to track progress; ensure the comment references
the replace target "github.com/ardaguclu/library-go" so future maintainers can
find and remove the fork when upstream is merged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Get the full go.mod file to understand context around the replace block
wc -l go.mod

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 95

---

🏁 Script executed:

# Look at the full context around the replace block (lines 130-150)
sed -n '130,150p' go.mod

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 650

---

🏁 Script executed:

# Search for any comments or documentation about the ardaguclu/library-go fork
rg -i "ardaguclu|library-go.*fork|replace.*library-go" --type go --type md --type txt

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 448

---

🏁 Script executed:

# Check git history to understand when and why this was added
git log --oneline --all -- go.mod | head -20

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 1012

---

🏁 Script executed:

# Search for any issue references or comments in code related to this fork
rg -i "github\.com/ardaguclu" -A 2 -B 2

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 1702

---

🏁 Script executed:

# Search for any PR or issue references about the ardaguclu fork
rg -i "ardaguclu|library-go.*fork" -B 5 -A 5 --type md

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 67

---

🏁 Script executed:

# Check for any files mentioning this fork or ardaguclu in comments
rg "ardaguclu" -B 3 -A 3

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 2787

---

🏁 Script executed:

# Look at the specific git commit that introduced the fork in go.mod
git log -p --all -- go.mod | grep -A 20 -B 5 "ardaguclu" | head -100

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 67

---

🏁 Script executed:

# Check if there's any documentation about this fork
find . -type f \( -name "README*" -o -name "CONTRIBUTING*" -o -name "*.md" \) -exec rg -l "library-go\|fork\|ardaguclu" {} \;

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 67

---

🏁 Script executed:

# Check the git blame for the exact line to see when it was added
git blame -L 138,141 go.mod

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 514

---

Document why the github.com/ardaguclu/library-go fork is needed and any plan to revert.

The fork is introduced by an approved OpenShift contributor (Arda Güçlü), who is listed as a contact person for the KMSEncryption feature. However, add a brief comment in go.mod or link to an issue explaining the fork's purpose (e.g., temporary patch for a specific commit, waiting for upstream merge) and any timeline to revert to the official dependency. This ensures future maintainers understand the intent and can track the revert.

🤖 Prompt for AI Agents

In `@go.mod` around lines 138 - 141, The go.mod replace for
github.com/ardaguclu/library-go is missing documentation of why the fork is used
and when it can be reverted; add a concise comment directly above the replace
directive that states the purpose (e.g., temporary patch for KMSEncryption,
reference to the specific upstream issue/PR or commit), the intended revert
condition or timeline, and a contact (Arda Güçlü) or issue/PR URL to track
progress; ensure the comment references the replace target
"github.com/ardaguclu/library-go" so future maintainers can find and remove the
fork when upstream is merged.

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@go.mod`:
- Around line 138-140: Add a brief comment directly above the replace directive
that documents why the forked module github.com/ardaguclu/library-go is being
used, reference the tracking issue or PR (e.g., ISSUE- or PR- ID) that
authorizes this temporary fork, specify the revert condition or timebound (e.g.,
upstream PR merge or date), and note the owner responsible for reverting; place
this comment adjacent to the existing replace block so reviewers can see
justification and the planned revert path.

[ardaguclu]

https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_cluster-kube-apiserver-operator/2033/pull-ci-openshift-cluster-kube-apiserver-operator-main-e2e-gcp-operator-encryption-perf-aesgcm/2023697676356292608 failed during the cluster bootstrap
/retest

[ardaguclu]

It appears that CI is broken, we'll retest once it is fixed.

[ardaguclu]

/retest

[openshift-ci-robot]

@ardaguclu: This pull request references CNTRLPLANE-2241 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Summary by CodeRabbit

• Chores
• Updated OpenShift API and library-go dependencies to latest versions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@ardaguclu: This pull request references CNTRLPLANE-2241 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This PR is to update library-go to get openshift/library-go#2086

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[p0lyn0mial]

/lgtm

/hold

let's wait for the encryption (optional) CI jobs.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, p0lyn0mial

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [p0lyn0mial]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ardaguclu]

/retest

[ardaguclu]

/retest-required

[gangwgr]

/test e2e-gcp-operator-serial-ote

[gangwgr]

/test e2e-gcp-operator-encryption-single-node

[gangwgr]

/verified by e2e-gcp-operator-encryption-kms ci

[openshift-ci-robot]

@gangwgr: This PR has been marked as verified by e2e-gcp-operator-encryption-kms ci.

Details

In response to this:

/verified by e2e-gcp-operator-encryption-kms ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

This can be considered a safe change because imported changes can only be used by enabling KMSEncryption feature gate AND KMS encryption mode on apiserver.config.openshift.io. Besides, this is important functionality we want to deliver soon to immediately start working on TechPreview v2.
/label acknowledge-critical-fixes-only

[ardaguclu]

/hold cancel