HIVE-3097: Go+K8s bump + Installer revendor#2901
Open
suhanime wants to merge 6 commits intoopenshift:masterfrom
Open
HIVE-3097: Go+K8s bump + Installer revendor#2901suhanime wants to merge 6 commits intoopenshift:masterfrom
suhanime wants to merge 6 commits intoopenshift:masterfrom
Conversation
suhanime
changed the title
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (28)
📝 WalkthroughWalkthroughUpdates Go toolchain and builder/base images to 1.25 across CI and Docker; removes vendored gogo/protobuf implementation; and applies extensive OpenShift API schema/type/validation updates and generated-artifact refreshes. ChangesBuild & CI configs
Go module
Vendored gogo/protobuf removal
OpenShift config APIs
Machine APIs & AWS provider
Operator APIs (console, machineconfig, network/ovn)
Generated artifacts & CRD manifests
Kubernetes vendor additions
Other vendor changes
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
|
openshift-ci-robot
added
the
jira/valid-reference
|
@suhanime: This pull request references HIVE-3097 which is a valid jira issue. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: suhanime The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apis/vendor/github.com/openshift/api/config/v1/types_authentication.go`:
- Line 8: The ExternalOIDCWithUpstreamParity feature gate is declared for
oidcProviders validation but not wired to enable the corresponding enum path and
status fields; update the feature-gate plumbing so enabling
ExternalOIDCWithUpstreamParity unlocks AuthenticationTypeOIDC and populates
AuthenticationStatus.OIDCClients. Concretely, extend the
FeatureGateAwareXValidation annotations that reference spec.oidcProviders (and
the similar annotations at the other locations noted) to also allow the enum
value AuthenticationTypeOIDC and the status field OIDCClients when
ExternalOIDCWithUpstreamParity is enabled, and ensure the server-side
schema/validation that governs the Authentication type enum (AuthenticationType)
and the AuthenticationStatus struct checks feature gate
ExternalOIDCWithUpstreamParity before rejecting or omitting OIDCClients; target
the validation blocks referencing oidcProviders, AuthenticationTypeOIDC, and
AuthenticationStatus.OIDCClients so the new gate consistently enables the enum
path and status field.
- Around line 628-630: Update the Kubebuilder validation comment markers that
currently use the wrong assignment operator; change the two markers containing
"kubebuilder:validation:MinLength:=1" and
"kubebuilder:validation:MaxLength:=256" to use "=" instead of ":=" so they read
"kubebuilder:validation:MinLength=1" and "kubebuilder:validation:MaxLength=256"
(these comments are adjacent to the optional field marker in
types_authentication.go).
In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go`:
- Around line 899-903: The doc comment for the "conditions" field currently says
the list "must not contain more than one entry" but the kubebuilder validation
tags (XValidation exists_one, +kubebuilder:validation:MaxItems=8,
+kubebuilder:validation:MinItems=1) allow 1–8 entries; update the comment on the
conditions field in types_cluster_version.go to reflect the actual schema (e.g.,
state that conditions must contain between 1 and 8 entries and must include a
condition of type 'Applies'), keeping the existing validation tags intact.
In `@apis/vendor/github.com/openshift/api/config/v1/types_feature.go`:
- Around line 56-61: Add the OKD value to the hive API validation and mapping:
update the FeatureSet enum validation (the +kubebuilder:validation:Enum tag on
the FeatureSet type) to include "OKD", and add an "OKD" entry to the FeatureSets
map (the FeatureSets variable) mapping to the same set of enabled feature gates
intended for OKD so lookups like fg.FeatureSet == "OKD" return the populated
feature-gates slice; modify hiveconfig_types.go where FeatureSet and FeatureSets
are declared and ensure the OKD entry mirrors the correct enabled gates used by
other fixed sets.
In `@apis/vendor/github.com/openshift/api/config/v1/types_ingress.go`:
- Line 46: Replace the CEL XValidation rule on the domain field so it allows
initial population but enforces immutability thereafter; specifically update the
kubebuilder validation tag (the line with
"+kubebuilder:validation:XValidation:rule="self == oldSelf"") to use the pattern
"!has(oldSelf) || self == oldSelf" so CREATE (when oldSelf is absent) is
permitted and UPDATE requires equality to oldSelf.
In
`@apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go`:
- Line 2933: The docstring for the "profileCustomizations" swagger entry
contains a stray apostrophe in "enabled by' default"; open
zz_generated.swagger_doc_generated.go and update the string value for
"profileCustomizations" to read "enabled by default" (remove the extra
apostrophe), then regenerate or re-run the swagger/code generation that produced
zz_generated.swagger_doc_generated.go so the change persists in generated
artifacts.
In
`@apis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go`:
- Line 56: The unconditional DNS1123 subdomain validation was applied to
CPMSMachineNamePrefix by removing the FeatureGateAwareXValidation marker; either
restore the FeatureGateAwareXValidation annotation for CPMSMachineNamePrefix
with the correct feature gate name to make the rule conditional, or, if the
field should now always be validated, update the API/comments to reflect that
the field is no longer feature-gated and ensure any feature-gate checks or
gating logic for CPMSMachineNamePrefix elsewhere in the codebase are
removed/adjusted to avoid inconsistent behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: a7c082f4-03b7-4b34-a340-cdc01e30b550
⛔ Files ignored due to path filters (18)
apis/go.sumis excluded by!**/*.sumapis/vendor/k8s.io/api/authorization/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.gois excluded by!**/*.pb.gogo.sumis excluded by!**/*.sum
📒 Files selected for processing (282)
.tekton/hive-mce-210-pull-request.yaml.tekton/hive-mce-210-push.yaml.tekton/hive-mce-211-pull-request.yaml.tekton/hive-mce-211-push.yaml.tekton/hive-mce-217-pull-request.yaml.tekton/hive-mce-217-push.yaml.tekton/hive-mce-26-pull-request.yaml.tekton/hive-mce-26-push.yaml.tekton/hive-mce-27-pull-request.yaml.tekton/hive-mce-27-push.yaml.tekton/hive-mce-28-pull-request.yaml.tekton/hive-mce-28-push.yaml.tekton/hive-mce-29-pull-request.yaml.tekton/hive-mce-29-push.yaml.tekton/hive-mce-50-pull-request.yaml.tekton/hive-mce-50-push.yaml.tekton/hive-mce-51-pull-request.yaml.tekton/hive-mce-51-push.yaml.tekton/hive-pull-request.yaml.tekton/hive-push.yamlDockerfileMakefileapis/go.modapis/vendor/github.com/gogo/protobuf/AUTHORSapis/vendor/github.com/gogo/protobuf/CONTRIBUTORSapis/vendor/github.com/gogo/protobuf/LICENSEapis/vendor/github.com/gogo/protobuf/proto/Makefileapis/vendor/github.com/gogo/protobuf/proto/clone.goapis/vendor/github.com/gogo/protobuf/proto/custom_gogo.goapis/vendor/github.com/gogo/protobuf/proto/decode.goapis/vendor/github.com/gogo/protobuf/proto/deprecated.goapis/vendor/github.com/gogo/protobuf/proto/discard.goapis/vendor/github.com/gogo/protobuf/proto/duration.goapis/vendor/github.com/gogo/protobuf/proto/duration_gogo.goapis/vendor/github.com/gogo/protobuf/proto/encode.goapis/vendor/github.com/gogo/protobuf/proto/encode_gogo.goapis/vendor/github.com/gogo/protobuf/proto/equal.goapis/vendor/github.com/gogo/protobuf/proto/extensions.goapis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.goapis/vendor/github.com/gogo/protobuf/proto/lib.goapis/vendor/github.com/gogo/protobuf/proto/lib_gogo.goapis/vendor/github.com/gogo/protobuf/proto/message_set.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.goapis/vendor/github.com/gogo/protobuf/proto/properties.goapis/vendor/github.com/gogo/protobuf/proto/properties_gogo.goapis/vendor/github.com/gogo/protobuf/proto/skip_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_merge.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text.goapis/vendor/github.com/gogo/protobuf/proto/text_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text_parser.goapis/vendor/github.com/gogo/protobuf/proto/timestamp.goapis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.goapis/vendor/github.com/gogo/protobuf/proto/wrappers.goapis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.goapis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.goapis/vendor/github.com/openshift/api/config/v1/types_apiserver.goapis/vendor/github.com/openshift/api/config/v1/types_authentication.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_version.goapis/vendor/github.com/openshift/api/config/v1/types_feature.goapis/vendor/github.com/openshift/api/config/v1/types_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_infrastructure.goapis/vendor/github.com/openshift/api/config/v1/types_ingress.goapis/vendor/github.com/openshift/api/config/v1/types_insights.goapis/vendor/github.com/openshift/api/config/v1/types_network.goapis/vendor/github.com/openshift/api/config/v1/types_scheduling.goapis/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.goapis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/operator/v1/types_console.goapis/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.goapis/vendor/github.com/openshift/api/operator/v1/types_network.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.goapis/vendor/k8s.io/api/authorization/v1/doc.goapis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/core/v1/doc.goapis/vendor/k8s.io/api/core/v1/generated.protoapis/vendor/k8s.io/api/core/v1/toleration.goapis/vendor/k8s.io/api/core/v1/types.goapis/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.goapis/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.goapis/vendor/k8s.io/api/core/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/rbac/v1/doc.goapis/vendor/k8s.io/api/rbac/v1/generated.protoapis/vendor/k8s.io/api/rbac/v1/types.goapis/vendor/k8s.io/api/rbac/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protoapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/constraints/constraints.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/errors.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protoapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/labels/selector.goapis/vendor/k8s.io/apimachinery/pkg/runtime/doc.goapis/vendor/k8s.io/apimachinery/pkg/runtime/scheme.goapis/vendor/k8s.io/apimachinery/pkg/runtime/types_proto.goapis/vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protoapis/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/sets/set.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/validation.goapis/vendor/k8s.io/kube-openapi/LICENSEapis/vendor/k8s.io/kube-openapi/pkg/util/trie.goapis/vendor/k8s.io/kube-openapi/pkg/util/util.goapis/vendor/modules.txtgo.modhack/ubi-build-deps.shpkg/azureclient/mock/client_generated.gotest/ote/go.modvendor/github.com/AlecAivazis/survey/v2/README.mdvendor/github.com/AlecAivazis/survey/v2/confirm.govendor/github.com/AlecAivazis/survey/v2/core/template.govendor/github.com/AlecAivazis/survey/v2/core/write.govendor/github.com/AlecAivazis/survey/v2/input.govendor/github.com/AlecAivazis/survey/v2/multiselect.govendor/github.com/AlecAivazis/survey/v2/password.govendor/github.com/AlecAivazis/survey/v2/renderer.govendor/github.com/AlecAivazis/survey/v2/select.govendor/github.com/AlecAivazis/survey/v2/survey.govendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/error.govendor/github.com/AlecAivazis/survey/v2/terminal/output.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.govendor/github.com/AlecAivazis/survey/v2/transform.govendor/github.com/AlecAivazis/survey/v2/validate.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txtvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.jsonvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.ymlvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.govendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/logger.govendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.govendor/github.com/aws/aws-sdk-go-v2/aws/credentials.govendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.govendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.govendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.govendor/github.com/aws/aws-sdk-go-v2/config/shared_config.govendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.govendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.jsonvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txtvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateInvalidation.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreatePublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateStreamingDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeletePublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DeleteStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_DescribeKeyValueStore.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCachePolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetCloudFrontOriginAccessIdentityConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetContinuousDeploymentPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetDistributionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryption.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfile.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFieldLevelEncryptionProfileConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetFunction.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetInvalidation.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroup.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetKeyGroupConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetMonitoringSubscription.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControl.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginAccessControlConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetOriginRequestPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKey.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetPublicKeyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetRealtimeLogConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetResponseHeadersPolicyConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_GetStreamingDistributionConfig.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCachePolicies.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListCloudFrontOriginAccessIdentities.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListConflictingAliases.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_ListContinuousDeploymentPolicies.go
💤 Files with no reviewable changes (39)
- apis/vendor/github.com/gogo/protobuf/CONTRIBUTORS
- apis/vendor/github.com/gogo/protobuf/AUTHORS
- apis/vendor/github.com/gogo/protobuf/LICENSE
- apis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml
- apis/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/deprecated.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
- apis/vendor/github.com/gogo/protobuf/proto/equal.go
- apis/vendor/github.com/gogo/protobuf/proto/Makefile
- apis/vendor/github.com/gogo/protobuf/proto/skip_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/clone.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/duration.go
- apis/vendor/github.com/gogo/protobuf/proto/discard.go
- apis/vendor/github.com/gogo/protobuf/proto/table_merge.go
- apis/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text.go
- apis/vendor/github.com/gogo/protobuf/proto/lib.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp.go
- apis/vendor/github.com/gogo/protobuf/proto/text_parser.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers.go
- apis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go
- apis/vendor/github.com/gogo/protobuf/proto/decode.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/message_set.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions.go
- apis/vendor/github.com/gogo/protobuf/proto/encode.go
Comment on lines
+899
to
+903
| // conditions must not contain more than one entry. | ||
| // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks | ||
| // +kubebuilder:validation:XValidation:rule="self.exists_one(x, x.type == 'Applies')",message="must contain a condition of type 'Applies'" | ||
| // +kubebuilder:validation:MaxItems=8 | ||
| // +kubebuilder:validation:MinItems=1 |
There was a problem hiding this comment.
Align conditions cardinality docs with the actual validation.
At Line 899, the comment says the list must not contain more than one entry, but validation at Line 902 allows up to 8 entries (while requiring exactly one Applies). Please make the docs consistent with the schema.
Suggested doc fix
- // conditions must not contain more than one entry.
+ // conditions must not contain more than 8 entries.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // conditions must not contain more than one entry. | |
| // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks | |
| // +kubebuilder:validation:XValidation:rule="self.exists_one(x, x.type == 'Applies')",message="must contain a condition of type 'Applies'" | |
| // +kubebuilder:validation:MaxItems=8 | |
| // +kubebuilder:validation:MinItems=1 | |
| // conditions must not contain more than 8 entries. | |
| // +openshift:enable:FeatureGate=ClusterUpdateAcceptRisks | |
| // +kubebuilder:validation:XValidation:rule="self.exists_one(x, x.type == 'Applies')",message="must contain a condition of type 'Applies'" | |
| // +kubebuilder:validation:MaxItems=8 | |
| // +kubebuilder:validation:MinItems=1 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go`
around lines 899 - 903, The doc comment for the "conditions" field currently
says the list "must not contain more than one entry" but the kubebuilder
validation tags (XValidation exists_one, +kubebuilder:validation:MaxItems=8,
+kubebuilder:validation:MinItems=1) allow 1–8 entries; update the comment on the
conditions field in types_cluster_version.go to reflect the actual schema (e.g.,
state that conditions must contain between 1 and 8 entries and must include a
condition of type 'Applies'), keeping the existing validation tags intact.
Comment on lines
+56
to
+61
| // OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters. | ||
| // Once enabled, this feature set cannot be changed back to Default, but can be changed to other feature sets and it allows upgrades. | ||
| OKD FeatureSet = "OKD" | ||
|
|
||
| // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead | ||
| AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} | ||
| AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD} |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -nC 2 --type=go '\bOKD\b|\bAllFixedFeatureSets\b|\bFeatureSets\s*\['Repository: openshift/hive
Length of output: 10491
🏁 Script executed:
#!/bin/bash
# Find the definition of FeatureSets in hive package
rg -nC 5 'FeatureSets\s*[=:]\s*' --type=go pkg/operator/hive/ || true
echo "---"
# Also check the hive api types for FeatureSet definitions
fd -e '.go' -x grep -l 'FeatureSets' {} \; | grep -i hive | head -10Repository: openshift/hive
Length of output: 198
🏁 Script executed:
#!/bin/bash
# Check the actual FeatureSets map definition in hive types
rg -B 5 -A 30 'FeatureSets\s*=' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 1357
🏁 Script executed:
#!/bin/bash
# Check context around the configmap.go usage to see impact of nil/missing map entry
cat -n ./pkg/operator/hive/configmap.go | sed -n '275,295p'Repository: openshift/hive
Length of output: 803
🏁 Script executed:
#!/bin/bash
# Search for other switch/map uses of FeatureSet that might need OKD
rg -n 'switch.*FeatureSet|FeatureSet.*switch|case.*FeatureSet|case.*DefaultFeatureSet' --type=goRepository: openshift/hive
Length of output: 1857
🏁 Script executed:
#!/bin/bash
# More specific search for hive FeatureSet handling
rg -n 'hivev1\.(DefaultFeatureSet|CustomFeatureSet|OKD|FeatureSet)' --type=go pkg/ apis/ | head -20Repository: openshift/hive
Length of output: 243
🏁 Script executed:
#!/bin/bash
# Verify the FeatureSet type definition in hive types to ensure OKD is not defined there either
rg -B 2 -A 8 'type FeatureSet' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 641
🏁 Script executed:
#!/bin/bash
# Check the kubebuilder validation constraint to confirm OKD is not in hive's enum
cat -n ./apis/hive/v1/hiveconfig_types.go | sed -n '195,215p'Repository: openshift/hive
Length of output: 1166
🏁 Script executed:
#!/bin/bash
# Search more directly for the FeatureSet type definition with kubebuilder constraint
rg -B 3 'type FeatureSet string' ./apis/hive/v1/hiveconfig_types.goRepository: openshift/hive
Length of output: 192
Update hive's FeatureSets map and validation enum to include OKD.
The new OKD feature set is added to AllFixedFeatureSets here, but the hive package's FeatureSet enum and FeatureSets map are missing the OKD entry. This causes a silent failure in pkg/operator/hive/configmap.go:283: when fg.FeatureSet == "OKD", the map lookup returns nil and val stays empty instead of being populated with the intended feature gates.
Add OKD to:
./apis/hive/v1/hiveconfig_types.go: Update the+kubebuilder:validation:Enumconstraint onFeatureSetto includeOKD./apis/hive/v1/hiveconfig_types.go: Add anOKDentry to theFeatureSetsmap with the appropriate enabled feature gates
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/config/v1/types_feature.go` around lines
56 - 61, Add the OKD value to the hive API validation and mapping: update the
FeatureSet enum validation (the +kubebuilder:validation:Enum tag on the
FeatureSet type) to include "OKD", and add an "OKD" entry to the FeatureSets map
(the FeatureSets variable) mapping to the same set of enabled feature gates
intended for OKD so lookups like fg.FeatureSet == "OKD" return the populated
feature-gates slice; modify hiveconfig_types.go where FeatureSet and FeatureSets
are declared and ensure the OKD entry mirrors the correct enabled gates used by
other fixed sets.
| // default ingresscontroller domain will follow this pattern: "*.<domain>". | ||
| // | ||
| // Once set, changing domain is not currently supported. | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n apis/vendor/github.com/openshift/api/config/v1/types_ingress.go | head -100Repository: openshift/hive
Length of output: 5813
🏁 Script executed:
rg -i "domain" apis/vendor/github.com/openshift/api/config/v1/ -A 2 -B 2 --type goRepository: openshift/hive
Length of output: 50371
🏁 Script executed:
rg -A 5 "type IngressSpec" apis/vendor/github.com/openshift/api/config/v1/types_ingress.goRepository: openshift/hive
Length of output: 364
🏁 Script executed:
sed -n '37,58p' apis/vendor/github.com/openshift/api/config/v1/types_ingress.goRepository: openshift/hive
Length of output: 1111
🏁 Script executed:
find . -type f -name "*.go" -exec grep -l "Domain.*string\|IngressSpec" {} \; | head -20Repository: openshift/hive
Length of output: 14699
🌐 Web query:
Kubernetes CEL XValidation rule oldSelf optional field transition semantics
💡 Result:
In Kubernetes CRD XValidation rules using CEL, the oldSelf variable represents the previous state of the object during updates (available since Kubernetes 1.25 via transition rules). By default, on CREATE operations, oldSelf is absent (null/undefined), so rules referencing oldSelf.field fail unless prefixed with !has(oldSelf.field) || to handle creation gracefully. This idiom checks if the field existed before (using the global has function) or applies the transition condition. The optionalOldSelf: true field (introduced in Kubernetes 1.29 with CRDValidationRatcheting feature, now stable) changes oldSelf to a CEL optional type. This enables direct access via optional-aware methods like oldSelf.hasValue, oldSelf.value, or oldSelf.optMap without has. Example without optionalOldSelf (standard approach): x-kubernetes-validations: - rule: '!has(oldSelf.replicas) || has(self.replicas)' message: 'replicas cannot be unset once set' This prevents unsetting an optional field after it's been set. With optionalOldSelf: true (cleaner syntax): x-kubernetes-validations: - rule: 'oldSelf.hasValue == self.hasValue' message: '.spec.replicas cannot be unset once set' optionalOldSelf: true Here, oldSelf is optional, so oldSelf.hasValue returns false on CREATE (no prior value), allowing the rule to pass if self matches the presence expectation. self is not optional by default; a proposed optionalSelf: true (open issue as of 2025) would make it symmetric. Rules using optional types require Kubernetes 1.29+ (CEL Optional Values feature). This semantics enables precise transition validation (immutability, monotonic increases, state machines) while supporting CREATE/UPDATE uniformly.
Citations:
- 1: CEL Validation: Add 'optionalSelf: true' config for consistency with 'optionalOldSelf: true' kubernetes/kubernetes#132510
- 2: Support CEL CRD validation expressions that reference existing object state. kubernetes/kubernetes#108073
- 3: https://kubernetes.io/docs/reference/using-api/cel/
- 4: https://kubernetes.io/blog/2022/09/29/enforce-immutability-using-cel/
- 5: kube-core: add optionalOldSelf to CEL
Rulekube-rs/kube#1947 - 6: KEP-4008: CRDValidationRatcheting: Add support for optional
oldSelfkubernetes/kubernetes#121034 - 7: kubernetes-sigs/controller-tools@a57ec68
🏁 Script executed:
rg "spec.domain\|\.Domain\s*=" apis/ --type go -B 2 -A 2 | head -100Repository: openshift/hive
Length of output: 40
🏁 Script executed:
rg "Ingress\{" apis/ --type go | head -20Repository: openshift/hive
Length of output: 551
🌐 Web query:
Kubernetes CEL validation rule !has(oldSelf) pattern syntax examples
💡 Result:
The Kubernetes CEL validation rule pattern !has(oldSelf) (or more precisely !has(oldSelf.field)) is used in Custom Resource Definition (CRD) validation rules under x-kubernetes-validations to handle CREATE operations gracefully while enforcing constraints on UPDATE operations. oldSelf represents the previous state of the resource (absent on CREATE). The has macro checks field existence. !has(oldSelf.field) returns true on CREATE (when the field didn't exist before) or if the old field was absent, allowing the rule to pass during creation while validating transitions on updates. Common pattern syntax: - !has(oldSelf.field) || self.field >= oldSelf.field (prevent decreasing a value) - !has(oldSelf.field) || self.field == oldSelf.field (immutable field) - !has(oldSelf) || self.field == oldSelf.field (whole object or top-level checks) Examples from authoritative sources: 1. Storage size cannot decrease: - rule: "!has(oldSelf.storageGB) || self.storageGB >= oldSelf.storageGB" message: "Storage size cannot be decreased" 2. Engine cannot change after creation: - rule: "!has(oldSelf.engine) || self.engine == oldSelf.engine" message: "Database engine cannot be changed after creation" 3. Immutable field: - rule: "!has(oldSelf) || self.immutableField == oldSelf.immutableField" message: "immutableField cannot be changed after creation" 4. Prevent unsetting replicas: - rule: "!has(oldSelf.replicas) || has(self.replicas)" message: "replicas can't be unset" 5. State transition (multi-line): - rule: | !has(oldSelf.state) || oldSelf.state != 'draft' || self.state in ['draft', 'pending'] message: "From draft state, can only transition to pending" This pattern is standard in Kubernetes CRD CEL validation (available since ~1.23+). Official docs confirm self/oldSelf variables and has usage but show general examples; practical patterns appear in tutorials and GitHub issues matching official behavior.
Citations:
- 1: https://oneuptime.com/blog/post/2026-02-09-custom-resource-validation-transition-rules/view
- 2: http://k8s.io/docs/reference/using-api/cel/
- 3: https://kubernetes.io/docs/reference/using-api/cel/
- 4: CEL Validation: Add 'optionalSelf: true' config for consistency with 'optionalOldSelf: true' kubernetes/kubernetes#132510
- 5: https://oneuptime.com/blog/post/2026-02-09-cel-validation-rules-crds-constraints/view
- 6: https://oneuptime.com/blog/post/2026-02-09-crd-validation-cel-expressions/view
🌐 Web query:
OpenShift Ingress config domain field required at creation time initialization
💡 Result:
No, the domain field in the OpenShift Ingress configuration (config.openshift.io/v1, cluster Ingress resource) is not strictly required at creation time. Official documentation states it as a string field without "required" designation, and multiple sources explicitly note: "If empty, the default value is ingress.config.openshift.io/cluster.spec.domain". This indicates the API accepts creation without it, likely defaulting during cluster installation from install-config.yaml. However, it must be set before Ingress Controllers or Routes rely on it, and cannot be changed after initial use. For IngressController resources (operator.openshift.io/v1), the spec.domain is also optional, explicitly defaulting to the cluster Ingress domain if empty.
Citations:
- 1: https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/config_apis/ingress-config-openshift-io-v1
- 2: https://docs.okd.io/latest/rest_api/config_apis/ingress-config-openshift-io-v1.html
- 3: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/networking/configuring-ingress
- 4: https://docs.okd.io/4.14/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.html
- 5: https://docs.openshift.com/container-platform/4.15/networking/ingress-operator.html
- 6: https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/operator_apis/ingresscontroller-operator-openshift-io-v1
- 7: https://github.com/openshift/api/blob/master/operator/v1/types_ingress.go
- 8: https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/config_apis/ingress-config-openshift-io-v1
- 9: https://docs.openshift.com/container-platform/4.17/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.html
Fix the CEL validation rule to allow initial domain population while maintaining immutability afterward.
The current rule self == oldSelf will reject attempts to populate an initially empty domain field because it treats any change as invalid. However, OpenShift documentation confirms the domain field can be empty at creation and is populated during cluster initialization. The rule should allow the field to transition from empty to a value, then become immutable. Use the proper CEL pattern: !has(oldSelf) || self == oldSelf to skip validation on CREATE (when oldSelf is undefined) while enforcing immutability on UPDATE. This aligns with the comment's intent ("Once set, changing domain is not currently supported") by allowing the initial SET while preventing subsequent changes.
Suggested adjustment
- // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="!has(oldSelf) || self == oldSelf",message="domain is immutable once set"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="domain is immutable once set" | |
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf) || self == oldSelf",message="domain is immutable once set" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/config/v1/types_ingress.go` at line 46,
Replace the CEL XValidation rule on the domain field so it allows initial
population but enforces immutability thereafter; specifically update the
kubebuilder validation tag (the line with
"+kubebuilder:validation:XValidation:rule="self == oldSelf"") to use the pattern
"!has(oldSelf) || self == oldSelf" so CREATE (when oldSelf is absent) is
permitted and UPDATE requires equality to oldSelf.
| "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", | ||
| "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", | ||
| "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles.", | ||
| "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", |
There was a problem hiding this comment.
Fix typo in scheduler deprecation doc string.
Line 2933 contains enabled by' default; this should be enabled by default to keep generated API docs clean and unambiguous.
✏️ Proposed fix
- "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.",
+ "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by default in the cluster, this field will be removed in 4.24.",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", | |
| "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by default in the cluster, this field will be removed in 4.24.", |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@apis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go`
at line 2933, The docstring for the "profileCustomizations" swagger entry
contains a stray apostrophe in "enabled by' default"; open
zz_generated.swagger_doc_generated.go and update the string value for
"profileCustomizations" to read "enabled by default" (remove the extra
apostrophe), then regenerate or re-run the swagger/code generation that produced
zz_generated.swagger_doc_generated.go so the change persists in generated
artifacts.
Subsequent bump of openshift/api in apis/ to v0.0.0-20260318185450-1f2fa3f09f4e to reflect the version in repo level go.mod
Contributor
Author
|
/hold Need to bump the image on CI for the tests to succeed |
openshift-ci
Bot
added
the
do-not-merge/hold
There was a problem hiding this comment.
Actionable comments posted: 4
♻️ Duplicate comments (1)
apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go (1)
895-903:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winKeep the
conditionsdocs aligned with the schema.The comment still says this list “must not contain more than one entry”, but the validation allows 1–8 unique conditions as long as one is
Applies.Suggested doc fix
- // conditions must not contain more than one entry. + // conditions must contain between 1 and 8 entries and include a condition of type Applies.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go` around lines 895 - 903, Update the doc comment for the conditions field to match the validation rules: remove the incorrect phrase "must not contain more than one entry" and state that conditions must contain between 1 and 8 unique entries and must include a condition of type 'Applies' (reflecting the +kubebuilder:validation:MinItems=1, +kubebuilder:validation:MaxItems=8 and the XValidation rule). Edit the comment above the conditions definition in types_cluster_version.go to mention uniqueness of types and the required 'Applies' condition so docs align with the schema.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go`:
- Around line 118-125: Restore the commented-out HostPlacement field in
AWSMachineProviderConfig (re-add the HostPlacement *HostPlacement
`json:"hostPlacement,omitempty"` field and keep its
+openshift:enable:FeatureGate=AWSDedicatedHosts and +optional markers) and mark
it as deprecated in the comment so the v1beta1 schema continues to accept the
old JSON name; then update the v1beta1 <-> internal conversion logic for
AWSMachineProviderConfig (the ConvertTo/ConvertFrom implementations or the
generated conversion functions for AWSMachineProviderConfig) to map
HostPlacement <-> Placement.Host (read HostPlacement into Placement.Host during
ConvertFrom and write Placement.Host back to HostPlacement during ConvertTo) so
existing manifests round-trip intact.
In `@apis/vendor/github.com/openshift/api/operator/v1/types_network.go`:
- Around line 401-403: Add FeatureGateAwareXValidation rules to explicitly
forbid bgpManagedConfig unless we are in NoOverlay managed mode: update the
validation annotations around the existing rules that reference transport,
noOverlayConfig and noOverlayConfig.routing to include a rule that errors when
has(self.bgpManagedConfig) is true while either self.?transport.orValue('') !=
'NoOverlay' or self.?noOverlayConfig.routing.orValue('') != 'Managed'; ensure
the message matches the field docs (e.g., "bgpManagedConfig is forbidden unless
transport is NoOverlay and noOverlayConfig.routing is Managed") so
bgpManagedConfig is rejected outside the managed no-overlay case.
- Around line 476-489: The field-level immutability validation on Transport
(Transport TransportOption `json:"transport,omitempty"`) currently enforces
"self == oldSelf" unconditionally, preventing an omission→"Geneve" update;
change the validation to allow the documented exception by replacing the strict
equality rule with a conditional that permits the transition when oldSelf is
empty and new self == "Geneve" (i.e., allow self == oldSelf OR (oldSelf == ""
AND self == "Geneve")), or remove this field-level FeatureGateAwareXValidation
tag and rely on the struct-level validation that already implements the allowed
unset→"Geneve" transition. Ensure the message and FeatureGate=NoOverlayMode
metadata remain consistent.
In `@apis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go`:
- Around line 41-48: The current priorityUpdateBuf struct holds only a single
global slot (streamID + priority), which causes lost PRIORITY_UPDATEs when
multiple unopened streams get updates; change the buffering to track the most
recent PriorityParam per stream by replacing priorityUpdateBuf with a
map[uint32]PriorityParam (e.g., priorityUpdateBuf map[streamID]PriorityParam)
and update all code that reads/writes it: store incoming PRIORITY_UPDATEs keyed
by their stream ID, look up and consume the entry when OpenStream() (or the
method that applies buffered priority on stream creation) is called, and delete
the map entry after applying; ensure any code that previously checked
streamID==0 is adapted to check map presence.
---
Duplicate comments:
In `@apis/vendor/github.com/openshift/api/config/v1/types_cluster_version.go`:
- Around line 895-903: Update the doc comment for the conditions field to match
the validation rules: remove the incorrect phrase "must not contain more than
one entry" and state that conditions must contain between 1 and 8 unique entries
and must include a condition of type 'Applies' (reflecting the
+kubebuilder:validation:MinItems=1, +kubebuilder:validation:MaxItems=8 and the
XValidation rule). Edit the comment above the conditions definition in
types_cluster_version.go to mention uniqueness of types and the required
'Applies' condition so docs align with the schema.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 8f1d6f06-72de-4b67-a824-c36458f1d4e6
⛔ Files ignored due to path filters (18)
apis/go.sumis excluded by!**/*.sumapis/vendor/k8s.io/api/authorization/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/core/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.gois excluded by!**/*.pb.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.gois excluded by!**/*.pb.gogo.sumis excluded by!**/*.sum
📒 Files selected for processing (238)
.tekton/hive-mce-210-pull-request.yaml.tekton/hive-mce-210-push.yaml.tekton/hive-mce-211-pull-request.yaml.tekton/hive-mce-211-push.yaml.tekton/hive-mce-217-pull-request.yaml.tekton/hive-mce-217-push.yaml.tekton/hive-mce-26-pull-request.yaml.tekton/hive-mce-26-push.yaml.tekton/hive-mce-27-pull-request.yaml.tekton/hive-mce-27-push.yaml.tekton/hive-mce-28-pull-request.yaml.tekton/hive-mce-28-push.yaml.tekton/hive-mce-29-pull-request.yaml.tekton/hive-mce-29-push.yaml.tekton/hive-mce-50-pull-request.yaml.tekton/hive-mce-50-push.yaml.tekton/hive-mce-51-pull-request.yaml.tekton/hive-mce-51-push.yaml.tekton/hive-pull-request.yaml.tekton/hive-push.yamlDockerfileMakefileapis/go.modapis/vendor/github.com/gogo/protobuf/AUTHORSapis/vendor/github.com/gogo/protobuf/CONTRIBUTORSapis/vendor/github.com/gogo/protobuf/LICENSEapis/vendor/github.com/gogo/protobuf/proto/Makefileapis/vendor/github.com/gogo/protobuf/proto/clone.goapis/vendor/github.com/gogo/protobuf/proto/custom_gogo.goapis/vendor/github.com/gogo/protobuf/proto/decode.goapis/vendor/github.com/gogo/protobuf/proto/deprecated.goapis/vendor/github.com/gogo/protobuf/proto/discard.goapis/vendor/github.com/gogo/protobuf/proto/duration.goapis/vendor/github.com/gogo/protobuf/proto/duration_gogo.goapis/vendor/github.com/gogo/protobuf/proto/encode.goapis/vendor/github.com/gogo/protobuf/proto/encode_gogo.goapis/vendor/github.com/gogo/protobuf/proto/equal.goapis/vendor/github.com/gogo/protobuf/proto/extensions.goapis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.goapis/vendor/github.com/gogo/protobuf/proto/lib.goapis/vendor/github.com/gogo/protobuf/proto/lib_gogo.goapis/vendor/github.com/gogo/protobuf/proto/message_set.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.goapis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.goapis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.goapis/vendor/github.com/gogo/protobuf/proto/properties.goapis/vendor/github.com/gogo/protobuf/proto/properties_gogo.goapis/vendor/github.com/gogo/protobuf/proto/skip_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal.goapis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/table_merge.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.goapis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text.goapis/vendor/github.com/gogo/protobuf/proto/text_gogo.goapis/vendor/github.com/gogo/protobuf/proto/text_parser.goapis/vendor/github.com/gogo/protobuf/proto/timestamp.goapis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.goapis/vendor/github.com/gogo/protobuf/proto/wrappers.goapis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.goapis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.goapis/vendor/github.com/openshift/api/config/v1/types_apiserver.goapis/vendor/github.com/openshift/api/config/v1/types_authentication.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_cluster_version.goapis/vendor/github.com/openshift/api/config/v1/types_feature.goapis/vendor/github.com/openshift/api/config/v1/types_image_policy.goapis/vendor/github.com/openshift/api/config/v1/types_infrastructure.goapis/vendor/github.com/openshift/api/config/v1/types_ingress.goapis/vendor/github.com/openshift/api/config/v1/types_insights.goapis/vendor/github.com/openshift/api/config/v1/types_network.goapis/vendor/github.com/openshift/api/config/v1/types_scheduling.goapis/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.goapis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.goapis/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.goapis/vendor/github.com/openshift/api/operator/v1/types_console.goapis/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.goapis/vendor/github.com/openshift/api/operator/v1/types_network.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.goapis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yamlapis/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.goapis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.goapis/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables17.0.0.goapis/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.goapis/vendor/golang.org/x/text/unicode/norm/forminfo.goapis/vendor/golang.org/x/text/unicode/norm/tables10.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables11.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables12.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables13.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables15.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables17.0.0.goapis/vendor/golang.org/x/text/unicode/norm/tables9.0.0.goapis/vendor/k8s.io/api/authorization/v1/doc.goapis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/core/v1/doc.goapis/vendor/k8s.io/api/core/v1/generated.protoapis/vendor/k8s.io/api/core/v1/toleration.goapis/vendor/k8s.io/api/core/v1/types.goapis/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.goapis/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.goapis/vendor/k8s.io/api/core/v1/zz_generated.model_name.goapis/vendor/k8s.io/api/rbac/v1/doc.goapis/vendor/k8s.io/api/rbac/v1/generated.protoapis/vendor/k8s.io/api/rbac/v1/types.goapis/vendor/k8s.io/api/rbac/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/generated.protoapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.goapis/vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/constraints/constraints.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/errors.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.goapis/vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protoapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.goapis/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/labels/selector.goapis/vendor/k8s.io/apimachinery/pkg/runtime/doc.goapis/vendor/k8s.io/apimachinery/pkg/runtime/scheme.goapis/vendor/k8s.io/apimachinery/pkg/runtime/types_proto.goapis/vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protoapis/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.goapis/vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.goapis/vendor/k8s.io/apimachinery/pkg/util/sets/set.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.goapis/vendor/k8s.io/apimachinery/pkg/util/validation/validation.goapis/vendor/k8s.io/kube-openapi/LICENSEapis/vendor/k8s.io/kube-openapi/pkg/util/trie.goapis/vendor/k8s.io/kube-openapi/pkg/util/util.goapis/vendor/modules.txtgo.modhack/ubi-build-deps.shpkg/azureclient/mock/client_generated.gotest/ote/go.modvendor/github.com/AlecAivazis/survey/v2/README.mdvendor/github.com/AlecAivazis/survey/v2/confirm.govendor/github.com/AlecAivazis/survey/v2/core/template.govendor/github.com/AlecAivazis/survey/v2/core/write.govendor/github.com/AlecAivazis/survey/v2/input.govendor/github.com/AlecAivazis/survey/v2/multiselect.govendor/github.com/AlecAivazis/survey/v2/password.govendor/github.com/AlecAivazis/survey/v2/renderer.govendor/github.com/AlecAivazis/survey/v2/select.govendor/github.com/AlecAivazis/survey/v2/survey.govendor/github.com/AlecAivazis/survey/v2/terminal/display_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/error.govendor/github.com/AlecAivazis/survey/v2/terminal/output.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_bsd.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_linux.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_posix.govendor/github.com/AlecAivazis/survey/v2/terminal/runereader_ppc64le.govendor/github.com/AlecAivazis/survey/v2/transform.govendor/github.com/AlecAivazis/survey/v2/validate.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/CHANGELOG.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/LICENSE.txtvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/README.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/assets.jsonvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/autorest.mdvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/build.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/ci.ymlvendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/client_factory.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/constants.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/federatedidentitycredentials_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/models_serde.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/operations_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/options.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/responses.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/systemassignedidentities_client.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/time_rfc3339.govendor/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi/userassignedidentities_client.govendor/github.com/Azure/go-autorest/autorest/date/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/go_mod_tidy_hack.govendor/github.com/Azure/go-autorest/logger/logger.govendor/github.com/Azure/go-autorest/tracing/go_mod_tidy_hack.govendor/github.com/aws/aws-sdk-go-v2/aws/credentials.govendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.govendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.govendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.govendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.govendor/github.com/aws/aws-sdk-go-v2/config/shared_config.govendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.govendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.govendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.govendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.jsonvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/CHANGELOG.mdvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/LICENSE.txtvendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_client.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_AssociateAlias.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CopyDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCachePolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateCloudFrontOriginAccessIdentity.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateContinuousDeploymentPolicy.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistribution.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateDistributionWithTags.govendor/github.com/aws/aws-sdk-go-v2/service/cloudfront/api_op_CreateFieldLevelEncryptionConfig.go
💤 Files with no reviewable changes (41)
- apis/vendor/github.com/gogo/protobuf/CONTRIBUTORS
- apis/vendor/github.com/gogo/protobuf/proto/custom_gogo.go
- apis/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp.go
- apis/vendor/github.com/gogo/protobuf/proto/encode_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/Makefile
- apis/vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
- apis/vendor/github.com/gogo/protobuf/proto/equal.go
- apis/vendor/github.com/gogo/protobuf/proto/skip_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/deprecated.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
- apis/vendor/github.com/gogo/protobuf/proto/duration.go
- apis/vendor/github.com/gogo/protobuf/proto/message_set.go
- apis/vendor/github.com/gogo/protobuf/proto/clone.go
- apis/vendor/github.com/gogo/protobuf/proto/discard.go
- apis/vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties.go
- apis/vendor/github.com/gogo/protobuf/proto/text.go
- apis/vendor/github.com/gogo/protobuf/LICENSE
- apis/vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions.go
- apis/vendor/github.com/gogo/protobuf/proto/text_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/lib.go
- apis/vendor/github.com/gogo/protobuf/proto/encode.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers.go
- apis/vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/properties_gogo.go
- apis/vendor/github.com/gogo/protobuf/AUTHORS
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
- apis/vendor/github.com/gogo/protobuf/proto/duration_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/table_merge.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
- apis/vendor/github.com/gogo/protobuf/proto/lib_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/text_parser.go
- apis/vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
- apis/vendor/github.com/gogo/protobuf/proto/decode.go
- apis/vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
✅ Files skipped from review due to trivial changes (20)
- apis/vendor/k8s.io/api/core/v1/doc.go
- .tekton/hive-push.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_insights.go
- .tekton/hive-mce-217-push.yaml
- apis/vendor/k8s.io/api/authorization/v1/doc.go
- .tekton/hive-mce-211-pull-request.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_scheduling.go
- apis/vendor/golang.org/x/text/secure/bidirule/bidirule.go
- .tekton/hive-mce-27-push.yaml
- .tekton/hive-pull-request.yaml
- apis/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
- .tekton/hive-mce-26-push.yaml
- Dockerfile
- apis/vendor/k8s.io/api/authorization/v1/zz_generated.model_name.go
- apis/vendor/github.com/openshift/api/config/v1/types_authentication.go
- .tekton/hive-mce-29-pull-request.yaml
- .tekton/hive-mce-51-push.yaml
- .tekton/hive-mce-28-pull-request.yaml
- .tekton/hive-mce-210-pull-request.yaml
- .tekton/hive-mce-50-pull-request.yaml
🚧 Files skipped from review as they are similar to previous changes (18)
- .tekton/hive-mce-28-push.yaml
- .tekton/hive-mce-50-push.yaml
- .tekton/hive-mce-26-pull-request.yaml
- .tekton/hive-mce-51-pull-request.yaml
- .tekton/hive-mce-211-push.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_image_policy.go
- apis/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
- apis/vendor/github.com/openshift/api/config/v1/types_ingress.go
- .tekton/hive-mce-29-push.yaml
- .tekton/hive-mce-217-pull-request.yaml
- apis/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go
- .tekton/hive-mce-210-push.yaml
- apis/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
- .tekton/hive-mce-27-pull-request.yaml
- apis/vendor/github.com/openshift/api/config/v1/types_network.go
- apis/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
- Makefile
- apis/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go
Comment on lines
+118
to
+125
| // Tombstone: This field was moved into the Placement struct to belong w/ the Tenancy field due to involvement with the setting. | ||
| // hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host | ||
| // for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), | ||
| // and to gain visibility and control over instance placement on a physical server. | ||
| // When omitted, the instance is not constrained to a dedicated host. | ||
| // +openshift:enable:FeatureGate=AWSDedicatedHosts | ||
| // +optional | ||
| HostPlacement *HostPlacement `json:"hostPlacement,omitempty"` | ||
| //HostPlacement *HostPlacement `json:"hostPlacement,omitempty"` |
There was a problem hiding this comment.
Preserve hostPlacement compatibility in v1beta1.
Commenting this field out removes it from the served schema entirely. Existing AWSMachineProviderConfig manifests/objects that still use hostPlacement will stop round-tripping in the same compatibility-level-2 API and can be silently pruned on write. Please keep the old JSON field as a deprecated/read-compatible alias, or add an explicit versioned conversion path before removing it in favor of placement.host.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go`
around lines 118 - 125, Restore the commented-out HostPlacement field in
AWSMachineProviderConfig (re-add the HostPlacement *HostPlacement
`json:"hostPlacement,omitempty"` field and keep its
+openshift:enable:FeatureGate=AWSDedicatedHosts and +optional markers) and mark
it as deprecated in the comment so the v1beta1 schema continues to accept the
old JSON name; then update the v1beta1 <-> internal conversion logic for
AWSMachineProviderConfig (the ConvertTo/ConvertFrom implementations or the
generated conversion functions for AWSMachineProviderConfig) to map
HostPlacement <-> Placement.Host (read HostPlacement into Placement.Host during
ConvertFrom and write Placement.Host back to HostPlacement during ConvertTo) so
existing manifests round-trip intact.
Comment on lines
+401
to
+403
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? self.?routeAdvertisements.orValue('') == 'Enabled' : true",message="routeAdvertisements must be Enabled when transport is NoOverlay" | ||
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? has(self.noOverlayConfig) : !has(self.noOverlayConfig)",message="noOverlayConfig must be set if transport is NoOverlay, and is forbidden otherwise" | ||
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?noOverlayConfig.routing.orValue('') == 'Managed' ? has(self.bgpManagedConfig) : true",message="bgpManagedConfig is required when noOverlayConfig.routing is Managed" |
There was a problem hiding this comment.
Reject bgpManagedConfig outside managed no-overlay mode.
The new rule only makes bgpManagedConfig required when noOverlayConfig.routing == "Managed", but it never forbids the inverse. As written, the API still accepts bgpManagedConfig when transport="Geneve" or routing="Unmanaged", which contradicts the field docs and leaves an unsupported config shape valid.
Also applies to: 499-506
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/operator/v1/types_network.go` around
lines 401 - 403, Add FeatureGateAwareXValidation rules to explicitly forbid
bgpManagedConfig unless we are in NoOverlay managed mode: update the validation
annotations around the existing rules that reference transport, noOverlayConfig
and noOverlayConfig.routing to include a rule that errors when
has(self.bgpManagedConfig) is true while either self.?transport.orValue('') !=
'NoOverlay' or self.?noOverlayConfig.routing.orValue('') != 'Managed'; ensure
the message matches the field docs (e.g., "bgpManagedConfig is forbidden unless
transport is NoOverlay and noOverlayConfig.routing is Managed") so
bgpManagedConfig is rejected outside the managed no-overlay case.
Comment on lines
+476
to
+489
| // transport sets the transport mode for pods on the default network. | ||
| // Allowed values are "NoOverlay" and "Geneve". | ||
| // "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. | ||
| // "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. | ||
| // When omitted, this means the user has no opinion and the platform chooses | ||
| // a reasonable default which is subject to change over time. | ||
| // The current default is "Geneve". | ||
| // "NoOverlay" can only be set at installation time and cannot be changed afterwards. | ||
| // "Geneve" may be set explicitly at any time to lock in the current default. | ||
| // +openshift:enable:FeatureGate=NoOverlayMode | ||
| // +kubebuilder:validation:Enum=NoOverlay;Geneve | ||
| // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self == oldSelf",message="transport is immutable once set" | ||
| // +optional | ||
| Transport TransportOption `json:"transport,omitempty"` |
There was a problem hiding this comment.
Allow the documented unset → Geneve transition.
Line 487 makes transport fully immutable, so an update from an omitted value to "Geneve" still fails even though the comment here and the struct-level rule at Line 404 explicitly allow that day-2 path. That blocks the documented “lock in the current default” flow on existing clusters. Either relax this field-level transition rule or move the exception entirely into the struct-level validation.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/github.com/openshift/api/operator/v1/types_network.go` around
lines 476 - 489, The field-level immutability validation on Transport (Transport
TransportOption `json:"transport,omitempty"`) currently enforces "self ==
oldSelf" unconditionally, preventing an omission→"Geneve" update; change the
validation to allow the documented exception by replacing the strict equality
rule with a conditional that permits the transition when oldSelf is empty and
new self == "Geneve" (i.e., allow self == oldSelf OR (oldSelf == "" AND self ==
"Geneve")), or remove this field-level FeatureGateAwareXValidation tag and rely
on the struct-level validation that already implements the allowed
unset→"Geneve" transition. Ensure the message and FeatureGate=NoOverlayMode
metadata remain consistent.
Comment on lines
+41
to
+48
| // priorityUpdateBuf is used to buffer the most recent PRIORITY_UPDATE we | ||
| // receive per https://www.rfc-editor.org/rfc/rfc9218.html#name-the-priority_update-frame. | ||
| priorityUpdateBuf struct { | ||
| // streamID being 0 means that the buffer is empty. This is a safe | ||
| // assumption as PRIORITY_UPDATE for stream 0 is a PROTOCOL_ERROR. | ||
| streamID uint32 | ||
| priority PriorityParam | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
In RFC 9218 for HTTP/2, can multiple unopened request streams receive PRIORITY_UPDATE frames before they are opened, and should an implementation retain the most recent priority update per stream rather than in a single global buffer?
💡 Result:
Yes, in RFC 9218 for HTTP/2, multiple unopened (idle) request streams can receive PRIORITY_UPDATE frames before they are opened. Clients MAY send PRIORITY_UPDATE frames before the referenced stream is open, and servers are permitted to receive and process them for idle streams (with concurrency limits). Servers SHOULD buffer the most recently received PRIORITY_UPDATE frame per such stream and apply it once the stream opens, rather than using a single global buffer. This applies the latest priority signal, overriding prior ones including the Priority header, while bounding resource use by storing only the most recent per stream.
Citations:
- 1: https://httpwg.org/specs/rfc9218.html
- 2: https://www.rfc-editor.org/rfc/rfc9218.html
- 3: https://greenbytes.de/tech/webdav/rfc9218.html
- 4: https://datatracker.ietf.org/doc/html/rfc9218
- 5: https://ftp.surfnet.nl/documents/rfc/rfc9218.pdf
- 6: http://www.armware.dk/RFC/rfc/rfc9218.html
🏁 Script executed:
cat -n apis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go | head -120Repository: openshift/hive
Length of output: 4356
🏁 Script executed:
cat -n apis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go | sed -n '107,115p'Repository: openshift/hive
Length of output: 454
Buffer unopened PRIORITY_UPDATEs per stream, not in a single global slot.
This drops updates when two unopened streams receive PRIORITY_UPDATE before OpenStream(): the later update overwrites the earlier one, so the first stream opens with the wrong priority. RFC 9218 requires servers to buffer the most recent PRIORITY_UPDATE per stream, not in a single global buffer.
Suggested fix
type priorityWriteSchedulerRFC9218 struct {
// control contains control frames (SETTINGS, PING, etc.).
control writeQueue
@@
- // priorityUpdateBuf is used to buffer the most recent PRIORITY_UPDATE we
- // receive per https://www.rfc-editor.org/rfc/rfc9218.html#name-the-priority_update-frame.
- priorityUpdateBuf struct {
- // streamID being 0 means that the buffer is empty. This is a safe
- // assumption as PRIORITY_UPDATE for stream 0 is a PROTOCOL_ERROR.
- streamID uint32
- priority PriorityParam
- }
+ // priorityUpdateBuf stores the most recent PRIORITY_UPDATE for each
+ // stream that has not been opened yet.
+ priorityUpdateBuf map[uint32]PriorityParam
}
@@
func newPriorityWriteSchedulerRFC9218() WriteScheduler {
ws := &priorityWriteSchedulerRFC9218{
- streams: make(map[uint32]streamMetadata),
+ streams: make(map[uint32]streamMetadata),
+ priorityUpdateBuf: make(map[uint32]PriorityParam),
}
return ws
}
@@
- if streamID == ws.priorityUpdateBuf.streamID {
- ws.priorityUpdateBuf.streamID = 0
- opt.priority = ws.priorityUpdateBuf.priority
+ if priority, ok := ws.priorityUpdateBuf[streamID]; ok {
+ delete(ws.priorityUpdateBuf, streamID)
+ opt.priority = priority
}
@@
if q == nil {
- ws.priorityUpdateBuf.streamID = streamID
- ws.priorityUpdateBuf.priority = priority
+ ws.priorityUpdateBuf[streamID] = priority
return
}Also applies to: 62-65, 111-112
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apis/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go` around
lines 41 - 48, The current priorityUpdateBuf struct holds only a single global
slot (streamID + priority), which causes lost PRIORITY_UPDATEs when multiple
unopened streams get updates; change the buffering to track the most recent
PriorityParam per stream by replacing priorityUpdateBuf with a
map[uint32]PriorityParam (e.g., priorityUpdateBuf map[streamID]PriorityParam)
and update all code that reads/writes it: store incoming PRIORITY_UPDATEs keyed
by their stream ID, look up and consume the entry when OpenStream() (or the
method that applies buffered priority on stream creation) is called, and delete
the map entry after applying; ensure any code that previously checked
streamID==0 is adapted to check map presence.
Contributor
Author
|
/retest |
Contributor
|
Caution There are some errors in your PipelineRun template.
|
Installer has now bumped govmomi to 0.53, however machine-api-operator needs 0.52.0 or lower to work since 0.53.0 has a breaking change. This commit includes the related vendor changes, as well as the errant config and hack directory changes that were picked up by running a make update
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2901 +/- ##
=======================================
Coverage 50.42% 50.42%
=======================================
Files 281 281
Lines 34345 34345
=======================================
Hits 17320 17320
Misses 15673 15673
Partials 1352 1352
🚀 New features to boost your workflow:
|
github.com/aws/aws-sdk-go-v2/service/s3 -> v1.97 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream -> v1.7.8 go.opentelemetry.io/otel/sdk -> v1.43.0
Contributor
Author
|
/retest |
Contributor
|
@suhanime: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
Chores
New Features
Documentation