fix: Use pointer-to-struct for fields with json omitempty#1063
Merged
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (11)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (9)
📝 WalkthroughWalkthroughThis pull request refactors optional tracing and capability configuration fields from value types to pointers throughout the API, adds safe getter methods to prevent nil dereferences, and renames the GCS Workload Identity Federation field from Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
pkg/controllers/observability/observability_controller.go (1)
207-233:⚠️ Potential issue | 🟠 MajorClear tracing status when tracing is nil or disabled.
Line 209 avoids the nil dereference, but the
elsestill only runs whenCapabilitiesis nil. If users removespec.capabilities.tracingor set tracing disabled, stale Tempo/OpenTelemetry status can remain.Proposed fix
- if instance.Spec.Capabilities != nil { - capabilities := instance.Spec.Capabilities - if capabilities.Tracing != nil && capabilities.Tracing.Enabled { + capabilities := instance.Spec.Capabilities + if capabilities != nil && capabilities.Tracing != nil && capabilities.Tracing.Enabled { otelcol := &otelv1beta1.OpenTelemetryCollector{} err := o.client.Get(ctx, types.NamespacedName{ Namespace: instance.Namespace, Name: otelCollectorName(instance.Name), }, otelcol) @@ instance.Status.Tempo = fmt.Sprintf("%s/%s (%s)", instance.Namespace, tempoName(instance.Name), tempo.Status.TempoVersion) instance.Status.OpenTelemetry = fmt.Sprintf("%s/%s (%s)", instance.Namespace, otelCollectorName(instance.Name), otelcol.Status.Version) - } } else { instance.Status.Tempo = "" instance.Status.OpenTelemetry = "" }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/controllers/observability/observability_controller.go` around lines 207 - 233, The code only clears instance.Status.Tempo and instance.Status.OpenTelemetry when instance.Spec.Capabilities is nil, leaving stale values when Capabilities exists but capabilities.Tracing is nil or capabilities.Tracing.Enabled is false; update the logic in the reconciliation block (around the otelcol/tempo retrieval) so that when capabilities.Tracing == nil or capabilities.Tracing.Enabled == false you explicitly set instance.Status.Tempo = "" and instance.Status.OpenTelemetry = "" (i.e., add an else branch for the capabilities.Tracing check that clears those status fields), leaving the existing nil Capabilities branch as-is.pkg/controllers/observability/tempo_components.go (1)
63-78:⚠️ Potential issue | 🟠 MajorCreate the TLS secret under the name referenced by TempoStack.
Line 74 configures Tempo to read the cert from
tempoStorageSecretName(instance.Name), but Line 156 creates the TLS Secret astempoSecretName(instance.Name). That leaves Tempo pointing at a non-existent cert Secret and can collide with the object storage credentials Secret.🐛 Proposed fix
objectStorageTLSSecret = &corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", APIVersion: corev1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ - Name: tempoSecretName(instance.Name), + Name: tempoStorageSecretName(instance.Name), Namespace: instance.Namespace, }, }Also applies to: 150-156
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/controllers/observability/tempo_components.go` around lines 63 - 78, Tempo's TLS cert Secret is being referenced as tempoStorageSecretName(instance.Name) in tempo.Spec.Storage.TLS.Cert but the code that creates the Secret uses tempoSecretName(instance.Name), causing Tempo to point to a non-existent Secret and risking a name collision with object storage credentials; update the Secret creation code so the TLS Secret is created with the same name used by Tempo (use tempoStorageSecretName(instance.Name)) and ensure any CA Secret/ConfigMap uses tempoStorageCAConfigMapName(instance.Name) so names align and avoid collision with tempoSecretName.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@pkg/controllers/observability/tempo_components.go`:
- Around line 263-270: The error message in the GCSWIF branch is stale: when Get
fails for the key JSON secret (variable keyJSONSecret) you should update the
fmt.Errorf call in the objectStorageSpec.GCSWIF handling to reference GCSWIF
(not GCSSTS), e.g. change the message passed to fmt.Errorf in the block that
fetches objectStorageSpec.GCSWIF.KeyJSONSecret.Name so it accurately says
"failed to get GCSWIF keyJSON secret <name>: %w" while keeping the existing
error wrapping and returned values.
---
Outside diff comments:
In `@pkg/controllers/observability/observability_controller.go`:
- Around line 207-233: The code only clears instance.Status.Tempo and
instance.Status.OpenTelemetry when instance.Spec.Capabilities is nil, leaving
stale values when Capabilities exists but capabilities.Tracing is nil or
capabilities.Tracing.Enabled is false; update the logic in the reconciliation
block (around the otelcol/tempo retrieval) so that when capabilities.Tracing ==
nil or capabilities.Tracing.Enabled == false you explicitly set
instance.Status.Tempo = "" and instance.Status.OpenTelemetry = "" (i.e., add an
else branch for the capabilities.Tracing check that clears those status fields),
leaving the existing nil Capabilities branch as-is.
In `@pkg/controllers/observability/tempo_components.go`:
- Around line 63-78: Tempo's TLS cert Secret is being referenced as
tempoStorageSecretName(instance.Name) in tempo.Spec.Storage.TLS.Cert but the
code that creates the Secret uses tempoSecretName(instance.Name), causing Tempo
to point to a non-existent Secret and risking a name collision with object
storage credentials; update the Secret creation code so the TLS Secret is
created with the same name used by Tempo (use
tempoStorageSecretName(instance.Name)) and ensure any CA Secret/ConfigMap uses
tempoStorageCAConfigMapName(instance.Name) so names align and avoid collision
with tempoSecretName.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro Plus
Run ID: 27c981da-b5db-4b69-87f6-9b160772cc57
📒 Files selected for processing (14)
bundle/manifests/observability-operator.clusterserviceversion.yamlbundle/manifests/observability.openshift.io_observabilityinstallers.yamldeploy/crds/common/observability.openshift.io_observabilityinstallers.yamldocs/api.mdpkg/apis/observability/v1alpha1/objectstorage.gopkg/apis/observability/v1alpha1/tracing.gopkg/apis/observability/v1alpha1/tracing_test.gopkg/apis/observability/v1alpha1/types.gopkg/apis/observability/v1alpha1/zz_generated.deepcopy.gopkg/controllers/observability/observability_controller.gopkg/controllers/observability/reconcilers.gopkg/controllers/observability/reconcilers_test.gopkg/controllers/observability/tempo_components.gotest/e2e/observability_installer_test.go
pavolloffay
approved these changes
Apr 21, 2026
Contributor
Author
|
@pavolloffay need a new LGTM, rebased and added nil-safe GetFoo() accessors to get rid of long, error-prone != nil tests. |
Use pointers for API struct fields marked "omitempty".
"omitempty" does not work on non-pointer struct fields.
A zero valued struct will serialize at least as "{}" and may contain zero valued fields
if any fields are not "omitempty".
This can cause problems with default values and round-trip (de)serialization
and break even if the kubebuilder "+optional" comment is applied.
Additional fixes:
- Add nil-safe GetFoo() methods to avoid long !=nil tests.
- Rename TracingObjectStorageSpec.GCSSTSSpec to GCSWIF to match its type and json tag
- Update CEL validation rule to handle nil storage/objectStorage with has() guards
- Add nil guards for Tracing, Storage, ObjectStorageSpec, and Operators in controller code
- Remove spurious omitempty from required S3Spec.AccessKeySecret field
- Fix ConfigMapKeySelector doc comments that incorrectly referenced "Secret"
pavolloffay
approved these changes
May 14, 2026
Contributor
Author
|
/label approved |
|
@alanconway: The label(s) DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: alanconway, pavolloffay The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
jan--f
added a commit
that referenced
this pull request
May 19, 2026
* fix: update tls log to omit length of ciphers array (#1074) * fix: update tls log to omit length of ciphers array Signed-off-by: Jenny Zhu <jenny.a.zhu@gmail.com> * fix: tls cipher logging Signed-off-by: Jenny Zhu <jenny.a.zhu@gmail.com> --------- Signed-off-by: Jenny Zhu <jenny.a.zhu@gmail.com> * build(deps): bump github.com/operator-framework/api (#1059) Bumps [github.com/operator-framework/api](https://github.com/operator-framework/api) from 0.38.0 to 0.42.0. - [Release notes](https://github.com/operator-framework/api/releases) - [Changelog](https://github.com/operator-framework/api/blob/master/RELEASE.md) - [Commits](operator-framework/api@v0.38.0...v0.42.0) --- updated-dependencies: - dependency-name: github.com/operator-framework/api dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update obo-prom-op to v0.90.1 (#1077) Signed-off-by: Jan Fajerski <jfajersk@redhat.com> * build(deps): bump github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring (#1060) Bumps [github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring](https://github.com/prometheus-operator/prometheus-operator) from 0.89.0 to 0.90.1. - [Release notes](https://github.com/prometheus-operator/prometheus-operator/releases) - [Changelog](https://github.com/prometheus-operator/prometheus-operator/blob/main/CHANGELOG.md) - [Commits](prometheus-operator/prometheus-operator@v0.89.0...v0.90.1) --- updated-dependencies: - dependency-name: github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring dependency-version: 0.90.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: update perses operand image (#1085) Signed-off-by: Gabriel Bernal <gbernal@redhat.com> * feat: coo 1.5 image tag and compat. matrix update (#1075) * fix: add 'create tokenreview' to korrel8r RBAC (#1073) Korrel8r uses 'create tokenreview' to get user names for session tokens. Need usernames for reliable session keys. Same user can get different tokens per log-in. * fix: remove ui plugin finalizers in favor of k8s garbage collection (#1084) Signed-off-by: Gabriel Bernal <gbernal@redhat.com> * NO-JIRA: remove SupportsTLSProfile (#1089) * fix: enable tls support for troubleshooting plugin * feat: remove supports tls profile flag because all uiplugin support tls now * fix: lint * chore: unpin github.com/openshift/api (#1090) This commit unpins the version of `github.com/openshift/api` to depend on the latest version. To continue supporting older OpenShift versions which require the Console v1alpha1 API (removed since 2024), we fork the `github.com/openshift/api` under `github.com/rhobs/openshift-api` and pinned to the same version that was used before this change. Signed-off-by: Simon Pasquier <spasquie@redhat.com> * fix: use pointer-to-struct for fields with json omitempty (#1063) Use pointers for API struct fields marked "omitempty". "omitempty" does not work on non-pointer struct fields. A zero valued struct will serialize at least as "{}" and may contain zero valued fields if any fields are not "omitempty". This can cause problems with default values and round-trip (de)serialization and break even if the kubebuilder "+optional" comment is applied. Additional fixes: - Add nil-safe GetFoo() methods to avoid long !=nil tests. - Rename TracingObjectStorageSpec.GCSSTSSpec to GCSWIF to match its type and json tag - Update CEL validation rule to handle nil storage/objectStorage with has() guards - Add nil guards for Tracing, Storage, ObjectStorageSpec, and Operators in controller code - Remove spurious omitempty from required S3Spec.AccessKeySecret field - Fix ConfigMapKeySelector doc comments that incorrectly referenced "Secret" * fix: escape reserved words from perses cel validation expressions (#1091) Signed-off-by: Gabriel Bernal <gbernal@redhat.com> --------- Signed-off-by: Jenny Zhu <jenny.a.zhu@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jan Fajerski <jfajersk@redhat.com> Signed-off-by: Gabriel Bernal <gbernal@redhat.com> Signed-off-by: Simon Pasquier <spasquie@redhat.com> Co-authored-by: Jenny Zhu <jenny.a.zhu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jan Fajerski <jan--f@users.noreply.github.com> Co-authored-by: Alan Conway <aconway@redhat.com> Co-authored-by: Simon Pasquier <spasquie@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use pointers for API struct fields marked "omitempty".
"omitempty" does not work on non-pointer struct fields.
A zero valued struct will serialize at least as "{}" and may contain zero valued fields
if any fields are not "omitempty".
This can cause problems with default values and round-trip (de)serialization
and break even if the kubebuilder "+optional" comment is applied.
Additional fixes: