⚠️ WIP: ClusterExtensionRevision API Updates#2491
⚠️ WIP: ClusterExtensionRevision API Updates#2491dtfranz wants to merge 1 commit intooperator-framework:mainfrom
Conversation
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
dtfranz
changed the title
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
dtfranz
changed the title
openshift-ci
bot
added
the
do-not-merge/work-in-progress
dtfranz
force-pushed
the
cer-api-edits
branch
from
5a0ef97 to
6e4fa46
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2491 +/- ##
==========================================
+ Coverage 69.82% 73.72% +3.89%
==========================================
Files 102 102
Lines 8496 8497 +1
==========================================
+ Hits 5932 6264 +332
+ Misses 2091 1748 -343
- Partials 473 485 +12
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
pedjak
left a comment
pedjak
left a comment
There was a problem hiding this comment.
I would expect additional validation tests to add, given that we added a few more restrictions/checks in this PR. Like for checking min/max size of given arrays, etc.
| // | ||
| // Once set, even if empty, the phases field is immutable. | ||
| // | ||
| // Each phase in the list must have a unique name. The maximum number of phases is 20. |
There was a problem hiding this comment.
should we also set the min number of phases to 1?
There was a problem hiding this comment.
Sure, unless we can think of a genuinely useful reason to create a no-op CER? I can't think of one though.
There was a problem hiding this comment.
Update: Looks like we've intentionally built in the ability to have phases initially unset, and allow the normally immutable list to be updated once. If we want to preserve that, we can't set the minimum length to 1 with omitempty present. Removing omitempty removes our ability to leave it unset. Is it vital that we keep this in place?
There was a problem hiding this comment.
While we only use inline objects, it's ok to set a minimum. When we move to sharding, it could be that we'll want to create the ClusterExtensionRevision object first, then create the shards with the ownerref, then update the revision with the shard refs.
There was a problem hiding this comment.
Here's the helm chunked secret implementation: https://github.com/operator-framework/helm-operator-plugins/blob/f1e4eaf3b3924d3339dda2eee7f4520c47fd6162/pkg/storage/chunked.go#L62-L90
There we precompute everything, then:
- Create the immutable index object with all of the chunk references pre-filled
- Create the immutable chunks with owner refs to the index
We can do the same with the CER right?
- Make its phases fully immutable
- Generate the phase object contents and figure out what the names are going to be so we can pre-fill references in the CER
- Generate the CER with the phase object references pre-filled
- Generate the phase objects with the CER ownerRef
That way:
- If we try to read the phases from the CER after 3, but before 4, we correctly get an error instead of incorrectly assuming there are no phases
- If the CER is deleted between 3 and 4, we'll end up putting an ownerref on the phase objects that for an object that is already deleted and garbage collect will automatically delete the phase objects.
- Phases are immutable and create-only and we don't have to handle errors that could occur on an attempt to update the phases.
dtfranz
force-pushed
the
cer-api-edits
branch
from
6e4fa46 to
1be387b
Compare
openshift-merge-robot
added
the
needs-rebase
dtfranz
force-pushed
the
cer-api-edits
branch
from
1be387b to
f417730
Compare
openshift-merge-robot
removed
the
needs-rebase
dtfranz
force-pushed
the
cer-api-edits
branch
from
f417730 to
2f874e5
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates the ClusterExtensionRevision API surface (Go types + generated CRDs/manifests) to address gaps identified during API review, primarily by tightening schema requirements and improving documentation.
Changes:
- Make
spec.lifecycleStateand per-objectcollisionProtectionrequired (removing CRD defaults). - Add/clarify schema constraints for inline phases (e.g., max phases/objects) and expand lifecycle/phase documentation.
- Update operator-controller generator/tests and API validation tests to populate newly-required fields.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| manifests/experimental.yaml | Updates experimental manifest schema/docs to reflect new required fields and constraints. |
| manifests/experimental-e2e.yaml | Mirrors the experimental schema/doc updates for e2e manifests. |
| helm/olmv1/base/operator-controller/crd/experimental/olm.operatorframework.io_clusterextensionrevisions.yaml | Updates the shipped Helm CRD for ClusterExtensionRevision with the new requirements/validations. |
| api/v1/clusterextensionrevision_types.go | Source-of-truth API changes: required markers, added validations/limits, doc updates. |
| api/v1/clusterextensionrevision_types_test.go | Adds/updates envtest-backed validity/immutability tests for the new schema. |
| api/v1/validation_test.go | Updates validation tests to set LifecycleState where required. |
| internal/operator-controller/applier/boxcutter.go | Ensures generated revision objects always set CollisionProtection. |
| internal/operator-controller/applier/boxcutter_test.go | Updates expectations to include CollisionProtection in generated revision objects. |
Comments suppressed due to low confidence (1)
api/v1/clusterextensionrevision_types.go:60
LifecycleStateis marked+requiredand the CRD now requires it, but the Go JSON tag still usesomitempty. This is inconsistent with other required fields in this repo (which typically omitomitempty) and can cause marshaling to silently drop the field when the zero value is present, producing invalid objects. Consider removingomitempty(and update any constructors/tests that currently rely on omitting the field, e.g. helpers that buildClusterExtensionRevisionSpec{Revision: ...}without a lifecycleState).
// +required
// +kubebuilder:validation:Enum=Active;Archived
// +kubebuilder:validation:XValidation:rule="oldSelf == 'Active' || oldSelf == 'Archived' && oldSelf == self", message="cannot un-archive"
LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState,omitempty"`
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // | ||
| // Once set, even if empty, the phases field is immutable. | ||
| // | ||
| // Each phase in the list must have a unique name. The minimum number of inlinePhases is 1, and the maximum is 20. |
There was a problem hiding this comment.
The comment says “The minimum number of inlinePhases is 1”, but phases is still declared +optional and existing tests/validations allow phases to be unset or empty. This doc looks incorrect/misleading; either enforce a minimum (e.g., MinItems=1 when phases is set / required) or update the comment to reflect that zero phases is allowed.
| // Each phase in the list must have a unique name. The minimum number of inlinePhases is 1, and the maximum is 20. | |
| // Each phase in the list must have a unique name. The maximum number of inlinePhases is 20. |
| // +required | ||
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=63 | ||
| // +kubebuilder:validation:Pattern=`^[a-z]([-a-z0-9]*[a-z0-9])?$` | ||
| // +kubebuilder:validation:XValidation:rule=`!format.dns1123Label().validate(self).hasValue()`,message="the value must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character." | ||
| Name string `json:"name"` |
There was a problem hiding this comment.
The new XValidation uses format.dns1123Label() which (depending on Kubernetes/CEL semantics) may allow leading digits, while the error message implies an alphabetic first character. If the intent is to require a leading letter (as the previous regex did), consider switching back to a regex-based rule (or OpenAPI pattern) that enforces the leading-letter constraint, or update the message/tests to match the actual accepted values.
| // | ||
| // Allowed values are: "Prevent", "IfNoController", and "None". | ||
| // | ||
| // When set to "Prevent" (the default), the operator only manages objects it created itself. |
There was a problem hiding this comment.
CollisionProtection is now required, but the doc still says “When set to "Prevent" (the default)…”. Since the API no longer defaults this field, this wording is misleading—either remove the “(the default)” phrasing or reintroduce explicit defaulting behavior.
| // When set to "Prevent" (the default), the operator only manages objects it created itself. | |
| // When set to "Prevent", the operator only manages objects it created itself. |
| // +required | ||
| // +kubebuilder:validation:Enum=Prevent;IfNoController;None | ||
| // +optional | ||
| CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"` | ||
| } |
There was a problem hiding this comment.
CollisionProtection is marked +required, but the JSON tag still includes omitempty. As with LifecycleState, this can lead to marshaled revisions that omit a required field when the zero value is present. Consider removing omitempty to match repo conventions for required fields.
dtfranz
force-pushed
the
cer-api-edits
branch
from
2f874e5 to
35e7673
Compare
Fixing some missing flags and godoc comments brought up via API review. Signed-off-by: Daniel Franz <dfranz@redhat.com>
dtfranz
force-pushed
the
cer-api-edits
branch
from
35e7673 to
66b75c9
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // +required | ||
| // +kubebuilder:validation:Enum=Active;Archived | ||
| // +kubebuilder:validation:XValidation:rule="oldSelf == 'Active' || oldSelf == 'Archived' && oldSelf == self", message="cannot un-archive" | ||
| LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState,omitempty"` |
There was a problem hiding this comment.
lifecycleState is marked +required but the JSON tag still uses omitempty, which is inconsistent with other required API fields in this repo (e.g. CatalogFilter.PackageName). Consider removing omitempty so clients using typed structs can’t accidentally omit a required field during marshaling.
| LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState,omitempty"` | |
| LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState"` |
| // +required | ||
| // +kubebuilder:validation:Enum=Prevent;IfNoController;None | ||
| // +optional | ||
| CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"` |
There was a problem hiding this comment.
collisionProtection is now +required, but the field tag is still json:"collisionProtection,omitempty". For required fields elsewhere in the API, the JSON tag typically omits omitempty; consider removing it here to match the required/optional contract and avoid silently dropping an unset value during marshaling.
| CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"` | |
| CollisionProtection CollisionProtection `json:"collisionProtection"` |
| characters and hyphens, and must start with an alphabetic | ||
| character and end with an alphanumeric character. |
There was a problem hiding this comment.
The schema description for phases[].name says phase names “start and end with an alphanumeric character”, but the CEL validation message says the name must start with an alphabetic character. Please make these consistent to avoid confusing API consumers (either adjust the description or the validation/message).
| characters and hyphens, and must start with an alphabetic | |
| character and end with an alphanumeric character. | |
| characters and hyphens, and must start and end with an | |
| alphanumeric character. |
| characters and hyphens, and must start with an alphabetic | ||
| character and end with an alphanumeric character. |
There was a problem hiding this comment.
The schema description for phases[].name says phase names “start and end with an alphanumeric character”, but the CEL validation message says the name must start with an alphabetic character. Please make these consistent to avoid confusing API consumers (either adjust the description or the validation/message).
| characters and hyphens, and must start with an alphabetic | |
| character and end with an alphanumeric character. | |
| characters and hyphens, and must start and end with an | |
| alphanumeric character. |
| "inlinePhases must have no more than 20 phases": { | ||
| spec: ClusterExtensionRevisionSpec{ | ||
| LifecycleState: ClusterExtensionRevisionLifecycleStateActive, | ||
| Revision: 1, | ||
| Phases: make([]ClusterExtensionRevisionPhase, 21), | ||
| }, | ||
| valid: false, | ||
| }, | ||
| "inlinePhases entries must have no more than 50 objects": { | ||
| spec: ClusterExtensionRevisionSpec{ |
There was a problem hiding this comment.
Test case names refer to inlinePhases, but the API field is spec.phases. Renaming these cases would make failures easier to interpret and keep terminology consistent with the API surface.
| characters and hyphens, and must start with an alphabetic | ||
| character and end with an alphanumeric character. |
There was a problem hiding this comment.
The schema description for phases[].name says phase names “start and end with an alphanumeric character”, but the CEL validation message says the name must start with an alphabetic character. Please make these consistent to avoid confusing API consumers (either adjust the description or the validation/message).
| characters and hyphens, and must start with an alphabetic | |
| character and end with an alphanumeric character. | |
| characters and hyphens, must start and end with an alphanumeric | |
| character, and be no longer than 63 characters. |
6 participants
Fixing some missing flags and godoc comments brought up via API review.
Reviewer Checklist